diff options
author | Harald Musum <musum@oath.com> | 2018-12-18 13:17:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-18 13:17:13 +0100 |
commit | baa612a865886c5473bdb07e54696fb0a527b1c9 (patch) | |
tree | bb1cf4cd8f2aebf8bc62e9a60fc0621bcee2051b /vespalib/src/tests/net | |
parent | 89d7fe502befea2d85e14d15116270cba6c8a71d (diff) |
Revert "Add TLS statistics to vespalib and expose as metrics via storageserver"
Diffstat (limited to 'vespalib/src/tests/net')
-rw-r--r-- | vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp | 22 | ||||
-rw-r--r-- | vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp | 32 |
2 files changed, 8 insertions, 46 deletions
diff --git a/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp b/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp index 5dc85bc567f..245368b6a7b 100644 --- a/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp +++ b/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp @@ -2,7 +2,6 @@ #include <vespa/vespalib/io/fileutil.h> #include <vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h> -#include <vespa/vespalib/net/tls/statistics.h> #include <vespa/vespalib/net/tls/transport_security_options.h> #include <vespa/vespalib/net/tls/transport_security_options_reading.h> #include <vespa/vespalib/net/tls/impl/openssl_tls_context_impl.h> @@ -107,11 +106,17 @@ struct Fixture { } vespalib::string current_cert_chain() const { - return engine->acquire_current_engine()->tls_context()->transport_security_options().cert_chain_pem(); + auto impl = engine->acquire_current_engine(); + // Leaks implementation details galore, but it's not very likely that we'll use + // anything but OpenSSL (or compatible APIs) in practice... + auto& ctx_impl = dynamic_cast<const impl::OpenSslTlsContextImpl&>(*impl->tls_context()); + return ctx_impl.transport_security_options().cert_chain_pem(); } AuthorizationMode current_authorization_mode() const { - return engine->acquire_current_engine()->tls_context()->authorization_mode(); + auto impl = engine->acquire_current_engine(); + auto& ctx_impl = dynamic_cast<const impl::OpenSslTlsContextImpl&>(*impl->tls_context()); + return ctx_impl.authorization_mode(); } }; @@ -138,15 +143,4 @@ TEST_FF("Authorization mode is propagated to engine", Fixture(50ms, Authorizatio EXPECT_EQUAL(AuthorizationMode::LogOnly, f1.current_authorization_mode()); } -TEST_FF("Config reload failure increments failure statistic", Fixture(50ms), TimeBomb(60)) { - auto before = ConfigStatistics::get().snapshot(); - - write_file("test_cert.pem.tmp", "Broken file oh no :("); - rename("test_cert.pem.tmp", "test_cert.pem", false, false); - - while (ConfigStatistics::get().snapshot().subtract(before).failed_config_reloads == 0) { - std::this_thread::sleep_for(10ms); - } -} - TEST_MAIN() { TEST_RUN_ALL(); } diff --git a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp index f70c5670bc9..69e0d44147e 100644 --- a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp +++ b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp @@ -4,7 +4,6 @@ #include <vespa/vespalib/data/smart_buffer.h> #include <vespa/vespalib/net/tls/authorization_mode.h> #include <vespa/vespalib/net/tls/crypto_codec.h> -#include <vespa/vespalib/net/tls/statistics.h> #include <vespa/vespalib/net/tls/tls_context.h> #include <vespa/vespalib/net/tls/transport_security_options.h> #include <vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.h> @@ -620,37 +619,6 @@ TEST_F("Disabled insecure authorization mode ignores verification result", CertF EXPECT_TRUE(f.handshake()); } -TEST_F("Failure statistics are incremented on authorization failures", CertFixture) { - reset_peers_with_server_authz_mode(f, AuthorizationMode::Enforce); - auto server_before = ConnectionStatistics::get(true).snapshot(); - auto client_before = ConnectionStatistics::get(false).snapshot(); - EXPECT_FALSE(f.handshake()); - auto server_stats = ConnectionStatistics::get(true).snapshot().subtract(server_before); - auto client_stats = ConnectionStatistics::get(false).snapshot().subtract(client_before); - - EXPECT_EQUAL(1u, server_stats.invalid_peer_credentials); - EXPECT_EQUAL(0u, client_stats.invalid_peer_credentials); - EXPECT_EQUAL(1u, server_stats.failed_tls_handshakes); - EXPECT_EQUAL(0u, server_stats.tls_connections); - EXPECT_EQUAL(0u, client_stats.tls_connections); -} - -TEST_F("Success statistics are incremented on OK authorization", CertFixture) { - reset_peers_with_server_authz_mode(f, AuthorizationMode::Disable); - auto server_before = ConnectionStatistics::get(true).snapshot(); - auto client_before = ConnectionStatistics::get(false).snapshot(); - EXPECT_TRUE(f.handshake()); - auto server_stats = ConnectionStatistics::get(true).snapshot().subtract(server_before); - auto client_stats = ConnectionStatistics::get(false).snapshot().subtract(client_before); - - EXPECT_EQUAL(0u, server_stats.invalid_peer_credentials); - EXPECT_EQUAL(0u, client_stats.invalid_peer_credentials); - EXPECT_EQUAL(0u, server_stats.failed_tls_handshakes); - EXPECT_EQUAL(0u, client_stats.failed_tls_handshakes); - EXPECT_EQUAL(1u, server_stats.tls_connections); - EXPECT_EQUAL(1u, client_stats.tls_connections); -} - // TODO we can't test embedded nulls since the OpenSSL v3 extension APIs // take in null terminated strings as arguments... :I |