diff options
| author | Patrick Vacek <patrickvacek@gmail.com> | 2018-02-13 18:08:39 +0100 |
|---|---|---|
| committer | Patrick Vacek <patrickvacek@gmail.com> | 2018-02-20 11:01:34 +0100 |
| commit | 586394dc9f7b5e97c827ea982dd69692f3ca0c97 (patch) | |
| tree | fb473aff2d9d8b05af1d878f0f03765c26b5f43f /lib/oeqa | |
| parent | 9e4918cff53c6154b5bcee2e28deca08280aff75 (diff) | |
| download | meta-updater-586394dc9f7b5e97c827ea982dd69692f3ca0c97.tar.gz | |
Test provisioning with HSM.
Diffstat (limited to 'lib/oeqa')
| -rw-r--r-- | lib/oeqa/selftest/updater.py | 95 |
1 files changed, 88 insertions, 7 deletions
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index 83febb1..8ee8378 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py | |||
| @@ -42,12 +42,6 @@ class SotaToolsTests(oeSelfTest): | |||
| 42 | result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True) | 42 | result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True) |
| 43 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | 43 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) |
| 44 | 44 | ||
| 45 | class HsmTests(oeSelfTest): | ||
| 46 | |||
| 47 | def test_hsm(self): | ||
| 48 | self.write_config('SOTA_CLIENT_FEATURES="hsm"') | ||
| 49 | bitbake('core-image-minimal') | ||
| 50 | |||
| 51 | 45 | ||
| 52 | class GeneralTests(oeSelfTest): | 46 | class GeneralTests(oeSelfTest): |
| 53 | 47 | ||
| @@ -210,7 +204,7 @@ class QemuTests(oeSelfTest): | |||
| 210 | break | 204 | break |
| 211 | except IOError as e: | 205 | except IOError as e: |
| 212 | print(e) | 206 | print(e) |
| 213 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stdout.decode() + stderr.decode()) | 207 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) |
| 214 | 208 | ||
| 215 | 209 | ||
| 216 | class GrubTests(oeSelfTest): | 210 | class GrubTests(oeSelfTest): |
| @@ -247,6 +241,93 @@ class GrubTests(oeSelfTest): | |||
| 247 | print(value_str) | 241 | print(value_str) |
| 248 | 242 | ||
| 249 | 243 | ||
| 244 | class HsmTests(oeSelfTest): | ||
| 245 | |||
| 246 | def setUpLocal(self): | ||
| 247 | self.write_config('SOTA_CLIENT_PROV = " aktualizr-hsm-prov "') | ||
| 248 | self.write_config('SOTA_CLIENT_FEATURES="hsm"') | ||
| 249 | self.qemu, self.s = qemu_launch(machine='qemux86-64') | ||
| 250 | |||
| 251 | def tearDownLocal(self): | ||
| 252 | qemu_terminate(self.s) | ||
| 253 | |||
| 254 | def run_command(self, command): | ||
| 255 | return qemu_send_command(self.qemu.ssh_port, command) | ||
| 256 | |||
| 257 | def test_provisioning(self): | ||
| 258 | print('') | ||
| 259 | ran_ok = False | ||
| 260 | for delay in [0, 1, 2, 5, 10, 15]: | ||
| 261 | stdout, stderr, retcode = self.run_command('aktualizr-info') | ||
| 262 | if retcode == 0 and stderr == b'': | ||
| 263 | ran_ok = True | ||
| 264 | break | ||
| 265 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) | ||
| 266 | # Verify that device has NOT yet provisioned. | ||
| 267 | self.assertIn(b'Couldn\'t load device ID', stdout, | ||
| 268 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
| 269 | self.assertIn(b'Couldn\'t load ECU serials', stdout, | ||
| 270 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
| 271 | self.assertIn(b'Provisioned on server: no', stdout, | ||
| 272 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
| 273 | self.assertIn(b'Fetched metadata: no', stdout, | ||
| 274 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
| 275 | |||
| 276 | pkcs11_command = 'pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O' | ||
| 277 | stdout, stderr, retcode = self.run_command(pkcs11_command) | ||
| 278 | self.assertNotEqual(retcode, 0, 'pkcs11-tool succeeded before initialization: ' + | ||
| 279 | stdout.decode() + stderr.decode()) | ||
| 280 | softhsm2_command = 'softhsm2-util --show-slots' | ||
| 281 | stdout, stderr, retcode = self.run_command(softhsm2_command) | ||
| 282 | self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' + | ||
| 283 | stdout.decode() + stderr.decode()) | ||
| 284 | |||
| 285 | bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir', 'libdir', | ||
| 286 | 'SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') | ||
| 287 | l = bb_vars['libdir'] | ||
| 288 | p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/aktualizr_cert_provider" | ||
| 289 | creds = bb_vars['SOTA_PACKED_CREDENTIALS'] | ||
| 290 | bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-hsm-prov') | ||
| 291 | config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' | ||
| 292 | self.assertTrue(os.path.isfile(p), msg = "No aktualizr_cert_provider found (%s)" % p) | ||
| 293 | command = ('LD_LIBRARY_PATH=' + l + ' ' + p + ' -c ' + creds + ' -t root@localhost -p ' + | ||
| 294 | str(self.qemu.ssh_port) + ' -r -s -g ' + config) | ||
| 295 | logger = logging.getLogger("selftest") | ||
| 296 | # logger.info('Checking output of: ' + command) | ||
| 297 | result = runCmd(command, ignore_status=True) | ||
| 298 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | ||
| 299 | |||
| 300 | ran_ok = False | ||
| 301 | for delay in [5, 5, 5, 5, 10]: | ||
| 302 | sleep(delay) | ||
| 303 | p11_out, p11_err, p11_ret = self.run_command(pkcs11_command) | ||
| 304 | hsm_out, hsm_err, hsm_ret = self.run_command(softhsm2_command) | ||
| 305 | if p11_ret == 0 and hsm_ret == 0 and hsm_err == b'': | ||
| 306 | ran_ok = True | ||
| 307 | break | ||
| 308 | self.assertTrue(ran_ok, 'pkcs11-tool or softhsm2-tool failed: ' + p11_err.decode() + | ||
| 309 | p11_out.decode() + hsm_err.decode() + hsm_out.decode()) | ||
| 310 | self.assertIn(b'present token', p11_err, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode()) | ||
| 311 | self.assertIn(b'X.509 cert', p11_out, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode()) | ||
| 312 | self.assertIn(b'Initialized: yes', hsm_out, 'softhsm2-tool failed: ' + | ||
| 313 | hsm_err.decode() + hsm_out.decode()) | ||
| 314 | self.assertIn(b'User PIN init.: yes', hsm_out, 'softhsm2-tool failed: ' + | ||
| 315 | hsm_err.decode() + hsm_out.decode()) | ||
| 316 | |||
| 317 | # Verify that device HAS provisioned. | ||
| 318 | ran_ok = False | ||
| 319 | for delay in [5, 5, 5, 5, 10]: | ||
| 320 | sleep(delay) | ||
| 321 | stdout, stderr, retcode = self.run_command('aktualizr-info') | ||
| 322 | if retcode == 0 and stderr == b'' and stdout.decode().find('Provisioned on server: yes') >= 0: | ||
| 323 | ran_ok = True | ||
| 324 | break | ||
| 325 | self.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
| 326 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, | ||
| 327 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
| 328 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
| 329 | |||
| 330 | |||
| 250 | def qemu_launch(efi=False, machine=None): | 331 | def qemu_launch(efi=False, machine=None): |
| 251 | logger = logging.getLogger("selftest") | 332 | logger = logging.getLogger("selftest") |
| 252 | logger.info('Running bitbake to build core-image-minimal') | 333 | logger.info('Running bitbake to build core-image-minimal') |