summaryrefslogtreecommitdiffstats
path: root/lib/oeqa
diff options
context:
space:
mode:
authorPatrick Vacek <patrickvacek@gmail.com>2018-02-13 18:08:39 +0100
committerPatrick Vacek <patrickvacek@gmail.com>2018-02-20 11:01:34 +0100
commit586394dc9f7b5e97c827ea982dd69692f3ca0c97 (patch)
treefb473aff2d9d8b05af1d878f0f03765c26b5f43f /lib/oeqa
parent9e4918cff53c6154b5bcee2e28deca08280aff75 (diff)
downloadmeta-updater-586394dc9f7b5e97c827ea982dd69692f3ca0c97.tar.gz
Test provisioning with HSM.
Diffstat (limited to 'lib/oeqa')
-rw-r--r--lib/oeqa/selftest/updater.py95
1 files changed, 88 insertions, 7 deletions
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py
index 83febb1..8ee8378 100644
--- a/lib/oeqa/selftest/updater.py
+++ b/lib/oeqa/selftest/updater.py
@@ -42,12 +42,6 @@ class SotaToolsTests(oeSelfTest):
42 result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True) 42 result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True)
43 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) 43 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
44 44
45class HsmTests(oeSelfTest):
46
47 def test_hsm(self):
48 self.write_config('SOTA_CLIENT_FEATURES="hsm"')
49 bitbake('core-image-minimal')
50
51 45
52class GeneralTests(oeSelfTest): 46class GeneralTests(oeSelfTest):
53 47
@@ -210,7 +204,7 @@ class QemuTests(oeSelfTest):
210 break 204 break
211 except IOError as e: 205 except IOError as e:
212 print(e) 206 print(e)
213 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stdout.decode() + stderr.decode()) 207 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
214 208
215 209
216class GrubTests(oeSelfTest): 210class GrubTests(oeSelfTest):
@@ -247,6 +241,93 @@ class GrubTests(oeSelfTest):
247 print(value_str) 241 print(value_str)
248 242
249 243
244class HsmTests(oeSelfTest):
245
246 def setUpLocal(self):
247 self.write_config('SOTA_CLIENT_PROV = " aktualizr-hsm-prov "')
248 self.write_config('SOTA_CLIENT_FEATURES="hsm"')
249 self.qemu, self.s = qemu_launch(machine='qemux86-64')
250
251 def tearDownLocal(self):
252 qemu_terminate(self.s)
253
254 def run_command(self, command):
255 return qemu_send_command(self.qemu.ssh_port, command)
256
257 def test_provisioning(self):
258 print('')
259 ran_ok = False
260 for delay in [0, 1, 2, 5, 10, 15]:
261 stdout, stderr, retcode = self.run_command('aktualizr-info')
262 if retcode == 0 and stderr == b'':
263 ran_ok = True
264 break
265 self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode())
266 # Verify that device has NOT yet provisioned.
267 self.assertIn(b'Couldn\'t load device ID', stdout,
268 'Device already provisioned!? ' + stderr.decode() + stdout.decode())
269 self.assertIn(b'Couldn\'t load ECU serials', stdout,
270 'Device already provisioned!? ' + stderr.decode() + stdout.decode())
271 self.assertIn(b'Provisioned on server: no', stdout,
272 'Device already provisioned!? ' + stderr.decode() + stdout.decode())
273 self.assertIn(b'Fetched metadata: no', stdout,
274 'Device already provisioned!? ' + stderr.decode() + stdout.decode())
275
276 pkcs11_command = 'pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O'
277 stdout, stderr, retcode = self.run_command(pkcs11_command)
278 self.assertNotEqual(retcode, 0, 'pkcs11-tool succeeded before initialization: ' +
279 stdout.decode() + stderr.decode())
280 softhsm2_command = 'softhsm2-util --show-slots'
281 stdout, stderr, retcode = self.run_command(softhsm2_command)
282 self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' +
283 stdout.decode() + stderr.decode())
284
285 bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir', 'libdir',
286 'SOTA_PACKED_CREDENTIALS'], 'aktualizr-native')
287 l = bb_vars['libdir']
288 p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/aktualizr_cert_provider"
289 creds = bb_vars['SOTA_PACKED_CREDENTIALS']
290 bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-hsm-prov')
291 config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml'
292 self.assertTrue(os.path.isfile(p), msg = "No aktualizr_cert_provider found (%s)" % p)
293 command = ('LD_LIBRARY_PATH=' + l + ' ' + p + ' -c ' + creds + ' -t root@localhost -p ' +
294 str(self.qemu.ssh_port) + ' -r -s -g ' + config)
295 logger = logging.getLogger("selftest")
296 # logger.info('Checking output of: ' + command)
297 result = runCmd(command, ignore_status=True)
298 self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output)
299
300 ran_ok = False
301 for delay in [5, 5, 5, 5, 10]:
302 sleep(delay)
303 p11_out, p11_err, p11_ret = self.run_command(pkcs11_command)
304 hsm_out, hsm_err, hsm_ret = self.run_command(softhsm2_command)
305 if p11_ret == 0 and hsm_ret == 0 and hsm_err == b'':
306 ran_ok = True
307 break
308 self.assertTrue(ran_ok, 'pkcs11-tool or softhsm2-tool failed: ' + p11_err.decode() +
309 p11_out.decode() + hsm_err.decode() + hsm_out.decode())
310 self.assertIn(b'present token', p11_err, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode())
311 self.assertIn(b'X.509 cert', p11_out, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode())
312 self.assertIn(b'Initialized: yes', hsm_out, 'softhsm2-tool failed: ' +
313 hsm_err.decode() + hsm_out.decode())
314 self.assertIn(b'User PIN init.: yes', hsm_out, 'softhsm2-tool failed: ' +
315 hsm_err.decode() + hsm_out.decode())
316
317 # Verify that device HAS provisioned.
318 ran_ok = False
319 for delay in [5, 5, 5, 5, 10]:
320 sleep(delay)
321 stdout, stderr, retcode = self.run_command('aktualizr-info')
322 if retcode == 0 and stderr == b'' and stdout.decode().find('Provisioned on server: yes') >= 0:
323 ran_ok = True
324 break
325 self.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode())
326 self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout,
327 'Provisioning failed: ' + stderr.decode() + stdout.decode())
328 self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode())
329
330
250def qemu_launch(efi=False, machine=None): 331def qemu_launch(efi=False, machine=None):
251 logger = logging.getLogger("selftest") 332 logger = logging.getLogger("selftest")
252 logger.info('Running bitbake to build core-image-minimal') 333 logger.info('Running bitbake to build core-image-minimal')