|
1 | | -#! /bin/bash |
2 | | -# Run an OCSP mock responder server if necessary. |
3 | | -# |
4 | | -# See the tests described in the specification for more info: |
5 | | -# https://github.com/mongodb/specifications/tree/master/source/ocsp-support/tests#integration-tests-permutations-to-be-tested. |
6 | | -# Precondition: mongod is NOT running. The responder should be started first. |
| 1 | +#!/usr/bin/env bash |
| 2 | +set -o errexit |
| 3 | + |
| 4 | +# Run an mock OCSP responder server if necessary. This script should be invoked |
| 5 | +# before starting any MongoDB servers. |
7 | 6 | # |
8 | 7 | # Environment variables: |
9 | 8 | # |
10 | 9 | # TEST_COLUMN |
11 | | -# Required. Corresponds to a column of the test matrix. Set to one of the following: |
12 | | -# TEST_1, TEST_2, TEST_3, TEST_4, SOFT_FAIL_TEST, MALICIOUS_SERVER_TEST_1, MALICIOUS_SERVER_TEST_2 |
| 10 | +# Required. Corresponds to a column of the test matrix. Set to one of the |
| 11 | +# following: "TEST_1", "TEST_2", "TEST_3", "TEST_4", "SOFT_FAIL_TEST", |
| 12 | +# "MALICIOUS_SERVER_TEST_1", or "MALICIOUS_SERVER_TEST_2". |
| 13 | +# |
| 14 | +# See: https://github.com/mongodb/specifications/blob/master/source/ocsp-support/tests/README.rst#integration-tests-permutations-to-be-tested |
| 15 | +# |
13 | 16 | # CERT_TYPE |
14 | | -# Required. Set to either rsa or ecdsa. |
| 17 | +# Required. Set to either "rsa" or "ecdsa". |
| 18 | +# |
15 | 19 | # USE_DELEGATE |
16 | | -# Optional. May be ON or OFF. If a test requires use of a responder, this decides whether |
17 | | -# the responder uses a delegate certificate. Defaults to "OFF" |
18 | | -# SKIP_PIP_INSTALL |
19 | | -# Optional. Skip pip install for required packages for mock responder. |
| 20 | +# Optional. May be "ON" or "OFF". If a test requires use of a responder, this |
| 21 | +# determines whether responder uses a delegate certificate. Defaults to "OFF". |
20 | 22 | # |
21 | | -# Example: |
22 | | -# TEST_COLUMN=TEST_1 CERT_TYPE=rsa ./run-ocsp-test.sh |
| 23 | +# DRIVERS_TOOLS |
| 24 | +# Required. Path to clone of drivers-evergreen-tools repository. |
23 | 25 | # |
24 | | - |
25 | | -# Fail on any command returning a non-zero exit status. |
26 | | -set -o errexit |
| 26 | +# PROJECT_DIRECTORY |
| 27 | +# Required. If a test requires use a responder, its output will be logged to a |
| 28 | +# ocsp-responder.log file in this directory. |
27 | 29 |
|
28 | 30 | USE_DELEGATE=${USE_DELEGATE:-OFF} |
29 | 31 |
|
30 | | -if [ -z "$TEST_COLUMN" -o -z "$CERT_TYPE" ]; then |
31 | | - echo "Required environment variable unset. See file comments for help." |
32 | | - exit 1; |
| 32 | +if [ -z "${CERT_TYPE}" ] || [ -z "${TEST_COLUMN}" ]; then |
| 33 | + echo "CERT_TYPE and TEST_COLUMN are required." |
| 34 | + exit 1 |
33 | 35 | fi |
34 | | -echo "TEST_COLUMN=$TEST_COLUMN" |
35 | | -echo "CERT_TYPE=$CERT_TYPE" |
36 | | -echo "USE_DELEGATE=$USE_DELEGATE" |
37 | | -echo "SKIP_PIP_INSTALL=$SKIP_PIP_INSTALL" |
38 | 36 |
|
39 | | -OS=$(uname -s | tr '[:upper:]' '[:lower:]') |
40 | | -case "$OS" in |
41 | | - cygwin*) OS="WINDOWS" ;; |
42 | | - darwin) OS="MACOS" ;; |
43 | | - *) OS="LINUX" ;; |
| 37 | +if [ "${CERT_TYPE}" != "rsa" ] && [ "${CERT_TYPE}" != "ecdsa" ]; then |
| 38 | + echo "Unsupported value for CERT_TYPE: ${CERT_TYPE}" |
| 39 | + exit 1 |
| 40 | +fi |
| 41 | + |
| 42 | +case "${TEST_COLUMN}" in |
| 43 | + "TEST_1" | "TEST_3") |
| 44 | + RESPONDER="valid" |
| 45 | + ;; |
| 46 | + |
| 47 | + "TEST_2" | "TEST_4" | "MALICIOUS_SERVER_TEST_1") |
| 48 | + RESPONDER="invalid" |
| 49 | + ;; |
| 50 | + |
| 51 | + "SOFT_FAIL_TEST" | "MALICIOUS_SERVER_TEST_2") |
| 52 | + RESPONDER="" |
| 53 | + ;; |
| 54 | + |
| 55 | + *) |
| 56 | + echo "Unsupported value for TEST_COLUMN: ${TEST_COLUMN}" |
| 57 | + exit 1 |
| 58 | + ;; |
44 | 59 | esac |
45 | 60 |
|
46 | | -if [ "TEST_1" = "$TEST_COLUMN" ]; then |
47 | | - RESPONDER_REQUIRED="valid" |
48 | | -elif [ "TEST_2" = "$TEST_COLUMN" ]; then |
49 | | - RESPONDER_REQUIRED="invalid" |
50 | | -elif [ "TEST_3" = "$TEST_COLUMN" ]; then |
51 | | - RESPONDER_REQUIRED="valid" |
52 | | -elif [ "TEST_4" = "$TEST_COLUMN" ]; then |
53 | | - RESPONDER_REQUIRED="invalid" |
54 | | -elif [ "MALICIOUS_SERVER_TEST_1" = "$TEST_COLUMN" ]; then |
55 | | - RESPONDER_REQUIRED="invalid" |
56 | | -else |
57 | | - RESPONDER_REQUIRED="" |
58 | | -fi |
| 61 | +echo "TEST_COLUMN: ${TEST_COLUMN}" |
| 62 | +echo "CERT_TYPE: ${CERT_TYPE}" |
| 63 | +echo "USE_DELEGATE: ${USE_DELEGATE}" |
59 | 64 |
|
60 | | -# Same responder is used for both server and client. So even stapling tests require a responder. |
| 65 | +if [ -n "$RESPONDER" ]; then |
| 66 | + echo "Starting mock OCSP responder" |
61 | 67 |
|
62 | | -if [ -n "$RESPONDER_REQUIRED" ]; then |
63 | | - echo "Starting mock responder" |
64 | | - if [ -z "$SKIP_PIP_INSTALL" ]; then |
65 | | - echo "Installing python dependencies" |
66 | | - # Installing dependencies. |
67 | | - if [ "$OS" = "WINDOWS" ]; then |
68 | | - /cygdrive/c/python/Python36/python --version |
69 | | - /cygdrive/c/python/Python36/python -m virtualenv venv_ocsp |
70 | | - PYTHON="$(pwd)/venv_ocsp/Scripts/python" |
71 | | - else |
72 | | - /opt/mongodbtoolchain/v3/bin/python3 -m venv ./venv_ocsp |
73 | | - PYTHON="$(pwd)/venv_ocsp/bin/python" |
74 | | - fi |
| 68 | + cd ${DRIVERS_TOOLS}/.evergreen/ocsp |
| 69 | + . ./activate-ocspvenv.sh |
75 | 70 |
|
76 | | - REQUIREMENTS="requirements.txt" |
77 | | - if [ ! -f "$REQUIREMENTS" ]; then |
78 | | - curl https://raw.githubusercontent.com/mongodb-labs/drivers-evergreen-tools/master/.evergreen/ocsp/mock-ocsp-responder-requirements.txt -o $REQUIREMENTS |
79 | | - fi |
80 | | - $PYTHON -m pip install -r $REQUIREMENTS |
81 | | - fi |
82 | | - cd "${DRIVERS_TOOLS}/.evergreen/ocsp/$CERT_TYPE" |
83 | | - if [ "$RESPONDER_REQUIRED" = "invalid" ]; then |
| 71 | + if [ "${RESPONDER}" = "invalid" ]; then |
84 | 72 | FAULT="--fault revoked" |
85 | 73 | fi |
86 | | - if [ "ON" = "$USE_DELEGATE" ]; then |
87 | | - RESPONDER_SIGNER="ocsp-responder" |
| 74 | + |
| 75 | + if [ "$USE_DELEGATE" = "ON" ]; then |
| 76 | + SIGNER="ocsp-responder" |
88 | 77 | else |
89 | | - RESPONDER_SIGNER="ca" |
| 78 | + SIGNER="ca" |
90 | 79 | fi |
91 | | - $PYTHON ../ocsp_mock.py \ |
92 | | - --ca_file ca.pem \ |
93 | | - --ocsp_responder_cert $RESPONDER_SIGNER.crt \ |
94 | | - --ocsp_responder_key $RESPONDER_SIGNER.key \ |
| 80 | + |
| 81 | + python ocsp_mock.py \ |
| 82 | + --ca_file ${CERT_TYPE}/ca.pem \ |
| 83 | + --ocsp_responder_cert ${CERT_TYPE}/${SIGNER}.crt \ |
| 84 | + --ocsp_responder_key ${CERT_TYPE}/${SIGNER}.key \ |
95 | 85 | -p 8100 -v $FAULT \ |
96 | | - > ${PROJECT_DIRECTORY}/responder.log 2>&1 & |
97 | | - cd - |
| 86 | + > ${PROJECT_DIRECTORY}/ocsp-responder.log 2>&1 & |
98 | 87 | fi |
0 commit comments