From 77e70beff33d89f30082f3e5d513cd657fa529ea Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 22:17:30 +0100 Subject: Add download-cert client operation with integration test Retrieves the server's DER certificate via GetEndpoints and writes it to a local file. The test starts a secure ServerLDS, downloads its certificate, and verifies it matches the original. --- tests/run_download_cert_test.sh | 114 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100755 tests/run_download_cert_test.sh (limited to 'tests/run_download_cert_test.sh') diff --git a/tests/run_download_cert_test.sh b/tests/run_download_cert_test.sh new file mode 100755 index 0000000..9bcc750 --- /dev/null +++ b/tests/run_download_cert_test.sh @@ -0,0 +1,114 @@ +#!/usr/bin/env bash +# --------------------------------------------------------------- +# Integration test for the download-cert client operation. +# +# Starts a secure ServerLDS, downloads its certificate via the +# client's download-cert operation, and compares the downloaded +# file with the original certificate on disk. +# +# Usage: tests/run_download_cert_test.sh +# +# Exit: 0 when all checks pass, 1 on any failure. +# --------------------------------------------------------------- +set -uo pipefail + +CONFIG_DIR="${1:?Usage: $0 }" + +LDS_PORT=14840 +LDS_PID="" +TMPFILE="" +DOWNLOADED_CERT="" +FAILURES=0 + +# ── ensure certificates exist ───────────────────────────────── +CERT_DIR=certs +GEN_CERT=tools/generate_certificate.sh + +for identity in ServerLDS Client; do + if [ ! -f "$CERT_DIR/${identity}_cert.der" ]; then + "$GEN_CERT" "$CERT_DIR" "$identity" + fi +done + +for store in server_lds client; do + mkdir -p "$CERT_DIR/trust/$store" + for identity in ServerLDS Client; do + cert="$CERT_DIR/${identity}_cert.der" + [ -f "$cert" ] && cp -n "$cert" "$CERT_DIR/trust/$store/" + done +done + +# ── cleanup ──────────────────────────────────────────────────── +cleanup() { + [ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null + [ -n "$TMPFILE" ] && rm -f "$TMPFILE" + [ -n "$DOWNLOADED_CERT" ] && rm -f "$DOWNLOADED_CERT" +} +trap cleanup EXIT + +# ── helpers ──────────────────────────────────────────────────── +wait_for_port() { + local port="$1" pid="$2" label="$3" i=0 + while [ $i -lt 50 ]; do + if ! kill -0 "$pid" 2>/dev/null; then + echo "FAIL: $label exited prematurely" + exit 1 + fi + if ss -tlnp 2>/dev/null | grep -q ":${port} "; then + return 0 + fi + sleep 0.1 + i=$((i + 1)) + done + echo "FAIL: $label did not listen on port $port within 5 s" + exit 1 +} + +check() { + local label="$1" result="$2" + if [ "$result" -eq 0 ]; then + echo "PASS: $label" + else + echo "FAIL: $label" + FAILURES=$((FAILURES + 1)) + fi +} + +# ── port check ───────────────────────────────────────────────── +if ss -tlnp 2>/dev/null | grep -q ":${LDS_PORT} "; then + echo "FAIL: port $LDS_PORT is already in use" + exit 1 +fi + +# ── start LDS ────────────────────────────────────────────────── +build/ServerLDS "$CONFIG_DIR/server_lds.conf" >/dev/null 2>&1 & +LDS_PID=$! +wait_for_port "$LDS_PORT" "$LDS_PID" "ServerLDS" + +# ── download certificate ─────────────────────────────────────── +TMPFILE=$(mktemp) +DOWNLOADED_CERT=$(mktemp --suffix=.der) + +build/Client "$CONFIG_DIR/client.conf" download-cert "opc.tcp://localhost:$LDS_PORT" "$DOWNLOADED_CERT" >"$TMPFILE" 2>&1 +DC_RC=$? +DC_OUTPUT=$(<"$TMPFILE") + +[ "$DC_RC" -eq 0 ] +check "download-cert exit code is 0 (got $DC_RC)" $? + +echo "$DC_OUTPUT" | grep -q "Certificate saved to" +check "download-cert output contains 'Certificate saved to'" $? + +# ── compare with original ───────────────────────────────────── +cmp -s "$DOWNLOADED_CERT" "certs/ServerLDS_cert.der" +check "downloaded certificate matches certs/ServerLDS_cert.der" $? + +# ── result ───────────────────────────────────────────────────── +if [ "$FAILURES" -ne 0 ]; then + echo "" + echo "--- download-cert output ---" + echo "$DC_OUTPUT" + echo "--- end ---" + exit 1 +fi +exit 0 -- cgit v1.2.3