From 99b5b4416193fafaa815746ea756900d2ab26917 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Wed, 18 Feb 2026 15:39:29 +0100 Subject: Make client/server encryption optional, rename tests to full names Make encryption optional for both ServerRegister's LDS client connection and the server side of ServerLDS/ServerRegister: when certificate, privateKey, and trustStore are omitted the programs run with SecurityPolicy#None only. Secure servers also add a discovery-only None endpoint so unencrypted clients can still call FindServers and GetEndpoints. Consolidate tests from 5 policy-specific cases (nosec_anon, none_user, basic256sha256_anon, aes256_anon, aes128_user) down to 3 that cover the important axes: unsecure_anonymous, secure_anonymous, secure_user. Rename directories to use full names. Auto-generate certificates and trust stores in run_test.sh. Update readme and CLAUDE.md to reflect the current program interface (unified Client binary, split ServerRegister configs) and the new test names. --- tests/aes128_user/client.conf | 14 -------------- tests/aes128_user/server_lds.conf | 14 -------------- tests/aes128_user/server_register.conf | 14 -------------- tests/aes128_user/server_register_client.conf | 14 -------------- tests/aes256_anon/client.conf | 12 ------------ tests/aes256_anon/server_lds.conf | 12 ------------ tests/aes256_anon/server_register.conf | 12 ------------ tests/aes256_anon/server_register_client.conf | 12 ------------ tests/basic256sha256_anon/client.conf | 12 ------------ tests/basic256sha256_anon/server_lds.conf | 12 ------------ tests/basic256sha256_anon/server_register.conf | 12 ------------ tests/basic256sha256_anon/server_register_client.conf | 12 ------------ tests/none_user/client.conf | 14 -------------- tests/none_user/server_lds.conf | 14 -------------- tests/none_user/server_register.conf | 14 -------------- tests/none_user/server_register_client.conf | 14 -------------- tests/nosec_anon/client.conf | 12 ------------ tests/nosec_anon/server_lds.conf | 9 --------- tests/nosec_anon/server_register.conf | 8 -------- tests/nosec_anon/server_register_client.conf | 13 ------------- tests/run_test.sh | 19 +++++++++++++++++++ tests/secure_anonymous/client.conf | 12 ++++++++++++ tests/secure_anonymous/server_lds.conf | 13 +++++++++++++ tests/secure_anonymous/server_register.conf | 12 ++++++++++++ tests/secure_anonymous/server_register_client.conf | 13 +++++++++++++ tests/secure_user/client.conf | 14 ++++++++++++++ tests/secure_user/server_lds.conf | 13 +++++++++++++ tests/secure_user/server_register.conf | 14 ++++++++++++++ tests/secure_user/server_register_client.conf | 13 +++++++++++++ tests/unsecure_anonymous/client.conf | 15 +++++++++++++++ tests/unsecure_anonymous/server_lds.conf | 13 +++++++++++++ tests/unsecure_anonymous/server_register.conf | 8 ++++++++ tests/unsecure_anonymous/server_register_client.conf | 13 +++++++++++++ 33 files changed, 172 insertions(+), 250 deletions(-) delete mode 100644 tests/aes128_user/client.conf delete mode 100644 tests/aes128_user/server_lds.conf delete mode 100644 tests/aes128_user/server_register.conf delete mode 100644 tests/aes128_user/server_register_client.conf delete mode 100644 tests/aes256_anon/client.conf delete mode 100644 tests/aes256_anon/server_lds.conf delete mode 100644 tests/aes256_anon/server_register.conf delete mode 100644 tests/aes256_anon/server_register_client.conf delete mode 100644 tests/basic256sha256_anon/client.conf delete mode 100644 tests/basic256sha256_anon/server_lds.conf delete mode 100644 tests/basic256sha256_anon/server_register.conf delete mode 100644 tests/basic256sha256_anon/server_register_client.conf delete mode 100644 tests/none_user/client.conf delete mode 100644 tests/none_user/server_lds.conf delete mode 100644 tests/none_user/server_register.conf delete mode 100644 tests/none_user/server_register_client.conf delete mode 100644 tests/nosec_anon/client.conf delete mode 100644 tests/nosec_anon/server_lds.conf delete mode 100644 tests/nosec_anon/server_register.conf delete mode 100644 tests/nosec_anon/server_register_client.conf create mode 100644 tests/secure_anonymous/client.conf create mode 100644 tests/secure_anonymous/server_lds.conf create mode 100644 tests/secure_anonymous/server_register.conf create mode 100644 tests/secure_anonymous/server_register_client.conf create mode 100644 tests/secure_user/client.conf create mode 100644 tests/secure_user/server_lds.conf create mode 100644 tests/secure_user/server_register.conf create mode 100644 tests/secure_user/server_register_client.conf create mode 100644 tests/unsecure_anonymous/client.conf create mode 100644 tests/unsecure_anonymous/server_lds.conf create mode 100644 tests/unsecure_anonymous/server_register.conf create mode 100644 tests/unsecure_anonymous/server_register_client.conf (limited to 'tests') diff --git a/tests/aes128_user/client.conf b/tests/aes128_user/client.conf deleted file mode 100644 index 77b43d2..0000000 --- a/tests/aes128_user/client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Client — test: aes128_user - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = SignAndEncrypt -securityPolicy = Aes128_Sha256_RsaOaep - -authMode = user -username = user -password = password diff --git a/tests/aes128_user/server_lds.conf b/tests/aes128_user/server_lds.conf deleted file mode 100644 index 86bf196..0000000 --- a/tests/aes128_user/server_lds.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerLDS — test: aes128_user - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = user -username = user -password = password - -cleanupTimeout = 60 diff --git a/tests/aes128_user/server_register.conf b/tests/aes128_user/server_register.conf deleted file mode 100644 index 3c4c88a..0000000 --- a/tests/aes128_user/server_register.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister server config — test: aes128_user - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = user -username = user -password = password - -registerInterval = 10 diff --git a/tests/aes128_user/server_register_client.conf b/tests/aes128_user/server_register_client.conf deleted file mode 100644 index 3e976be..0000000 --- a/tests/aes128_user/server_register_client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister client config — test: aes128_user - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = SignAndEncrypt -securityPolicy = Aes128_Sha256_RsaOaep - -authMode = user -username = user -password = password diff --git a/tests/aes256_anon/client.conf b/tests/aes256_anon/client.conf deleted file mode 100644 index 5141e2c..0000000 --- a/tests/aes256_anon/client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Client — test: aes256_anon - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = SignAndEncrypt -securityPolicy = Aes256_Sha256_RsaPss - -authMode = anonymous diff --git a/tests/aes256_anon/server_lds.conf b/tests/aes256_anon/server_lds.conf deleted file mode 100644 index 763ec54..0000000 --- a/tests/aes256_anon/server_lds.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerLDS — test: aes256_anon - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = anonymous - -cleanupTimeout = 60 diff --git a/tests/aes256_anon/server_register.conf b/tests/aes256_anon/server_register.conf deleted file mode 100644 index 7f08405..0000000 --- a/tests/aes256_anon/server_register.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerRegister server config — test: aes256_anon - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = anonymous - -registerInterval = 10 diff --git a/tests/aes256_anon/server_register_client.conf b/tests/aes256_anon/server_register_client.conf deleted file mode 100644 index 0a79338..0000000 --- a/tests/aes256_anon/server_register_client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerRegister client config — test: aes256_anon - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = SignAndEncrypt -securityPolicy = Aes256_Sha256_RsaPss - -authMode = anonymous diff --git a/tests/basic256sha256_anon/client.conf b/tests/basic256sha256_anon/client.conf deleted file mode 100644 index 26cd1cc..0000000 --- a/tests/basic256sha256_anon/client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Client — test: basic256sha256_anon - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = SignAndEncrypt -securityPolicy = Basic256Sha256 - -authMode = anonymous diff --git a/tests/basic256sha256_anon/server_lds.conf b/tests/basic256sha256_anon/server_lds.conf deleted file mode 100644 index 4560153..0000000 --- a/tests/basic256sha256_anon/server_lds.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerLDS — test: basic256sha256_anon - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = anonymous - -cleanupTimeout = 60 diff --git a/tests/basic256sha256_anon/server_register.conf b/tests/basic256sha256_anon/server_register.conf deleted file mode 100644 index 6a47796..0000000 --- a/tests/basic256sha256_anon/server_register.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerRegister server config — test: basic256sha256_anon - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = anonymous - -registerInterval = 10 diff --git a/tests/basic256sha256_anon/server_register_client.conf b/tests/basic256sha256_anon/server_register_client.conf deleted file mode 100644 index aa0339c..0000000 --- a/tests/basic256sha256_anon/server_register_client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# ServerRegister client config — test: basic256sha256_anon - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = SignAndEncrypt -securityPolicy = Basic256Sha256 - -authMode = anonymous diff --git a/tests/none_user/client.conf b/tests/none_user/client.conf deleted file mode 100644 index eba232e..0000000 --- a/tests/none_user/client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Client — test: none_user - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = None -securityPolicy = None - -authMode = user -username = user -password = password diff --git a/tests/none_user/server_lds.conf b/tests/none_user/server_lds.conf deleted file mode 100644 index 5da2c50..0000000 --- a/tests/none_user/server_lds.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerLDS — test: none_user - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -certificate = certs/ServerLDS_cert.der -privateKey = certs/ServerLDS_key.der -trustStore = certs/trust/server_lds - -authMode = user -username = user -password = password - -cleanupTimeout = 60 diff --git a/tests/none_user/server_register.conf b/tests/none_user/server_register.conf deleted file mode 100644 index c44c0e6..0000000 --- a/tests/none_user/server_register.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister server config — test: none_user - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegister_cert.der -privateKey = certs/ServerRegister_key.der -trustStore = certs/trust/server_register - -authMode = user -username = user -password = password - -registerInterval = 10 diff --git a/tests/none_user/server_register_client.conf b/tests/none_user/server_register_client.conf deleted file mode 100644 index bfc4ce2..0000000 --- a/tests/none_user/server_register_client.conf +++ /dev/null @@ -1,14 +0,0 @@ -# ServerRegister client config — test: none_user - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = None -securityPolicy = None - -authMode = user -username = user -password = password diff --git a/tests/nosec_anon/client.conf b/tests/nosec_anon/client.conf deleted file mode 100644 index 2c74f5e..0000000 --- a/tests/nosec_anon/client.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Client — test: nosec_anon - -applicationUri = urn:localhost:bobink:Client - -certificate = certs/Client_cert.der -privateKey = certs/Client_key.der -trustStore = certs/trust/client - -securityMode = None -securityPolicy = None - -authMode = anonymous diff --git a/tests/nosec_anon/server_lds.conf b/tests/nosec_anon/server_lds.conf deleted file mode 100644 index a4598a0..0000000 --- a/tests/nosec_anon/server_lds.conf +++ /dev/null @@ -1,9 +0,0 @@ -# ServerLDS — test: nosec_anon -# No certificate/privateKey/trustStore: runs with SecurityPolicy#None only. - -port = 14840 -applicationUri = urn:localhost:bobink:ServerLDS - -authMode = anonymous - -cleanupTimeout = 60 diff --git a/tests/nosec_anon/server_register.conf b/tests/nosec_anon/server_register.conf deleted file mode 100644 index 8a2e0c9..0000000 --- a/tests/nosec_anon/server_register.conf +++ /dev/null @@ -1,8 +0,0 @@ -# ServerRegister server config — test: nosec_anon - -port = 14841 -applicationUri = urn:localhost:bobink:ServerRegister - -authMode = anonymous - -registerInterval = 10 diff --git a/tests/nosec_anon/server_register_client.conf b/tests/nosec_anon/server_register_client.conf deleted file mode 100644 index cc81a64..0000000 --- a/tests/nosec_anon/server_register_client.conf +++ /dev/null @@ -1,13 +0,0 @@ -# ServerRegister client config — test: nosec_anon -# Connects to an unsecured LDS, so no trust store for the LDS cert is needed. - -applicationUri = urn:localhost:bobink:ServerRegister - -certificate = certs/ServerRegisterClient_cert.der -privateKey = certs/ServerRegisterClient_key.der -trustStore = certs/trust/server_register_client - -securityMode = None -securityPolicy = None - -authMode = anonymous diff --git a/tests/run_test.sh b/tests/run_test.sh index fc44ad6..2767919 100755 --- a/tests/run_test.sh +++ b/tests/run_test.sh @@ -28,6 +28,25 @@ SR_PID="" TMPFILE="" FAILURES=0 +# ── ensure certificates exist ───────────────────────────────── +CERT_DIR=certs +GEN_CERT=tools/generate_certificate.sh + +for identity in ServerLDS ServerRegister ServerRegisterClient Client; do + if [ ! -f "$CERT_DIR/${identity}_cert.der" ]; then + "$GEN_CERT" "$CERT_DIR" "$identity" + fi +done + +# Populate trust stores: each identity trusts every other identity. +for store in server_lds server_register server_register_client client; do + mkdir -p "$CERT_DIR/trust/$store" + for identity in ServerLDS ServerRegister ServerRegisterClient Client; do + cert="$CERT_DIR/${identity}_cert.der" + [ -f "$cert" ] && cp -n "$cert" "$CERT_DIR/trust/$store/" + done +done + # ── cleanup ──────────────────────────────────────────────────── cleanup() { [ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null diff --git a/tests/secure_anonymous/client.conf b/tests/secure_anonymous/client.conf new file mode 100644 index 0000000..755edec --- /dev/null +++ b/tests/secure_anonymous/client.conf @@ -0,0 +1,12 @@ +# Client — test: secure_anonymous + +applicationUri = urn:localhost:bobink:Client + +certificate = certs/Client_cert.der +privateKey = certs/Client_key.der +trustStore = certs/trust/client + +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 + +authMode = anonymous diff --git a/tests/secure_anonymous/server_lds.conf b/tests/secure_anonymous/server_lds.conf new file mode 100644 index 0000000..f92b803 --- /dev/null +++ b/tests/secure_anonymous/server_lds.conf @@ -0,0 +1,13 @@ +# ServerLDS — test: secure_anonymous +# Secured LDS with discovery-only None endpoint. + +port = 14840 +applicationUri = urn:localhost:bobink:ServerLDS + +certificate = certs/ServerLDS_cert.der +privateKey = certs/ServerLDS_key.der +trustStore = certs/trust/server_lds + +authMode = anonymous + +cleanupTimeout = 60 diff --git a/tests/secure_anonymous/server_register.conf b/tests/secure_anonymous/server_register.conf new file mode 100644 index 0000000..31df277 --- /dev/null +++ b/tests/secure_anonymous/server_register.conf @@ -0,0 +1,12 @@ +# ServerRegister server config — test: secure_anonymous + +port = 14841 +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegister_cert.der +privateKey = certs/ServerRegister_key.der +trustStore = certs/trust/server_register + +authMode = anonymous + +registerInterval = 10 diff --git a/tests/secure_anonymous/server_register_client.conf b/tests/secure_anonymous/server_register_client.conf new file mode 100644 index 0000000..a9c3419 --- /dev/null +++ b/tests/secure_anonymous/server_register_client.conf @@ -0,0 +1,13 @@ +# ServerRegister client config — test: secure_anonymous +# Registers with the secured LDS over an encrypted channel. + +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegisterClient_cert.der +privateKey = certs/ServerRegisterClient_key.der +trustStore = certs/trust/server_register_client + +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 + +authMode = anonymous diff --git a/tests/secure_user/client.conf b/tests/secure_user/client.conf new file mode 100644 index 0000000..85c12e9 --- /dev/null +++ b/tests/secure_user/client.conf @@ -0,0 +1,14 @@ +# Client — test: secure_user + +applicationUri = urn:localhost:bobink:Client + +certificate = certs/Client_cert.der +privateKey = certs/Client_key.der +trustStore = certs/trust/client + +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 + +authMode = user +username = user +password = password diff --git a/tests/secure_user/server_lds.conf b/tests/secure_user/server_lds.conf new file mode 100644 index 0000000..3babf37 --- /dev/null +++ b/tests/secure_user/server_lds.conf @@ -0,0 +1,13 @@ +# ServerLDS — test: secure_user +# Secured LDS with discovery-only None endpoint. + +port = 14840 +applicationUri = urn:localhost:bobink:ServerLDS + +certificate = certs/ServerLDS_cert.der +privateKey = certs/ServerLDS_key.der +trustStore = certs/trust/server_lds + +authMode = anonymous + +cleanupTimeout = 60 diff --git a/tests/secure_user/server_register.conf b/tests/secure_user/server_register.conf new file mode 100644 index 0000000..65e69d8 --- /dev/null +++ b/tests/secure_user/server_register.conf @@ -0,0 +1,14 @@ +# ServerRegister server config — test: secure_user + +port = 14841 +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegister_cert.der +privateKey = certs/ServerRegister_key.der +trustStore = certs/trust/server_register + +authMode = user +username = user +password = password + +registerInterval = 10 diff --git a/tests/secure_user/server_register_client.conf b/tests/secure_user/server_register_client.conf new file mode 100644 index 0000000..c924d8d --- /dev/null +++ b/tests/secure_user/server_register_client.conf @@ -0,0 +1,13 @@ +# ServerRegister client config — test: secure_user +# Registers with the secured LDS over an encrypted channel. + +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegisterClient_cert.der +privateKey = certs/ServerRegisterClient_key.der +trustStore = certs/trust/server_register_client + +securityMode = SignAndEncrypt +securityPolicy = Basic256Sha256 + +authMode = anonymous diff --git a/tests/unsecure_anonymous/client.conf b/tests/unsecure_anonymous/client.conf new file mode 100644 index 0000000..d93000e --- /dev/null +++ b/tests/unsecure_anonymous/client.conf @@ -0,0 +1,15 @@ +# Client — test: unsecure_anonymous +# Has certs for encryption support (needed to negotiate with the secured +# LDS) but no securityMode/securityPolicy — lets the client auto-select +# the best available endpoint on each server. + +applicationUri = urn:localhost:bobink:Client + +# certificate = certs/Client_cert.der +# privateKey = certs/Client_key.der +# trustStore = certs/trust/client +# +securityMode = None +securityPolicy = None + +authMode = anonymous diff --git a/tests/unsecure_anonymous/server_lds.conf b/tests/unsecure_anonymous/server_lds.conf new file mode 100644 index 0000000..b50d03f --- /dev/null +++ b/tests/unsecure_anonymous/server_lds.conf @@ -0,0 +1,13 @@ +# ServerLDS — test: unsecure_anonymous +# Secured LDS with discovery-only None endpoint. + +port = 14840 +applicationUri = urn:localhost:bobink:ServerLDS + +# certificate = certs/ServerLDS_cert.der +# privateKey = certs/ServerLDS_key.der +# trustStore = certs/trust/server_lds + +authMode = anonymous + +cleanupTimeout = 60 diff --git a/tests/unsecure_anonymous/server_register.conf b/tests/unsecure_anonymous/server_register.conf new file mode 100644 index 0000000..db96fa7 --- /dev/null +++ b/tests/unsecure_anonymous/server_register.conf @@ -0,0 +1,8 @@ +# ServerRegister server config — test: unsecure_anonymous + +port = 14841 +applicationUri = urn:localhost:bobink:ServerRegister + +authMode = anonymous + +registerInterval = 10 diff --git a/tests/unsecure_anonymous/server_register_client.conf b/tests/unsecure_anonymous/server_register_client.conf new file mode 100644 index 0000000..c2ae348 --- /dev/null +++ b/tests/unsecure_anonymous/server_register_client.conf @@ -0,0 +1,13 @@ +# ServerRegister client config — test: unsecure_anonymous +# Registers with the secured LDS over an encrypted channel. + +applicationUri = urn:localhost:bobink:ServerRegister + +certificate = certs/ServerRegisterClient_cert.der +privateKey = certs/ServerRegisterClient_key.der +trustStore = certs/trust/server_register_client + +securityMode = None +securityPolicy = None + +authMode = anonymous -- cgit v1.2.3