Refactor tls test for new cert command. (#2676)

* Refactor tls test for new cert command.

Closes #2615

* forgot to add test6 and clean

* fix typo in 'reload'

* removed vars from old tests

* explicit failure reason

* send KILL instead of INT to make sure all dgraphs are killed

contrib/tlstest/Makefile

@@ -1,63 +1,60 @@
-KEYBITS=2048
-PASS=secret
-
-KEYS=ca.key server.key client.key server_pass.key client_pass.key server3.key
-CERTS=ca.crt server.crt client.crt server_pass.crt client_pass.crt server3.crt
+#
+# Copyright 2017-2018 Dgraph Labs, Inc. and Contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+DGRAPH_PATH = $(GOPATH)/src/github.com/dgraph-io/dgraph/dgraph
+DGRAPH_BIN  = $(DGRAPH_PATH)/dgraph
+
+TARGETS     = test1 test2 test3 test4 test5 test6
+KEYBITS     = 2048
+
+.PHONY: all
+all: cert $(TARGETS)
 
 test: all
-	@echo -e "\n\n\nTESTING...\n"
-	@echo "Basic TLS communication, unencrypted keys"
-	@./test.sh ./server_nopass.sh ./client_nocert.sh 0
-	@echo "Basic TLS communication, encrypted keys (with password)"
-	@./test.sh ./server_pass.sh ./client_pass.sh 0
-	@echo "TLS client authentication, unencrypted key"
-	@./test.sh ./server_nopass_client_auth.sh ./client_nopass.sh 0
-	@echo "TLS client authentication, no client cert (failure expected)"
-	@./test.sh ./server_nopass_client_auth.sh ./client_nocert.sh 1
-	@echo "Invalid server name (failure expected)"
-	@./test.sh ./server_nopass.sh ./client_pass.sh 1
-	@echo "TLS protocol versions mismatch (failure expected)"
-	@./test.sh ./server_11.sh ./client_12.sh 1
-	@echo "TLS certificate reloading"
-	@./test_reload.sh
-
-all: ca $(KEYS) $(CERTS)
-
-clean:
-	git clean -d -f
 
-ca:
-	@mkdir -p newcerts
-	@touch index.txt
-	@touch index.txt.attr
-	@echo 1000 > serial
+cert:
+	@echo "Generating CA cert in 'tls' dir."
+	@$(MAKE) -C $(DGRAPH_PATH) all
+	@$(DGRAPH_BIN) cert --keysize $(KEYBITS) -d $(PWD)/tls -n localhost -c live
 
-ca.crt: ca.key
-	openssl req -key ca.key -new -x509 -extensions v3_ca -out ca.crt -nodes -subj "/C=AU/L=Sydney/O=Dgraph/CN=ca.dgraph.io"
+test1: cert
+	@echo "Test 1: Alpha non-TLS, Live non-TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) ./test.sh ./alpha_notls.sh ./live_notls.sh 0)
 
-ca.key:
-	openssl genrsa -out ca.key $(KEYBITS)
+test2: cert
+	@echo "Test 2: Alpha non-TLS, Live TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) ./test.sh ./alpha_notls.sh ./live_tls.sh 1)
 
-server.csr server.key:
-	openssl req -new -newkey rsa:$(KEYBITS) -keyout server.key -out server.csr -nodes -subj "/C=AU/L=Sydney/O=Dgraph/CN=server1.dgraph.io"
+test3: cert
+	@echo "Test 3: Alpha TLS, Live non-TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) ./test.sh ./alpha_tls.sh ./live_notls.sh 1)
 
-server3.csr server3.key:
-	openssl req -new -newkey rsa:$(KEYBITS) -keyout server3.key -out server3.csr -nodes -subj "/C=AU/L=Sydney/O=Dgraph/CN=server3.dgraph.io"
+test4: cert
+	@echo "Test 4: Alpha TLS, Live TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) ./test.sh ./alpha_tls.sh ./live_tls.sh 0)
 
-client.csr client.key:
-	openssl req -new -newkey rsa:$(KEYBITS) -keyout client.key -out client.csr -nodes -subj "/C=AU/L=Sydney/O=Dgraph/CN=client1.dgraph.io"
+test5: cert
+	@echo "Test 5: Alpha TLS Auth, Live TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) ./test.sh ./alpha_tls_auth.sh ./live_tls_auth.sh 0)
 
-server_pass.key:
-	openssl genrsa -aes256 -out server_pass.key -passout pass:$(PASS) $(KEYBITS)
+test6: cert
+	@echo "Test 6: Alpha TLS reload, Live TLS"
+	@(DGRAPH_BIN=$(DGRAPH_BIN) RELOAD_TEST=1 ./test.sh ./alpha_tls.sh ./live_tls.sh 1)
 
-client_pass.key:
-	openssl genrsa -aes256 -out client_pass.key -passout pass:$(PASS) $(KEYBITS)
-
-server_pass.csr: server_pass.key
-	openssl req -new -key server_pass.key -out server_pass.csr -subj "/C=AU/L=Sydney/O=Dgraph/CN=server2.dgraph.io" -passin pass:$(PASS) -passout pass:$(PASS)
-
-client_pass.csr: client_pass.key
-	openssl req -new -key client_pass.key -out client_pass.csr -subj "/C=AU/L=Sydney/O=Dgraph/CN=client2.dgraph.io" -passin pass:$(PASS) -passout pass:$(PASS)
+clean:
+	git clean -d -f
 
-%.crt: %.csr ca.crt ca.key
-	openssl ca -config openssl.cnf -days 365 -notext -cert ca.crt -keyfile ca.key -in $< -out $@ -batch

contrib/tlstest/alpha_notls.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN alpha --lru_mb 2048 --zero 127.0.0.1:5081 &> alpha.log

contrib/tlstest/alpha_tls.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN alpha --tls_dir $PWD/tls --lru_mb 2048 --zero 127.0.0.1:5081 &> alpha.log

contrib/tlstest/alpha_tls_auth.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN alpha --tls_dir $PWD/tls --tls_client_auth REQUIREANDVERIFY --lru_mb 2048 --zero 127.0.0.1:5081 &> alpha.log

contrib/tlstest/live_notls.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN live -d localhost:9080 -r data.rdf.gz -z 127.0.0.1:5081

contrib/tlstest/live_tls.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN live -d localhost:9080 --tls_dir $PWD/tls -r data.rdf.gz -z 127.0.0.1:5081

contrib/tlstest/live_tls_auth.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+set -e
+$DGRAPH_BIN live -d localhost:9080 --tls_dir $PWD/tls --tls_server_name localhost -r data.rdf.gz -z 127.0.0.1:5081

contrib/tlstest/test.sh

@@ -1,33 +1,33 @@
 #!/bin/bash
+trap "cleanup" EXIT
 
-killall -9 dgraph || true
-
-DGRAPH_ROOT=$GOPATH/src/github.com/dgraph-io/dgraph/dgraph
-function build {
-  pushd $DGRAPH_ROOT > /dev/null
-  go build .
-  popd > /dev/null
+cleanup() {
+  killall -KILL dgraph >/dev/null 2>/dev/null
 }
 
-SERVER=$1
-CLIENT=$2
+ALPHA=$1
+LIVE=$2
 EXPECTED=$3
 
-build "dgraph"
-
-$DGRAPH_ROOT/dgraph zero -w zw -o 1 > zero.log 2>&1 &
+$DGRAPH_BIN zero -w zw -o 1 > zero.log 2>&1 &
 sleep 5
 
+$ALPHA >/dev/null 2>&1 &
 
-$SERVER > /dev/null 2>&1 &
-timeout 30s $CLIENT > client.log 2>&1
-RESULT=$?
-# echo -e "Result $RESULT"
+if [ "x$RELOAD_TEST" != "x" ]; then
+  trap '' HUP
+  rm -f ./tls/ca.key
+  $DGRAPH_BIN cert -d $PWD/tls -n localhost -c live --force
+  killall -HUP dgraph >/dev/null 2>/dev/null
+  sleep 3
+fi
 
-echo "$SERVER <-> $CLIENT: $RESULT (expected: $EXPECTED)"
+timeout 30s $LIVE > live.log 2>&1
+RESULT=$?
 
-if [ $RESULT == $EXPECTED ]; then
-	exit 0
-else
-	exit 1
+if [ $RESULT != $EXPECTED ]; then
+  echo "$ALPHA <-> $LIVE, Result: $RESULT != Expected: $EXPECTED"
+  exit 1
 fi
+
+exit 0

contrib/tlstest/test_reload.sh

@@ -1,35 +1,33 @@
 #!/bin/bash
 
-killall dgraph
+trap "cleanup" EXIT
 
-SERVER=./server_reload.sh
-CLIENT=./client_nopass.sh
-EXPECTED=1
-
-cp server.crt server_reload.crt
-cp server.key server_reload.key
+cleanup() {
+  killall -9 dgraph >/dev/null 2>/dev/null
+}
 
+ALPHA=./alpha_tls.sh
+LIVE=./live_tls.sh
+EXPECTED=1
 
-$GOPATH/src/github.com/dgraph-io/dgraph/dgraph/dgraph zero -w zw -o 1> /dev/null 2>&1 &
+$DGRAPH_BIN zero -w zw -o 1 > zero.log 2>&1 &
 sleep 5
 
 # start the server
-$SERVER > /dev/null 2>&1 &
-P=$!
-timeout 30s $CLIENT > /dev/null 2>&1
+$ALPHA > /dev/null 2>&1 &
+timeout 30s $LIVE > /dev/null 2>&1
 RESULT=$?
 
-# reload server certificate
-cp server3.crt server_reload.crt
-cp server3.key server_reload.key
+# regenerate TLS certificate
+rm -f ./tls/ca.key
+$DGRAPH_BIN cert -d $PWD/tls -n localhost -c live --force
 pkill -HUP dgraph > /dev/null 2>&1
 
 # try to connect again
-timeout 30s $CLIENT > /dev/null 2>&1
+timeout 30s $LIVE > /dev/null 2>&1
 RESULT=$?
 
 if [ $RESULT == $EXPECTED ]; then
-	echo "TLS certificate reloaded successfully"
 	exit 0
 else
 	echo "Error while reloading TLS certificate"