Lines Matching +full:migration +full:- +full:test
2 * QTest testcases for TLS migration
4 * Copyright (c) 2016-2018 Red Hat, Inc. and/or its affiliates
5 * based on the vhost-user-test.c that is:
9 * See the COPYING file in the top-level directory.
16 #include "migration/framework.h"
17 #include "migration/migration-qmp.h"
18 #include "migration/migration-util.h"
20 #include "tests/unit/crypto-tls-psk-helpers.h"
22 # include "tests/unit/crypto-tls-x509-helpers.h"
43 data->workdir = g_strdup_printf("%s/tlscredspsk0", tmpfs); in migrate_hook_start_tls_psk_common()
44 data->pskfile = g_strdup_printf("%s/%s", data->workdir, in migrate_hook_start_tls_psk_common()
46 g_mkdir_with_parents(data->workdir, 0700); in migrate_hook_start_tls_psk_common()
47 test_tls_psk_init(data->pskfile); in migrate_hook_start_tls_psk_common()
50 data->workdiralt = g_strdup_printf("%s/tlscredspskalt0", tmpfs); in migrate_hook_start_tls_psk_common()
51 data->pskfilealt = g_strdup_printf("%s/%s", data->workdiralt, in migrate_hook_start_tls_psk_common()
53 g_mkdir_with_parents(data->workdiralt, 0700); in migrate_hook_start_tls_psk_common()
54 test_tls_psk_init_alt(data->pskfilealt); in migrate_hook_start_tls_psk_common()
58 "{ 'execute': 'object-add'," in migrate_hook_start_tls_psk_common()
59 " 'arguments': { 'qom-type': 'tls-creds-psk'," in migrate_hook_start_tls_psk_common()
64 data->workdir); in migrate_hook_start_tls_psk_common()
67 "{ 'execute': 'object-add'," in migrate_hook_start_tls_psk_common()
68 " 'arguments': { 'qom-type': 'tls-creds-psk'," in migrate_hook_start_tls_psk_common()
72 mismatch ? data->workdiralt : data->workdir); in migrate_hook_start_tls_psk_common()
74 migrate_set_parameter_str(from, "tls-creds", "tlscredspsk0"); in migrate_hook_start_tls_psk_common()
75 migrate_set_parameter_str(to, "tls-creds", "tlscredspsk0"); in migrate_hook_start_tls_psk_common()
101 test_tls_psk_cleanup(data->pskfile); in migrate_hook_end_tls_psk()
102 if (data->pskfilealt) { in migrate_hook_end_tls_psk()
103 test_tls_psk_cleanup(data->pskfilealt); in migrate_hook_end_tls_psk()
105 rmdir(data->workdir); in migrate_hook_end_tls_psk()
106 if (data->workdiralt) { in migrate_hook_end_tls_psk()
107 rmdir(data->workdiralt); in migrate_hook_end_tls_psk()
110 g_free(data->workdiralt); in migrate_hook_end_tls_psk()
111 g_free(data->pskfilealt); in migrate_hook_end_tls_psk()
112 g_free(data->workdir); in migrate_hook_end_tls_psk()
113 g_free(data->pskfile); in migrate_hook_end_tls_psk()
144 data->workdir = g_strdup_printf("%s/tlscredsx5090", tmpfs); in migrate_hook_start_tls_x509_common()
145 data->keyfile = g_strdup_printf("%s/key.pem", data->workdir); in migrate_hook_start_tls_x509_common()
147 data->cacert = g_strdup_printf("%s/ca-cert.pem", data->workdir); in migrate_hook_start_tls_x509_common()
148 data->serverkey = g_strdup_printf("%s/server-key.pem", data->workdir); in migrate_hook_start_tls_x509_common()
149 data->servercert = g_strdup_printf("%s/server-cert.pem", data->workdir); in migrate_hook_start_tls_x509_common()
150 if (args->clientcert) { in migrate_hook_start_tls_x509_common()
151 data->clientkey = g_strdup_printf("%s/client-key.pem", data->workdir); in migrate_hook_start_tls_x509_common()
152 data->clientcert = g_strdup_printf("%s/client-cert.pem", data->workdir); in migrate_hook_start_tls_x509_common()
155 g_mkdir_with_parents(data->workdir, 0700); in migrate_hook_start_tls_x509_common()
157 test_tls_init(data->keyfile); in migrate_hook_start_tls_x509_common()
159 g_assert(link(data->keyfile, data->serverkey) == 0); in migrate_hook_start_tls_x509_common()
161 g_assert(CreateHardLink(data->serverkey, data->keyfile, NULL) != 0); in migrate_hook_start_tls_x509_common()
163 if (args->clientcert) { in migrate_hook_start_tls_x509_common()
165 g_assert(link(data->keyfile, data->clientkey) == 0); in migrate_hook_start_tls_x509_common()
167 g_assert(CreateHardLink(data->clientkey, data->keyfile, NULL) != 0); in migrate_hook_start_tls_x509_common()
171 TLS_ROOT_REQ_SIMPLE(cacertreq, data->cacert); in migrate_hook_start_tls_x509_common()
172 if (args->clientcert) { in migrate_hook_start_tls_x509_common()
174 args->hostileclient ? in migrate_hook_start_tls_x509_common()
177 data->clientcert); in migrate_hook_start_tls_x509_common()
182 data->servercert, in migrate_hook_start_tls_x509_common()
183 args->certhostname, in migrate_hook_start_tls_x509_common()
184 args->certipaddr); in migrate_hook_start_tls_x509_common()
189 "{ 'execute': 'object-add'," in migrate_hook_start_tls_x509_common()
190 " 'arguments': { 'qom-type': 'tls-creds-x509'," in migrate_hook_start_tls_x509_common()
194 " 'sanity-check': true," in migrate_hook_start_tls_x509_common()
195 " 'verify-peer': true} }", in migrate_hook_start_tls_x509_common()
196 data->workdir); in migrate_hook_start_tls_x509_common()
197 migrate_set_parameter_str(from, "tls-creds", "tlscredsx509client0"); in migrate_hook_start_tls_x509_common()
198 if (args->certhostname) { in migrate_hook_start_tls_x509_common()
199 migrate_set_parameter_str(from, "tls-hostname", args->certhostname); in migrate_hook_start_tls_x509_common()
203 "{ 'execute': 'object-add'," in migrate_hook_start_tls_x509_common()
204 " 'arguments': { 'qom-type': 'tls-creds-x509'," in migrate_hook_start_tls_x509_common()
208 " 'sanity-check': true," in migrate_hook_start_tls_x509_common()
209 " 'verify-peer': %i} }", in migrate_hook_start_tls_x509_common()
210 data->workdir, args->verifyclient); in migrate_hook_start_tls_x509_common()
211 migrate_set_parameter_str(to, "tls-creds", "tlscredsx509server0"); in migrate_hook_start_tls_x509_common()
213 if (args->authzclient) { in migrate_hook_start_tls_x509_common()
215 "{ 'execute': 'object-add'," in migrate_hook_start_tls_x509_common()
216 " 'arguments': { 'qom-type': 'authz-simple'," in migrate_hook_start_tls_x509_common()
220 migrate_set_parameter_str(to, "tls-authz", "tlsauthz0"); in migrate_hook_start_tls_x509_common()
339 test_tls_cleanup(data->keyfile); in migrate_hook_end_tls_x509()
340 g_free(data->keyfile); in migrate_hook_end_tls_x509()
342 unlink(data->cacert); in migrate_hook_end_tls_x509()
343 g_free(data->cacert); in migrate_hook_end_tls_x509()
344 unlink(data->servercert); in migrate_hook_end_tls_x509()
345 g_free(data->servercert); in migrate_hook_end_tls_x509()
346 unlink(data->serverkey); in migrate_hook_end_tls_x509()
347 g_free(data->serverkey); in migrate_hook_end_tls_x509()
349 if (data->clientcert) { in migrate_hook_end_tls_x509()
350 unlink(data->clientcert); in migrate_hook_end_tls_x509()
351 g_free(data->clientcert); in migrate_hook_end_tls_x509()
353 if (data->clientkey) { in migrate_hook_end_tls_x509()
354 unlink(data->clientkey); in migrate_hook_end_tls_x509()
355 g_free(data->clientkey); in migrate_hook_end_tls_x509()
358 rmdir(data->workdir); in migrate_hook_end_tls_x509()
359 g_free(data->workdir); in migrate_hook_end_tls_x509()
411 /* This contains preempt+recovery+tls test altogether */
732 * This has different behaviour to the non-multifd case. in test_multifd_tcp_tls_x509_mismatch_host()
734 * In non-multifd case when client aborts due to mismatched in test_multifd_tcp_tls_x509_mismatch_host()
736 * migration state, and so it exits with I/O failure. in test_multifd_tcp_tls_x509_mismatch_host()
741 * to load migration state, and thus just aborts the migration in test_multifd_tcp_tls_x509_mismatch_host()
788 migration_test_add("/migration/precopy/tcp/tls/psk/match", in migration_test_add_tls_smoke()
794 tmpfs = env->tmpfs; in migration_test_add_tls()
798 if (!env->full_set) { in migration_test_add_tls()
802 migration_test_add("/migration/precopy/unix/tls/psk", in migration_test_add_tls()
805 if (env->has_uffd) { in migration_test_add_tls()
807 * NOTE: psk test is enough for postcopy, as other types of TLS in migration_test_add_tls()
808 * channels are tested under precopy. Here what we want to test is the in migration_test_add_tls()
811 migration_test_add("/migration/postcopy/tls/psk", in migration_test_add_tls()
813 migration_test_add("/migration/postcopy/recovery/tls/psk", in migration_test_add_tls()
815 migration_test_add("/migration/postcopy/preempt/tls/psk", in migration_test_add_tls()
817 migration_test_add("/migration/postcopy/preempt/recovery/tls/psk", in migration_test_add_tls()
819 migration_test_add("/migration/multifd+postcopy/recovery/tls/psk", in migration_test_add_tls()
822 "/migration/multifd+postcopy/preempt/recovery/tls/psk", in migration_test_add_tls()
826 migration_test_add("/migration/precopy/unix/tls/x509/default-host", in migration_test_add_tls()
828 migration_test_add("/migration/precopy/unix/tls/x509/override-host", in migration_test_add_tls()
832 migration_test_add("/migration/precopy/tcp/tls/psk/mismatch", in migration_test_add_tls()
835 migration_test_add("/migration/precopy/tcp/tls/x509/default-host", in migration_test_add_tls()
837 migration_test_add("/migration/precopy/tcp/tls/x509/override-host", in migration_test_add_tls()
839 migration_test_add("/migration/precopy/tcp/tls/x509/mismatch-host", in migration_test_add_tls()
841 migration_test_add("/migration/precopy/tcp/tls/x509/friendly-client", in migration_test_add_tls()
843 migration_test_add("/migration/precopy/tcp/tls/x509/hostile-client", in migration_test_add_tls()
845 migration_test_add("/migration/precopy/tcp/tls/x509/allow-anon-client", in migration_test_add_tls()
847 migration_test_add("/migration/precopy/tcp/tls/x509/reject-anon-client", in migration_test_add_tls()
851 migration_test_add("/migration/multifd/tcp/tls/psk/match", in migration_test_add_tls()
853 migration_test_add("/migration/multifd/tcp/tls/psk/mismatch", in migration_test_add_tls()
855 if (env->has_uffd) { in migration_test_add_tls()
856 migration_test_add("/migration/multifd+postcopy/tcp/tls/psk/match", in migration_test_add_tls()
860 migration_test_add("/migration/multifd/tcp/tls/x509/default-host", in migration_test_add_tls()
862 migration_test_add("/migration/multifd/tcp/tls/x509/override-host", in migration_test_add_tls()
864 migration_test_add("/migration/multifd/tcp/tls/x509/mismatch-host", in migration_test_add_tls()
866 migration_test_add("/migration/multifd/tcp/tls/x509/allow-anon-client", in migration_test_add_tls()
868 migration_test_add("/migration/multifd/tcp/tls/x509/reject-anon-client", in migration_test_add_tls()