diff --git a/pkcs11/tests/basic.rs b/pkcs11/tests/basic.rs index cf3b45d9..cd8db3ea 100644 --- a/pkcs11/tests/basic.rs +++ b/pkcs11/tests/basic.rs @@ -89,7 +89,7 @@ fn basic() { |_test_ctx, ctx| { let slot = 0; let session = ctx.open_session(slot, 0x04, None, None).unwrap(); - let (_public_key, private_key) = ctx + let (public_key, private_key) = ctx .generate_key_pair( session, &RSA_MECHANISM, @@ -102,6 +102,8 @@ fn basic() { // Verifying signatures is not supported let _signature = ctx.sign(session, &data).unwrap(); + ctx.destroy_object(session, public_key).unwrap(); + ctx.destroy_object(session, private_key).unwrap(); }, ) } @@ -146,7 +148,7 @@ fn multiple_instances() { |_test_ctx, ctx| { let slot = 0; let session = ctx.open_session(slot, 0x04, None, None).unwrap(); - let (_public_key, private_key) = ctx + let (public_key, private_key) = ctx .generate_key_pair( session, &RSA_MECHANISM, @@ -161,6 +163,8 @@ fn multiple_instances() { // Verifying signatures is not supported let _signature = ctx.sign(session, &data).unwrap(); } + ctx.destroy_object(session, public_key).unwrap(); + ctx.destroy_object(session, private_key).unwrap(); }, ) } @@ -197,7 +201,7 @@ fn timeout() { |test_ctx, ctx| { let slot = 0; let session = ctx.open_session(slot, 0x04, None, None).unwrap(); - let (_public_key, private_key) = ctx + let (public_key, private_key) = ctx .generate_key_pair( session, &RSA_MECHANISM, @@ -220,6 +224,9 @@ fn timeout() { let elapsed = start.elapsed(); assert!(elapsed > Duration::from_secs(10), "Elapsed: {elapsed:?}"); assert!(elapsed < Duration::from_secs(11), "Elapsed: {elapsed:?}"); + test_ctx.remove_block(8443); + ctx.destroy_object(session, public_key).unwrap(); + ctx.destroy_object(session, private_key).unwrap(); }, ) } @@ -259,7 +266,7 @@ fn retries() { |test_ctx, ctx| { let slot = 0; let session = ctx.open_session(slot, 0x04, None, None).unwrap(); - let (_public_key, private_key) = ctx + let (public_key, private_key) = ctx .generate_key_pair( session, &RSA_MECHANISM, @@ -289,6 +296,8 @@ fn retries() { assert!(elapsed > Duration::from_secs(11), "Elapsed: {elapsed:?}"); assert!(elapsed < Duration::from_secs(13), "Elapsed: {elapsed:?}"); }); + ctx.destroy_object(session, public_key).unwrap(); + ctx.destroy_object(session, private_key).unwrap(); }, ) } @@ -336,7 +345,7 @@ fn multi_instance_retries() { |test_ctx, ctx| { let slot = 0; let session = ctx.open_session(slot, 0x04, None, None).unwrap(); - let (_public_key, private_key) = ctx + let (public_key, private_key) = ctx .generate_key_pair( session, &RSA_MECHANISM, @@ -357,6 +366,9 @@ fn multi_instance_retries() { ctx.sign_init(session, &RSA_MECHANISM, private_key).unwrap(); ctx.sign(session, &data).unwrap(); } + test_ctx.remove_block(8444); + ctx.destroy_object(session, public_key).unwrap(); + ctx.destroy_object(session, private_key).unwrap(); }, ) } diff --git a/pkcs11/tests/tools/mod.rs b/pkcs11/tests/tools/mod.rs index 5717d3c8..41f058ac 100644 --- a/pkcs11/tests/tools/mod.rs +++ b/pkcs11/tests/tools/mod.rs @@ -1,7 +1,7 @@ use std::collections::HashSet; use std::io::BufWriter; +use std::mem; use std::net::Ipv4Addr; -use std::process::{Child, Stdio}; use std::sync::{Arc, LazyLock, Mutex, MutexGuard}; use std::thread::sleep; use std::time::Duration; @@ -105,8 +105,7 @@ pub struct TestContext { pub struct TestDropper { // treated as dead code even though it shouldn't: https://github.com/rust-lang/rust/issues/122833 #[allow(dead_code)] - serialize_test: MutexGuard<'static, ()>, - command_to_kill: Child, + serialize_test: MutexGuard<'static, bool>, context: TestContext, } @@ -119,26 +118,6 @@ fn iptables() -> Command { Command::new("iptables") } } - -fn docker() -> Command { - if option_env!("USE_SUDO_DOCKER").is_some() { - let mut command = Command::new("sudo"); - command.arg("docker"); - command - } else { - Command::new("docker") - } -} - -fn kill() -> Command { - if option_env!("USE_SUDO_DOCKER").is_some() { - let mut command = Command::new("sudo"); - command.arg("kill"); - command - } else { - Command::new("kill") - } -} impl TestContext { fn unblock(port: u16) { let out_in = iptables() @@ -213,18 +192,10 @@ impl TestContext { impl Drop for TestDropper { fn drop(&mut self) { - kill() - .args([self.command_to_kill.id().to_string()]) - .spawn() - .unwrap() - .wait() - .unwrap(); - self.command_to_kill.wait().unwrap(); - for p in self.context.blocked_ports.iter().cloned() { TestContext::unblock(p); } - println!("Finished killing nethsm"); + println!("Finished unblocking ports"); } } @@ -299,7 +270,8 @@ async fn proxy(from_port: u16, to_port: u16) { } } -static DOCKER_HELD: Mutex<()> = Mutex::new(()); +/// Contain true if the nethsm has already been provisionned +static DOCKER_HELD: Mutex = Mutex::new(false); pub fn run_tests( proxies: &[(u16, u16)], @@ -312,70 +284,63 @@ pub fn run_tests( }; let mut test_dropper = TestDropper { serialize_test, - command_to_kill: docker() - .args([ - "run", - "--init", - "--rm", - "-i", - "-p8443:8443", - "docker.io/nitrokey/nethsm:testing", - ]) - .stdin(Stdio::null()) - .stdout(Stdio::inherit()) - .stderr(Stdio::inherit()) - .spawn() - .unwrap(), context: TestContext { blocked_ports: HashSet::new(), }, }; - let client = AgentBuilder::new() - .tls_config(Arc::new(tls_conf())) - .timeout_connect(Duration::from_secs(1)) - .timeout_read(Duration::from_secs(10)) - .timeout_write(Duration::from_secs(10)) - .build(); - - let sdk_config = Configuration { - client, - base_path: format!("https://{NETHSM_DOCKER_HOSTNAME}:8443/api/v1"), - basic_auth: Some(("admin".into(), Some("Administrator".into()))), - ..Default::default() - }; - - println!( - "Configuration built, waiting for test instance to be up at {}", - &sdk_config.base_path - ); - sleep(Duration::from_secs(2)); - println!("Attempting provisionning"); - - provision_post( - &sdk_config, - ProvisionRequestData { - unlock_passphrase: "1234567890".into(), - admin_passphrase: "Administrator".into(), - system_time: time::OffsetDateTime::now_utc() - .format( - &format_description::parse("[year]-[month]-[day]T[hour]:[minute]:[second]Z") + let is_provisionned = mem::replace(&mut *test_dropper.serialize_test, true); + if !is_provisionned { + let client = AgentBuilder::new() + .tls_config(Arc::new(tls_conf())) + .timeout_connect(Duration::from_secs(1)) + .timeout_read(Duration::from_secs(10)) + .timeout_write(Duration::from_secs(10)) + .build(); + + let sdk_config = Configuration { + client, + base_path: format!("https://{NETHSM_DOCKER_HOSTNAME}:8443/api/v1"), + basic_auth: Some(("admin".into(), Some("Administrator".into()))), + ..Default::default() + }; + + println!( + "Configuration built, waiting for test instance to be up at {}", + &sdk_config.base_path + ); + sleep(Duration::from_secs(2)); + println!("Attempting provisionning"); + + provision_post( + &sdk_config, + ProvisionRequestData { + unlock_passphrase: "1234567890".into(), + admin_passphrase: "Administrator".into(), + system_time: time::OffsetDateTime::now_utc() + .format( + &format_description::parse( + "[year]-[month]-[day]T[hour]:[minute]:[second]Z", + ) .unwrap(), - ) - .unwrap(), - }, - ) - .unwrap(); - users_user_id_put( - &sdk_config, - "operator", - UserPostData { - real_name: "Operator".into(), - role: UserRole::Operator, - passphrase: "opPassphrase".into(), - }, - ) - .unwrap(); + ) + .unwrap(), + }, + ) + .unwrap(); + users_user_id_put( + &sdk_config, + "operator", + UserPostData { + real_name: "Operator".into(), + role: UserRole::Operator, + passphrase: "opPassphrase".into(), + }, + ) + .unwrap(); + } else { + println!("Already provisionned") + } for (in_port, out_port) in proxies { PROXY_SENDER.send((*in_port, *out_port)).unwrap();