Update RPM test #432

Workflow file for this run

.github/workflows/tomcat-tests.yml at 6182d3d

	name: Tomcat Tests

	on: [push, pull_request]

	jobs:
	init:
	name: Initialization
	uses: ./.github/workflows/init.yml
	secrets: inherit

	build:
	name: Waiting for build
	needs: init
	runs-on: ubuntu-latest
	steps:
	- name: Wait for build
	uses: lewagon/wait-on-check-action@v1.2.0
	with:
	ref: ${{ github.ref }}
	check-name: 'Building JSS'
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	wait-interval: 30
	if: github.event_name == 'push'

	- name: Wait for build
	uses: lewagon/wait-on-check-action@v1.2.0
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	check-name: 'Building JSS'
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	wait-interval: 30
	if: github.event_name == 'pull_request'

	# docs/admin/server/Configuring-HTTPS-Connector-with-NSS-Database.adoc
	https-nssdb-test:
	name: Testing HTTPS connector with NSS database
	needs: [init, build]
	runs-on: ubuntu-latest
	env:
	SHARED: /tmp/workdir/pki
	steps:
	- name: Install dependencies
	run: \|
	sudo apt-get update
	sudo apt-get -y install xmlstarlet

	- name: Clone repository
	uses: actions/checkout@v3

	- name: Retrieve jss-runner image
	uses: actions/cache@v3
	with:
	key: jss-runner-${{ github.sha }}
	path: jss-runner.tar

	- name: Load jss-runner image
	run: docker load --input jss-runner.tar

	- name: Create network
	run: docker network create example

	- name: Set up server container
	run: \|
	IMAGE=jss-runner \
	NAME=server \
	HOSTNAME=server.example.com \
	tests/bin/runner-init.sh

	- name: Connect server container to network
	run: docker network connect example server --alias server.example.com

	- name: Install PKI packages
	run: docker exec server dnf install -y pki-server

	- name: Create Tomcat
	run: \|
	docker exec server pki-server create -v

	- name: Create NSS database in Tomcat
	run: \|
	docker exec server pki-server nss-create --no-password

	- name: Create SSL server cert
	run: \|
	docker exec server pki -d /var/lib/pki/pki-tomcat/alias \
	nss-cert-request \
	--subject "CN=server.example.com" \
	--ext /usr/share/pki/server/certs/sslserver.conf \
	--csr sslserver.csr
	docker exec server pki -d /var/lib/pki/pki-tomcat/alias \
	nss-cert-issue \
	--csr sslserver.csr \
	--ext /usr/share/pki/server/certs/sslserver.conf \
	--cert sslserver.crt
	docker exec server pki -d /var/lib/pki/pki-tomcat/alias \
	nss-cert-import \
	--cert sslserver.crt \
	sslserver

	- name: Create HTTPS connector with NSS database
	run: \|
	docker exec server pki-server jss-enable
	docker exec server pki-server http-connector-add \
	--port 8443 \
	--scheme https \
	--secure true \
	--sslEnabled true \
	--sslProtocol SSL \
	--sslImpl org.dogtagpki.tomcat.JSSImplementation \
	Secure
	docker exec server pki-server http-connector-cert-add \
	--keyAlias sslserver \
	--keystoreType pkcs11 \
	--keystoreProvider Mozilla-JSS

	- name: Start Tomcat
	run: \|
	docker exec server pki-server start --wait -v

	- name: Set up client container
	run: \|
	IMAGE=jss-runner \
	NAME=client \
	HOSTNAME=client.example.com \
	tests/bin/runner-init.sh

	- name: Connect client container to network
	run: docker network connect example client --alias client.example.com

	- name: Install dependencies
	run: docker exec client dnf install -y sslscan

	- name: Check SSL connection
	run: \|
	docker exec client sslscan --xml=$SHARED/sslscan.xml server.example.com:8443
	cat sslscan.xml

	# TLS 1.0 should be disabled
	echo -n "0" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/protocol[@type='tls' and @version='1.0']/@enabled" \
	sslscan.xml > actual
	diff expected actual

	# TLS 1.1 should be disabled
	echo -n "0" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/protocol[@type='tls' and @version='1.1']/@enabled" \
	sslscan.xml > actual
	diff expected actual

	# TLS 1.2 should be disabled
	echo -n "0" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/protocol[@type='tls' and @version='1.2']/@enabled" \
	sslscan.xml > actual
	diff expected actual

	# TLS 1.3 should be enabled
	echo -n "1" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/protocol[@type='tls' and @version='1.3']/@enabled" \
	sslscan.xml > actual
	diff expected actual

	# cert subject should be server.example.com
	echo -n "server.example.com" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/certificates/certificate/subject" \
	sslscan.xml > actual
	diff expected actual

	# SAN extension should be DNS:server.example.com
	echo -n "DNS:server.example.com" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/certificates/certificate/altnames" \
	sslscan.xml > actual
	diff expected actual

	# cert issuer should be server.example.com
	echo -n "server.example.com" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/certificates/certificate/issuer" \
	sslscan.xml > actual
	diff expected actual

	# cert should be self-signed
	echo -n "true" > expected
	xmlstarlet sel -t -v \
	"/document/ssltest/certificates/certificate/self-signed" \
	sslscan.xml > actual
	diff expected actual

	- name: Stop Tomcat
	run: \|
	docker exec server pki-server stop --wait -v

	- name: Remove Tomcat
	run: \|
	docker exec server pki-server remove -v

	- name: Gather artifacts from server container
	if: always()
	run: \|
	tests/bin/pki-artifacts-save.sh server
	continue-on-error: true

	- name: Upload artifacts from server container
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: https-nssdb-test
	path: \|
	/tmp/artifacts/server

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update RPM test #432

Workflow file

Update RPM test #432

Jobs

Run details

Workflow file for this run