Google Chrome Test namecoin#92

robertmin1 · Nov 14, 2022 · 5cc5bb4 · 5cc5bb4
1 parent b46441d
commit 5cc5bb4
Show file tree

Hide file tree

Showing 3 changed files with 135 additions and 0 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -333,6 +333,42 @@ task:
   depends_on:
     - "Compile Go latest linux amd64"
 
+task:
+  name: "Google Chrome $CI_DISTRO"
+  matrix:
+    - container:
+        image: fedora:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - dnf install fedora-workstation-repositories
+        - dnf config-manager --set-enabled google-chrome
+        - dnf install google-chrome-stable
+      env:
+        CI_DISTRO: fedora
+        CI_MAIN_MODULE: /usr/lib64/pkcs11/p11-kit-trust.so
+        CI_BAK_MODULE: /usr/lib64/pkcs11/p11-kit-trust.orig.so
+    - container:
+        image: debian:latest
+        cpu: 1
+        memory: 1G
+      package_install_script:
+        - apt-get update
+        - apt-get install -y curl wget gnupg2
+        - wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
+        - apt install -y ./google-chrome-stable_current_amd64.deb
+      env:
+        CI_DISTRO: debian
+        CI_MAIN_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
+        CI_BAK_MODULE: /usr/lib/x86_64-linux-gnu/nss/libnssckbi.orig.so
+  install_script:
+    - curl -o pkcs11mod.tar.gz https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Compile%20Go%20latest%20linux%20amd64/binaries/dist/pkcs11mod.tar.gz
+    - tar -xaf ./pkcs11mod.tar.gz
+  test_script:
+    - testdata/ci-google-chrome-tests.bash
+  depends_on:
+    - "Compile Go latest linux amd64"
+
 task:
   name: "Exports $GOARCH"
   windows_container:

diff --git a/testdata/ci-google-chrome-tests.bash b/testdata/ci-google-chrome-tests.bash
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s nullglob globstar
+
+echo "===== Default System CKBI ====="
+
+testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash missing
+
+testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash missing
+
+echo "===== Deleted System CKBI ====="
+
+mv "$CI_MAIN_MODULE" "$CI_BAK_MODULE"
+
+testdata/try-google-chrome-connect.bash www.namecoin.org fail "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash missing
+
+testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash missing
+
+# TODO: No env var, missing default target
+
+# TODO: Env var pointing to missing target
+
+echo "===== System CKBI via pkcs11proxy ====="
+
+export PKCS11PROXY_CKBI_TARGET="$CI_BAK_MODULE"
+cp libpkcs11proxy.so "$CI_MAIN_MODULE"
+
+testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
+
+testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
+
+echo "===== System CKBI via p11proxy ====="
+
+export P11PROXY_CKBI_TARGET="$CI_BAK_MODULE"
+cp libp11proxy.so "$CI_MAIN_MODULE"
+
+testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
+
+testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash
+testdata/assert-proxy-log.bash present
diff --git a/testdata/try-google-chrome-connect.bash b/testdata/try-google-chrome-connect.bash
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s nullglob globstar
+
+SERVER_HOST="$1"
+DESIRED="$2"
+TEXTMATCH="$3"
+
+echo "$SERVER_HOST"
+
+if [[ "$DESIRED" != "success" ]] && [[ "$DESIRED" != "fail" ]]
+then
+    echo "Invalid DESIRED value; should be success or fail"
+    exit 1
+fi
+
+# TODO: Nuke whatever cached state might exist...
+
+rm -f screenshot.png
+
+# Disable sandbox because Google Chrome doesn't support running the sandbox as root,
+# and the Cirrus container runs as root.  See
+# https://github.com/Zenika/alpine-chrome .
+google-chrome --no-sandbox --headless --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --screenshot=./screenshot.png "https://$SERVER_HOST" 2>&1 | tee log.txt
+TEXTOUT=$(cat log.txt)
+
+if echo "$TEXTOUT" | grep -q "SSL error"
+then
+    RESULT=fail
+else
+    RESULT=success
+fi
+
+if [[ "$RESULT" != "$DESIRED" ]]
+then
+    echo "TLS test failed"
+    echo "Got $RESULT, wanted $DESIRED"
+    echo "$TEXTOUT"
+    exit 1
+fi
+
+if ! echo "$TEXTOUT" | grep -q "$TEXTMATCH"
+then
+    echo "TLS test failed"
+    echo "Missing output: $TEXTMATCH"
+    echo "$TEXTOUT"
+    exit 1
+fi
+
+exit 0