diff options
| author | Jan Doskočil <jan.doskocil@nic.cz> | 2024-05-31 11:13:15 +0200 |
|---|---|---|
| committer | Jan Doskočil <jan.doskocil@nic.cz> | 2024-05-31 11:21:47 +0200 |
| commit | 0a5b51a0143a1d0a685da856342d529d4916115a (patch) | |
| tree | f918680d06a7385710c7fb5118de9841efde5cfc /tests-extra/tests/tls/xfr/test.py | |
| parent | tests: give tcpdump the correct port (diff) | |
| download | knot-0a5b51a0143a1d0a685da856342d529d4916115a.tar.xz knot-0a5b51a0143a1d0a685da856342d529d4916115a.zip | |
tests: terminate tcpdump on test fail
Diffstat (limited to '')
| -rw-r--r-- | tests-extra/tests/tls/xfr/test.py | 82 |
1 files changed, 42 insertions, 40 deletions
diff --git a/tests-extra/tests/tls/xfr/test.py b/tests-extra/tests/tls/xfr/test.py index f79ad089e..3d43ce114 100644 --- a/tests-extra/tests/tls/xfr/test.py +++ b/tests-extra/tests/tls/xfr/test.py @@ -64,45 +64,47 @@ tcpdump_proc = subprocess.Popen(["tcpdump", "-i", "lo", "-w", tcpdump_pcap, "port", str(master.tls_port), "or", "port", str(slave.tls_port)], stdout=open(tcpdump_fout, mode="a"), stderr=open(tcpdump_ferr, mode="a")) -# Check initial AXFR without cert-key-based authentication -serials = master.zones_wait(zones) -slave.zones_wait(zones, serials, equal=True, greater=False) -if slave.log_search(MSG_TSIG_ERROR): - set_err("INCOMPLETE TRANSFER") -t.xfr_diff(master, slave, zones) - -# Check master not authenticated due to bad cert-key -master.cert_key = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" -slave.gen_confile() -slave.reload() -master.ctl("zone-notify") -check_error(master, MSG_RMT_NOTAUTH) -check_error(slave, MSG_DENIED_NOTIFY) -slave.ctl("zone-retransfer") -check_error(slave, MSG_RMT_BADCERT) - -# Check IXFR with cert-key-based authenticated master -master.fill_cert_key() -slave.gen_confile() -slave.reload() -serials = upd_check_zones(master, slave, rnd_zones, serials) - -# Check slave not authenticated due to bad cert-key -slave.cert_key = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" -master.gen_confile() -master.reload() -master.ctl("zone-notify") -check_error(master, MSG_RMT_BADCERT) -slave.ctl("zone-retransfer") -check_error(slave, MSG_RMT_NOTAUTH) -check_error(master, MSG_DENIED_TRANSFER) - -# Check IXFR with cert-key-based authenticated slave -slave.fill_cert_key() -master.gen_confile() -master.reload() -serials = upd_check_zones(master, slave, rnd_zones, serials) - -tcpdump_proc.terminate() +try: + # Check initial AXFR without cert-key-based authentication + serials = master.zones_wait(zones) + slave.zones_wait(zones, serials, equal=True, greater=False) + if slave.log_search(MSG_TSIG_ERROR): + set_err("INCOMPLETE TRANSFER") + t.xfr_diff(master, slave, zones) + + # Check master not authenticated due to bad cert-key + master.cert_key = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" + slave.gen_confile() + slave.reload() + master.ctl("zone-notify") + check_error(master, MSG_RMT_NOTAUTH) + check_error(slave, MSG_DENIED_NOTIFY) + slave.ctl("zone-retransfer") + check_error(slave, MSG_RMT_BADCERT) + + # Check IXFR with cert-key-based authenticated master + master.fill_cert_key() + slave.gen_confile() + slave.reload() + serials = upd_check_zones(master, slave, rnd_zones, serials) + + # Check slave not authenticated due to bad cert-key + slave.cert_key = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" + master.gen_confile() + master.reload() + master.ctl("zone-notify") + check_error(master, MSG_RMT_BADCERT) + slave.ctl("zone-retransfer") + check_error(slave, MSG_RMT_NOTAUTH) + check_error(master, MSG_DENIED_TRANSFER) + + # Check IXFR with cert-key-based authenticated slave + slave.fill_cert_key() + master.gen_confile() + master.reload() + serials = upd_check_zones(master, slave, rnd_zones, serials) + +finally: + tcpdump_proc.terminate() t.end() |