config UPDATE add keystore new data API
New API for creating keystore and truststore SSH data. Tests now use the
new API.
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 931df0f..7000654 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -37,7 +37,7 @@
#append tests depending on SSH/TLS
if(ENABLE_SSH_TLS)
- list(APPEND tests test_two_channels test_keystore test_config_new test_truststore test_ec
+ list(APPEND tests test_two_channels test_ks_ts test_config_new test_ec
test_ed25519 test_replace test_endpt_share_clients test_tls test_crl test_ch)
endif()
diff --git a/tests/test_auth.c b/tests/test_auth.c
index 07cf859..461f6e3 100644
--- a/tests/test_auth.c
+++ b/tests/test_auth.c
@@ -36,82 +36,6 @@
pthread_barrier_t barrier;
};
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test_pk</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>test</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_int</name>\n"
- " <keyboard-interactive xmlns=\"urn:cesnet:libnetconf2-netconf-server\">\n"
- " <pam-config-file-name>netconf.conf</pam-config-file-name>\n"
- " <pam-config-file-dir>" BUILD_DIR "/tests</pam-config-file-dir>\n"
- " </keyboard-interactive>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_pw</name>\n"
- " <password>$6$xyz$lomVe5tZ2Gz9uSKKywzXuPcHhqjIByhBbqdUTx/jAwUnw7JRp7QHd4ORiEVqxeZg1NEJkHux.mETo9BFPSh1x.</password>\n"
- " </user>\n"
- " <user>\n"
- " <name>test_none</name>\n"
- " <none/>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n";
-
static void *
server_thread(void *arg)
{
@@ -368,7 +292,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -391,12 +315,26 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_pk", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_interactive(ctx, "endpt", "test_int", "netconf.conf", BUILD_DIR "/tests", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_password(ctx, "endpt", "test_pw", "testpw", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_none(ctx, "endpt", "test_none", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_ch.c b/tests/test_ch.c
index c87d089..7e8f72d 100644
--- a/tests/test_ch.c
+++ b/tests/test_ch.c
@@ -35,6 +35,7 @@
struct test_state {
pthread_barrier_t barrier;
+ struct lyd_node *tree;
};
/* acquire ctx cb for dispatch */
@@ -73,12 +74,9 @@
int ret;
struct test_state *state = arg;
struct nc_pollsession *ps;
- struct lyd_node *tree = NULL;
-
- (void) arg;
/* prepare data for deleting the call-home client */
- ret = nc_server_config_new_del_ch_client(ctx, "ch", &tree);
+ ret = nc_server_config_new_del_ch_client(ctx, "ch", &state->tree);
assert_int_equal(ret, 0);
/* new poll session */
@@ -100,10 +98,9 @@
} while (!(ret & NC_PSPOLL_SESSION_TERM));
/* delete the call-home client, the thread should end */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(state->tree);
assert_int_equal(ret, 0);
- lyd_free_tree(tree);
nc_ps_clear(ps, 1, NULL);
nc_ps_free(ps);
nc_server_destroy();
@@ -173,7 +170,6 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -185,6 +181,7 @@
ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
assert_int_equal(ret, 0);
+ test_state->tree = NULL;
*state = test_state;
/* create new context */
@@ -199,25 +196,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ch_address_port(ctx, "ch", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_ch_address_port(ctx, "ch", "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &test_state->tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_ch_hostkey(ctx, "ch", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ ret = nc_server_config_new_ssh_ch_hostkey(ctx, "ch", "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &test_state->tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_ssh_ch_client_auth_pubkey(ctx, "ch", "endpt", "test_ch", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ ret = nc_server_config_new_ssh_ch_client_auth_pubkey(ctx, "ch", "endpt", "test_ch", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &test_state->tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(test_state->tree);
assert_int_equal(ret, 0);
/* initialize server */
ret = nc_server_init();
assert_int_equal(ret, 0);
- lyd_free_all(tree);
-
return 0;
}
@@ -233,6 +228,8 @@
ret = pthread_barrier_destroy(&test_state->barrier);
assert_int_equal(ret, 0);
+ lyd_free_tree(test_state->tree);
+
free(*state);
nc_client_destroy();
ly_ctx_destroy(ctx);
diff --git a/tests/test_config_new.c b/tests/test_config_new.c
index bfdd110..7b71f0c 100644
--- a/tests/test_config_new.c
+++ b/tests/test_config_new.c
@@ -154,7 +154,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create the host-key algorithms data */
@@ -166,7 +166,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_crl.c b/tests/test_crl.c
index db8d83c..126fda9 100644
--- a/tests/test_crl.c
+++ b/tests/test_crl.c
@@ -144,7 +144,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
@@ -182,7 +182,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_ec.c b/tests/test_ec.c
index a8b67be..0365816 100644
--- a/tests/test_ec.c
+++ b/tests/test_ec.c
@@ -216,7 +216,7 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_ec256", "pubkey", TESTS_DIR "/data/id_ecdsa256.pub", &tree);
@@ -229,7 +229,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize server */
diff --git a/tests/test_ed25519.c b/tests/test_ed25519.c
index 96c0953..2767ede 100644
--- a/tests/test_ed25519.c
+++ b/tests/test_ed25519.c
@@ -153,14 +153,14 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/server.key", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", "10009", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10009, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "test_ed25519", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize server */
diff --git a/tests/test_endpt_share_clients.c b/tests/test_endpt_share_clients.c
index 7ba8e8c..f0c2f75 100644
--- a/tests/test_endpt_share_clients.c
+++ b/tests/test_endpt_share_clients.c
@@ -196,7 +196,7 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_1", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "SSH_endpt_1", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
ret = nc_config_new_ssh_endpoint_client_reference(ctx, "SSH_endpt_1", "SSH_endpt_2", &tree);
@@ -206,14 +206,14 @@
ret = nc_server_config_new_ssh_hostkey(ctx, "SSH_endpt_2", "hostkey", TESTS_DIR "/data/key_rsa", NULL, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", "10006", &tree);
+ ret = nc_server_config_new_address_port(ctx, "SSH_endpt_2", NC_TI_LIBSSH, "127.0.0.1", 10006, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "SSH_endpt_2", "client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize the server */
@@ -260,7 +260,7 @@
TESTS_DIR "/data/server.key", TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", "10007", &tree);
+ ret = nc_server_config_new_address_port(ctx, "TLS_endpt_1", NC_TI_OPENSSL, "127.0.0.1", 10007, &tree);
assert_int_equal(ret, 0);
ret = nc_server_config_new_tls_client_certificate(ctx, "TLS_endpt_1", "cert_client", TESTS_DIR "/data/client.crt", &tree);
@@ -279,14 +279,14 @@
TESTS_DIR "/data/server.key", TESTS_DIR "/data/server.crt", &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_new_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", "10008", &tree);
+ ret = nc_server_config_new_address_port(ctx, "TLS_endpt_2", NC_TI_OPENSSL, "127.0.0.1", 10008, &tree);
assert_int_equal(ret, 0);
ret = nc_config_new_tls_endpoint_client_reference(ctx, "TLS_endpt_2", "TLS_endpt_1", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
/* initialize the server */
diff --git a/tests/test_keystore.c b/tests/test_ks_ts.c
similarity index 90%
rename from tests/test_keystore.c
rename to tests/test_ks_ts.c
index 48322a3..fb179e0 100644
--- a/tests/test_keystore.c
+++ b/tests/test_ks_ts.c
@@ -1,10 +1,10 @@
/**
- * @file test_keystore.c
+ * @file test_ks_ts.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 Keystore and trustore usage test.
*
* @copyright
- * Copyright (c) 2022 CESNET, z.s.p.o.
+ * Copyright (c) 2023 CESNET, z.s.p.o.
*
* This source code is licensed under BSD 3-Clause License (the "License").
* You may not use this file except in compliance with the License.
@@ -136,7 +136,7 @@
}
static void *
-client_thread_pubkey(void *arg)
+client_thread(void *arg)
{
int ret;
struct nc_session *session = NULL;
@@ -148,14 +148,10 @@
ret = nc_client_set_schema_searchpath(MODULES_DIR);
assert_int_equal(ret, 0);
- ret = nc_client_ssh_set_username("test_ts");
+ ret = nc_client_ssh_set_username("client");
assert_int_equal(ret, 0);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1);
-
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ed25519.pub", TESTS_DIR "/data/id_ed25519");
assert_int_equal(ret, 0);
pthread_barrier_wait(&state->barrier);
@@ -167,14 +163,14 @@
}
static void
-test_nc_auth_pubkey(void **state)
+test_nc_ks_ts(void **state)
{
int ret, i;
pthread_t tids[2];
assert_non_null(state);
- ret = pthread_create(&tids[0], NULL, client_thread_pubkey, *state);
+ ret = pthread_create(&tids[0], NULL, client_thread, *state);
assert_int_equal(ret, 0);
ret = pthread_create(&tids[1], NULL, server_thread, *state);
assert_int_equal(ret, 0);
@@ -188,7 +184,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
struct test_state *test_state;
nc_verbosity(NC_VERB_VERBOSE);
@@ -211,12 +207,23 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_keystore_reference(ctx, "endpt", "hostkey", "test_keystore", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_truststore_reference(ctx, "endpt", "client", "test_truststore", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_keystore_asym_key(ctx, "test_keystore", TESTS_DIR "/data/key_rsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_truststore_pubkey(ctx, "test_truststore", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
@@ -251,7 +258,7 @@
main(void)
{
const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_nc_auth_pubkey, setup_f, teardown_f),
+ cmocka_unit_test_setup_teardown(test_nc_ks_ts, setup_f, teardown_f),
};
setenv("CMOCKA_TEST_ABORT", "1", 1);
diff --git a/tests/test_replace.c b/tests/test_replace.c
index 6f43d40..2fba3bd 100644
--- a/tests/test_replace.c
+++ b/tests/test_replace.c
@@ -167,7 +167,7 @@
assert_int_equal(ret, 0);
/* set ssh username */
- ret = nc_client_ssh_set_username("new_user");
+ ret = nc_client_ssh_set_username("new_client");
assert_int_equal(ret, 0);
/* add client's key pair */
@@ -233,16 +233,26 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, old_data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &old_tree);
+ ret = nc_server_config_new_address_port(ctx, "old", NC_TI_LIBSSH, "127.0.0.1", 10005, &old_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "old", "old_key", TESTS_DIR "/data/key_rsa", NULL, &old_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_password(ctx, "old", "old_client", "passwd", &old_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, treat them as if every node had replace operation */
ret = nc_server_config_setup_data(old_tree);
assert_int_equal(ret, 0);
- /* parse the new yang data */
- ret = lyd_parse_data_mem(ctx, new_data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &new_tree);
+ ret = nc_server_config_new_address_port(ctx, "new", NC_TI_LIBSSH, "127.0.0.1", 10005, &new_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_hostkey(ctx, "new", "new_key", TESTS_DIR "/data/key_rsa", NULL, &new_tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "new", "new_client", "pubkey", TESTS_DIR "/data/key_rsa.pub", &new_tree);
assert_int_equal(ret, 0);
/* configure the server based on the yang data, meaning
diff --git a/tests/test_tls.c b/tests/test_tls.c
index ba427d7..90970ee 100644
--- a/tests/test_tls.c
+++ b/tests/test_tls.c
@@ -138,7 +138,7 @@
assert_int_equal(ret, 0);
/* create new address and port data */
- ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", "10005", &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_OPENSSL, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
/* create new server certificate data */
@@ -168,7 +168,7 @@
assert_int_equal(ret, 0);
/* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();
diff --git a/tests/test_truststore.c b/tests/test_truststore.c
deleted file mode 100644
index 9ed4143..0000000
--- a/tests/test_truststore.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/**
- * @file test_truststore.c
- * @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Truststore configuration and authentication test.
- *
- * @copyright
- * Copyright (c) 2023 CESNET, z.s.p.o.
- *
- * This source code is licensed under BSD 3-Clause License (the "License").
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://opensource.org/licenses/BSD-3-Clause
- */
-
-#define _GNU_SOURCE
-
-#include <errno.h>
-#include <pthread.h>
-#include <setjmp.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <cmocka.h>
-
-#include "tests/config.h"
-
-#define NC_ACCEPT_TIMEOUT 2000
-#define NC_PS_POLL_TIMEOUT 2000
-
-struct ly_ctx *ctx;
-
-struct test_state {
- pthread_barrier_t barrier;
-};
-
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test_truststore</name>\n"
- " <public-keys>\n"
- " <truststore-reference>test_truststore</truststore-reference>\n"
- " </public-keys>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n"
- "\n"
- "<truststore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-truststore\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"create\">\n"
- " <public-key-bags>\n"
- " <public-key-bag>\n"
- " <name>test_truststore</name>\n"
- " <description>Let's hope this works</description>\n"
- " <public-key>\n"
- " <name>pubkey</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </public-key-bag>\n"
- " </public-key-bags>\n"
- "</truststore>\n"
-;
-
-static void *
-server_thread(void *arg)
-{
- int ret;
- NC_MSG_TYPE msgtype;
- struct nc_session *session;
- struct nc_pollsession *ps;
- struct test_state *state = arg;
-
- ps = nc_ps_new();
- assert_non_null(ps);
-
- /* accept a session and add it to the poll session structure */
- pthread_barrier_wait(&state->barrier);
- msgtype = nc_accept(NC_ACCEPT_TIMEOUT, ctx, &session);
- assert_int_equal(msgtype, NC_MSG_HELLO);
-
- ret = nc_ps_add_session(ps, session);
- assert_int_equal(ret, 0);
-
- do {
- ret = nc_ps_poll(ps, NC_PS_POLL_TIMEOUT, NULL);
- assert_int_equal(ret & NC_PSPOLL_RPC, NC_PSPOLL_RPC);
- } while (!(ret & NC_PSPOLL_SESSION_TERM));
-
- nc_ps_clear(ps, 1, NULL);
- nc_ps_free(ps);
- return NULL;
-}
-
-static void *
-client_thread(void *arg)
-{
- int ret;
- struct nc_session *session = NULL;
- struct test_state *state = arg;
-
- /* skip all hostkey and known_hosts checks */
- nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP);
-
- /* set directory where to search for modules */
- ret = nc_client_set_schema_searchpath(MODULES_DIR);
- assert_int_equal(ret, 0);
-
- /* set ssh username */
- ret = nc_client_ssh_set_username("test_truststore");
- assert_int_equal(ret, 0);
-
- /* add client's key pair */
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
- assert_int_equal(ret, 0);
-
- pthread_barrier_wait(&state->barrier);
- /* connect */
- session = nc_connect_ssh("127.0.0.1", 10005, NULL);
- assert_non_null(session);
-
- nc_session_free(session, NULL);
- return NULL;
-}
-
-static void
-test_nc_auth_truststore(void **state)
-{
- int ret, i;
- pthread_t tids[2];
-
- assert_non_null(state);
-
- ret = pthread_create(&tids[0], NULL, client_thread, *state);
- assert_int_equal(ret, 0);
- ret = pthread_create(&tids[1], NULL, server_thread, *state);
- assert_int_equal(ret, 0);
-
- for (i = 0; i < 2; i++) {
- pthread_join(tids[i], NULL);
- }
-}
-
-static int
-setup_f(void **state)
-{
- int ret;
- struct lyd_node *tree;
- struct test_state *test_state;
-
- nc_verbosity(NC_VERB_VERBOSE);
-
- /* init barrier */
- test_state = malloc(sizeof *test_state);
- assert_non_null(test_state);
-
- ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
- assert_int_equal(ret, 0);
-
- *state = test_state;
-
- /* create new context */
- ret = ly_ctx_new(MODULES_DIR, 0, &ctx);
- assert_int_equal(ret, 0);
-
- /* load default modules into context */
- ret = nc_server_init_ctx(&ctx);
- assert_int_equal(ret, 0);
-
- /* load ietf-netconf-server module and it's imports into context */
- ret = nc_server_config_load_modules(&ctx);
- assert_int_equal(ret, 0);
-
- /* parse yang data */
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
- assert_int_equal(ret, 0);
-
- /* configure the server based on the data */
- ret = nc_server_config_setup_diff(tree);
- assert_int_equal(ret, 0);
-
- /* initialize server */
- ret = nc_server_init();
- assert_int_equal(ret, 0);
-
- lyd_free_all(tree);
-
- return 0;
-}
-
-static int
-teardown_f(void **state)
-{
- int ret = 0;
- struct test_state *test_state;
-
- assert_non_null(state);
- test_state = *state;
-
- ret = pthread_barrier_destroy(&test_state->barrier);
- assert_int_equal(ret, 0);
-
- free(*state);
- nc_client_destroy();
- nc_server_destroy();
- ly_ctx_destroy(ctx);
-
- return 0;
-}
-
-int
-main(void)
-{
- const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_nc_auth_truststore, setup_f, teardown_f),
- };
-
- setenv("CMOCKA_TEST_ABORT", "1", 1);
- return cmocka_run_group_tests(tests, NULL, NULL);
-}
diff --git a/tests/test_two_channels.c b/tests/test_two_channels.c
index 16e17d2..801264d 100644
--- a/tests/test_two_channels.c
+++ b/tests/test_two_channels.c
@@ -1,10 +1,10 @@
/**
- * @file test_pam.c
+ * @file test_two_channels.c
* @author Roman Janota <xjanot04@fit.vutbr.cz>
- * @brief libnetconf2 Linux PAM keyboard-interactive authentication test
+ * @brief libnetconf2 Openning a new session on an established SSH channel test.
*
* @copyright
- * Copyright (c) 2022 CESNET, z.s.p.o.
+ * Copyright (c) 2023 CESNET, z.s.p.o.
*
* This source code is licensed under BSD 3-Clause License (the "License").
* You may not use this file except in compliance with the License.
@@ -32,80 +32,6 @@
#define BACKOFF_TIMEOUT_USECS 100
struct ly_ctx *ctx;
-int flag = 0;
-
-const char *data =
- "<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\" xmlns:yang=\"urn:ietf:params:xml:ns:yang:1\" yang:operation=\"none\">\n"
- " <listen yang:operation=\"create\">\n"
- " <idle-timeout>10</idle-timeout>\n"
- " <endpoint>\n"
- " <name>default-ssh</name>\n"
- " <ssh>\n"
- " <tcp-server-parameters>\n"
- " <local-address>127.0.0.1</local-address>\n"
- " <local-port>10005</local-port>\n"
- " </tcp-server-parameters>\n"
- " <ssh-server-parameters>\n"
- " <server-identity>\n"
- " <host-key>\n"
- " <name>key</name>\n"
- " <public-key>\n"
- " <inline-definition>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQ==</public-key>\n"
- " <private-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:rsa-private-key-format</private-key-format>\n"
- " <cleartext-private-key>MIIJKAIBAAKCAgEA6ojtjfDmvyQP1ZkIwBpr97eKDuebvpoglRHRdvVuTpf/gU1VArAQmwGh05i6lm8TkVl1noMlIxLJDcWslaeVn6KyvsX0HhsQtXwqPqwka5UCv6alwf/ivAvcNpcX1j0t/uIGCI4dSiKnzQCyf0FTirzQkjrDZUd3meDhNQTruCalGV4gfNWIq3e1oGuwAn1tLlu9oTrE4HzMpgbNEU6wNmsSqpwGxUhYLoSaM7b0dLmqP+ZczSS0Uac0PFNkehGQ2CYIT80f580o4XGtoLCUUGkp6YCTL4Z2CeBEaJABWjDIDH+dKYIUBqUpz4Th12gXAP+h+3qI6+9eppeHrfrzARDsfLjwUNxQJse1QSArjAytf0FKtGHrORc7W0TiCFvR0zaoUNLTKk7enTiRQ9rfWZOAu44fUvPCaXDE6zXXeaVgoKCo4VHlho36erUcjlEBM+jk28IykbZGtBb6igKvYa1tPSgeYm/zJoFVjQcnr14uci/ft1+Na+hOIEoEEiKxcAPk2b2vBKNlRIW7WLJ3u7ZiuQEJTNm6+3cE4+lfwaBCBqBToE+dpzvoUXoMyFFReUFd1O5axu4fXgt00jMaOQxmE0v9OmR/pL/PWIflVF4Zz5yVONYaDVc7l+veY0oEZruEPJ0hlEgxuCzLrcMhjufl2qE2Q7fQIaav/1NqBVkCAwEAAQKCAgAeRZw75Oszoqj0jfMmMILdD3Cfad+dY3FvLESYESeyt0XAX8XoOed6ymQj1qPGxQGGkkBvPEgv1b3jrC8Rhfb3Ct39Z7mRpTar5iHhwwBUboBTUmQ0vR173iAHX8sw2Oa17mCO/CDlr8Fu4Xcom7r3vlVBepo72VSjpPYMjN0MANjwhEi3NCyWzTXBRgUK3TuZbzfzto0w2Irlpx0S7dAqxfk70jXBgwv2vSDWKfg1lL1X0BkMVX98xpMkcjMW2muSqp4KBtTma4GqT6z0f7Y1Bs3lGLZmvPlBXxQVVvkFtiQsENCtSd/h17Gk2mb4EbReaaBzwCYqJdRWtlpJ54kzy8U00co+Yn//ZS7sbbIDkqHPnXkpdIr+0rEDMlOw2Y3vRZCxqZFqfWCW0uzhwKqk2VoYqtDL+ORKG/aG/KTBQ4Y71Uh+7aabPwj5R+NaVMjbqmrVeH70eKjoNVgcNYY1C9rGVF1d+LQEm7UsqS0DPp4wN9QKLAqIfuarAhQBhZy1R7Sj1r5macD9DsGxsurM4mHZV0LNmYLZiFHjTUb6iRSPD5RBFW80vcNtxZ0cxmkLtxrj/DVyExV11Cl0SbZLLa9mScYvxdl/qZutXt3PQyab0NiYxGzCD2RnLkCyxkh1vuHHjhvIWYfbd2VgZB/qGr+o9T07FGfMCu23//fugQKCAQEA9UH38glH/rAjZ431sv6ryUEFY8I2FyLTijtvoj9CNGcQn8vJQAHvUPfMdyqDoum6wgcTmG+UXA6mZzpGQCiY8JW5CoItgXRoYgNzpvVVe2aLf51QGtNLLEFpNDMpCtI+I+COpAmGvWAukku0pZfRjm9eb1ydvTpHlFC9+VhVUsLzw3VtSC5PVW6r65mZcYcB6SFVPap+31ENP/9jOMFoymh57lSMZJMxTEA5b0l2miFb9Rp906Zqiud5zv2jIqF6gL70giW3ovVxR7LGKKTKIa9pxawHwB6Ithygs7YoJkjF2dm8pZTMZKsQN92K70XGj07SmYRLZpkVD7i+cqbbKQKCAQEA9M6580Rcw6W0twfcy0/iB4U5ZS52EcCjW8vHlL+MpUo7YvXadSgV1ZaM28zW/ZGk3wE0zy1YT5s30SQkm0NiWN3t/J0l19ccAOxlPWfjhF7vIQZr7XMo5HeaK0Ak5+68J6bx6KgcXmlJOup7INaE8DyGXB6vd4K6957IXyqs3/bfJAUmz49hnveCfLFdTVVT/Uq4IoPKfQSbSZc0BvPBsnBCF164l4jllGBaWS302dhgW4cgxzG0SZGgNwow4AhB+ygiiS8yvOa7UcHfUObVrzWeeq9mYSQ1PkvUTjkWR2/Y8xy7WP0TRBdJOVSs90H51lerEDGNQWvQvI97S9ZOsQKCAQB59u9lpuXtqwxAQCFyfSFSuQoEHR2nDcOjF4GhbtHum15yCPaw5QVs/33nuPWze4ZLXReKk9p0mTh5V0p+N3IvGlXl+uzEVu5d55eI7LIw5sLymHmwjWjxvimiMtrzLbCHSPHGc5JU9NLUH9/bBY/JxGpy+NzcsHHOOQTwTdRIjviIOAo7fgQn2RyX0k+zXE8/7zqjqvji9zyemdNu8we4uJICSntyvJwkbj/hrufTKEnBrwXpzfVn1EsH+6w32ZPBGLUhT75txJ8r56SRq7l1XPU9vxovmT+lSMFF/Y0j1MbHWnds5H1shoFPNtYTvWBL/gfPHjIc+H23zsiu3XlZAoIBAC2xB/Pnpoi9vOUMiqFH36AXtYa1DURy+AqCFlYlClMvb7YgvQ1w1eJvnwrHSLk7HdKhnwGsLPduuRRH8q0n/osnoOutSQroE0n41UyIv2ZNccRwNmSzQcairBu2dSz02hlsh2otNl5IuGpOqXyPjXBpW4qGD6n2tH7THALnLC0BHtTSQVQsJsRM3gX39LoiWvLDp2qJvplm6rTpi8Rgap6rZSqHe1yNKIxxD2vlr/WY9SMgLXYASO4SSBz9wfGOmQIPk6KXNJkdV4kC7nNjIi75iwLLCgjHgUiHTrDq5sWekpeNnUoWsinbTsdsjnv3zHG9GyiClyLGxMbs4M5eyYECggEBAKuC8ZMpdIrjk6tERYB6g0LnQ7mW8XYbDFAmLYMLs9yfG2jcjVbsW9Kugsr+3poUUv/q+hNO3jfY4HazhZDa0MalgNPoSwr/VNRnkck40x2ovFb989J7yl++zTrnIrax9XRH1V0cNu+Kj7OMwZ2RRfbNv5JBdOZPvkfqyIKFmbQgYbtD66rHuzNOfJpzqr/WVLO57/zzW8245NKG2B6B0oXkei/KqDY0DAbHR3i3EOj1NPtVI1FC/xX8R9BREaid458bqoHJKuInrGcBjaUI9Cvymv8TbstUgD6NPbJR4Sm6vrLeUqzjWZP3t1+Z6DjXmnpR2vvhMU/FWb//21p/88o=</cleartext-private-key>\n"
- " </inline-definition>\n"
- " </public-key>\n"
- " </host-key>\n"
- " </server-identity>\n"
- " <client-authentication>\n"
- " <users>\n"
- " <user>\n"
- " <name>test1</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>client</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " <user>\n"
- " <name>test2</name>\n"
- " <public-keys>\n"
- " <inline-definition>\n"
- " <public-key>\n"
- " <name>client</name>\n"
- " <public-key-format xmlns:ct=\"urn:ietf:params:xml:ns:yang:ietf-crypto-types\">ct:ssh-public-key-format</public-key-format>\n"
- " <public-key>AAAAB3NzaC1yc2EAAAADAQABAAABAQDPavVALiM7QwTIUAndO8E9GOkSDQWjuEwkzbJ3kOBPa7kkq71UOZFeecDjFb9eipkljfFys/JYHGQaYVF8/svT0KV5h7HlutRdF6yvqSEbjpbTORb27pdHX3iFEyDCwCIoq9vMeX+wyXnteyn01GpIL0ig0WAnvkqX/SPjuplX5ZItUSr0MhXM7fNSX50BD6G8IO0/djUcdMUcjTjGv73SxB9ZzLvxnhXuUJbzEJJJLj6qajyEIVaJSa73vA33JCD8qzarrsuITojVLPDFmeHwSAoB5dP86yop6e6ypuXzKxxef6yNXcE8oTj8UFYBIXsgIP2nBvWk41EaK0Vk3YFl</public-key>\n"
- " </public-key>\n"
- " </inline-definition>\n"
- " </public-keys>\n"
- " </user>\n"
- " </users>\n"
- " </client-authentication>\n"
- " <transport-params>\n"
- " <host-key>\n"
- " <host-key-alg xmlns:sshpka=\"urn:ietf:params:xml:ns:yang:iana-ssh-public-key-algs\">sshpka:rsa-sha2-512</host-key-alg>\n"
- " </host-key>\n"
- " <key-exchange>\n"
- " <key-exchange-alg xmlns:sshkea=\"urn:ietf:params:xml:ns:yang:iana-ssh-key-exchange-algs\">sshkea:curve25519-sha256</key-exchange-alg>\n"
- " </key-exchange>\n"
- " <encryption>\n"
- " <encryption-alg xmlns:sshea=\"urn:ietf:params:xml:ns:yang:iana-ssh-encryption-algs\">sshea:aes256-ctr</encryption-alg>\n"
- " </encryption>\n"
- " <mac>\n"
- " <mac-alg xmlns:sshma=\"urn:ietf:params:xml:ns:yang:iana-ssh-mac-algs\">sshma:hmac-sha2-512</mac-alg>\n"
- " </mac>\n"
- " </transport-params>\n"
- " </ssh-server-parameters>\n"
- " </ssh>\n"
- " </endpoint>\n"
- " </listen>\n"
- "</netconf-server>\n";
static void *
server_thread(void *arg)
@@ -164,20 +90,22 @@
ret = nc_client_set_schema_searchpath(MODULES_DIR);
assert_int_equal(ret, 0);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PUBLICKEY, 1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_PASSWORD, -1);
- nc_client_ssh_set_auth_pref(NC_SSH_AUTH_INTERACTIVE, -1);
-
- ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/key_rsa.pub", TESTS_DIR "/data/key_rsa");
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ed25519.pub", TESTS_DIR "/data/id_ed25519");
assert_int_equal(ret, 0);
- ret = nc_client_ssh_set_username("test1");
+ ret = nc_client_ssh_set_username("client_1");
assert_int_equal(ret, 0);
session_cl1 = nc_connect_ssh("127.0.0.1", 10005, NULL);
assert_non_null(session_cl1);
- ret = nc_client_ssh_set_username("test2");
+ ret = nc_client_ssh_set_username("client_2");
+ assert_int_equal(ret, 0);
+
+ ret = nc_client_ssh_del_keypair(0);
+ assert_int_equal(ret, 0);
+
+ ret = nc_client_ssh_add_keypair(TESTS_DIR "/data/id_ecdsa521.pub", TESTS_DIR "/data/id_ecdsa521");
assert_int_equal(ret, 0);
session_cl2 = nc_connect_ssh_channel(session_cl1, NULL);
@@ -211,7 +139,7 @@
setup_f(void **state)
{
int ret;
- struct lyd_node *tree;
+ struct lyd_node *tree = NULL;
(void) state;
@@ -226,10 +154,19 @@
ret = nc_server_config_load_modules(&ctx);
assert_int_equal(ret, 0);
- ret = lyd_parse_data_mem(ctx, data, LYD_XML, LYD_PARSE_NO_STATE | LYD_PARSE_STRICT, LYD_VALIDATE_NO_STATE, &tree);
+ ret = nc_server_config_new_address_port(ctx, "endpt", NC_TI_LIBSSH, "127.0.0.1", 10005, &tree);
assert_int_equal(ret, 0);
- ret = nc_server_config_setup_diff(tree);
+ ret = nc_server_config_new_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "client_1", "pubkey", TESTS_DIR "/data/id_ed25519.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_new_ssh_client_auth_pubkey(ctx, "endpt", "client_2", "pubkey", TESTS_DIR "/data/id_ecdsa521.pub", &tree);
+ assert_int_equal(ret, 0);
+
+ ret = nc_server_config_setup_data(tree);
assert_int_equal(ret, 0);
ret = nc_server_init();