summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xci/docker/createcert.sh14
-rw-r--r--ci/docker/eduvpn-server.docker13
-rw-r--r--ci/docker/go-test.docker4
-rwxr-xr-x[-rw-r--r--]ci/docker/replaceexpiry.sh0
-rwxr-xr-x[-rw-r--r--]ci/docker/starteduvpn.sh0
-rwxr-xr-xci/startcompose.sh4
-rw-r--r--internal/server.go10
-rw-r--r--state.go6
-rw-r--r--state_test.go42
9 files changed, 56 insertions, 37 deletions
diff --git a/ci/docker/createcert.sh b/ci/docker/createcert.sh
new file mode 100755
index 0000000..22b0ced
--- /dev/null
+++ b/ci/docker/createcert.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+WEB_FQDN="eduvpnserver"
+
+# Create self signed cert and key
+openssl req \
+ -nodes \
+ -subj "/CN=${WEB_FQDN}" \
+ -x509 \
+ -sha256 \
+ -newkey rsa:2048 \
+ -keyout "./selfsigned/${WEB_FQDN}.key" \
+ -out "./selfsigned/${WEB_FQDN}.crt" \
+ -days 90
diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker
index ed33691..c570ae3 100644
--- a/ci/docker/eduvpn-server.docker
+++ b/ci/docker/eduvpn-server.docker
@@ -53,16 +53,9 @@ RUN sed -i "s|fd43::|$(ipcalc -6 -r 64 -n --no-decorate)|" "/etc/vpn-user-portal
# Update secrets
RUN cp /etc/vpn-user-portal/keys/node.0.key /etc/vpn-server-node/keys/node.key
-# Create self signed cert and key
-RUN openssl req \
- -nodes \
- -subj "/CN=${WEB_FQDN}" \
- -x509 \
- -sha256 \
- -newkey rsa:2048 \
- -keyout "/etc/pki/tls/private/${WEB_FQDN}.key" \
- -out "/etc/pki/tls/certs/${WEB_FQDN}.crt" \
- -days 90
+# Copy self signed cert and key
+COPY ./ci/docker/selfsigned/${WEB_FQDN}.key /etc/pki/tls/private/${WEB_FQDN}.key
+COPY ./ci/docker/selfsigned/${WEB_FQDN}.crt /etc/pki/tls/certs/${WEB_FQDN}.crt
# Add the start script and expiry script
WORKDIR /eduvpn/server
diff --git a/ci/docker/go-test.docker b/ci/docker/go-test.docker
index 2e6bcd5..04b6a99 100644
--- a/ci/docker/go-test.docker
+++ b/ci/docker/go-test.docker
@@ -34,5 +34,9 @@ COPY ./internal ./internal
# Copy selenium scripts
COPY ./selenium_eduvpn.py ./selenium_eduvpn.py
+# Update certificates
+COPY ./ci/docker/selfsigned/eduvpnserver.crt /usr/local/share/ca-certificates/eduvpnserver.crt
+RUN update-ca-certificates
+
# Run the tests
CMD ["go", "test", "-mod=readonly", "./...", "-v"]
diff --git a/ci/docker/replaceexpiry.sh b/ci/docker/replaceexpiry.sh
index b029863..b029863 100644..100755
--- a/ci/docker/replaceexpiry.sh
+++ b/ci/docker/replaceexpiry.sh
diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh
index 36c881d..36c881d 100644..100755
--- a/ci/docker/starteduvpn.sh
+++ b/ci/docker/starteduvpn.sh
diff --git a/ci/startcompose.sh b/ci/startcompose.sh
index fa41949..5f0338f 100755
--- a/ci/startcompose.sh
+++ b/ci/startcompose.sh
@@ -13,5 +13,9 @@ fi
# Get absolute path to current directory this script is in
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+# Create self-signed certificate
+mkdir -p "$SCRIPT_DIR"/docker/selfsigned
+"$SCRIPT_DIR"/docker/createcert.sh
+
# Get the parent directory to get the root directory
docker-compose --file ci/docker/docker-compose.yml --project-directory "$SCRIPT_DIR"/.. up --build --force-recreate --abort-on-container-exit
diff --git a/internal/server.go b/internal/server.go
index eb7f8fe..c76311e 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -53,7 +53,7 @@ func (server *Server) EnsureTokens() error {
return nil
}
-func (servers *Servers) EnsureServer(url string, fsm *FSM, logger *FileLogger) *Server {
+func (servers *Servers) EnsureServer(url string, fsm *FSM, logger *FileLogger) (*Server, error) {
if servers.List == nil {
servers.List = make(map[string]*Server)
}
@@ -63,10 +63,14 @@ func (servers *Servers) EnsureServer(url string, fsm *FSM, logger *FileLogger) *
if !exists || server == nil {
server = &Server{}
}
- server.Init(url, fsm, logger)
+ serverInitErr := server.Init(url, fsm, logger)
+
+ if serverInitErr != nil {
+ return nil, serverInitErr
+ }
servers.List[url] = server
servers.Current = url
- return server
+ return server, nil
}
type ServerProfile struct {
diff --git a/state.go b/state.go
index bafdfb9..6f71cb3 100644
--- a/state.go
+++ b/state.go
@@ -86,7 +86,11 @@ func (state *VPNState) Connect(url string) (string, error) {
return "", errors.New("app not registered")
}
// New server chosen, ensure the server is fresh
- server := state.Servers.EnsureServer(url, &state.FSM, &state.Logger)
+ server, serverErr := state.Servers.EnsureServer(url, &state.FSM, &state.Logger)
+
+ if serverErr != nil {
+ return "", serverErr
+ }
// Make sure we are in the chosen state if available
state.FSM.GoTransition(internal.CHOSEN_SERVER)
// Relogin with oauth
diff --git a/state_test.go b/state_test.go
index d5d0b11..ce81ba8 100644
--- a/state_test.go
+++ b/state_test.go
@@ -1,7 +1,6 @@
package eduvpn
import (
- "crypto/tls"
"errors"
"fmt"
"net/http"
@@ -15,6 +14,14 @@ import (
"github.com/jwijenbergh/eduvpn-common/internal"
)
+func getServerURI() string {
+ serverURI := os.Getenv("SERVER_URI")
+ if serverURI == "" {
+ serverURI = "https://eduvpnserver"
+ }
+ return serverURI
+}
+
func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...string) error {
cmd := exec.Command(name, args...)
@@ -27,7 +34,7 @@ func runCommand(t *testing.T, errBuffer *strings.Builder, name string, args ...s
return cmd.Wait()
}
-func LoginOAuthSelenium(t *testing.T, url string) {
+func loginOAuthSelenium(t *testing.T, url string) {
// We could use the go selenium library
// But it does not support the latest selenium v4 just yet
var errBuffer strings.Builder
@@ -37,23 +44,20 @@ func LoginOAuthSelenium(t *testing.T, url string) {
}
}
-func StateCallback(t *testing.T, oldState string, newState string, data string) {
+func stateCallback(t *testing.T, oldState string, newState string, data string) {
if newState == "OAuth_Started" {
- go LoginOAuthSelenium(t, data)
+ go loginOAuthSelenium(t, data)
}
}
func Test_server(t *testing.T) {
state := &VPNState{}
- // Do not verify because during testing, the cert is self-signed
- http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
state.Register("org.eduvpn.app.linux", "configstest", func(old string, new string, data string) {
- StateCallback(t, old, new, data)
+ stateCallback(t, old, new, data)
}, false)
- _, configErr := state.Connect("https://eduvpnserver")
+ _, configErr := state.Connect(getServerURI())
if configErr != nil {
t.Errorf("Connect error: %v", configErr)
@@ -64,9 +68,6 @@ func test_connect_oauth_parameter(t *testing.T, parameters internal.URLParameter
state := &VPNState{}
configDirectory := "test_oauth_parameters"
- // Do not verify because during testing, the cert is self-signed
- http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
state.Register("org.eduvpn.app.linux", configDirectory, func(oldState string, newState string, data string) {
if newState == "OAuth_Started" {
baseURL := "http://127.0.0.1:8000/callback"
@@ -78,7 +79,7 @@ func test_connect_oauth_parameter(t *testing.T, parameters internal.URLParameter
}
}, false)
- _, configErr := state.Connect("https://eduvpnserver")
+ _, configErr := state.Connect(getServerURI())
if !errors.As(configErr, expectedErr) {
t.Errorf("error %T = %v, wantErr %T", configErr, configErr, expectedErr)
@@ -121,14 +122,11 @@ func Test_token_expired(t *testing.T) {
// Get a vpn state
state := &VPNState{}
- // Do not verify because during testing, the cert is self-signed
- http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
state.Register("org.eduvpn.app.linux", "configsexpired", func(old string, new string, data string) {
- StateCallback(t, old, new, data)
+ stateCallback(t, old, new, data)
}, false)
- _, configErr := state.Connect("https://eduvpnserver")
+ _, configErr := state.Connect(getServerURI())
if configErr != nil {
t.Errorf("Connect error before expired: %v", configErr)
@@ -167,14 +165,11 @@ func Test_token_expired(t *testing.T) {
func Test_token_invalid(t *testing.T) {
state := &VPNState{}
- // Do not verify because during testing, the cert is self-signed
- http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
state.Register("org.eduvpn.app.linux", "configsinvalid", func(old string, new string, data string) {
- StateCallback(t, old, new, data)
+ stateCallback(t, old, new, data)
}, false)
- _, configErr := state.Connect("https://eduvpnserver")
+ _, configErr := state.Connect(getServerURI())
if configErr != nil {
t.Errorf("Connect error before invalid: %v", configErr)
@@ -190,6 +185,7 @@ func Test_token_invalid(t *testing.T) {
server, serverErr := state.Servers.GetCurrentServer()
if serverErr != nil {
t.Errorf("No server found")
+ return
}
// Override tokens with invalid values