End-to-end testing of setting ServerName

9 months ago · 4bfe7b21eb
parent efd60b7836
commit 4bfe7b21eb
2 changed files with 118 additions and 2 deletions
--- a/system_test/e2e/certs.py
+++ b/system_test/e2e/certs.py
@ -81,4 +81,77 @@ yA/ORsMjWq51SfpzOU69+FdY7p3GvIVWhRtinqseaAIMOkNZBLVDXF4DvtFgiLZM
 bKAjGuXsKOT3MPFU9tHxi4q/7flUb30mSUVXyPjh+C+UH7e0BS0pi/rDeRdEju4z
 bJVERP8/VAJ61TDQJq+Il95fzKe4yTA3dDHnO+EG5W2eCsawTK4Ze5XAWqomgdew
 62D3AkJQiflLfJL8zTFph1FZXLOm
-----END PRIVATE KEY-----'''
+-----END PRIVATE KEY-----'''
+
+caCert='''-----BEGIN CERTIFICATE-----
+MIIDpzCCAo+gAwIBAgIUJhEOjFKIa58mXA/IDGlQEsrYyHcwDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJh
+bmNpc2NvMQ0wCwYDVQQKDARNeUNBMREwDwYDVQQLDAhNeUNBVW5pdDENMAsGA1UE
+AwwETXlDQTAeFw0yMzEyMjIwMTAwMDRaFw0zMzEyMTkwMTAwMDRaMGMxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+A1UECgwETXlDQTERMA8GA1UECwwITXlDQVVuaXQxDTALBgNVBAMMBE15Q0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNL9C4/DeWc2PRR5auWN9EhhJN
+bRjaqU2/wRrjr1tQBdam51G8X92szKLz8jYSpyUlb/Y1rJEqCrNWjXlyr7TBCCRX
+A9WoU1nFr78E4rouVswzrQC1ibma4GzyC6yB4Myig58BYkIgwYxeCFHyQujqJtEU
+yhN4MxubDsAwBY4jpyeY2lQtAI91oH5z6H/GjgZWsFCjas8D2KGumwCdhpACWzeR
+lPs1gsiaBnv4YjVW02orC41A6vp4MkU9a33ROnuX2xdLqb9qgXUzg7Gm2N6hm2K+
+WrhNArleDHiUFxOhKdfNqPVHNVPGsV1LNU5XqjVABPedwIherawswVeq/dKrAgMB
+AAGjUzBRMB0GA1UdDgQWBBROXdu+ii5URVHNEUsj87kdP/lNVTAfBgNVHSMEGDAW
+gBROXdu+ii5URVHNEUsj87kdP/lNVTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQCf/2BJD0fVQdROPkp3MzaySlUgqnmqRXS4YZ7gzJM1rCv2a8qR
+G6/8Q9Fyeys1nlFC69fw4/Z5aJkt93L5IzedYS5fHN/yecYB87Yhg4SmXc5VxqGN
+wBbtBqaUI2Z6RrJ6Hr0jpU4/mhN51liuFHPzyWsZJ3skUi2EqXZMEatwU4cHH0ZN
+BCmFDqhhJORfFcPQI3E+WxjBOeeVSsw/zz4Qkzmh/gf7ul+CC7acc5FqnNfFaFrK
+LjqerXjDOhgWtlevZFQ5ErFyYxNlX+K5+lCTET0IjK7Rf7WvpaogsmP77+aYPBY
+D6FdZ2n8YTwgPxc0abCEYTG11FsLEoBRl7uV
+-----END CERTIFICATE-----'''
+
+caSignedCertExampleDotCom='''-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIUBl9lZYnKOHx7YHk1tQR3+qMx6zowDQYJKoZIhvcNAQEL
+BQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJh
+bmNpc2NvMQ0wCwYDVQQKDARNeUNBMREwDwYDVQQLDAhNeUNBVW5pdDENMAsGA1UE
+AwwETXlDQTAeFw0yMzEyMjIwMTAwMDRaFw0yNjAzMjYwMTAwMDRaMGkxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEOMAwG
+A1UECgwFTXlPcmcxDzANBgNVBAsMBk15VW5pdDEUMBIGA1UEAwwLZXhhbXBsZS5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx5Q51upQH9coFAJQy
+UXpWIGuEBjEvebs6qrpOwBICz/NtRCn0A+yQKJag2hsExeg/aj4a16ci2mp3VgP9
+dFRbE/Os7GQUmrsrcxELhCzpNl4DAanQSPXx2DRoAS9cX6kTEcKqV3EVw0SjyeL
+Qq6N6wcGqOYzrx2vjrTlG/ojfeteOptJMo1KC413O5CFpNw8AQ+POXoOSIaKziOz
+oPThCUMrR2Q2C54PlFZH1UMqPSG1FRigifAwYLrH8hI6eMTuhY7CLza5cFqqT5nh
+VI+47HFt3EqGcSA3nVisFsb+v5H4jY8m8h2F/g6d1PJep39uQkQ3v/54F4SODpBR
+CbwxAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEB
+CwUAA4IBAQA+hNgESQWLsVgqbcXSVbUS6CTEk8Dl/ESDghqiHBQl1JifBCc8NFUb
+28zr+ECdSXkBNcSgNOfcLdNZ0b2ImFA3nIQBo9zErWOAYy32bC1b+y9yoZ5Fy4H+
+0eBB+/FOm+Fso9oJE+Hhh7m5hH+FuJA/Q8ovKiRmcLkXTSk8wiSXCd7V3U8ukFmi
+DBHkUp9fHmLEd2XUXRT6whD+S/ZKocEp78SOgW+JiC3s9r5YHqdz3KV8uvPK6u36
+13IkBjHvUqwJwT63yKw+sKBWqKaIl5NF0sajsmceYoNJcn78r2BKRuGtNdZ69Is5
+120Nvq2BQoT04P/xd3O678RnQBq2xFJp
+-----END CERTIFICATE-----'''
+
+caSignedKeyExampleDotCom='''-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAseUOdbqUB/XKBQCUMlF6ViBrhAYxL3m7Oqq6TsASAs/zbUQp
+9APskCiWoNobBMXoP2o+GtenItpqd1YD/fnRUWxPzrOxkFJq7K3MRC4Qs6TZeAwG
+p0Ej18dg0aAEvXF+pExHCqldxFcNEo8ni0KujesHBqjmM68dr4605Rv6I33rXjqb
+STKNSguNdzuQhaTcPAEPjzl6DkiGis4js6D04QlDK0dkNgueD5RWR9VDKj0htRUY
+oInwMGC6x/ISOnjE7oWOwi82uXBaqk+Z4VSPuOxxbdxKhnEgN51YrBbG/r+R+I2P
+JvIdhf4OndTyXqd/bkJEN7/+eBeEjg6QUQm8MQIDAQABAoIBAC1/wlUGJXpruQHS
+hhTglgOVQyp/UvErl2GH7SLbKUAi48Xcm0ZYApdUakI1xpdP7vjZOY0v/wWBC53+
+GANLc+f5ZegeOZoKGmLyiL4fchIgZaa4nLMGjB5SVkcHQG8bqiJnh/wIGX1wLl3C
+04Bgy7hsll1zsX0imtseCtJWd4G/81uPAAeGuC5IkuOFu3EWMACjc0XcFpL4A2Ks
+5mar/fHHgnFfkAWLcrPkCu34v6nzbA0MSEOst/aWHWudbreNufa5hf1vWoPWpcml
+FjmImQnWPPcizax4G1v8JOrT1HWX7IWLFQoQGRywSaJm6YiOSP/tOhBuU9jzCibc
+bc5YT0kCgYEA6s4zc2oP5aMqWZX9VWP2W/rwSteMV8bVMuX0u01XMcY+usdPxtV/
+wfeYcG4+ZBXvFe+S1WpQebIrcVUw+O1fof9ybuniRVw+bOh1g52aIdwWw1+kwieC
+kq1nseDki8tssbv0HYPkEq5bi6i39ZpMi7CAWdWmQ5iHTIBVHwd1YhsCgYEAwfPI
+i1GrMl+LgVdaKkniiJSVrBvIb0xUKkZt7t3OSeeLZGzbGD5vcufk8iECVdQkqDee
+9H9N5zc4P+wZAMnuEzI4l7Ch3AZ1j8ukwcRPsfjTQSvRnwvpwojXtgVfoecL2zxE
+i/5MUls1qvrG6A5FY03ssP2K8eaMME66e3xH6MCgYBSayasMGJ8HJXU9E0EGB51
+ktOdsaNVfDmBsC4DQNaGZivGrAdYp8A8eYhMjqXfw8M0U++accLltKCDG4AhIFEd
+L+ke/YGrDwHqgH4fQMbFc9eZpIzUicHPcoafbW1LlJAGow7A/XalCAaiMwq/bvXH
+YqDq54+A0p1LQRCf36JYWQKBgA4T+OmL6wZEAydHROcu57+MMXUFqz3Q54cOB6q/
+9NpOcUK/2ANhfMt1Y5vjo3zBYkvHhcUvfGMdEfsp0wLIpXxFN/BixMzotx3R5Uqf
+Sj2b1xGy8Ys+3R/euPGgYDmrQKQQMt2KH+dg8gJ/BhjCP4J99p4GNVcmLN3/GJyk
+Rc1LAoGABIdnNZD/yuY/3CC3umwkadgJ7HBeMt9hPDac7ApYC6dTJy5LofssJH2S
+O18s1yk+ldkyW7ouEcgNgoZNFCQ+/C8VtuwOTOEJmEY6LwRtOWksHDH9U5uK6cx9
+t+YBsh2wlUqjUG0wMACbpMWR+JgsHwXemUGtIdevSaYk/0CX0oE=
+-----END RSA PRIVATE KEY-----'''
--- a/system_test/e2e/multi_node.py
+++ b/system_test/e2e/multi_node.py
@ -12,7 +12,7 @@ import time
 import sqlite3
 import unittest

-from certs import x509cert, x509key
+from certs import x509cert, x509key, caCert, caSignedCertExampleDotCom, caSignedKeyExampleDotCom
 from helpers import Node, Cluster, d_, write_random_file, deprovision_node, is_sequence_number, TIMEOUT

 RQLITED_PATH = os.environ['RQLITED_PATH']
@ -172,6 +172,49 @@ class TestEndToEndEncryptedNode(TestEndToEnd):

    self.cluster = Cluster([n0, n1, n2])

+
+class TestEndToEndEncryptedNode_ServerName(TestEndToEnd):
+  def setUp(self):
+    caCertFile = write_random_file(caCert)
+    caSignedKey = write_random_file(caSignedKeyExampleDotCom)
+    caSignedCert = write_random_file(caSignedCertExampleDotCom)
+
+    n0 = Node(RQLITED_PATH, '0', node_cert=caSignedCert, node_key=caSignedKey, node_ca_cert=caCertFile,
+              node_verify_server_name='example.com')
+    n0.start()
+    n0.wait_for_leader()
+
+    n1 = Node(RQLITED_PATH, '1', node_cert=caSignedCert, node_key=caSignedKey, node_ca_cert=caCertFile,
+              node_verify_server_name='example.com')
+    n1.start(join=n0.RaftAddr())
+    n1.wait_for_leader()
+
+    n2 = Node(RQLITED_PATH, '2', node_cert=caSignedCert, node_key=caSignedKey, node_ca_cert=caCertFile,
+              node_verify_server_name='example.com')
+    n2.start(join=n0.RaftAddr())
+    n2.wait_for_leader()
+
+    self.cluster = Cluster([n0, n1, n2])
+
+class TestEndToEndEncryptedNode_BadServerName(unittest.TestCase):
+  def test(self):
+    caCertFile = write_random_file(caCert)
+    caSignedKey = write_random_file(caSignedKeyExampleDotCom)
+    caSignedCert = write_random_file(caSignedCertExampleDotCom)
+
+    n0 = Node(RQLITED_PATH, '0', node_cert=caSignedCert, node_key=caSignedKey, node_ca_cert=caCertFile,
+              node_verify_server_name='example.com')
+    n0.start()
+    n0.wait_for_leader()
+
+    n1 = Node(RQLITED_PATH, '1', node_cert=caSignedCert, node_key=caSignedKey, node_ca_cert=caCertFile,
+              node_verify_server_name='bad.com')
+    n1.start(join=n0.RaftAddr())
+    self.assertTrue(n1.expect_leader_fail())  # Should fail to join due to bad server name
+
+    deprovision_node(n0)
+    deprovision_node(n1)
+
 class TestClusterRecovery(unittest.TestCase):
  '''Test that a cluster can recover after all Raft network addresses change'''
  def test(self):