Permalink
Browse files

test: add Travis configuration to test SSL (#1095)

remove v2 protocol versions of the test
remove pg8 versions of the test
  • Loading branch information...
davecramer authored and vlsi committed Mar 11, 2018
1 parent af49962 commit 298683b1bd11a4b16cdba861c8ca93134cfb037b
@@ -28,11 +28,13 @@ before_script:
- ./.travis/travis_install_postgres.sh
- test "x$XA" == 'x' || ./.travis/travis_configure_xa.sh
- test "x$REPLICATION" == 'x' || ./.travis/travis_configure_replication.sh
- test "x$SSLTEST" == 'x' || ./.travis/travis_configure_ssl.sh
- ./.travis/travis_start_postgres.sh
- test "x$PG_VERSION" != 'xHEAD' || psql -U postgres -c "set password_encryption='scram-sha-256'; create user test with password 'test';"
- test "x$PG_VERSION" = 'xHEAD' || psql -U postgres -c "create user test with password 'test';"
- test "x$REPLICATION" == 'x' || psql -U postgres -c "alter user test with replication;"
- psql -c 'create database test owner test;' -U postgres
- test "x$SSLTEST" == 'x' || ./.travis/travis_ssl_users.sh
- test "x$REPLICATION" == 'x' || ./.travis/travis_create_slaves.sh
- if [[ $TRAVIS_BRANCH == release/* ]]; then echo "MAVEN_OPTS='-Xmx1g'" > ~/.mavenrc; else echo "MAVEN_OPTS='-Xmx1g -Dgpg.skip=true'" > ~/.mavenrc; fi
- test "x$PG_VERSION" == 'x' || test "x$NO_HSTORE" == 'xY' || psql test -c 'CREATE EXTENSION hstore;' -U postgres
@@ -143,6 +145,14 @@ matrix:
- QUERY_MODE=extendedCacheEverything
- COVERAGE=N
- TZ=Europe/Moscow # +03:00, no DST
- jdk: oraclejdk8
sudo: required
addons:
postgresql: "9.6"
env:
- PG_VERSION=9.6
- SSLTEST=Y
- COVERAGE=Y
- jdk: openjdk7
sudo: required
addons:
@@ -0,0 +1,48 @@
#!/usr/bin/env bash
set -x -e
set_conf_property() {
local key=${1}
local value=${2}
sudo sed -i -e "s/^#\?${key}.*/${key} = '\/etc\/postgresql\/${PG_VERSION}\/main\/${value}'/" /etc/postgresql/${PG_VERSION}/main/postgresql.conf
}
enable_ssl_property() {
local property=${1}
sed -i -e "s/^#${property}\(.*\)/${property}\1/" ssltest.properties
}
if [ -z "$PG_VERSION" ]
then
echo "env PG_VERSION is not defined";
else
set_conf_property "ssl_cert_file" "server.crt"
set_conf_property "ssl_key_file" "server.key"
set_conf_property "ssl_ca_file" "root.crt"
enable_ssl_property "testsinglecertfactory"
enable_ssl_property "sslhostnossl9"
enable_ssl_property "sslhostgh9"
enable_ssl_property "sslhostbh9"
enable_ssl_property "sslhostsslgh9"
enable_ssl_property "sslhostsslbh9"
enable_ssl_property "sslhostsslcertgh9"
enable_ssl_property "sslhostsslcertbh9"
enable_ssl_property "sslcertgh9"
enable_ssl_property "sslcertbh9"
PG_DATA_DIR="/etc/postgresql/${PG_VERSION}/main/"
sudo cp certdir/server/pg_hba.conf "/etc/postgresql/${PG_VERSION}/main/pg_hba.conf"
sudo cp certdir/server/root.crt "${PG_DATA_DIR}"
sudo chmod 0600 "${PG_DATA_DIR}/root.crt"
sudo chown postgres:postgres "${PG_DATA_DIR}/root.crt"
sudo cp certdir/server/server.crt "${PG_DATA_DIR}"
sudo chmod 0600 "${PG_DATA_DIR}/server.crt"
sudo chown postgres:postgres "${PG_DATA_DIR}/server.crt"
sudo cp certdir/server/server.key "${PG_DATA_DIR}"
sudo chmod 0600 "${PG_DATA_DIR}/server.key"
sudo chown postgres:postgres "${PG_DATA_DIR}/server.key"
fi
@@ -0,0 +1,12 @@
#!/usr/bin/env bash
create_databases() {
for db in hostdb hostssldb hostnossldb certdb hostsslcertdb; do
createdb -U postgres $db
psql -U postgres $db -c "create extension sslinfo"
done
}
create_databases
psql -U postgres test -c "create extension sslinfo"
@@ -9,7 +9,7 @@ then
#Start head postgres
sudo su postgres -c "/usr/local/pgsql/bin/pg_ctl -D ${PG_DATADIR} -w -t 300 -c -o '-p 5432' -l /tmp/postgres.log start"
sudo tail /tmp/postgres.log
elif [ "$XA" = "true" ] || [ "${REPLICATION}" = "Y" ]
elif [ "$XA" = "true" ] || [ "${REPLICATION}" = "Y" ] || [ "${SSLTEST}" = "Y" ]
then
sudo service postgresql stop
sudo service postgresql start ${PG_VERSION}
@@ -3,7 +3,7 @@ To run the SSL tests, the following properties are used:
certdir: directory where the certificates and keys are store
ssl<TYPE><gh|bh><8|9>: a connection string to the appropiate database
ssl<TYPE><gh|bh><8|9>: a connection string to the appropriate database
TYPE is the TYPE or METHOD field from pg_hba.conf that is: host, hostnossl,
hostssl and the special types hostsslcert, that corresponds
to a hostssl type with clientcert=1 and cert that corresponds
@@ -71,8 +71,10 @@
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident
local all postgres trust
# IPv4 local connections:
host all postgres 127.0.0.1/32 trust
host test all 127.0.0.1/32 md5
host hostdb all 127.0.0.1/32 md5
hostnossl hostnossldb all 127.0.0.1/32 md5
hostssl hostssldb all 127.0.0.1/32 md5 clientcert=0
@@ -1,6 +1,6 @@
codecov:
notify:
after_n_builds: 8
after_n_builds: 9
require_ci_to_pass: false
comment:
layout: header, changes, diff
@@ -37,7 +37,7 @@ public static void convert(PGStream stream, Properties info)
// unless sslmode is set
String classname = PGProperty.SSL_FACTORY.get(info);
if (classname == null) {
// If sslmode is set, use the libp compatible factory
// If sslmode is set, use the libpq compatible factory
if (sslmode != null) {
factory = new LibPQFactory(info);
} else {
@@ -222,7 +222,15 @@ public class FooTest {
}
}
8. Running the JDBC 2 test suite from Sun against PostgreSQL
8 ssltests
----------------
- requires ssl to be turned on in the database 'postgresql.conf ssl=true'
- pg_hba.conf requires entries for hostssl, and hostnossl
- contrib module sslinfo needs to be installed in the databases
- databases certdb, hostdb, hostnossldb, hostssldb, and hostsslcertdb need to be created
9 Running the JDBC 2 test suite from Sun against PostgreSQL
------------------------------------------------------------
Download the test suite from
http://java.sun.com/products/jdbc/jdbctestsuite-1_2_1.html
@@ -295,7 +303,7 @@ This is the JDBC 2 test suite that includes J2EE requirements.
At the time of writing of this document, a great number of tests
in this test suite fail.
9 Credits, feedback
10 Credits, feedback
-------------------
The parts of this document describing the PostgreSQL test suite
were originally written by Rene Pijlman. Liam Stewart contributed
@@ -58,17 +58,17 @@
}
return Arrays.asList(new Object[][]{
{"jdbc:postgresql://localhost:10084/test"},
{"jdbc:postgresql://localhost:10090/test"},
{"jdbc:postgresql://localhost:10091/test"},
{"jdbc:postgresql://localhost:10092/test"},
{"jdbc:postgresql://localhost:10093/test"},
{"jdbc:postgresql://localhost:5432/test"},
// {"jdbc:postgresql://localhost:10090/test"},
// {"jdbc:postgresql://localhost:10091/test"},
// {"jdbc:postgresql://localhost:10092/test"},
// {"jdbc:postgresql://localhost:10093/test"},
});
}
// The valid and invalid server SSL certfiicates:
private static final String goodServerCertPath = "certdir/goodroot.crt";
private static final String badServerCertPath = "certdir/badroot.crt";
private static final String goodServerCertPath = "../certdir/goodroot.crt";
private static final String badServerCertPath = "../certdir/badroot.crt";
private String getGoodServerCert() {
return loadFile(goodServerCertPath);
Oops, something went wrong.

0 comments on commit 298683b

Please sign in to comment.