diff --git a/integration-tests/templates/manufacturing-server.yml.j2 b/integration-tests/templates/manufacturing-server.yml.j2 index 6eaa2e5fa..5fb102dcd 100644 --- a/integration-tests/templates/manufacturing-server.yml.j2 +++ b/integration-tests/templates/manufacturing-server.yml.j2 @@ -8,7 +8,8 @@ ownership_voucher_store_driver: public_key_store_driver: Directory: path: {{ config_dir }}/keys/ -bind: {{ bind }} +bind_http: {{ bind }} +bind_https: {{ bind_https }} rendezvous_info: - dns: localhost device_port: 8082 @@ -33,3 +34,5 @@ manufacturing: owner_cert_path: {{ keys_path }}/owner_cert.pem device_cert_ca_private_key: {{ keys_path }}/device_ca_key.der device_cert_ca_chain: {{ keys_path }}/device_ca_cert.pem + manufacturing_server_https_cert: {{ manufacturing_server_https_cert_path }}/manufacturing_server_https_cert.crt + manufacturing_server_https_key: {{ manufacturing_server_https_key_path }}/manufacturing_server_https_key.key diff --git a/integration-tests/tests/di_diun.rs b/integration-tests/tests/di_diun.rs index 11ae30010..73e46455d 100644 --- a/integration-tests/tests/di_diun.rs +++ b/integration-tests/tests/di_diun.rs @@ -1,3 +1,4 @@ + mod common; use common::{Binary, LogSide, TestContext}; use lazy_static::lazy_static; @@ -25,6 +26,9 @@ async fn test_device_credentials_already_active() -> Result<()> { cfg.insert("rendezvous_port", "1337"); cfg.insert("diun_key_type", "FileSystem"); cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("0.0.0.0:{}","8096")); Ok(()) })?) }, @@ -109,6 +113,9 @@ async fn test_device_credentials_generated_with_mac_address() -> Result<()> { cfg.insert("rendezvous_port", "1337"); cfg.insert("diun_key_type", "FileSystem"); cfg.insert("device_identification_format", "MACAddress"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("https://localhost:{}","8086")); Ok(()) })?) }, @@ -207,6 +214,10 @@ async fn test_device_credentials_with_tpm() -> Result<()> { cfg.insert("rendezvous_port", "1337"); cfg.insert("diun_key_type", "Tpm"); cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("https://localhost:{}","8086")); + Ok(()) })?) }, @@ -254,6 +265,10 @@ async fn test_device_credentials_generated_with_mac_address_no_user_given_iface( cfg.insert("rendezvous_port", "1337"); cfg.insert("diun_key_type", "FileSystem"); cfg.insert("device_identification_format", "MACAddress"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("https://localhost:{}","8086")); + Ok(()) })?) }, diff --git a/integration-tests/tests/di_diun_https.rs b/integration-tests/tests/di_diun_https.rs new file mode 100644 index 000000000..27a78fff0 --- /dev/null +++ b/integration-tests/tests/di_diun_https.rs @@ -0,0 +1,61 @@ +/* +mod common; +use common::{Binary, LogSide, TestContext}; +use std::env; +use std::path::Path; +use std::time::Duration; +use anyhow::{Context, Result}; +const L: LogSide = LogSide::Test; + +#[tokio::test] +async fn di_diun_https_test() -> Result<()> { + let mut ctx = TestContext::new().context("Error building test context")?; + + let mfg_server = ctx + .start_test_server( + Binary::ManufacturingServer, + |cfg| { + Ok(cfg.prepare_config_file(None, |cfg| { + cfg.insert("rendezvous_port", "1337"); + cfg.insert("diun_key_type", "FileSystem"); + cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + // cfg.insert("bind_http", "8085"); + cfg.insert("bind_https", &format!("0.0.0.0:{}","8086")); + Ok(()) + })?) + }, + |_| Ok(()), + ) + .context("Error creating manufacturing server")?; + ctx.wait_until_servers_ready() + .await + .context("Error waiting for servers to start")?; + + + + let client_result = ctx + .run_client( + Binary::ManufacturingClient, + Some(&mfg_server), + |cfg| { + cfg.env("DEVICE_CREDENTIAL_FILENAME", "devicecredential.dc") + .env("MANUFACTURING_SERVER_URL", "https://localhost:8086") + .env("DEV_ENVIRONMENT", "1") + .env("DIUN_PUB_KEY_INSECURE", "true"); + Ok(()) + }, + Duration::from_secs(5), + ) + .context("Error running manufacturing client")?; + client_result + .expect_success() + .context("Manufacturing client failed")?; + + let dc_path = client_result.client_path().join("devicecredential.dc"); + L.l(format!("Device Credential should be in {:?}", dc_path)); + assert!(Path::new(&dc_path).exists()); + + Ok(()) +} */ \ No newline at end of file diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs index 4afdd92c0..4127b84ee 100644 --- a/integration-tests/tests/e2e.rs +++ b/integration-tests/tests/e2e.rs @@ -192,6 +192,10 @@ where cfg.insert("diun_key_type", diun_key_type); cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap()); cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("0.0.0.0:{}","8086")); + Ok(()) })?) }, @@ -514,6 +518,10 @@ where cfg.insert("diun_key_type", diun_key_type); cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap()); cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("0.0.0.0:{}","8086")); + Ok(()) })?) }, diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs index 940b0fd56..ae908db5a 100644 --- a/integration-tests/tests/service_info.rs +++ b/integration-tests/tests/service_info.rs @@ -106,6 +106,9 @@ where cfg.insert("diun_key_type", diun_key_type); cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap()); cfg.insert("device_identification_format", "SerialNumber"); + cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test"); + cfg.insert("bind_https", &format!("0.0.0.0:{}","8086")); Ok(()) })?) }, diff --git a/integration-tests/tests/test-data/https-test/manufacturing_server_https_cert.crt b/integration-tests/tests/test-data/https-test/manufacturing_server_https_cert.crt new file mode 100644 index 000000000..c289b9a5d --- /dev/null +++ b/integration-tests/tests/test-data/https-test/manufacturing_server_https_cert.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCApMCFDBq5YwvijIjOB6U4yFgJpJwHTsEMA0GCSqGSIb3DQEBCwUAMIGR +MQswCQYDVQQGEwJJRTEPMA0GA1UECAwGR2Fsd2F5MQ8wDQYDVQQHDAZHYWx3YXkx +EDAOBgNVBAoMB1JlZCBIYXQxDDAKBgNVBAsMA1I0RTEcMBoGA1UEAwwTd3d3LmZk +by5leGFtcGxlLmNvbTEiMCAGCSqGSIb3DQEJARYTc2FybWFoYWpAcmVkaGF0LmNv +bTAeFw0yMzA5MTIxMDA5MzdaFw0yNDA5MTExMDA5MzdaMIGRMQswCQYDVQQGEwJJ +RTEPMA0GA1UECAwGR2Fsd2F5MQ8wDQYDVQQHDAZHYWx3YXkxEDAOBgNVBAoMB1Jl +ZCBIYXQxDDAKBgNVBAsMA1I0RTEcMBoGA1UEAwwTd3d3LmZkby5leGFtcGxlLmNv +bTEiMCAGCSqGSIb3DQEJARYTc2FybWFoYWpAcmVkaGF0LmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMiKFA4zj4DZ3S85HosHND7hAapN7MSS6h+4 +xdJC6xZBe4EkSNpvuj22I09bxdmdPB4KDI0mKIhzM5QTmeIj5ejGaeviuDbLuF1t +2CLbb4Dprj9uS81XattqSdRDeWa4EZRGf3iGoryb2KgdRaqT1sy5Rh2KfNa+267w +JElZ6EsBjjXojBO2yg+dW75U1oIhLtQPFUIQ78muOr8Hg6p67UHaLO6rry7R/Dhd +bphrJwLME5AaQAvpudWM7y0PrHsOzW3nmykktTSbOXBWtx2d7pZYju+DXSW9/1rV ++GV+NtoUIjUL9fEKm9mT2VuW433ZCvPrQTAcNo87VsMYk4mZyZcCAwEAATANBgkq +hkiG9w0BAQsFAAOCAQEAx0l+3iEf6SydBwWP1qVFPRC9NExym5DN14bYQivBwvNO +454WrO/lQyXuKsMrS5Uu2bURNblxs7lOIfyzIn9CHZq8DRcAfPoVl9nn90WnD72j +YIqCvOcC5VtLR5SFMIfWYgpj7/uHhEO0ykQk5oLkxkooPROOcJPDdUuZZx5hY3f9 +r7zGBrPhQHT+3YJmg2aF4j7+GCGoydg+alkxLHhHfs7r+tH7bNtL28x86iqilWGs +7ciG5nZm+tM/DaI+yUtnJhN83J6914Zjm8QX/85IiaBC6rVcEfkFTkqlPXId2kHV +pmRu5tNQOqLctpmIr+M1/JQDuhkoh+MyJBfEwzG6Tw== +-----END CERTIFICATE----- diff --git a/integration-tests/tests/test-data/https-test/manufacturing_server_https_key.key b/integration-tests/tests/test-data/https-test/manufacturing_server_https_key.key new file mode 100644 index 000000000..0098d0464 --- /dev/null +++ b/integration-tests/tests/test-data/https-test/manufacturing_server_https_key.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIihQOM4+A2d0v +OR6LBzQ+4QGqTezEkuofuMXSQusWQXuBJEjab7o9tiNPW8XZnTweCgyNJiiIczOU +E5niI+Xoxmnr4rg2y7hdbdgi22+A6a4/bkvNV2rbaknUQ3lmuBGURn94hqK8m9io +HUWqk9bMuUYdinzWvtuu8CRJWehLAY416IwTtsoPnVu+VNaCIS7UDxVCEO/Jrjq/ +B4Oqeu1B2izuq68u0fw4XW6YaycCzBOQGkAL6bnVjO8tD6x7Ds1t55spJLU0mzlw +Vrcdne6WWI7vg10lvf9a1fhlfjbaFCI1C/XxCpvZk9lbluN92Qrz60EwHDaPO1bD +GJOJmcmXAgMBAAECgf9sNVs/8WPmXUt8Uqdio0ZTkESP8h8424G/Vl05aPm25bXh +p9V5Tlv2Hy7XI3PZBDkDcN0PHjZ7DSLTWzSiC7zI6Y0PgSPOPvBfeZSPaQcqZXkJ +NW8Or4WQmdVT7iv8e21d/ZUQlttQR4HyHXxXDp1wTrdMlnk6rMHGOs4T3anL5ZY9 +juXeva/7ilyETvuGCogx4F8/jMpaG9ypr8HYUCwEtt2pEL1eak5VQ/U1wzoN5mKd +Ke8eIfuE1JLdArFgXL9T3xmEu640JW27p94FTt6gUzutY6H88QvRy0S6A+Umat/A +0sM3T0U3wZso0VI3wpgLScy+aKYz+NE+HWb74hkCgYEA7D3yhQ5iORs1o/ELdfJP +j4pzaqyQ0fTjyXJ0BeCdbyvt6pKyEOVWr6N5tSb1LuoqHNO2qu/7pH6MjQMurT+U +wQZ6i0DCSVedu5FFVA6udvtZ3hVyatoufNf9bCEKWNZ5sa3H54FQ355FynM/Rn4R +t2GhoOJD44zbn97feXBqix8CgYEA2U+4nS6aNXqYcbGYJCMbkIeby4ryWyt9eTgv +T9H9eMD4A6pcHAIY7AFsqXvAIbZYMvDHUNwfQuJs9qdSciyiACypAYnXkJ+7tYYf +28gaYREoOmiKAwiJokpdkMcriKCMqf/dww31p1+7DUt2ph2IVAS7oxvXmI0kdQps +o9A16okCgYBcfHAKiTQI+U8JrJ95AHEHWAORWpejqsTWo7kqZ+IamM8ey2ls1ewW +/N/z/Jl2UXRFLtlPmH4iyuxJdFp8tuyMmPW2uJaXUfbNbLUAkHLa39Ix8KGHlX0n +oQN0poa/es/PsKIXTvgTY4odFPtLpKVY7p7xNkOvvQBqWT2R9GGxrwKBgQDOOSJY +P65mC9Z5JnDb8lkpOhe1/EDsFgR3scLsO7oQCwgR6myIw9DEvsFQwThehb2Dcg2k +BZDBF0ESfUz3PrXp9nfYFuhzvbITnJnFJ0spTG/hpe063bJHSc0rJGeCu+FhPohD +n4687FMFVdTd5W7HVMqACl75zQ+I5oCcoG1aCQKBgQCtG6wdu+hrYEziJv44+s3V +Iwcf2Ao5VLJvdSoBucSb5k5pXHVXX7o9Wc55CAz+1Asx6n1RcF2z0uThy7mfOWKF +nX6Q8jYQJZ0V/oLjp41+xq+vSznDhnh9dqxufhSq1mOmKG5b45klCGu9mGKvdNDO +FLaCYQ/hltBYdxWd3GEw9A== +-----END PRIVATE KEY-----