ci(https support ): add test for https support DI

- still WIP

Signed-off-by: Sarita Mahajan <[email protected]>

Author: sarmahaj

integration-tests/templates/manufacturing-server.yml.j2

@@ -8,7 +8,8 @@ ownership_voucher_store_driver:
 public_key_store_driver:
   Directory:
     path: {{ config_dir }}/keys/
-bind: {{ bind }}
+bind_http: {{ bind }}
+bind_https: {{ bind_https }}
 rendezvous_info:
 - dns: localhost
   device_port: 8082
@@ -33,3 +34,5 @@ manufacturing:
   owner_cert_path: {{ keys_path }}/owner_cert.pem
   device_cert_ca_private_key: {{ keys_path }}/device_ca_key.der
   device_cert_ca_chain: {{ keys_path }}/device_ca_cert.pem
+  manufacturing_server_https_cert: {{ manufacturing_server_https_cert_path }}/manufacturing_server_https_cert.crt
+  manufacturing_server_https_key: {{ manufacturing_server_https_key_path }}/manufacturing_server_https_key.key

integration-tests/tests/di_diun.rs

@@ -25,6 +25,9 @@ async fn test_device_credentials_already_active() -> Result<()> {
                     cfg.insert("rendezvous_port", "1337");
                     cfg.insert("diun_key_type", "FileSystem");
                     cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8096"));
                     Ok(())
                 })?)
             },
@@ -109,6 +112,9 @@ async fn test_device_credentials_generated_with_mac_address() -> Result<()> {
                     cfg.insert("rendezvous_port", "1337");
                     cfg.insert("diun_key_type", "FileSystem");
                     cfg.insert("device_identification_format", "MACAddress");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
                     Ok(())
                 })?)
             },
@@ -207,6 +213,9 @@ async fn test_device_credentials_with_tpm() -> Result<()> {
                     cfg.insert("rendezvous_port", "1337");
                     cfg.insert("diun_key_type", "Tpm");
                     cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
                     Ok(())
                 })?)
             },
@@ -254,6 +263,10 @@ async fn test_device_credentials_generated_with_mac_address_no_user_given_iface(
                     cfg.insert("rendezvous_port", "1337");
                     cfg.insert("diun_key_type", "FileSystem");
                     cfg.insert("device_identification_format", "MACAddress");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
+
                     Ok(())
                 })?)
             },

integration-tests/tests/di_diun_https.rs

@@ -0,0 +1,61 @@
+
+mod common;
+use common::{Binary, LogSide, TestContext};
+use std::env;
+use std::path::Path;
+use std::time::Duration;
+use anyhow::{Context, Result};
+const L: LogSide = LogSide::Test;
+
+#[tokio::test]
+async fn di_diun_https_test() -> Result<()> {
+    let mut ctx = TestContext::new().context("Error building test context")?;
+
+    let mfg_server = ctx
+        .start_test_server(
+            Binary::ManufacturingServer,
+            |cfg| {
+                Ok(cfg.prepare_config_file(None, |cfg| {
+                    cfg.insert("rendezvous_port", "1337");
+                    cfg.insert("diun_key_type", "FileSystem");
+                    cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                   // cfg.insert("bind_http", "8085");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
+                    Ok(())
+                })?)
+            },
+            |_| Ok(()),
+        )
+        .context("Error creating manufacturing server")?;
+    ctx.wait_until_servers_ready()
+        .await
+        .context("Error waiting for servers to start")?;
+
+
+
+      let client_result = ctx
+        .run_client(
+            Binary::ManufacturingClient,
+            Some(&mfg_server),
+            |cfg| {
+                cfg.env("DEVICE_CREDENTIAL_FILENAME", "devicecredential.dc")
+                    .env("MANUFACTURING_SERVER_URL", "https://localhost:8086")
+                    .env("DEV_ENVIRONMENT", "1")
+                    .env("DIUN_PUB_KEY_INSECURE", "true");
+                Ok(())
+            },
+            Duration::from_secs(5),
+        )
+        .context("Error running manufacturing client")?;
+    client_result
+        .expect_success()
+        .context("Manufacturing client failed")?;
+
+    let dc_path = client_result.client_path().join("devicecredential.dc");
+    L.l(format!("Device Credential should be in {:?}", dc_path));
+    assert!(Path::new(&dc_path).exists());
+
+    Ok(())
+} 

integration-tests/tests/e2e.rs

@@ -192,6 +192,10 @@ where
                     cfg.insert("diun_key_type", diun_key_type);
                     cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap());
                     cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
+
                     Ok(())
                 })?)
             },
@@ -514,6 +518,10 @@ where
                     cfg.insert("diun_key_type", diun_key_type);
                     cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap());
                     cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
+
                     Ok(())
                 })?)
             },

integration-tests/tests/service_info.rs

@@ -106,6 +106,9 @@ where
                     cfg.insert("diun_key_type", diun_key_type);
                     cfg.insert("rendezvous_port", &rendezvous_server.server_port().unwrap());
                     cfg.insert("device_identification_format", "SerialNumber");
+                    cfg.insert("manufacturing_server_https_cert_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("manufacturing_server_https_key_path", "/workspaces/fido-device-onboard-rs/integration-tests/tests/test-data/https-test");
+                    cfg.insert("bind_https", &format!("0.0.0.0:{}","8086"));
                     Ok(())
                 })?)
             },

integration-tests/tests/test-data/https-test/manufacturing_server_https_cert.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApMCFDBq5YwvijIjOB6U4yFgJpJwHTsEMA0GCSqGSIb3DQEBCwUAMIGR
+MQswCQYDVQQGEwJJRTEPMA0GA1UECAwGR2Fsd2F5MQ8wDQYDVQQHDAZHYWx3YXkx
+EDAOBgNVBAoMB1JlZCBIYXQxDDAKBgNVBAsMA1I0RTEcMBoGA1UEAwwTd3d3LmZk
+by5leGFtcGxlLmNvbTEiMCAGCSqGSIb3DQEJARYTc2FybWFoYWpAcmVkaGF0LmNv
+bTAeFw0yMzA5MTIxMDA5MzdaFw0yNDA5MTExMDA5MzdaMIGRMQswCQYDVQQGEwJJ
+RTEPMA0GA1UECAwGR2Fsd2F5MQ8wDQYDVQQHDAZHYWx3YXkxEDAOBgNVBAoMB1Jl
+ZCBIYXQxDDAKBgNVBAsMA1I0RTEcMBoGA1UEAwwTd3d3LmZkby5leGFtcGxlLmNv
+bTEiMCAGCSqGSIb3DQEJARYTc2FybWFoYWpAcmVkaGF0LmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMiKFA4zj4DZ3S85HosHND7hAapN7MSS6h+4
+xdJC6xZBe4EkSNpvuj22I09bxdmdPB4KDI0mKIhzM5QTmeIj5ejGaeviuDbLuF1t
+2CLbb4Dprj9uS81XattqSdRDeWa4EZRGf3iGoryb2KgdRaqT1sy5Rh2KfNa+267w
+JElZ6EsBjjXojBO2yg+dW75U1oIhLtQPFUIQ78muOr8Hg6p67UHaLO6rry7R/Dhd
+bphrJwLME5AaQAvpudWM7y0PrHsOzW3nmykktTSbOXBWtx2d7pZYju+DXSW9/1rV
++GV+NtoUIjUL9fEKm9mT2VuW433ZCvPrQTAcNo87VsMYk4mZyZcCAwEAATANBgkq
+hkiG9w0BAQsFAAOCAQEAx0l+3iEf6SydBwWP1qVFPRC9NExym5DN14bYQivBwvNO
+454WrO/lQyXuKsMrS5Uu2bURNblxs7lOIfyzIn9CHZq8DRcAfPoVl9nn90WnD72j
+YIqCvOcC5VtLR5SFMIfWYgpj7/uHhEO0ykQk5oLkxkooPROOcJPDdUuZZx5hY3f9
+r7zGBrPhQHT+3YJmg2aF4j7+GCGoydg+alkxLHhHfs7r+tH7bNtL28x86iqilWGs
+7ciG5nZm+tM/DaI+yUtnJhN83J6914Zjm8QX/85IiaBC6rVcEfkFTkqlPXId2kHV
+pmRu5tNQOqLctpmIr+M1/JQDuhkoh+MyJBfEwzG6Tw==
+-----END CERTIFICATE-----

integration-tests/tests/test-data/https-test/manufacturing_server_https_key.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIihQOM4+A2d0v
+OR6LBzQ+4QGqTezEkuofuMXSQusWQXuBJEjab7o9tiNPW8XZnTweCgyNJiiIczOU
+E5niI+Xoxmnr4rg2y7hdbdgi22+A6a4/bkvNV2rbaknUQ3lmuBGURn94hqK8m9io
+HUWqk9bMuUYdinzWvtuu8CRJWehLAY416IwTtsoPnVu+VNaCIS7UDxVCEO/Jrjq/
+B4Oqeu1B2izuq68u0fw4XW6YaycCzBOQGkAL6bnVjO8tD6x7Ds1t55spJLU0mzlw
+Vrcdne6WWI7vg10lvf9a1fhlfjbaFCI1C/XxCpvZk9lbluN92Qrz60EwHDaPO1bD
+GJOJmcmXAgMBAAECgf9sNVs/8WPmXUt8Uqdio0ZTkESP8h8424G/Vl05aPm25bXh
+p9V5Tlv2Hy7XI3PZBDkDcN0PHjZ7DSLTWzSiC7zI6Y0PgSPOPvBfeZSPaQcqZXkJ
+NW8Or4WQmdVT7iv8e21d/ZUQlttQR4HyHXxXDp1wTrdMlnk6rMHGOs4T3anL5ZY9
+juXeva/7ilyETvuGCogx4F8/jMpaG9ypr8HYUCwEtt2pEL1eak5VQ/U1wzoN5mKd
+Ke8eIfuE1JLdArFgXL9T3xmEu640JW27p94FTt6gUzutY6H88QvRy0S6A+Umat/A
+0sM3T0U3wZso0VI3wpgLScy+aKYz+NE+HWb74hkCgYEA7D3yhQ5iORs1o/ELdfJP
+j4pzaqyQ0fTjyXJ0BeCdbyvt6pKyEOVWr6N5tSb1LuoqHNO2qu/7pH6MjQMurT+U
+wQZ6i0DCSVedu5FFVA6udvtZ3hVyatoufNf9bCEKWNZ5sa3H54FQ355FynM/Rn4R
+t2GhoOJD44zbn97feXBqix8CgYEA2U+4nS6aNXqYcbGYJCMbkIeby4ryWyt9eTgv
+T9H9eMD4A6pcHAIY7AFsqXvAIbZYMvDHUNwfQuJs9qdSciyiACypAYnXkJ+7tYYf
+28gaYREoOmiKAwiJokpdkMcriKCMqf/dww31p1+7DUt2ph2IVAS7oxvXmI0kdQps
+o9A16okCgYBcfHAKiTQI+U8JrJ95AHEHWAORWpejqsTWo7kqZ+IamM8ey2ls1ewW
+/N/z/Jl2UXRFLtlPmH4iyuxJdFp8tuyMmPW2uJaXUfbNbLUAkHLa39Ix8KGHlX0n
+oQN0poa/es/PsKIXTvgTY4odFPtLpKVY7p7xNkOvvQBqWT2R9GGxrwKBgQDOOSJY
+P65mC9Z5JnDb8lkpOhe1/EDsFgR3scLsO7oQCwgR6myIw9DEvsFQwThehb2Dcg2k
+BZDBF0ESfUz3PrXp9nfYFuhzvbITnJnFJ0spTG/hpe063bJHSc0rJGeCu+FhPohD
+n4687FMFVdTd5W7HVMqACl75zQ+I5oCcoG1aCQKBgQCtG6wdu+hrYEziJv44+s3V
+Iwcf2Ao5VLJvdSoBucSb5k5pXHVXX7o9Wc55CAz+1Asx6n1RcF2z0uThy7mfOWKF
+nX6Q8jYQJZ0V/oLjp41+xq+vSznDhnh9dqxufhSq1mOmKG5b45klCGu9mGKvdNDO
+FLaCYQ/hltBYdxWd3GEw9A==
+-----END PRIVATE KEY-----