From 7fb760ef273682cddb3811c69ee7526d59af3e34 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 13 Oct 2022 11:45:49 +0100
Subject: [PATCH] Split config parse tests by tls/not.

---
 test/broker/16-config-parse-errors-tls-psk.py | 63 ++++++++++++++
 test/broker/16-config-parse-errors-tls.py     | 84 +++++++++++++++++++
 ... => 16-config-parse-errors-without-tls.py} | 27 ------
 test/broker/Makefile                          |  9 +-
 test/broker/test.py                           |  4 +-
 5 files changed, 158 insertions(+), 29 deletions(-)
 create mode 100755 test/broker/16-config-parse-errors-tls-psk.py
 create mode 100755 test/broker/16-config-parse-errors-tls.py
 rename test/broker/{16-config-parse-errors.py => 16-config-parse-errors-without-tls.py} (73%)

diff --git a/test/broker/16-config-parse-errors-tls-psk.py b/test/broker/16-config-parse-errors-tls-psk.py
new file mode 100755
index 00000000..fce7a00f
--- /dev/null
+++ b/test/broker/16-config-parse-errors-tls-psk.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+
+# Test whether config parse errors are handled
+
+from mosq_test_helper import *
+
+vg_index = 0
+
+def start_broker(filename):
+    global vg_index
+    cmd = ['../../src/mosquitto', '-v', '-c', filename]
+
+    if os.environ.get('MOSQ_USE_VALGRIND') is not None:
+        logfile = os.path.basename(__file__)+'.'+str(vg_index)+'.vglog'
+        if os.environ.get('MOSQ_USE_VALGRIND') == 'callgrind':
+            cmd = ['valgrind', '-q', '--tool=callgrind', '--log-file='+logfile] + cmd
+        elif os.environ.get('MOSQ_USE_VALGRIND') == 'massif':
+            cmd = ['valgrind', '-q', '--tool=massif', '--log-file='+logfile] + cmd
+        else:
+            cmd = ['valgrind', '-q', '--trace-children=yes', '--leak-check=full', '--show-leak-kinds=all', '--log-file='+logfile] + cmd
+
+    vg_index += 1
+    return subprocess.Popen(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.PIPE)
+
+
+def write_config(filename, port, config_str):
+    with open(filename, 'w') as f:
+        f.write(f"{config_str}")
+
+
+def do_test(config_str, rc_expected):
+    rc = 1
+    port = mosq_test.get_port()
+
+    conf_file = os.path.basename(__file__).replace('.py', '.conf')
+    write_config(conf_file, port, config_str)
+
+    try:
+        broker = start_broker(conf_file)
+        broker.wait(timeout=1)
+
+        if broker.returncode == rc_expected:
+            rc = 0
+    except mosq_test.TestError:
+        pass
+    except subprocess.TimeoutExpired:
+        broker.terminate()
+    except Exception as e:
+        print(e)
+    finally:
+        os.remove(conf_file)
+        (stdo, stde) = broker.communicate()
+        if rc:
+            print(stde.decode('utf-8'))
+            print(config_str)
+            exit(rc)
+
+
+do_test("bridge_psk string\n", 3) # Missing bridge config
+do_test("bridge_identity string\n", 3) # Missing bridge config
+
+
+exit(0)
diff --git a/test/broker/16-config-parse-errors-tls.py b/test/broker/16-config-parse-errors-tls.py
new file mode 100755
index 00000000..d989fe5d
--- /dev/null
+++ b/test/broker/16-config-parse-errors-tls.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+
+# Test whether config parse errors are handled
+
+from mosq_test_helper import *
+
+vg_index = 0
+
+def start_broker(filename):
+    global vg_index
+    cmd = ['../../src/mosquitto', '-v', '-c', filename]
+
+    if os.environ.get('MOSQ_USE_VALGRIND') is not None:
+        logfile = os.path.basename(__file__)+'.'+str(vg_index)+'.vglog'
+        if os.environ.get('MOSQ_USE_VALGRIND') == 'callgrind':
+            cmd = ['valgrind', '-q', '--tool=callgrind', '--log-file='+logfile] + cmd
+        elif os.environ.get('MOSQ_USE_VALGRIND') == 'massif':
+            cmd = ['valgrind', '-q', '--tool=massif', '--log-file='+logfile] + cmd
+        else:
+            cmd = ['valgrind', '-q', '--trace-children=yes', '--leak-check=full', '--show-leak-kinds=all', '--log-file='+logfile] + cmd
+
+    vg_index += 1
+    return subprocess.Popen(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.PIPE)
+
+
+def write_config(filename, port, config_str):
+    with open(filename, 'w') as f:
+        f.write(f"{config_str}")
+
+
+def do_test(config_str, rc_expected):
+    rc = 1
+    port = mosq_test.get_port()
+
+    conf_file = os.path.basename(__file__).replace('.py', '.conf')
+    write_config(conf_file, port, config_str)
+
+    try:
+        broker = start_broker(conf_file)
+        broker.wait(timeout=1)
+
+        if broker.returncode == rc_expected:
+            rc = 0
+    except mosq_test.TestError:
+        pass
+    except subprocess.TimeoutExpired:
+        broker.terminate()
+    except Exception as e:
+        print(e)
+    finally:
+        os.remove(conf_file)
+        (stdo, stde) = broker.communicate()
+        if rc:
+            print(stde.decode('utf-8'))
+            print(config_str)
+            exit(rc)
+
+
+do_test("bridge_cafile string\n", 3) # Missing bridge config
+do_test("bridge_alpn string\n", 3) # Missing bridge config
+do_test("bridge_ciphers string\n", 3) # Missing bridge config
+do_test("bridge_ciphers_tls1.3 string\n", 3) # Missing bridge config
+do_test("bridge_capath string\n", 3) # Missing bridge config
+do_test("bridge_certfile string\n", 3) # Missing bridge config
+do_test("bridge_keyfile string\n", 3) # Missing bridge config
+do_test("bridge_tls_version string\n", 3) # Missing bridge config
+
+do_test("listener 1888\ncertfile\n", 3) # empty certfile
+do_test("listener 1888\nkeyfile\n", 3) # empty keyfile
+
+do_test("listener 1888\ncertfile ./16-config-parse-errors.py\nkeyfile ../ssl/server.key\n", 1) # invalid certfile
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ./16-config-parse-errors.py\n", 1) # invalid keyfile
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/client.key\n", 1) # mismatched certfile / keyfile
+
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\ntls_version invalid\n", 1) # invalid tls_version
+
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\ncrlfile invalid\n", 1) # missing crl file
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\ndhparamfile invalid\n", 1) # missing dh param file
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\ndhparamfile ./16-config-parse-errors.py\n", 1) # invalid dh param file
+
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\nciphers invalid\n", 1) # invalid ciphers
+do_test("listener 1888\ncertfile ../ssl/server.crt\nkeyfile ../ssl/server.key\nciphers_tls1.3 invalid\n", 1) # invalid ciphers_tls1.3
+
+exit(0)
diff --git a/test/broker/16-config-parse-errors.py b/test/broker/16-config-parse-errors-without-tls.py
similarity index 73%
rename from test/broker/16-config-parse-errors.py
rename to test/broker/16-config-parse-errors-without-tls.py
index 5cda567b..0456bb23 100755
--- a/test/broker/16-config-parse-errors.py
+++ b/test/broker/16-config-parse-errors-without-tls.py
@@ -85,28 +85,18 @@ do_test("plugin c/auth_plugin.so\nplugin_opt_ string\n", 3) # Incomplete plugin_
 do_test("plugin c/auth_plugin.so\nplugin_opt_test\n", 3) # Empty plugin_opt_
 
 do_test("bridge_attempt_unsubscribe true\n", 3) # Missing bridge config
-do_test("bridge_cafile string\n", 3) # Missing bridge config
-do_test("bridge_alpn string\n", 3) # Missing bridge config
-do_test("bridge_ciphers string\n", 3) # Missing bridge config
-do_test("bridge_ciphers_tls1.3 string\n", 3) # Missing bridge config
 do_test("bridge_bind_address string\n", 3) # Missing bridge config
-do_test("bridge_capath string\n", 3) # Missing bridge config
-do_test("bridge_certfile string\n", 3) # Missing bridge config
-do_test("bridge_identity string\n", 3) # Missing bridge config
 do_test("bridge_insecure true\n", 3) # Missing bridge config
 do_test("bridge_require_oscp true\n", 3) # Missing bridge config
 do_test("bridge_max_packet_size 1000\n", 3) # Missing bridge config
 do_test("bridge_max_topic_alias 1000\n", 3) # Missing bridge config
 do_test("bridge_outgoing_retain false\n", 3) # Missing bridge config
-do_test("bridge_keyfile string\n", 3) # Missing bridge config
 do_test("bridge_protocol_version string\n", 3) # Missing bridge config
-do_test("bridge_psk string\n", 3) # Missing bridge config
 do_test("bridge_receive_maximum 10\n", 3) # Missing bridge config
 do_test("bridge_reload_type string\n", 3) # Missing bridge config
 do_test("bridge_session_expiry_interval 10000\n", 3) # Missing bridge config
 do_test("bridge_tcp_keepalive 10000\n", 3) # Missing bridge config
 do_test("bridge_tcp_user_timeout 10000\n", 3) # Missing bridge config
-do_test("bridge_tls_version string\n", 3) # Missing bridge config
 do_test("local_clientid str\n", 3) # Missing bridge config
 do_test("local_password str\n", 3) # Missing bridge config
 do_test("local_username str\n", 3) # Missing bridge config
@@ -145,21 +135,4 @@ do_test("memory_limit -1\n", 3) # Invalid value
 do_test("sys_interval -1\n", 3) # Invalid value
 do_test("sys_interval 65536\n", 3) # Invalid value
 
-do_test("listener 1888\ncertfile\n", 3) # empty certfile
-do_test("listener 1888\nkeyfile\n", 3) # empty keyfile
-
-do_test(f"listener 1888\ncertfile {source_dir}/16-config-parse-errors.py\nkeyfile {ssl_dir}/server.key\n", 1) # invalid certfile
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {source_dir}/16-config-parse-errors.py\n", 1) # invalid keyfile
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/client.key\n", 1) # mismatched certfile / keyfile
-
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\ntls_version invalid", 1) # invalid tls_version
-
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\ncrlfile invalid", 1) # missing crl file
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\ndhparamfile invalid", 1) # missing dh param file
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\ndhparamfile {source_dir}/16-config-parse-errors.py", 1) # invalid dh param file
-
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\nciphers invalid", 1) # invalid ciphers
-do_test(f"listener 1888\ncertfile {ssl_dir}/server.crt\nkeyfile {ssl_dir}/server.key\nciphers_tls1.3 invalid", 1) # invalid ciphers_tls1.3
-
-
 exit(0)
diff --git a/test/broker/Makefile b/test/broker/Makefile
index d5cc5893..6118de59 100644
--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@@ -279,8 +279,15 @@ endif
 16 :
 	./16-cmd-args.py
 	./16-config-includedir.py
-	./16-config-parse-errors.py
+	./16-config-parse-errors-without-tls.py
+ifeq ($(WITH_TLS),yes)
+	./16-config-parse-errors-tls.py
+ifeq ($(WITH_TLS_PSK),yes)
+	./16-config-parse-errors-tls-psk.py
+endif
+endif
 
 17 :
 	./17-control-list-listeners.py
 	./17-control-list-plugins.py
+
diff --git a/test/broker/test.py b/test/broker/test.py
index a028e30f..e0c65926 100755
--- a/test/broker/test.py
+++ b/test/broker/test.py
@@ -237,7 +237,9 @@ tests = [
 
     (1, './16-cmd-args.py'),
     (1, './16-config-includedir.py'),
-    (1, './16-config-parse-errors.py'),
+    (1, './16-config-parse-errors-tls.py'),
+    (1, './16-config-parse-errors-tls-psk.py'),
+    (1, './16-config-parse-errors-without-tls.py'),
 
     (4, './17-control-list-listeners.py'),
     (1, './17-control-list-plugins.py'),