Skip to content

Commit

Permalink
Add tests to verify JITServer with SSL
Browse files Browse the repository at this point in the history 
Add tests to the existing criu and jitserver tests under cmdLineTests for checking/verifying SSL connections with JITServer.

Closes: ##17967
Signed-off-by:SajinaKandy <[email protected]>
  • Loading branch information
@SajinaKandy
SajinaKandy committed Sep 7, 2023
1 parent c46b260 commit 48c4fc4
Show file tree
Hide file tree
Showing 3 changed files with 133 additions and 11 deletions.
44 changes: 33 additions & 11 deletions test/functional/cmdLineTests/criu/criuJitServerScript.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,36 @@ echo "start running script";
# $7 is the KEEP_CHECKPOINT
# $8 is the KEEP_TEST_OUTPUT

source $1/jitserverconfig.sh
TEST_ROOT=$1
TEST_JDK_BIN=$2
JVM_OPTIONS="$3"
MAINCLASS="$4"
APP_ARGS="$5"
NUM_CHECKPOINT="$6"
KEEP_CHECKPOINT="$7"
KEEP_TEST_OUTPUT="$8"

source $TEST_ROOT/jitserverconfig.sh

echo "export GLIBC_TUNABLES=glibc.cpu.hwcaps=-XSAVEC,-XSAVE,-AVX2,-ERMS,-AVX,-AVX_Fast_Unaligned_Load";
export GLIBC_TUNABLES=glibc.pthread.rseq=0:glibc.cpu.hwcaps=-XSAVEC,-XSAVE,-AVX2,-ERMS,-AVX,-AVX_Fast_Unaligned_Load
echo "export LD_BIND_NOT=on";
export LD_BIND_NOT=on

JITSERVER_PORT=$(random_port)
JITSERVER_OPTIONS="-XX:JITServerPort=$JITSERVER_PORT"
JITSERVER_SSL="-XX:JITServerSSLRootCerts"
if grep -q -- "$JITSERVER_SSL" <<< "$APP_ARGS"; then
echo "Generate SSL certificates"
source $TEST_ROOT/jitserversslconfig.sh
if ! grep -q "nosslserverCert.pem" <<< "$APP_ARGS"; then
SSL_OPTS="-XX:JITServerSSLKey=key.pem -XX:JITServerSSLCert=cert.pem -Xjit:verbose={JITServer}"
fi
fi

JITSERVER_OPTIONS="-XX:JITServerPort=$JITSERVER_PORT $SSL_OPTS"

echo "Starting $2/jitserver $JITSERVER_OPTIONS"
$2/jitserver $JITSERVER_OPTIONS &
echo "Starting $TEST_JDK_BIN/jitserver $JITSERVER_OPTIONS"
$TEST_JDK_BIN/jitserver $JITSERVER_OPTIONS &
JITSERVER_PID=$!
sleep 2

Expand All @@ -54,10 +72,9 @@ JITSERVER_EXISTS=$?
if [ "$JITSERVER_EXISTS" == 0 ]; then
echo "JITSERVER EXISTS"

$2/java -XX:+EnableCRIUSupport -XX:JITServerPort=$JITSERVER_PORT $3 -cp "$1/criu.jar" $4 $5 -XX:JITServerPort=$JITSERVER_PORT $6 >testOutput 2>&1;
$TEST_JDK_BIN/java -XX:+EnableCRIUSupport -XX:JITServerPort=$JITSERVER_PORT $JVM_OPTIONS -cp "$TEST_ROOT/criu.jar" $MAINCLASS $APP_ARGS -XX:JITServerPort=$JITSERVER_PORT $NUM_CHECKPOINT>testOutput 2>&1;

if [ "$7" != true ]; then
NUM_CHECKPOINT=$6
if [ "$KEEP_CHECKPOINT" != true ]; then
for ((i=0; i<$NUM_CHECKPOINT; i++)); do
sleep 2;
criu restore -D ./cpData --shell-job >criuOutput 2>&1;
Expand All @@ -66,8 +83,8 @@ if [ "$JITSERVER_EXISTS" == 0 ]; then

cat testOutput criuOutput;

if [ "$7" != true ]; then
if [ "$8" != true ]; then
if [ "$KEEP_CHECKPOINT" != true ]; then
if [ "$KEEP_TEST_OUTPUT" != true ]; then
rm -rf testOutput criuOutput
echo "Removed test output files"
fi
Expand All @@ -81,11 +98,16 @@ if [ "$JITSERVER_EXISTS" == 0 ]; then
echo "JITSERVER NO LONGER EXISTS"
fi

echo "Terminating $2/jitserver $JITSERVER_OPTIONS"
echo "Terminating $TEST_JDK_BIN/jitserver $JITSERVER_OPTIONS"
kill -9 $JITSERVER_PID
# For consistency with the jitserver cmdline tests, use kill
#pkill -9 -xf "$2/jitserver $JITSERVER_OPTIONS"
#pkill -9 -xf "$TEST_JDK_BIN/jitserver $JITSERVER_OPTIONS"
sleep 2

if grep -q "nosslserverCert.pem" <<< "$APP_ARGS"; then
rm -f *.pem
fi

else
echo "JITSERVER DOES NOT EXIST"
fi
Expand Down
83 changes: 83 additions & 0 deletions test/functional/cmdLineTests/criu/criu_jitserverPostRestore.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@
<suite id="J9 Criu Command-Line Post Restore JITServer Option Tests" timeout="300">
<variable name="MAINCLASS_OPTIONSFILE_TEST" value="org.openj9.criu.OptionsFileTest" />
<variable name="ENABLE_JITSERVER" value="-XX:+UseJITServer" />
<variable name="JITSERVER_SSL1" value="-XX:JITServerSSLRootCerts=cert.pem" />
<variable name="JITSERVER_SSL2" value="-XX:JITServerSSLRootCerts=wrongCert.pem" />
<variable name="JITSERVER_SSL3" value="-XX:JITServerSSLRootCerts=nosslserverCert.pem" />
<variable name="SSL_VERBOSE" value="-Xjit:verbose={compilePerformance},verbose={CheckpointRestore},verbose={JITServer},verbose={JITServerConns},vlog=sslVlog" />
<variable name="CRIU_VERBOSE" value="-Xjit:verbose={compilePerformance},verbose={CheckpointRestore},verbose={JITServer},verbose={JITServerConns},vlog=vlog" />

<test id="Generate Verbose Log">
Expand Down Expand Up @@ -117,4 +121,83 @@
<output type="failure" caseSensitive="yes" regex="no">JITSERVER NO LONGER EXISTS</output>
<output type="failure" caseSensitive="yes" regex="no">User requested Java dump using</output>
</test>

<test id="Test SSL Success Case">
<command>bash $SCRIPPATH$ $TEST_RESROOT$ $TEST_JDK_BIN$ "$JVM_OPTIONS$" $MAINCLASS_OPTIONSFILE_TEST$ "JitOptionsTest $ENABLE_JITSERVER$ $JITSERVER_SSL1$ $SSL_VERBOSE$1" 1 false true</command>
<output type="success" caseSensitive="no" regex="no">Killed</output>
<output type="required" caseSensitive="yes" regex="no">Pre-checkpoint</output>
<output type="success" caseSensitive="yes" regex="no">Post-checkpoint</output>
<output type="failure" caseSensitive="yes" regex="no">CRIU is not enabled</output>
<output type="failure" caseSensitive="yes" regex="no">Operation not permitted</output>
<output type="required" caseSensitive="yes" regex="no">Successfully initialized SSL context</output>
<!-- If CRIU can't acquire the original thread IDs, this test will fail. Nothing can be done about this failure. -->
<output type="success" caseSensitive="yes" regex="no">Thread pid mismatch</output>
<output type="success" caseSensitive="yes" regex="no">do not match expected</output>
<output type="success" caseSensitive="yes" regex="no">Unable to create a thread:</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER EXISTS</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER STILL EXISTS</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER DOES NOT EXIST</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER NO LONGER EXISTS</output>
</test>

<test id="Check SSL Verbose Log for successful connection">
<command>bash $CATSCRIPPATH$ sslVlog1 true true</command>
<output regex="no" type="success">CHECKPOINT RESTORE: Ready for restore</output>
<output regex="no" type="success">SSL connection on socket</output>
<output regex="no" type="required">Connected to a server</output>
<output regex="no" type="success">CAT VLOG FORCE PASS</output>
</test>

<test id="Test SSL Failure Case with mismatched certificate">
<command>bash $SCRIPPATH$ $TEST_RESROOT$ $TEST_JDK_BIN$ "$JVM_OPTIONS$" $MAINCLASS_OPTIONSFILE_TEST$ "JitOptionsTest $ENABLE_JITSERVER$ $JITSERVER_SSL2$ $SSL_VERBOSE$2" 1 false true</command>
<output type="success" caseSensitive="no" regex="no">Killed</output>
<output type="required" caseSensitive="yes" regex="no">Pre-checkpoint</output>
<output type="success" caseSensitive="yes" regex="no">Post-checkpoint</output>
<output type="failure" caseSensitive="yes" regex="no">CRIU is not enabled</output>
<output type="failure" caseSensitive="yes" regex="no">Operation not permitted</output>
<output type="required" caseSensitive="yes" regex="no">Successfully initialized SSL context</output>
<output type="required" caseSensitive="yes" regex="no">certificate verify failed</output>
<!-- If CRIU can't acquire the original thread IDs, this test will fail. Nothing can be done about this failure. -->
<output type="success" caseSensitive="yes" regex="no">Thread pid mismatch</output>
<output type="success" caseSensitive="yes" regex="no">do not match expected</output>
<output type="success" caseSensitive="yes" regex="no">Unable to create a thread:</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER EXISTS</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER STILL EXISTS</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER DOES NOT EXIST</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER NO LONGER EXISTS</output>
</test>

<test id="Check SSL Verbose Log for connection failure with mismatched certificate">
<command>bash $CATSCRIPPATH$ sslVlog2 true true</command>
<output regex="no" type="success">CHECKPOINT RESTORE: Ready for restore</output>
<output regex="no" type="success">JITServer::StreamFailure: Failed to SSL_connect</output>
<output regex="no" type="required">Could not connect to a server</output>
<output regex="no" type="success">CAT VLOG FORCE PASS</output>
</test>

<test id="Test SSL Failure Case with connection to Non-SSL Server">
<command>bash $SCRIPPATH$ $TEST_RESROOT$ $TEST_JDK_BIN$ "$JVM_OPTIONS$" $MAINCLASS_OPTIONSFILE_TEST$ "JitOptionsTest $ENABLE_JITSERVER$ $JITSERVER_SSL3$ $SSL_VERBOSE$3" 1 false true</command>
<output type="success" caseSensitive="no" regex="no">Killed</output>
<output type="required" caseSensitive="yes" regex="no">Pre-checkpoint</output>
<output type="success" caseSensitive="yes" regex="no">Post-checkpoint</output>
<output type="failure" caseSensitive="yes" regex="no">CRIU is not enabled</output>
<output type="failure" caseSensitive="yes" regex="no">Operation not permitted</output>
<output type="failure" caseSensitive="yes" regex="no">Successfully initialized SSL context</output>
<!-- If CRIU can't acquire the original thread IDs, this test will fail. Nothing can be done about this failure. -->
<output type="success" caseSensitive="yes" regex="no">Thread pid mismatch</output>
<output type="success" caseSensitive="yes" regex="no">do not match expected</output>
<output type="success" caseSensitive="yes" regex="no">Unable to create a thread:</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER EXISTS</output>
<output type="success" caseSensitive="yes" regex="no">JITSERVER STILL EXISTS</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER DOES NOT EXIST</output>
<output type="failure" caseSensitive="yes" regex="no">JITSERVER NO LONGER EXISTS</output>
</test>

<test id="Check SSL Verbose Log for connection failure with Non SSL Server">
<command>bash $CATSCRIPPATH$ sslVlog3 true true</command>
<output regex="no" type="success">CHECKPOINT RESTORE: Ready for restore</output>
<output regex="no" type="success">JITServer::StreamFailure: Failed to SSL_connect</output>
<output regex="no" type="required">Could not connect to a server</output>
<output regex="no" type="success">CAT VLOG FORCE PASS</output>
</test>
</suite>
17 changes: 17 additions & 0 deletions test/functional/cmdLineTests/criu/jitserversslconfig.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/bash
# Set certificate details
COMMON_NAME="localhost"
VALID_DAYS=365

# Generate private key
openssl genrsa -out key.pem 2048

# Generate self-signed certificate
openssl req -new -x509 -sha256 -key key.pem -out cert.pem -days $VALID_DAYS -subj "/CN=$COMMON_NAME"

# Generate another private key and self-signed certificate
openssl req -nodes -newkey rsa:2048 -keyout wrongKey.pem -x509 -days 365 -out wrongCert.pem -subj "/CN=localhost"

# Generate another self-signed certificate
openssl req -new -x509 -sha256 -key key.pem -out nosslserverCert.pem -days $VALID_DAYS -subj "/CN=$COMMON_NAME"
echo "Certificates generated"

0 comments on commit 48c4fc4

Please sign in to comment.