Update thumbprint tests (Azure#1648)

Update test script and leaf device to run primary and secondary cert thumbprint test in separate processes. Tested manually. Need to update linux tests in e2e release pipeline to run primary thumbprint test after committed.
Federico-Figalli · Aug 30, 2019 · f658e9f · f658e9f
1 parent 36af98b
commit f658e9f
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 28 deletions.
diff --git a/scripts/windows/test/Run-E2ETest.ps1 b/scripts/windows/test/Run-E2ETest.ps1
@@ -618,47 +618,47 @@ Function RunAllTests
 
     $TestName = "DirectMethodAmqpMqtt"
     $testExitCode = RunDirectMethodAmqpMqttTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DirectMethodMqtt"
     $testExitCode = RunDirectMethodMqttTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DirectMethodMqttAmqp"
     $testExitCode = RunDirectMethodMqttAmqpTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsSymmetricKeyProvisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::SymmetricKey)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsTpmProvisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::Tpm)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "DpsX509Provisioning"
     $testExitCode = RunDpsProvisioningTest ([DpsProvisioningType]::X509)
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "QuickstartCerts"
     $testExitCode = RunQuickstartCertsTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempFilter"
     $testExitCode = RunTempFilterTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempFilterFunctions"
     $testExitCode = RunTempFilterFunctionsTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TempSensor"
     $testExitCode = RunTempSensorTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     $TestName = "TransparentGateway"
     $testExitCode = RunTransparentGatewayTest
-    $lastTestExitCode = If ($testExitCode -gt 0) { $testExitCode } Else { $lastTestExitCode }
+    $lastTestExitCode = If ($testExitCode -ne 0) { $testExitCode } Else { $lastTestExitCode }
 
     Return $lastTestExitCode
 }
@@ -1095,7 +1095,8 @@ Function RunLeafDeviceTest
     [ValidateSet("sas","x509CA","x509Thumprint")][string]$authType,
     [ValidateSet("Mqtt","MqttWs","Amqp", "AmqpWs")][string]$protocol,
     [ValidateNotNullOrEmpty()][string]$leafDeviceId,
-    [string]$edgeDeviceId
+    [string]$edgeDeviceId,
+    [bool]$useSecondaryCredential = $False
 )
 {
     $testCommand = $null
@@ -1170,14 +1171,19 @@ Function RunLeafDeviceTest
                 -ctsk `"$EdgeCertGenScriptDir\private\iot-device-${leafDeviceId}-sec.key.pem`" ``
                 -ed-id `"$edgeDeviceId`" ``
                 -ed `"$env:computername`""
+
+            If ($useSecondaryCredential) {
+                $testCommand = "$testCommand --use-secondary-credential"
+            }
+
             break
         }
 
         default
         {
             $(Throw "Unsupported auth mode $authType")
         }
-     }
+    }
 
     If ($ProxyUri) {
         $testCommand = "$testCommand --proxy `"$ProxyUri`""
@@ -1248,8 +1254,14 @@ Function RunTransparentGatewayTest
     RunLeafDeviceTest "x509CA" "Mqtt" "$deviceId-mqtt-x509ca-inscope-leaf" $edgeDeviceId
     RunLeafDeviceTest "x509CA" "Amqp" "$deviceId-amqp-x509ca-inscope-leaf" $edgeDeviceId
 
-    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-x509th-inscope-leaf" $edgeDeviceId
-    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using primary cert with MQTT
+    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-pri-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using secondary cert with MQTT
+    RunLeafDeviceTest "x509Thumprint" "Mqtt" "$deviceId-mqtt-sec-x509th-inscope-leaf" $edgeDeviceId $True
+    # run thumbprint test using primary cert with AMQP
+    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-pri-x509th-inscope-leaf" $edgeDeviceId
+    # run thumbprint test using secondary cert with AMQP
+    RunLeafDeviceTest "x509Thumprint" "Amqp" "$deviceId-amqp-sec-x509th-inscope-leaf" $edgeDeviceId $True
 
     Return $testExitCode
 }

diff --git a/smoke/LeafDevice/LeafDevice.cs b/smoke/LeafDevice/LeafDevice.cs
@@ -116,13 +116,15 @@ public LeafDeviceBuilder SetX509ThumbprintAuthProperties(
                 IList<string> thumbprintCerts = new List<string>();
                 if (this.usePrimaryThumbprintClientCert)
                 {
+                    Console.WriteLine("Configure to use primary cert thumbprint for authentication");
                     this.x509CACertPath = Option.Some(Preconditions.CheckNotNull(primaryClientCertificatePath));
                     this.x509CAKeyPath = Option.Some(Preconditions.CheckNotNull(primaryClientCertificateKeyPath));
                     thumbprintCerts.Add(primaryClientCertificatePath);
                     thumbprintCerts.Add(Preconditions.CheckNotNull(secondaryClientCertificatePath));
                 }
                 else
                 {
+                    Console.WriteLine("Configure to use secondary cert thumbprint for authentication");
                     this.x509CACertPath = Option.Some(Preconditions.CheckNotNull(secondaryClientCertificatePath));
                     this.x509CAKeyPath = Option.Some(Preconditions.CheckNotNull(secondaryClientCertificateKeyPath));
                     thumbprintCerts.Add(Preconditions.CheckNotNull(primaryClientCertificatePath));

diff --git a/smoke/LeafDevice/Program.cs b/smoke/LeafDevice/Program.cs
@@ -83,6 +83,12 @@ class Program
         [Option("-ctsk|--x509-secondary-key-path", Description = "Path to a X.509 leaf certificate key file in PEM format. This is needed for thumbprint auth and used as the secondary certificate's key.")]
         public string X509SecondaryKeyPath { get; } = string.Empty;
 
+        [Option(
+            "--use-secondary-credential",
+            Description = "Set value to true if the secondary credential (either certificate or SharedAccessKey) should be used for authentication, " +
+                          "otherwise the primary credential is used by default. Note: currently this is applicable for certificates tests only.")]
+        public bool UseSecondaryCredential { get; } = false;
+
         // ReSharper disable once UnusedMember.Local
         static int Main(string[] args) => CommandLineApplication.ExecuteAsync<Program>(args).Result;
 
@@ -118,24 +124,14 @@ async Task<int> OnExecuteAsync()
                     !string.IsNullOrWhiteSpace(this.X509SecondaryKeyPath))
                 {
                     // use thumbprint auth and perform test for both primary and secondary certificates
-                    var thumbprintCerts = new List<string> { this.X509PrimaryCertPath, this.X509SecondaryCertPath };
-                    builder.SetX509ThumbprintAuthProperties(
-                        this.X509PrimaryCertPath,
-                        this.X509PrimaryKeyPath,
-                        this.X509SecondaryCertPath,
-                        this.X509SecondaryKeyPath,
-                        true);
-                    LeafDevice testPrimaryCertificate = builder.Build();
-                    await testPrimaryCertificate.RunAsync(true);
-
                     builder.SetX509ThumbprintAuthProperties(
                         this.X509PrimaryCertPath,
                         this.X509PrimaryKeyPath,
                         this.X509SecondaryCertPath,
                         this.X509SecondaryKeyPath,
-                        false);
-                    LeafDevice testSeondaryCertificate = builder.Build();
-                    await testSeondaryCertificate.RunAsync();
+                        !this.UseSecondaryCredential);
+                    LeafDevice testThumbprintCertificate = builder.Build();
+                    await testThumbprintCertificate.RunAsync();
                 }
                 else if (!string.IsNullOrWhiteSpace(this.X509CACertPath) &&
                          !string.IsNullOrWhiteSpace(this.X509CAKeyPath))