From 9c9f0063e409d16d0763dfe229d61208d66f9e5f Mon Sep 17 00:00:00 2001
From: Jeremy Rand <jeremyrand@airmail.cc>
Date: Sun, 27 Dec 2020 00:50:17 +0000
Subject: [PATCH] (WIP) Add TLS integration tests

---
 .cirrus.yml                          | 16 +++++++++++++-
 testdata/all-tls-handshake-tests.ps1 | 21 ++++++++++++++++++
 testdata/try-tls-handshake.ps1       | 32 ++++++++++++++++++++++++++++
 3 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 testdata/all-tls-handshake-tests.ps1
 create mode 100644 testdata/try-tls-handshake.ps1

diff --git a/.cirrus.yml b/.cirrus.yml
index d24a1f3..ef6c5d5 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -24,7 +24,21 @@ task:
   upload_script:
     - curl -s -X POST --data-binary @build64/bin/ncdns-v0.0.10.3-win64-install.exe http://$CIRRUS_HTTP_CACHE_HOST/cross_compile_bin
 
-# TODO: functional/integration tests
+task:
+  name: TLS Handshake Tests
+  windows_container:
+    image: cirrusci/windowsservercore:2019
+  depends_on:
+    - "Cross-Compile"
+  install_script:
+    - curl -o ncdns-v0.0.10.3-win64-install.exe http://%CIRRUS_HTTP_CACHE_HOST%/cross_compile_bin
+    - ncdns-v0.0.10.3-win64-install.exe /S
+  test_script:
+    - SET PATH=%PATH%;%cd%
+    - powershell -ExecutionPolicy Unrestricted -File "testdata/ci-all-tests.ps1"
+  env:
+    GOX_TAGS: ""
+    GO_VERSION: latest
 
 task:
   # Cirrus Artifact Upload
diff --git a/testdata/all-tls-handshake-tests.ps1 b/testdata/all-tls-handshake-tests.ps1
new file mode 100644
index 0000000..3e3f7c8
--- /dev/null
+++ b/testdata/all-tls-handshake-tests.ps1
@@ -0,0 +1,21 @@
+Write-Host "----- Running TLS handshake tests -----"
+
+Write-Host "----- DNS website -----"
+
+& "powershell" "-ExecutionPolicy" "Unrestricted" "-File" "testdata/try-tls-handshake.ps1" "-url" "https://www.namecoin.org/"
+If (!$?) {
+  exit 222
+}
+
+Write-Host "----- Namecoin website, valid dehydrated certificate -----"
+
+& "powershell" "-ExecutionPolicy" "Unrestricted" "-File" "testdata/try-tls-handshake.ps1" "-url" "https://namecoin.bit/"
+If (!$?) {
+  exit 222
+}
+
+# TODO: test DNS and Namecoin websites with invalid certs.
+
+# all done
+Write-Host "----- All TLS handshake tests passed -----"
+exit 0
diff --git a/testdata/try-tls-handshake.ps1 b/testdata/try-tls-handshake.ps1
new file mode 100644
index 0000000..87e792c
--- /dev/null
+++ b/testdata/try-tls-handshake.ps1
@@ -0,0 +1,32 @@
+# Warning!  This script must be run in a fresh PowerShell process.  Otherwise,
+# PowerShell will cache any successful cert validation results, so you'll be
+# getting fictitious results.
+
+param (
+  $url,
+  [switch] $fail
+)
+
+$should_succeed = -not $fail
+
+try {
+  Invoke-WebRequest -Uri "$url" -Method GET -UseBasicParsing
+  $success = $?
+  if ( ( $success ) -ne ( $should_succeed ) ) {
+    Write-Host "TLS test failed"
+    exit 111
+  }
+}
+catch {
+  if ( $should_succeed ) {
+    Write-Host "TLS test failed: $Error"
+    exit 111
+  }
+  else {
+    Write-Host "Good, TLS handshake rejected: $Error"
+    exit 0
+  }
+}
+
+Write-Host "Good; TLS test passed."
+exit 0