diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 33873358f..333afe093 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -394,8 +394,8 @@ jobs: if [[ "${{ runner.os }}" == "Windows" ]]; then if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then - # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test - printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py + # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests + printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py fi # install certificates @@ -928,8 +928,8 @@ jobs: if [[ "${{ runner.os }}" == "Windows" ]]; then if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then - # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test - printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py + # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests + printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py fi # install certificates diff --git a/.github/workflows/src/amwa-test.yml b/.github/workflows/src/amwa-test.yml index d9ae89293..7e91ff390 100644 --- a/.github/workflows/src/amwa-test.yml +++ b/.github/workflows/src/amwa-test.yml @@ -69,8 +69,8 @@ if [[ "${{ runner.os }}" == "Windows" ]]; then if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then - # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test - printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py + # due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests + printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py fi # install certificates