mirror of
https://github.com/Orange-OpenSource/hurl.git
synced 2024-11-26 23:23:20 +03:00
Reorg ssl tests certs
This commit is contained in:
parent
3a0033cf51
commit
edcb67734b
@ -19,17 +19,17 @@ if ($LASTEXITCODE) { Throw }
|
|||||||
sleep 5
|
sleep 5
|
||||||
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8000) {write-host -foregroundcolor Green "server is up"} else {write-host -foregroundcolor Red "server is down" ; cat build\server.log ; exit 1}
|
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8000) {write-host -foregroundcolor Green "server is up"} else {write-host -foregroundcolor Red "server is down" ; cat build\server.log ; exit 1}
|
||||||
|
|
||||||
python tests_ssl/ssl_server.py 8001 tests_ssl/server/cert.selfsigned.pem false 2>&1 > build\server-ssl-selfsigned.log &
|
python tests_ssl/ssl_server.py 8001 tests_ssl/certs/server/cert.selfsigned.pem false 2>&1 > build\server-ssl-selfsigned.log &
|
||||||
if ($LASTEXITCODE) { Throw }
|
if ($LASTEXITCODE) { Throw }
|
||||||
sleep 5
|
sleep 5
|
||||||
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {write-host -foregroundcolor Green "server-ssl-selfsigned up"} else {write-host -foregroundcolor Red "server-ssl-selfsigned is down" ; cat build\server-ssl-selfsigned.log ; exit 1}
|
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8001) {write-host -foregroundcolor Green "server-ssl-selfsigned up"} else {write-host -foregroundcolor Red "server-ssl-selfsigned is down" ; cat build\server-ssl-selfsigned.log ; exit 1}
|
||||||
|
|
||||||
python tests_ssl/ssl_server.py 8002 tests_ssl/server/cert.pem false 2>&1 > build\server-ssl-signedbyca.log &
|
python tests_ssl/ssl_server.py 8002 tests_ssl/certs/server/cert.pem false 2>&1 > build\server-ssl-signedbyca.log &
|
||||||
if ($LASTEXITCODE) { Throw }
|
if ($LASTEXITCODE) { Throw }
|
||||||
sleep 5
|
sleep 5
|
||||||
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8002) {write-host -foregroundcolor Green "server-ssl-signedbyca up"} else {write-host -foregroundcolor Red "server-ssl-signedbyca is down" ; cat build\server-ssl-signedbyca.log ; exit 1}
|
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8002) {write-host -foregroundcolor Green "server-ssl-signedbyca up"} else {write-host -foregroundcolor Red "server-ssl-signedbyca is down" ; cat build\server-ssl-signedbyca.log ; exit 1}
|
||||||
|
|
||||||
python tests_ssl/ssl_server.py 8003 tests_ssl/server/cert.pem true 2>&1 > build\server-ssl-client-authent.log &
|
python tests_ssl/ssl_server.py 8003 tests_ssl/certs/server/cert.pem true 2>&1 > build\server-ssl-client-authent.log &
|
||||||
if ($LASTEXITCODE) { Throw }
|
if ($LASTEXITCODE) { Throw }
|
||||||
sleep 5
|
sleep 5
|
||||||
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8003) {write-host -foregroundcolor Green "server-ssl-client-authent up"} else {write-host -foregroundcolor Red "server-ssl-client-authent is down" ; cat build\server-ssl-client-authent.log ; exit 1}
|
if (netstat -ano | Select-String LISTENING | Select-string 127.0.0.1:8003) {write-host -foregroundcolor Green "server-ssl-client-authent up"} else {write-host -foregroundcolor Red "server-ssl-client-authent is down" ; cat build\server-ssl-client-authent.log ; exit 1}
|
||||||
|
@ -78,15 +78,15 @@ python3 server.py > build/server.log 2>&1 &
|
|||||||
check_listen_port "server.py" 8000 || cat_and_exit_err build/server.log
|
check_listen_port "server.py" 8000 || cat_and_exit_err build/server.log
|
||||||
|
|
||||||
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Self-signed certificate)"
|
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Self-signed certificate)"
|
||||||
python3 tests_ssl/ssl_server.py 8001 tests_ssl/server/cert.selfsigned.pem false > build/server-ssl-selfsigned.log 2>&1 &
|
python3 tests_ssl/ssl_server.py 8001 tests_ssl/certs/server/cert.selfsigned.pem false > build/server-ssl-selfsigned.log 2>&1 &
|
||||||
check_listen_port "tests_ssl/ssl_server.py" 8001 || cat_and_exit_err build/server-ssl-selfsigned.log
|
check_listen_port "tests_ssl/ssl_server.py" 8001 || cat_and_exit_err build/server-ssl-selfsigned.log
|
||||||
|
|
||||||
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Signed by CA)"
|
echo -e "\n------------------ Starting tests_ssl/ssl_server.py (Signed by CA)"
|
||||||
python3 tests_ssl/ssl_server.py 8002 tests_ssl/server/cert.pem false > build/server-ssl-signedbyca.log 2>&1 &
|
python3 tests_ssl/ssl_server.py 8002 tests_ssl/certs/server/cert.pem false > build/server-ssl-signedbyca.log 2>&1 &
|
||||||
check_listen_port "tests_ssl/ssl_server.py" 8002 || cat_and_exit_err build/server-ssl-signedbyca.log
|
check_listen_port "tests_ssl/ssl_server.py" 8002 || cat_and_exit_err build/server-ssl-signedbyca.log
|
||||||
|
|
||||||
echo -e "\n------------------ Starting ssl/ssl_server.py (Self-signed certificate + Client certificate authentication)"
|
echo -e "\n------------------ Starting ssl/ssl_server.py (Self-signed certificate + Client certificate authentication)"
|
||||||
python3 tests_ssl/ssl_server.py 8003 tests_ssl/server/cert.selfsigned.pem true > build/server-ssl-client-authent.log 2>&1 &
|
python3 tests_ssl/ssl_server.py 8003 tests_ssl/certs/server/cert.selfsigned.pem true > build/server-ssl-client-authent.log 2>&1 &
|
||||||
check_listen_port "tests_ssl/ssl_server.py" 8003 || cat_and_exit_err build/server-ssl-client-authent.log
|
check_listen_port "tests_ssl/ssl_server.py" 8003 || cat_and_exit_err build/server-ssl-client-authent.log
|
||||||
|
|
||||||
echo -e "\n------------------ Starting tests_unix_socket/unix_socket_server.py"
|
echo -e "\n------------------ Starting tests_unix_socket/unix_socket_server.py"
|
||||||
|
@ -1 +1 @@
|
|||||||
curl --cacert tests_ssl/ca/cert.pem 'https://localhost:8002/hello'
|
curl --cacert tests_ssl/certs/ca/cert.pem 'https://localhost:8002/hello'
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
# Does not work without --ssl-no-revoke
|
# Does not work without --ssl-no-revoke
|
||||||
#hurl --cacert tests_ssl/ca/cert.pem tests_ssl/cacert.hurl
|
#hurl --cacert tests_ssl/certs/ca/cert.pem tests_ssl/cacert.hurl
|
||||||
exit 255
|
exit 255
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
hurl --cacert tests_ssl/ca/cert.pem tests_ssl/cacert.hurl
|
hurl --cacert tests_ssl/certs/ca/cert.pem tests_ssl/cacert.hurl
|
||||||
|
@ -1 +1 @@
|
|||||||
curl --cacert tests_ssl/ca/cert.pem 'https://localhost:8002/hello'
|
curl --cacert tests_ssl/certs/ca/cert.pem 'https://localhost:8002/hello'
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl
|
hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
# --ssl-no-revoke is only available in windows
|
# --ssl-no-revoke is only available in windows
|
||||||
#hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl
|
#hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke tests_ssl/cacert.hurl
|
||||||
exit 255
|
exit 255
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl
|
hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
# --ssl-no-revoke is only available in windows
|
# --ssl-no-revoke is only available in windows
|
||||||
#hurl --cacert tests_ssl/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl
|
#hurl --cacert tests_ssl/certs/ca/cert.pem --ssl-no-revoke --json tests_ssl/cacert.hurl
|
||||||
exit 255
|
exit 255
|
||||||
|
@ -1 +1 @@
|
|||||||
curl --cacert tests_ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello'
|
curl --cacert tests_ssl/certs/server/cert.selfsigned.pem 'https://localhost:8001/hello'
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/server/cert.selfsigned.pem --verbose
|
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --verbose
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/server/cert.selfsigned.pem --verbose
|
hurl tests_ssl/cacert_selfsigned.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --verbose
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
# Does not work without --ssl-no-revoke
|
# Does not work without --ssl-no-revoke
|
||||||
#hurl --cacert tests_ssl/ca/cert.pem --json tests_ssl/cacert.hurl
|
#hurl --cacert tests_ssl/certs/ca/cert.pem --json tests_ssl/cacert.hurl
|
||||||
exit 255
|
exit 255
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
hurl --cacert tests_ssl/ca/cert.pem --json tests_ssl/cacert.hurl
|
hurl --cacert tests_ssl/certs/ca/cert.pem --json tests_ssl/cacert.hurl
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
curl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem 'https://localhost:8003/hello'
|
curl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem 'https://localhost:8003/hello'
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Set-StrictMode -Version latest
|
Set-StrictMode -Version latest
|
||||||
$ErrorActionPreference = 'Stop'
|
$ErrorActionPreference = 'Stop'
|
||||||
try {
|
try {
|
||||||
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem --verbose
|
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem --verbose
|
||||||
} finally {
|
} finally {
|
||||||
$global:LASTEXITCODE = 0
|
$global:LASTEXITCODE = 0
|
||||||
$ErrorActionPreference = 'Continue'
|
$ErrorActionPreference = 'Continue'
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem --key tests_ssl/client/key.pem --verbose
|
hurl tests_ssl/client_authentication.hurl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem --key tests_ssl/certs/client/key.pem --verbose
|
||||||
|
@ -1 +1 @@
|
|||||||
curl --cacert tests_ssl/server/cert.selfsigned.pem --cert tests_ssl/client/cert.pem:foobar --key tests_ssl/client/encrypted.key.pem 'https://localhost:8003/hello'
|
curl --cacert tests_ssl/certs/server/cert.selfsigned.pem --cert tests_ssl/certs/client/cert.pem:foobar --key tests_ssl/certs/client/encrypted.key.pem 'https://localhost:8003/hello'
|
||||||
|
@ -1,27 +1,27 @@
|
|||||||
GET https://localhost:8003/hello
|
GET https://localhost:8003/hello
|
||||||
[Options]
|
[Options]
|
||||||
cacert: tests_ssl/server/cert.selfsigned.pem
|
cacert: tests_ssl/certs/server/cert.selfsigned.pem
|
||||||
cert: tests_ssl/client/cert.pem:foobar
|
cert: tests_ssl/certs/client/cert.pem:foobar
|
||||||
key: tests_ssl/client/encrypted.key.pem
|
key: tests_ssl/certs/client/encrypted.key.pem
|
||||||
HTTP 200
|
HTTP 200
|
||||||
|
|
||||||
# Using variables in filename and password
|
# Using variables in filename and password
|
||||||
GET https://localhost:8003/hello
|
GET https://localhost:8003/hello
|
||||||
[Options]
|
[Options]
|
||||||
variable: filename=tests_ssl/client/cert.pem
|
variable: filename=tests_ssl/certs/client/cert.pem
|
||||||
variable: password=foobar
|
variable: password=foobar
|
||||||
cacert: tests_ssl/server/cert.selfsigned.pem
|
cacert: tests_ssl/certs/server/cert.selfsigned.pem
|
||||||
cert: {{filename}}:{{password}}
|
cert: {{filename}}:{{password}}
|
||||||
key: tests_ssl/client/encrypted.key.pem
|
key: tests_ssl/certs/client/encrypted.key.pem
|
||||||
HTTP 200
|
HTTP 200
|
||||||
|
|
||||||
# Using variable for combined filename and password
|
# Using variable for combined filename and password
|
||||||
GET https://localhost:8003/hello
|
GET https://localhost:8003/hello
|
||||||
[Options]
|
[Options]
|
||||||
variable: filename_with_password=tests_ssl/client/cert.pem:foobar
|
variable: filename_with_password=tests_ssl/certs/client/cert.pem:foobar
|
||||||
cacert: tests_ssl/server/cert.selfsigned.pem
|
cacert: tests_ssl/certs/server/cert.selfsigned.pem
|
||||||
cert: {{filename_with_password}}
|
cert: {{filename_with_password}}
|
||||||
key: tests_ssl/client/encrypted.key.pem
|
key: tests_ssl/certs/client/encrypted.key.pem
|
||||||
HTTP 200
|
HTTP 200
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
GET https://localhost:8003/hello
|
GET https://localhost:8003/hello
|
||||||
[Options]
|
[Options]
|
||||||
cacert: tests_ssl/server/cert.selfsigned.pem
|
cacert: tests_ssl/certs/server/cert.selfsigned.pem
|
||||||
cert: tests_ssl/client/cert.pem:toto1234
|
cert: tests_ssl/certs/client/cert.pem:toto1234
|
||||||
key: tests_ssl/client/encrypted.key.pem
|
key: tests_ssl/certs/client/encrypted.key.pem
|
||||||
HTTP 200
|
HTTP 200
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
curl --insecure 'https://localhost:8001/hello'
|
curl --insecure 'https://localhost:8001/hello'
|
||||||
curl --insecure 'https://localhost:8001/hello'
|
curl --insecure 'https://localhost:8001/hello'
|
||||||
curl --cacert tests_ssl/server/cert.selfsigned.pem 'https://localhost:8001/hello'
|
curl --cacert tests_ssl/certs/server/cert.selfsigned.pem 'https://localhost:8001/hello'
|
||||||
|
|
||||||
|
@ -16,6 +16,6 @@ HTTP 200
|
|||||||
|
|
||||||
GET https://localhost:8001/hello
|
GET https://localhost:8001/hello
|
||||||
[Options]
|
[Options]
|
||||||
cacert: tests_ssl/server/cert.selfsigned.pem # with a custom certificate
|
cacert: tests_ssl/certs/server/cert.selfsigned.pem # with a custom certificate
|
||||||
HTTP 200
|
HTTP 200
|
||||||
`Hello World!`
|
`Hello World!`
|
||||||
|
@ -22,8 +22,8 @@ def get_ssl_context(cert_file, use_client_certificate_authentication):
|
|||||||
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
||||||
if use_client_certificate_authentication:
|
if use_client_certificate_authentication:
|
||||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||||
ssl_context.load_verify_locations("tests_ssl/ca/cert.pem")
|
ssl_context.load_verify_locations("tests_ssl/certs/ca/cert.pem")
|
||||||
ssl_context.load_cert_chain(cert_file, "tests_ssl/server/key.pem")
|
ssl_context.load_cert_chain(cert_file, "tests_ssl/certs/server/key.pem")
|
||||||
return ssl_context
|
return ssl_context
|
||||||
|
|
||||||
|
|
||||||
|
@ -6,18 +6,18 @@ rm -rf ca client server
|
|||||||
mkdir ca client server
|
mkdir ca client server
|
||||||
|
|
||||||
# CA
|
# CA
|
||||||
openssl genrsa -out ca/key.pem 2048
|
openssl genrsa -out certs/ca/key.pem 2048
|
||||||
openssl req -x509 -new -nodes -key ca/key.pem -sha256 -days 1024 -out ca/cert.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=myCA"
|
openssl req -x509 -new -nodes -key certs/ca/key.pem -sha256 -days 1024 -out certs/ca/cert.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=myCA"
|
||||||
|
|
||||||
# Client
|
# Client
|
||||||
openssl genrsa -out client/key.pem 2048
|
openssl genrsa -out certs/client/key.pem 2048
|
||||||
openssl req -new -key client/key.pem -sha256 -out client/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=client"
|
openssl req -new -key certs/client/key.pem -sha256 -out certs/client/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=client"
|
||||||
openssl x509 -req -in client/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out client/cert.pem -days 825 -sha256
|
openssl x509 -req -in certs/client/csr.pem -CA certs/ca/cert.pem -CAkey certs/ca/key.pem -CAcreateserial -out certs/client/cert.pem -days 825 -sha256
|
||||||
openssl rsa -aes256 -in tests_ssl/client/key.pem -passout pass:foobar -out tests_ssl/client/encrypted.key.pem
|
openssl rsa -aes256 -in tests_ssl/certs/client/key.pem -passout pass:foobar -out tests_ssl/certs/client/encrypted.key.pem
|
||||||
|
|
||||||
# Server
|
# Server
|
||||||
openssl genrsa -out server/key.pem 2048
|
openssl genrsa -out certs/server/key.pem 2048
|
||||||
openssl req -x509 -new -nodes -key server/key.pem -sha256 -days 1024 -out server/cert.selfsigned.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
|
openssl req -x509 -new -nodes -key certs/server/key.pem -sha256 -days 1024 -out certs/server/cert.selfsigned.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
|
||||||
openssl req -new -key server/key.pem -sha256 -out server/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
|
openssl req -new -key certs/server/key.pem -sha256 -out certs/server/csr.pem -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"
|
||||||
openssl x509 -req -in server/csr.pem -CA ca/cert.pem -CAkey ca/key.pem -CAcreateserial -out server/cert.pem -days 825 -sha256
|
openssl x509 -req -in certs/server/csr.pem -CA certs/ca/cert.pem -CAkey certs/ca/key.pem -CAcreateserial -out certs/server/cert.pem -days 825 -sha256
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user