sources: MTLS and proxy support for ostree
This commit is contained in:
Lukas Zapletal
Michael Vogt
parent
dd16c2b769
commit
ef24311f77
12 changed files with 472 additions and 15 deletions
|
|
@ -62,20 +62,23 @@ class DirHTTPServer(ThreadingHTTPServer):
|
|||
request, client_address, self, directory=self.directory)
|
||||
|
||||
|
||||
def _httpd(rootdir, port, simulate_failures):
|
||||
return DirHTTPServer(
|
||||
def _httpd(rootdir, simulate_failures, ctx=None):
|
||||
port = _get_free_port()
|
||||
httpd = DirHTTPServer(
|
||||
("localhost", port),
|
||||
http.server.SimpleHTTPRequestHandler,
|
||||
directory=rootdir,
|
||||
simulate_failures=simulate_failures,
|
||||
)
|
||||
if ctx:
|
||||
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
|
||||
threading.Thread(target=httpd.serve_forever).start()
|
||||
return httpd
|
||||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def http_serve_directory(rootdir, simulate_failures=0):
|
||||
port = _get_free_port()
|
||||
httpd = _httpd(rootdir, port, simulate_failures)
|
||||
threading.Thread(target=httpd.serve_forever).start()
|
||||
httpd = _httpd(rootdir, simulate_failures)
|
||||
try:
|
||||
yield httpd
|
||||
finally:
|
||||
|
|
@ -84,14 +87,21 @@ def http_serve_directory(rootdir, simulate_failures=0):
|
|||
|
||||
@contextlib.contextmanager
|
||||
def https_serve_directory(rootdir, certfile, keyfile, simulate_failures=0):
|
||||
port = _get_free_port()
|
||||
httpd = _httpd(rootdir, port, simulate_failures)
|
||||
|
||||
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
|
||||
ctx.load_cert_chain(certfile=certfile, keyfile=keyfile)
|
||||
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
|
||||
|
||||
threading.Thread(target=httpd.serve_forever).start()
|
||||
httpd = _httpd(rootdir, simulate_failures, ctx)
|
||||
try:
|
||||
yield httpd
|
||||
finally:
|
||||
httpd.shutdown()
|
||||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def https_serve_directory_mtls(rootdir, ca_cert, server_cert, server_key, simulate_failures=0):
|
||||
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=ca_cert)
|
||||
ctx.load_cert_chain(certfile=server_cert, keyfile=server_key)
|
||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||
httpd = _httpd(rootdir, simulate_failures, ctx)
|
||||
try:
|
||||
yield httpd
|
||||
finally:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ from unittest.mock import patch
|
|||
import pytest
|
||||
|
||||
import osbuild.testutil
|
||||
from osbuild.testutil.net import http_serve_directory, https_serve_directory
|
||||
from osbuild.testutil.net import http_serve_directory, https_serve_directory, https_serve_directory_mtls
|
||||
|
||||
SOURCES_NAME = "org.osbuild.curl"
|
||||
|
||||
|
|
@ -106,7 +106,7 @@ def test_curl_download_many_fail(curl_parallel):
|
|||
assert 'http://localhost:9876/random-not-exists: error code 7' in str(exp.value)
|
||||
|
||||
|
||||
def make_test_sources(fake_httpd_root, port, n_files, start_n=0, cacert=""):
|
||||
def make_test_sources(fake_httpd_root, port, n_files, start_n=0, cacert="", secret_name=""):
|
||||
"""
|
||||
Create test sources for n_file. All files have the names
|
||||
0,1,2...
|
||||
|
|
@ -127,6 +127,8 @@ def make_test_sources(fake_httpd_root, port, n_files, start_n=0, cacert=""):
|
|||
}
|
||||
if cacert:
|
||||
val["secrets"] = {}
|
||||
if secret_name != "":
|
||||
val["secrets"]["name"] = secret_name
|
||||
val["secrets"]["ssl_ca_cert"] = cacert
|
||||
sources[key] = val
|
||||
(fake_httpd_root / name).write_text(name, encoding="utf8")
|
||||
|
|
@ -401,3 +403,33 @@ def test_curl_download_many_mixed_certs(tmp_path, monkeypatch, sources_module, c
|
|||
|
||||
assert httpds.reqs.count == 2
|
||||
assert httpds2.reqs.count == 2
|
||||
|
||||
|
||||
def test_curl_download_mtls(tmp_path, monkeypatch, sources_service):
|
||||
fake_httpd_root = tmp_path / "fake-httpd-root"
|
||||
cert_dir = pathlib.Path(__file__).parent.parent.parent / "test/data/certs"
|
||||
cacert = cert_dir / "test-ca.crt"
|
||||
assert cacert.exists()
|
||||
servercert = cert_dir / "localhost-server.crt"
|
||||
assert servercert.exists()
|
||||
serverkey = cert_dir / "localhost-server.key"
|
||||
assert serverkey.exists()
|
||||
clientcert = cert_dir / "client1-client.crt"
|
||||
assert clientcert.exists()
|
||||
clientkey = cert_dir / "client1-client.key"
|
||||
assert clientkey.exists()
|
||||
|
||||
monkeypatch.setenv("OSBUILD_SOURCES_CURL_SSL_CA_CERT", cacert.as_posix())
|
||||
monkeypatch.setenv("OSBUILD_SOURCES_CURL_SSL_CLIENT_CERT", clientcert.as_posix())
|
||||
monkeypatch.setenv("OSBUILD_SOURCES_CURL_SSL_CLIENT_KEY", clientkey.as_posix())
|
||||
|
||||
with https_serve_directory_mtls(fake_httpd_root, ca_cert=cacert,
|
||||
server_cert=servercert, server_key=serverkey) as httpds:
|
||||
test_sources = make_test_sources(
|
||||
fake_httpd_root, httpds.server_port, 1, cacert=cacert, secret_name="org.osbuild.mtls")
|
||||
|
||||
sources_service.cache = tmp_path / "curl-download-dir"
|
||||
sources_service.cache.mkdir()
|
||||
sources_service.fetch_all(test_sources)
|
||||
|
||||
assert httpds.reqs.count == 1
|
||||
|
|
|
|||
70
sources/test/test_ostree_source.py
Normal file
70
sources/test/test_ostree_source.py
Normal file
|
|
@ -0,0 +1,70 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
import pathlib
|
||||
|
||||
from osbuild.testutil.net import http_serve_directory, https_serve_directory
|
||||
from osbuild.util import ostree
|
||||
|
||||
SOURCES_NAME = "org.osbuild.ostree"
|
||||
|
||||
|
||||
def test_ostree_source_not_exists(tmp_path, sources_service):
|
||||
checksum = "sha256:1111111111111111111111111111111111111111111111111111111111111111"
|
||||
sources_service.setup({"cache": tmp_path, "options": {}})
|
||||
assert not sources_service.exists(checksum, None)
|
||||
|
||||
|
||||
def test_ostree_source_exists(tmp_path, sources_service):
|
||||
sources_service.setup({"cache": tmp_path, "options": {}})
|
||||
repo = tmp_path / "org.osbuild.ostree" / "repo"
|
||||
commit = ostree.cli("commit", f"--repo={repo}", "--orphan", "/var/empty")
|
||||
assert sources_service.exists("sha256:" + commit.stdout, None)
|
||||
|
||||
|
||||
def make_test_sources(proto, port, fake_commit, **secrets):
|
||||
sources = {
|
||||
fake_commit: {
|
||||
"remote": {
|
||||
"url": f"{proto}://localhost:{port}",
|
||||
}
|
||||
}
|
||||
}
|
||||
if secrets:
|
||||
sources[fake_commit]["remote"]["secrets"] = secrets
|
||||
return sources
|
||||
|
||||
|
||||
def make_repo(root):
|
||||
ostree.cli("init", f"--repo={root}")
|
||||
return ostree.cli("commit", f"--repo={root}", "--orphan", "/var/empty").stdout.rstrip()
|
||||
|
||||
|
||||
def test_ostree_pull_plain(tmp_path, sources_service):
|
||||
fake_httpd_root = tmp_path / "fake-httpd-root"
|
||||
fake_httpd_root.mkdir(exist_ok=True)
|
||||
fake_commit = make_repo(fake_httpd_root)
|
||||
|
||||
with http_serve_directory(fake_httpd_root) as httpd:
|
||||
test_sources = make_test_sources("http", httpd.server_port, fake_commit)
|
||||
sources_service.setup({"cache": tmp_path, "options": {}})
|
||||
sources_service.fetch_all(test_sources)
|
||||
assert sources_service.exists("sha256:" + fake_commit, None)
|
||||
|
||||
|
||||
def test_ostree_pull_plain_mtls(tmp_path, sources_service, monkeypatch):
|
||||
fake_httpd_root = tmp_path / "fake-httpd-root"
|
||||
fake_httpd_root.mkdir(exist_ok=True)
|
||||
fake_commit = make_repo(fake_httpd_root)
|
||||
|
||||
cert_dir = pathlib.Path(__file__).parent.parent.parent / "test" / "data" / "certs"
|
||||
cert1 = cert_dir / "cert1.pem"
|
||||
assert cert1.exists()
|
||||
key1 = cert_dir / "key1.pem"
|
||||
assert key1.exists()
|
||||
|
||||
with https_serve_directory(fake_httpd_root, cert1, key1) as httpd:
|
||||
monkeypatch.setenv("OSBUILD_SOURCES_OSTREE_INSECURE", "1")
|
||||
test_sources = make_test_sources("https", httpd.server_port, fake_commit, name="org.osbuild.mtls")
|
||||
sources_service.setup({"cache": tmp_path, "options": {}})
|
||||
sources_service.fetch_all(test_sources)
|
||||
assert sources_service.exists("sha256:" + fake_commit, None)
|
||||
|
|
@ -2,10 +2,20 @@ This directory contains custom self-signed and worthless certs used
|
|||
during testing. They are not dynamically generated to avoid the extra
|
||||
compuation time during tests (but they could be).
|
||||
|
||||
Generated via:
|
||||
Files `cert{1,2}.pem` and `key{1,2}.pem` were generated via:
|
||||
|
||||
```
|
||||
$ openssl req -new -newkey rsa:2048 -nodes -x509 \
|
||||
-subj "/C=DE/ST=Berlin/L=Berlin/O=Org/CN=localhost" \
|
||||
-days 36500 \
|
||||
-keyout "key1.pem" -out "cert1.pem"
|
||||
```
|
||||
|
||||
The following files were generated via a shell script named `generate-test-certs` and can be used for MTLS testing:
|
||||
|
||||
* `test-ca.crt`: Certificate Authority
|
||||
* `test-ca.key`: Certificate Authority key without any password
|
||||
* `localhost-server.crt`: MTLS server certificate signed by `test-ca.crt`
|
||||
* `localhost-server.key`: MTLS server certificate key without any password
|
||||
* `client1-client.crt`: MTLS client certificate signed by `test-ca.crt`
|
||||
* `client1-client.key`: MTLS client certificate key without any password
|
||||
|
|
|
|||
31
test/data/certs/client1-client.crt
Normal file
31
test/data/certs/client1-client.crt
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFWjCCA0KgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEL
|
||||
MAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRMwEQYDVQQDDApFeGFt
|
||||
cGxlIENBMCAXDTI0MTAyMzEzMDM0NFoYDzIwNTIwMzA5MTMwMzQ0WjBCMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRAwDgYD
|
||||
VQQDDAdjbGllbnQxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuuy4
|
||||
iQt9bvKByyjS5Ij/TquuoKzGhyhCgzECF17K7EcbWNUhsC37g3OZgSgE2kONYSrl
|
||||
vZ2aKJNcZiIa33uXA8iQH0ewtPMWFujMlCs4ehQsbOflthwSqWymmIsSuazvEaEj
|
||||
o1IqmQ5nJGDiNsF1IP5KN3mpSiQllweNlqXrWZZ2oUwBFhLt0bJ13GYhNLYMYHmU
|
||||
QSgBj2XxvXwpwAcpNHrxZ7goboJAVaCiYXPDQUtOqs4GfNE85LqIrXcE70RXDq1z
|
||||
7MYoKKrlMWD9Nk2+0qhIbB4azSmqTkDARG1iMAfBfZrDQcPGl4SHr2+cvk9uek/C
|
||||
srYMJ6HkebZ9e4zhpm9z0rUy485pcmvmLuVbm+JHi/oUcPVvByOtxt1QB23fYg6z
|
||||
oGkz7s4ABvrNP7HloWJ4hx+l/dmlc5Yn/WWsTYScmkzNCGmtvhS/EcVGKFiBTjGP
|
||||
px71hakaJnhRz0Jj0/yFe2Ib0AaaSEC+bzYa5OM4/wPMPJs9j7aigrrFsq/Qdqwl
|
||||
nuKXmFfo90QEa+tjJPtgupb+EDp1xSerZI6WmvVGvpoIg24n+PajNYpOEadfE8w8
|
||||
JeM5jkCQ9no49iPdQCwEOajrLvt+KgiEackhS0SqbzqAKQ0TVXLP4rrwMwZ7lZVN
|
||||
IxP2OwdyyAmWfavBLMJ+xs+zWGFpsTqfeZ4Fbk8CAwEAAaNWMFQwEgYDVR0RBAsw
|
||||
CYIHY2xpZW50MTAdBgNVHQ4EFgQUMLJqkrtwFTHSQNU3SQfhRZi4UUYwHwYDVR0j
|
||||
BBgwFoAUnz8o3kOYsSYcCP6Bm4vPuERJN2kwDQYJKoZIhvcNAQELBQADggIBAI3O
|
||||
Tu/wKEt+HDd3wZyvfPMortWcxAEm1B5fLW5OeWeyU44xLW8AJqmyKxmHJM+Eq0tW
|
||||
jVDiiZWcqPfCJFNEL+DNacM1beC7lzR63H4JltQLG8j3MLSZK+t6mIC/erov1Ql/
|
||||
P7T9qvAoUSfS3n7g6yW5uKiQjaFW6lX0HOr9IfxZFdqfHOJ+nVblNREoyTDfYUAK
|
||||
HZgxrGYO/0/hPB6zziFchfigWD0QQVL1s3+cJNfTmNhw3Xu0/sOMLzhKIKuNYAak
|
||||
ohON2HXpgZViOdLeA79vKsVQ/rf6VrwU+Ev3oLTp2Gsiqp/h4E21OE9/27Co9wDi
|
||||
khVA5eaHudciOZo1XgDS8beZmcI+IgYZTEiEkpC1yLqfg1Y4t7ubEq/OikmF8L55
|
||||
9Zt/sZxz8TSIzG7m+1j8Tv/EgqA3sQ96gTIQe8y4hGp7jYbsOINLrOc7W0y5N+Yb
|
||||
zt/beUYso0CLZQ+ys25rfYK1uWFgYFCYOqw83yud0oMNndOeKTs4MuP5ozPVa0wm
|
||||
4BdEfwQViTR+Ush9t8C+mtfYhV78odOivt61AGyo8gU+SS4fw4VdTkt085UkwlOx
|
||||
5bCAJCcy5PLx8nq7o4Aq8gNoMmRCgwLgKfohv2cqxbWCw9VyxkxaGpC7mCs0SPXP
|
||||
DnIPOwuJpf1vmhgmc5RfT9FbZSUTLvtGf5a5q5e0
|
||||
-----END CERTIFICATE-----
|
||||
52
test/data/certs/client1-client.key
Normal file
52
test/data/certs/client1-client.key
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC67LiJC31u8oHL
|
||||
KNLkiP9Oq66grMaHKEKDMQIXXsrsRxtY1SGwLfuDc5mBKATaQ41hKuW9nZook1xm
|
||||
Ihrfe5cDyJAfR7C08xYW6MyUKzh6FCxs5+W2HBKpbKaYixK5rO8RoSOjUiqZDmck
|
||||
YOI2wXUg/ko3ealKJCWXB42WpetZlnahTAEWEu3RsnXcZiE0tgxgeZRBKAGPZfG9
|
||||
fCnAByk0evFnuChugkBVoKJhc8NBS06qzgZ80TzkuoitdwTvRFcOrXPsxigoquUx
|
||||
YP02Tb7SqEhsHhrNKapOQMBEbWIwB8F9msNBw8aXhIevb5y+T256T8KytgwnoeR5
|
||||
tn17jOGmb3PStTLjzmlya+Yu5Vub4keL+hRw9W8HI63G3VAHbd9iDrOgaTPuzgAG
|
||||
+s0/seWhYniHH6X92aVzlif9ZaxNhJyaTM0Iaa2+FL8RxUYoWIFOMY+nHvWFqRom
|
||||
eFHPQmPT/IV7YhvQBppIQL5vNhrk4zj/A8w8mz2PtqKCusWyr9B2rCWe4peYV+j3
|
||||
RARr62Mk+2C6lv4QOnXFJ6tkjpaa9Ua+mgiDbif49qM1ik4Rp18TzDwl4zmOQJD2
|
||||
ejj2I91ALAQ5qOsu+34qCIRpySFLRKpvOoApDRNVcs/iuvAzBnuVlU0jE/Y7B3LI
|
||||
CZZ9q8Eswn7Gz7NYYWmxOp95ngVuTwIDAQABAoICABJdR2lPaQIJbpmtvRUZezEY
|
||||
yjicQN+ZI6UNSjikO34oeOtVT9Cl89vfnj6DgVaK5HeeEKF8Zl+DesRzUqiPf9qt
|
||||
+FraXuX9gTdm+me5h1GXFyDr94mDYIynUVwTQxey1xn9oX6zh96EUmXPOZT06gj/
|
||||
x/2DRQ/fqpcX9Yp4v+fhUcOvBTxMnR4eUQNXlVOUacrgpvbFHhd0heIpMgDdCJNQ
|
||||
sNQ70jJpNuDdaJaib5XD9vVDoHzgIay8bB5+tEwS2Wq7vR6PU/VgNNGRHHoappto
|
||||
+mnaMKU6FAf0HJpHFNUbLfX6dSHKQNc0p2VOVdvspIdSZr0gCDmskhcocqjnbRO9
|
||||
zVC1EOVTZYHL/HEtF5WW76CbtghfHDCSp0gq2nNSBdAxyOJE75xzApX5cwRZ93cW
|
||||
+mHV0S2E02JMYsL4icFWmtaT+dHlwTlmEh9HEXynGEdI25MAb1TB/IVhgtaBOCNl
|
||||
KCC6q8WHNTr50laJtwF2hFLyDuv7JZ3Zals678rt0+Gflt8DT7biDJjvTak5/ecI
|
||||
SBDdIdr1iYlLxjd8qwBGEFm3arCDRTC6BRGPl2Vul2fGVMIZxY3qYRkVb+GEeZFC
|
||||
PC/0RQFWdUSue/MZkcpPPbUhvUX8B74KuyNJF7SGWia7u+CZr3jTRPCFZegpTU38
|
||||
9kLEzHbkgFy6Raiix6qhAoIBAQDuerqsu2PNMCcwFrlfzwt48eqYw1YiIbjRjUZF
|
||||
NYa3ZEY7WQ4xFoY5ATMDgD0QEIgFGi4d+uNA6Zgx4zEj2V7/xDWmGu2DM4pG7dk/
|
||||
WCgDZsKq7fM61o6bmlP3vq/aUADeu1FUCyyz+N+DmxlzsCNiyw06hrj3eSc6fiUk
|
||||
NrujP1tyeF9J1Uo08OKQKBoxMvFsZLX5qTOdQA+jcWRZryW6795MThaJmhBZBrqe
|
||||
wTDZf8EJ9AjKQ3m6lF/hzHjpSkjLvbwzKZsHLZeUlV5wp2aiN3c9rPZ45zzL6OFG
|
||||
98eeqLW8MIWrwEuTLPHMWg1bPxH8j2acxYCA6kdxTMUFQD/dAoIBAQDIqFx7+LQo
|
||||
cmT92uqsKlSQx+RBgpALeTad8P8ausfj+VnCxVZZHsjolRSxjJt7kHVMWIlz2D6Q
|
||||
2hv4gQvY/QCilB5MBxBC948RRNd2QqyaCWFV2h06R8pql6Z5QAz0q0IuIv3+77V+
|
||||
amaaXLvcR23JW32lXEghPRRJIqS7tNkjaOQqcT1+1U17u8rb/otrVunIl6v7bXTJ
|
||||
I06Q6oK3UsWbOO67gIm0/KctC9MAZj5zxRgBIkxWasY5ywrbtkWanfoj/rq5kyCs
|
||||
HQZL1K/Wc+hN8hRD+pjlKRkjAxNPKpySqGu6Qqo6I7SALv8gFqGl6C7T+T81jqTk
|
||||
m/3M1URZx1obAoIBAAOLU2bpygvsoUh3rf2ciCEeB0yJ6qfLNIH4xYiVyRDErr6H
|
||||
DkzwdsI2IFn29/FbLYpV30WWyvXWAusK41oTCvRmKB313H3MsEtpkYb9emrChjYg
|
||||
HzNKqQfq/UB7VwW5lqm4wvaqy9lI45mDHpe3kG8RcXrjMbCL3mdiJI8rORKuCF/l
|
||||
JhVk1BuBUPyve+QrS6c+v+2b9CZsI09cig9DKR5kHjuoFXGqFoAcN33QhTdWTLon
|
||||
JFJNOmvpdJtYfJuK/RX6Fef0wFcU+GG+7o5iDoZuqJkEDw2w8hhdt6tkV1UmUL0h
|
||||
Q3tP+k+PpXBSDkzC3TORtgaycLx5vuISMANp9wkCggEACveYxnXbcvJ9rppOhUZz
|
||||
BM7IHQSD1vyzDYLkjpNy5XT1gP3EMG7MUFoFnYav4NsObjPQn3JMSSKCsNxsx1lc
|
||||
tYYe+czRCLf7K9h1ZlNSl8C3fzfCrTLLT3Qmdy4XBzBtF5R2CX8UjmpGXV2ALxQA
|
||||
XicQAP/AOYDbIPwxwMirrZHIFsHFuK7z4zVqawfImv9PG9WeYsmivnOdkbIfnuF5
|
||||
R3ifI8RswmWkxYOF7tmnxDAblcRII9kGKJZ+a2/U8hR8XYdIsWfnO0EC3RYs3i3L
|
||||
nqcCkIyb2rqaUx2R6pvLnwBxkuad4zucW/01mI1kHGtKU++lksnPHWehQZbOe5G3
|
||||
zQKCAQEAvclCB7rC3ZuFFYAaAdyb8eIji0nnbLh/kGXHiLZMjkAvrIPy5bXxD+BH
|
||||
xPde2VBGo5HgG6xiUTthw7CcpU33Z31+bYhmTLnYl2BhIWsgzEJpamVLHzOJRIG5
|
||||
0QBuL26yAdDd2vLHfvtjGpGWtQc8NCgV37KdkjWq/b7Hi0MoeeWQd1T3c/jhegWU
|
||||
9GV9hc4A+Y9Dtu7JM2TR2PmgWHMTlAYOzHWRUjO8P6B/laSREC2SZ7Isx6v+Rx2y
|
||||
tpWJk+LqRg5eRMPQ4C0p3GK0lzTO8K0YioP9J7Y7Y1uJKlnSmRiTRCpT1RpTwLPo
|
||||
P9go6JeM/tWfrt16799jK62c6g9CDQ==
|
||||
-----END PRIVATE KEY-----
|
||||
56
test/data/certs/generate-test-certs
Executable file
56
test/data/certs/generate-test-certs
Executable file
|
|
@ -0,0 +1,56 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# Script tested only on Fedora, CentOS or RHEL
|
||||
|
||||
# server certificate common name (hostname)
|
||||
SERVER_CN=${1:-server.example.com}
|
||||
|
||||
# client certificate common name (hostname, uuid)
|
||||
CLIENT_CN=${2:-client.example.com}
|
||||
|
||||
SUBJECT="/C=US/ST=CA/O=Example.com"
|
||||
CA_CN="Example CA"
|
||||
DAYS=9999
|
||||
PASSCA=pass:temporary_password
|
||||
PASSSV=pass:temporary_password
|
||||
PASSCT=pass:temporary_password
|
||||
|
||||
# test-ca.crt
|
||||
openssl genrsa -passout $PASSCA -des3 -out test-ca.key 4096
|
||||
openssl req -passin $PASSCA -new -x509 -days $DAYS \
|
||||
-key test-ca.key -out test-ca.crt -subj "$SUBJECT/CN=${CA_CN}"
|
||||
openssl x509 -purpose -in test-ca.crt
|
||||
openssl x509 -in test-ca.crt -out test-ca.pem -outform PEM
|
||||
|
||||
# server.crt
|
||||
openssl genrsa -passout $PASSSV -des3 -out $SERVER_CN-server.key 4096
|
||||
openssl req -passin $PASSSV -new -key $SERVER_CN-server.key -out server.csr \
|
||||
-addext "subjectAltName = DNS:${SERVER_CN}" \
|
||||
-subj "$SUBJECT/CN=${SERVER_CN}"
|
||||
openssl x509 -req -passin $PASSCA -extfile /etc/pki/tls/openssl.cnf \
|
||||
-extensions usr_cert -days $DAYS -in server.csr \
|
||||
-extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${SERVER_CN}\n")) \
|
||||
-CA test-ca.crt -CAkey test-ca.key -set_serial 01 -out $SERVER_CN-server.crt
|
||||
openssl x509 -purpose -in $SERVER_CN-server.crt
|
||||
openssl rsa -passin $PASSSV -in $SERVER_CN-server.key -out $SERVER_CN-server.key
|
||||
openssl x509 -in $SERVER_CN-server.crt -out $SERVER_CN-server.pem -outform PEM
|
||||
|
||||
# client.crt
|
||||
openssl genrsa -passout $PASSCT -des3 -out $CLIENT_CN-client.key 4096
|
||||
openssl req -passin $PASSCT -new -key $CLIENT_CN-client.key \
|
||||
-addext "subjectAltName = DNS:${CLIENT_CN}" \
|
||||
-out client.csr -subj "$SUBJECT/CN=${CLIENT_CN}"
|
||||
openssl x509 -req -passin $PASSCA -days $DAYS \
|
||||
-extfile /etc/pki/tls/openssl.cnf -extensions usr_cert \
|
||||
-extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${CLIENT_CN}\n")) \
|
||||
-in client.csr -CA test-ca.crt -CAkey test-ca.key -set_serial 02 -out $CLIENT_CN-client.crt
|
||||
openssl x509 -purpose -in $CLIENT_CN-client.crt
|
||||
openssl rsa -passin $PASSCT -in $CLIENT_CN-client.key -out $CLIENT_CN-client.key
|
||||
openssl x509 -in $CLIENT_CN-client.crt -out $CLIENT_CN-client.pem -outform PEM
|
||||
|
||||
# print and verify
|
||||
openssl x509 -in test-ca.crt -text -noout
|
||||
openssl x509 -in $SERVER_CN-server.crt -text -noout
|
||||
openssl x509 -in $CLIENT_CN-client.crt -text -noout
|
||||
openssl verify -CAfile test-ca.crt $SERVER_CN-server.crt
|
||||
openssl verify -CAfile test-ca.crt $CLIENT_CN-client.crt
|
||||
31
test/data/certs/localhost-server.crt
Normal file
31
test/data/certs/localhost-server.crt
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFXjCCA0agAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEL
|
||||
MAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRMwEQYDVQQDDApFeGFt
|
||||
cGxlIENBMCAXDTI0MTAyMzEzMDM0M1oYDzIwNTIwMzA5MTMwMzQzWjBEMQswCQYD
|
||||
VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRIwEAYD
|
||||
VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCh
|
||||
AVR/jYDEx5LrdrnFf+qicMkDsiYiHJf5K5sXsaJmH6wCGnXrNElHApEzhM6i+vMS
|
||||
LF6b87aTNaMyIKDuF5/UaLxe9LwE9SJYv8MKaLq64f+38NhI8cOuseiclLtfgW2h
|
||||
RDtdLi60geywpmCpNY3WmaAqPBy/ZLP+UZLLQuHj7Mbe+/zSTJOvauIuQfi46L02
|
||||
n3menynPpPj6U6fR+z5gRYAAhdEMCK41UujVgoWEJ7jn9Mkj7DnqdgpWT7IkIS3o
|
||||
C9b63D+qAoXNIKoNxsOv+HRKaAZ3kIT8F/n7/U4cYw/TiAVIqs7uGkCLaCh0OWMI
|
||||
TlRxJQU7kzRoaCzc0XL89JHOEnSOCCFkNSbPobpdK0CHNxpJ4LB/U1ctMI4Sn2XB
|
||||
17IgbLyTGVLZOQhJKIMCvbEoUpngjYygJK2FdCbkFakgP7RQHAjQ7wayJdRqfoOs
|
||||
UsBAAMiGoCvstuvYcdfBs/XTJr++0D4H2HOm7saALhmfqNVVPUIQXcm5NazeIpnw
|
||||
Ck9LpeyVrouP/KcI1CtK5rm5BCDfT/oK9nczTkGCSRHLp/jxzsMTNY8LD52Dj3/f
|
||||
y9fy+D6ifxlRz6htTNG4FoWtwbRjaAPmX8n4GPrFcmqglmtUHQ1vs252Qyk+NDoa
|
||||
74kzXoLr9g2/gEB4I6X67eE/vIQ8Z/z7iEA+zDiGHwIDAQABo1gwVjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFJkwfQk1qwA2ac6j0XkmV+9MLYLZMB8G
|
||||
A1UdIwQYMBaAFJ8/KN5DmLEmHAj+gZuLz7hESTdpMA0GCSqGSIb3DQEBCwUAA4IC
|
||||
AQBwEvBjEONESrKRhtHFxKhzZ4etPLPHI2hCKpJ7xiABfTkd366povDAyhNQCD5Y
|
||||
tmexcLiYTmfPaHamcUzMDUFNuaAz1pbF7SGJxt5ppr8OwK/Gr1cSaUIq23UzQW9e
|
||||
FqE94gdkYf7+mjYU68TR2BLwqqCQDJvb+/XO5uqXwzxMoRDXwDapT4Pt507odHMp
|
||||
AmP/n2JKRysFP2PNc4vc5pphvWtQ44eX2K0Nl0eVdZiCdS7sKc1eFmkwupvenq8x
|
||||
Pgdu9oh7PQFn7TGGcV4P1EsF7HbpwYJc7CBFxMd+E0uoNhcSDXoyjHLQzV1Wjykg
|
||||
STh44YzSzeMsWf3jiKQKx1/ky4ZSy/cq+iaNuowY2Nqb+mdtQ8ukU71eAiRinqRt
|
||||
YALcUuexLFsnYKbVxob3eryIm7kesxuJ7nroyiWmfa6w6cArcZoBM7P1devM+1h9
|
||||
lxIyFKRWONvzqm+5wGx+U1TIiYI78zJ1oTwzQGBbhSz94QvHzjqj9a1i77cgl6uX
|
||||
q+AVHMb6JW+SojrpROxjNA0Iwqki8b4COIpjzoN7x+dpLo6bqXatv+9aGZZ6MRk6
|
||||
koFMwKFHzpCqd1Uoqp9MntyiYL1WvNVLxM+nrql1HfBcrUuAg2PYMU/qNI/i7Hkg
|
||||
Wa8s4P8Y7I5s4PfC9rih2XqBaaDDOinLaZJHBEHoX3sXpQ==
|
||||
-----END CERTIFICATE-----
|
||||
52
test/data/certs/localhost-server.key
Normal file
52
test/data/certs/localhost-server.key
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQChAVR/jYDEx5Lr
|
||||
drnFf+qicMkDsiYiHJf5K5sXsaJmH6wCGnXrNElHApEzhM6i+vMSLF6b87aTNaMy
|
||||
IKDuF5/UaLxe9LwE9SJYv8MKaLq64f+38NhI8cOuseiclLtfgW2hRDtdLi60geyw
|
||||
pmCpNY3WmaAqPBy/ZLP+UZLLQuHj7Mbe+/zSTJOvauIuQfi46L02n3menynPpPj6
|
||||
U6fR+z5gRYAAhdEMCK41UujVgoWEJ7jn9Mkj7DnqdgpWT7IkIS3oC9b63D+qAoXN
|
||||
IKoNxsOv+HRKaAZ3kIT8F/n7/U4cYw/TiAVIqs7uGkCLaCh0OWMITlRxJQU7kzRo
|
||||
aCzc0XL89JHOEnSOCCFkNSbPobpdK0CHNxpJ4LB/U1ctMI4Sn2XB17IgbLyTGVLZ
|
||||
OQhJKIMCvbEoUpngjYygJK2FdCbkFakgP7RQHAjQ7wayJdRqfoOsUsBAAMiGoCvs
|
||||
tuvYcdfBs/XTJr++0D4H2HOm7saALhmfqNVVPUIQXcm5NazeIpnwCk9LpeyVrouP
|
||||
/KcI1CtK5rm5BCDfT/oK9nczTkGCSRHLp/jxzsMTNY8LD52Dj3/fy9fy+D6ifxlR
|
||||
z6htTNG4FoWtwbRjaAPmX8n4GPrFcmqglmtUHQ1vs252Qyk+NDoa74kzXoLr9g2/
|
||||
gEB4I6X67eE/vIQ8Z/z7iEA+zDiGHwIDAQABAoICAAIOZ0rdvshEmD7DnGnGUXPT
|
||||
pu2SJ+SFovc+tFNgJGfTfbnlJp5jY5AxmzMiPhVcyR/xSyAIw8srgzMPsZ541MS8
|
||||
tbMswv35N4AUquQGJGRgoIhz3f9IfyxK/2KIj8APghvuKCfvgA80HZa/+ToQAgi8
|
||||
m4wOintzSM01s38/Em17x6pvY3I4Iia6YbsfgpKx/kClVsNM2xbYz4k66kjHQauv
|
||||
F4xqKRpTPg5WSbz4VsYyT60+thbsXGz/JvClQewuNEzjYdKAX5vHPng5M5LLeBJW
|
||||
RP3ySCrcwKYLlFjAim/YYApekVq1O8FUuoBNSz74wKgJgBCV3XQ+VAwFUJVdY2+M
|
||||
ZNUgXIm3WuHlxj9Bo9PeLr1v3EVmerwoIJP8P/qPE5TS4bXeRzZRWddIfloXZAOk
|
||||
UQuu8Cg+Ljo+NIB/gnbp22Jq2vL7pHRz1k5nzxGj4Oy3qu8mTLgNpu37x/vnQ5Z1
|
||||
OxCLCcSUw24ufqHCwBkwEXAt2DyL/XldfVMV7Mkhsk1il5VvraygLO2deCvyx0b2
|
||||
Wt8ydzwlcHO+EIvZpOq8rp0wrrcjFbjFfnJUf6hRYYXJkBQuFKbLZGJVRJjPRioA
|
||||
Wrtye5PjC2kHxe8X3VLNn1d3vMjvwW3IYYh9XhBnFx1JaAXuo2gGiN6yNoWp4CmP
|
||||
9f+0vk00d+oyYmT5oH9RAoIBAQDiEa13vuRbRt1wS+CiHVzKMSk6qChGcZPvVYqe
|
||||
p04Kka3UWQnB2naICk82SHF1NjXxdslgxfVTPplNYeWxa9Fi7lGXZ8t7WjO2hxMA
|
||||
iDDIBsPy60KUNQR1fRloMoMAzgSN1E27R0q7GDpIttkYE5ERvxs0DGDWtNumivcp
|
||||
L4i+bTXciP8qREDEKb4JS5aJ4HLXhLEz7F4a0pPN5a26zqjlD/5ww8wOnJB04Q30
|
||||
TQl2wLVvY4He2EEjekuIGEuz8bCkCGajZ2vadiuZGIvjK5d4yX9VbqNBDeCeWw7c
|
||||
4Z23YOpXUaCKKVSeV+NztAN2XgD5VcZV3q8igmbBJqjuXCwZAoIBAQC2UmVcuU8s
|
||||
0s2GuPlunNidbuj3Vem1Hpw3bspiMvvskNIc4FpDySe2PkCA33j23Iqhz1Jo2peg
|
||||
UPSpzRdYnFuy8cbwEAInH8BN+2sdgZzTXw67FUZzpqtX9F2kX4JThpzIr4G31sXj
|
||||
mIPfn10q2hovblKD81lDXzgXYNZ291ojM25b99amIzEtMd1zk0o9ElcZ9nenFqZQ
|
||||
zctqi25F1Te3ZdrjbrQIrlqeqcK0jReZj2aWm6t39d03K37kfNazzF7DUP1XfN+B
|
||||
iNAhPKCSqVrzxhxWA4T093EqseA+CyNYmXTyWWt6U0VkSEsMe12dvF92Di0EKMd0
|
||||
POanuNNWOQr3AoIBAH9OiStH2nz0WTsl36grdNd/+8HGdHfG+hHrUBasDKyzAPr1
|
||||
8SKzjdBqTdU50nq5PoNt61WN5Ost81K6cIkLOGzH3DaxAsvCLiD5y9+e0imydaJU
|
||||
jbe8a3hmLGqbF17apYHhLqzqJtFZgWj1XyfJzQX7Yqxa1CXUz2ToGOuekxj5kz1Q
|
||||
ALGiof5Vq2i8oleeh82KMegVkaD1OLrYPo9WVZI5AYYrHLyVulu3aQ5MW6n+N640
|
||||
kSwXCAeclPBdDjSVRG37NSGL2ha6OS8Lvar+H1yrzAMmPNUjpXxHtwT4IMLl1tG5
|
||||
a/ih8b8Bq1q64sBDi7TdcsVkk6eRW6Alzzf7u/ECggEAdERNMXlW/U2dFVnmbtyE
|
||||
4ri0xe26sO7JTixP0ZmTwAOGijWkOnAP7A780XIxULPJkHCGrCkh4nFd5N7OEYr8
|
||||
izvV0odS6CI+XzyCzXk3Si/nU/S4Tc4unFNQWB80HBHO78fEYDkNTxuWlUeqgUY+
|
||||
xpqC8nSAKw+Q1I/DlHAewi3tJacB8kak+J5BC5AVGqcUdpEPMrWl8AecveAWvV/A
|
||||
PSsuEDUriBGv5lh5uuvy7dFd6ZNyIHjgzmrla84UmOouUD3YoS8X1SIrH9bqyzxG
|
||||
rQhcT5nE8vbM6x4t00MFEl4iDt5pRMPPj6juexI82/chpUZa/LkIoJ6ptLGPy/9q
|
||||
dwKCAQA8W6KNjkbk36luNCw8CLZJQ8DT7ZKCjGM3sz6wY8ZKO+JVtPWq/Q74F2rH
|
||||
ooClOf9+HOw/AxmfAMV9lW+epibHOXGTfs59UQ2rfXsS7sCZpMimtAQMjSQx4443
|
||||
jUh+3OqW1cTGyPxKvPPvnftwpEvTEigIJAjUQcSF9w/MjKM2M4FQBgFxcfaooh1E
|
||||
+/sDBbHsGYGaXC5vfW9wMbsfhj6Un8Z+gLWR0qmpOU/RrVmXIGqoTnOt7MWrueyF
|
||||
r8xDXM/qz8mCaY4pLB/AU4krBUEUBFPOC6QG7y3bSfd+mgwbsAQ7a7Qc2QhUDACY
|
||||
PBk7BpRR/G/0yKuCfCA2+aCaIdpP
|
||||
-----END PRIVATE KEY-----
|
||||
32
test/data/certs/test-ca.crt
Normal file
32
test/data/certs/test-ca.crt
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbTCCA1WgAwIBAgIUfmIUyNZnBGs3PDW2fDd/l1PID0UwDQYJKoZIhvcNAQEL
|
||||
BQAwRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQKDAtFeGFtcGxl
|
||||
LmNvbTETMBEGA1UEAwwKRXhhbXBsZSBDQTAgFw0yNDEwMjMxMzAzNDNaGA8yMDUy
|
||||
MDMwOTEzMDM0M1owRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQK
|
||||
DAtFeGFtcGxlLmNvbTETMBEGA1UEAwwKRXhhbXBsZSBDQTCCAiIwDQYJKoZIhvcN
|
||||
AQEBBQADggIPADCCAgoCggIBAI9FWBUReh4Kg/Mz1WrdKn9fJGuDVFzSWQ2mGt3Z
|
||||
WjEkICRwKS4KaiO+oO/DgUaWb7/cAx3nlhmpRBcsE+eqpdsYlTpo5o0+NwLPR31U
|
||||
4a0Tjsjcc9MYUO/YNnqSNuncZUDHxL34Nrha4Czf4nGWtHuDJT5sNkdbOb5KocWC
|
||||
jO7Nx+wWCJVrranAoZ7RDQjA+A/n8i5TLg9SykGpbDomqMviXpzzpBYnqvBgf4sD
|
||||
3DlWdFoz9H3LdZmUHTirsRRNVMrB6qB+f/nkAsMu8+oWhAbS9leY7aZe3ULTkhHm
|
||||
5mprHnsbgFdJgV1thE7Hcu7X0CPNOe+zCny8XNDt92g6vu5nKy+/rLn7Jmc0allg
|
||||
Hub4ALvWbgmNQDdk6eqWqKxebmsBUlj6yw0Ayn2n//M67YD79jrz8zUu2hb8ajbN
|
||||
sOfzw0cDUz/gBcC7I16j4D4I4LTuj9VDd7pFDXuupYjOC7RVCHe5MDHNyrLdv2x6
|
||||
niM8cPzzfpz65YG6FiN/bPpAjTbvuxs8vFYd3hmSQRrD1BQWWk4m2dMbc9LEDGIE
|
||||
KxUJw7QWezHEebYhswVFlDN+DIYiva4K/sUZMa6GiEhNrZPgmHmzFNRciHJtGCIe
|
||||
8O3roIqiECs+a+JADlzxBn4DDk/W896Jm0UYTEFpzrH0h4U0wlN7+UI2xNkngFe1
|
||||
W4kfAgMBAAGjUzBRMB0GA1UdDgQWBBSfPyjeQ5ixJhwI/oGbi8+4REk3aTAfBgNV
|
||||
HSMEGDAWgBSfPyjeQ5ixJhwI/oGbi8+4REk3aTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4ICAQBTGQXFh1Bdwex4xgqRpCPW5Rl7jfcnzCObRUXDjS6j
|
||||
UC+2YMu7U3kA7MOQoCGUHHRsaFQbziFdJv1vpLDI7/kd1QV4g9jTQVeOIE22mpV0
|
||||
zR298FFz8bt9H9FCcF4of1bF1Qttrlt7DuIWRe+IPCLs23wPIR0jqD5WnErwd2V7
|
||||
LkVZxeXkizjTAslS4DPb5ZhvpJ8QeDWumVZu5WS896HAhUouavnCbXBR3MnmTwqB
|
||||
v7I6EhpGe218Mw5FKbnng4LdA+cgocl0NRg8712Iz6o1cf+v457M+pilWU1ZuUl3
|
||||
h6E7VqSZ/RTWEVTGd9EJRsFBBzMmOIkK2z0wyddEFXvomBOdwmGIGs8YnjK7ZF36
|
||||
9oEIF/mBF8bNeIcOqzURsKIFHdJZB0juSgKhIeb3WKd6DSnoa+cx59/kfg+xSYrK
|
||||
IfJYwIX0x4xtvfdXq4OFa4XFh1p0pvtwkaBctOrJt4sQIsmFwGbQzxANVsc0Rtjc
|
||||
B2aEtEHF5s5Z9EQL1STQSbUuYWpACbnAflzHtrZIFxmKZxgmjLQs8x4mIrMy2gFY
|
||||
I3wMx3BimIrL6nGPGUApYcb5V45Yf1lMJUmu2/nRIAA/IZP03S7QBjhiOAduw9rq
|
||||
Pzm5vrxfK3o8doLPz2omJfRyyr5ClYBOlthS0htNS21XSuh0sBYaDPJVRp07dWzR
|
||||
jQ==
|
||||
-----END CERTIFICATE-----
|
||||
54
test/data/certs/test-ca.key
Normal file
54
test/data/certs/test-ca.key
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQOxW0fGTkM6tmk3dq
|
||||
t1X9lgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIuCORh6w1b9wEgglI
|
||||
uIBIC7MrSwHTgWyRgoROC8Rj8hl2Djg93JcoGPBw3C//nnjIwFf1PRLtpIORK5bX
|
||||
WEKeW+FDOyzA4IKBiDNEg/YQXMOwg3ZwIZPUqsVY/ql3lBLWdV0cMWvYUcg1H3Lm
|
||||
zQfI+dQM9aVzDsWJyAgx5j1xsKpK8DrGOVUaqdCPbLSwqccn9vExieiZRuHvscwt
|
||||
kkxU9hsR3qGDQV1sRaiRXkA2woShV6R/cvMNmvCJfQ3uZS8FbSxVKHrnxKmUjSEN
|
||||
2vGLtRiIE+R1I5dZ32Cl5awm7GOdGjBagNKqnhTILyDAVDfG6alhrVhz5Reyq15/
|
||||
O5fhm+9oZ6EsG3/rz9JJNyHzWn5ifyeYNYfKqWkKmSXZ2wPJZRnogUHh5PYEbK7f
|
||||
Z1cUJjzpcN8jjab9gkBhYiZws0iBHYd8n4ywisSBZejQL61UYz+rokWw3PaoJH2i
|
||||
AwKo3Wvo5+ihxZcdV1U6n+FQyq0CR6ZtBxAtjDDW2V9qMwvBXBhwNAUMRL6lMkGu
|
||||
42Ubq8ivlg34078UCGWaI/IM/N/gLXKBoDavSNvV9C9GTg7MKXWk/Js3vfbW9WZD
|
||||
RXVRQV0q/YaKWEZaWhHc7eOQMF9t3+kV92vuNixggOjy11oJpzJWENihkL2Z/OJn
|
||||
o49CU1YAtiTfZiILK1wS8c1rbv2U/wODvKL5Dv0sI2N/8wwDM2JwftCGbxVz5V5S
|
||||
huOtX3DXUVL89Jw+7Njo+JhgLH5Xx714w8PkHpwmbgtcbBi/eAyVyxrJeGA6HxwV
|
||||
a5f8cfxmYQNN1vPOv9VzCIFEcky14p/lpttEXFKHpA6sk1Ed3DOtTj3jglVamYeh
|
||||
G0RCpFginNfyHBtLQHE7LpwM69F6PNrzhh5mS7+almZy46nSFUEbtrpROgu1U9cK
|
||||
Kj2BctHnlOYlIfELtwQVaC/iUbq622yuZLWHhuu6xmkN9xxknWs0CexGDlROBx/W
|
||||
bGGoJLiXwo8kFINxw5UtlQJ/52NNvx4dsf/f93P0opY8oG+tw6sJ77Gs+oSuXbiE
|
||||
dqS/HwLtwfYPX4pSMpSeVT1Z8Z5OIvJlwINszRJr/zNCSL5+nqvVCrl8tNmYPrx0
|
||||
bCfmwrtD4ulwo1IwGi1EKlIQh4izjvpND1fLtu57OnsmIF0/jeXOMYysPLPKyOXT
|
||||
a9LJUW1vEyIDSPGYdQW8NoTr4+Dc7WwzMBEbdFR1jTuf7TTDFLLBevRFkzx3fwCn
|
||||
ugJS/vvsw5khGXp5rK4cJWLnBSuyxGos44WDpEvHTdIImSfKU4os+C9qBwhrnkBC
|
||||
rFqrOmNxEuP7yF9rSj1vCBtpwlmZ4N5GKb7gcrJ3EPFu0aUkkF9HV20RLxlewOru
|
||||
IIEzEKkRmTFyRCdI8IbjIzYTZUZq3Pf3I5hejPtCHOiW8dkJjONyvS0Gr9Ybs77S
|
||||
glxx0b+GReAs3IokAt3aW/MLSJlOQnc7ez94YLor82uCBg2s65e6cnl8nW9nLudT
|
||||
3gZ8UrBHhr4VuI9q0ghBp/J794VNl2idTjTO3shSTj+0Lyz1klZQ40/vU964JEdo
|
||||
qScP5EyJysuZUepx4FkL+7WozbCxoTnoxkrXKkfEMlQnkGbb08h4NIxpW8+vICBb
|
||||
gqyQZqqz42+4WIaxh1ZZD0W8KwpzmNZrMGzG+4jhe+ZyyEotDvSDyQUxzsYErX4A
|
||||
ANKqA6BGtHEpfzjnofTpGhKo8pUvfbwGpehchNzGpm2JC1Qw7XD4D03fi2sZHhMH
|
||||
s8xOF+ggihqj4nQxe5rqoyjwyXkaieNafF/6/aIkFb63B5muugn5Zklh3dyqnHZd
|
||||
BxFmKjqhh4gZOByBS2ARxip4BN5/UEFqX8S8qYqzhUsJoBjVJVP0+Jt6VKxlfH6j
|
||||
DmJ58s0udD6HV6/tjf/bW4Q2GStQwtw6Qurw2DQhXq5F+3oCsnrQZWoEiX3a3rs/
|
||||
83gNJ88FpcXz48NDHyPud9ZnKU48NAQuOHcxqAYNNHcxq1Y7GSBT9N6mAbu7ncwB
|
||||
htYA20FcNkXcfxaAO1e9oXes5pIf0eXNVyTbgN6GT0qE+4oAPTAoRb1guyIqRCHR
|
||||
optiouwNOdv6rYxDyjzfDvWb89pRwixExz+duyAqxor5Lue41ctr9AVKRw+2ZrIU
|
||||
qHjA1/mXGjNX4MedtwHkYld9igETlmWPAFLgGkYgiWHRyQg0mnVHJUue+7dczmxz
|
||||
w2NkCjUcLEOlj46OIv1l7b2A5mbksFodlQbf7byFiLRYEgQWbNCOhGaObjIubgjM
|
||||
h2AC9lLDYGIfW80p77eaRTEWypNcLu7BpW9egUHDHizWi4lI8RzCmiY99dBAY4QG
|
||||
6pUPMecX8ElFn26DxMmmb72mCWBSbTXc4va5JGjiR0g3xtyRTyGOHJey4uI2CAjG
|
||||
fbRcXSkyfhLvrFhYUwSbDV3k3NeKjSPSQyDBdj0+ym1/e5seHAc7lc5MafpKOENO
|
||||
bEvzzPt60Zxv+dt34zaLM4Fm8FI+XRzm1IzKCxntvM804GbINTHPRbTbKhfVBKfS
|
||||
/auuaXUNkvAc3HPuvBwatqL7DkaTUlXAQSDYxnWOoN7a2dZiXEwtTuTY3Yu3+gih
|
||||
eLFpGLOT6G14Q3GtZlygqISYcwE7vy2T1OMlAPpao6o2N3GQvqI/kZh6ex+MD4aF
|
||||
/22kjUSjf0rzBEDuwNCuCiT38oV9QCv3qqB/ciLiGRCmEvtsI/wOPc0uGEjDSfDG
|
||||
P6zHoLbnVbzWJjfTB/CHZiNShxSVgte4Vv+IZFWVchRRzI83fMyyqxJmBlqAQPnX
|
||||
gdgQlksqtxa+ihTi1h0GygZY536/B0GEQqGYx4VWbgpA4vZhWYwLZGUaqHf9ORYs
|
||||
6A/wSH0vaFoal0rVQYqEh1TcTDUU9784MmWKtNjVJzhJqX1r4OQY7BYB8KLL4AmZ
|
||||
xpihWPo07qu4NlsIeOeVarM+F8MDfW9BUm9ixUjfyxL6PKWQ0sItDegtf9vEJyz+
|
||||
3dOHbnHopftK0nDp+arQuip+bQaGXsKBrohf8MZzjVWegXqZd5eRx07gVfjqalSA
|
||||
Op3P9yZVygZ3KtiKZjpppX0I8buatUgSnYT6yDbocbayfucZJA+28t7w01YZGVeZ
|
||||
iu99XkTwqyO/c2vapcJi9R6ERwtOKjdhyQu94T13Q94seezYPQ5GgPl/4/v4wH4H
|
||||
dMdS0MZ7dwa4ZNQeUxzOV3aEbiA763Oo
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
|
|
@ -3,7 +3,7 @@ import pathlib
|
|||
import subprocess
|
||||
|
||||
from osbuild.testutil import make_fake_tree
|
||||
from osbuild.testutil.net import http_serve_directory, https_serve_directory
|
||||
from osbuild.testutil.net import http_serve_directory, https_serve_directory, https_serve_directory_mtls
|
||||
|
||||
|
||||
def test_http_serve_directory_smoke(tmp_path):
|
||||
|
|
@ -37,3 +37,30 @@ def test_https_serve_directory_smoke(tmp_path):
|
|||
f"https://localhost:{httpd.server_port}/file1"],
|
||||
)
|
||||
assert output == b"file1 content"
|
||||
|
||||
|
||||
def test_https_serve_directory_mtls_smoke(tmp_path):
|
||||
make_fake_tree(tmp_path, {
|
||||
"file1": "file1 content",
|
||||
})
|
||||
cert_dir = pathlib.Path(__file__).parent.parent / "data/certs"
|
||||
cacert = cert_dir / "test-ca.crt"
|
||||
assert cacert.exists()
|
||||
servercert = cert_dir / "localhost-server.crt"
|
||||
assert servercert.exists()
|
||||
serverkey = cert_dir / "localhost-server.key"
|
||||
assert serverkey.exists()
|
||||
clientcert = cert_dir / "client1-client.crt"
|
||||
assert clientcert.exists()
|
||||
clientkey = cert_dir / "client1-client.key"
|
||||
assert clientkey.exists()
|
||||
|
||||
with https_serve_directory_mtls(tmp_path, cacert, servercert, serverkey) as httpd:
|
||||
output = subprocess.check_output(
|
||||
["curl",
|
||||
"--cacert", os.fspath(cacert),
|
||||
"--cert", os.fspath(clientcert),
|
||||
"--key", os.fspath(clientkey),
|
||||
f"https://localhost:{httpd.server_port}/file1"],
|
||||
)
|
||||
assert output == b"file1 content"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue