diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2016-01-14 23:40:53 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2016-01-15 13:16:15 -0500 |
| commit | 184804c82daf7fe04dfb0b0ecdc3e06be0c103c1 (patch) | |
| tree | e4d2cec37e63d464f21e77d64d12cd5c90aab23c | |
| parent | a7721ab0c171d587a5d831990d1fe16d37a41ac7 (diff) | |
| download | mod_nss-184804c82daf7fe04dfb0b0ecdc3e06be0c103c1.tar.gz mod_nss-184804c82daf7fe04dfb0b0ecdc3e06be0c103c1.tar.xz mod_nss-184804c82daf7fe04dfb0b0ecdc3e06be0c103c1.zip | |
Add test for colons in FakeBasicAuth user certificate
Update gencert to do a better job parsing arguments so I can
pass in a --test flag to generate a special test-only user
certificate to test colons in the DN.
| -rwxr-xr-x | gencert.in | 57 | ||||
| -rwxr-xr-x | test/setup.sh | 5 | ||||
| -rw-r--r-- | test/test.py | 9 |
3 files changed, 65 insertions, 6 deletions
@@ -59,6 +59,7 @@ CA_CERTDN="CN=Certificate Shack, O=example.com, C=US" SERVER_CERTDN="CN=${FQDN}, O=example.com, C=US" ALPHA_CERTDN="E=alpha@${FQDN}, CN=Frank Alpha, UID=alpha, OU=People, O=example.com, C=US" BETA_CERTDN="E=beta@${FQDN}, CN=Anna Beta, UID=beta, OU=People, O=example.com, C=US" +COLON_CERTDN="E=colon:user@${FQDN}, CN=Colon User, UID=colon, OU=People, O=example.com, C=US" # size of the keys KEYSIZE=2048 @@ -86,11 +87,30 @@ fi DBDIR=$1 shift -if [ $# > 0 ]; then - SNI=$1 -else - SNI=0 -fi +TEST=0 +SNI=0 + +while [[ $# -ge 1 ]] +do + key="$1" + case $key in + -s|--sni) + SNI="$2" + shift + ;; + -t|--test) + TEST=1 + ;; + *) + echo "Unknown option $1" + exit 1 + ;; + esac + shift +done + +echo "TEST = $TEST" +echo "SNI = $SNI" echo "httptest" > $DEST/pw.txt @@ -214,6 +234,33 @@ $CERTUTIL -S -d $DBDIR -n beta \ -1 \ -5 +if [ $TEST == 1 ]; then +echo "" +echo "#####################################################################" +echo "Generating user certificate for \"colon\"." +echo "#####################################################################" +(ps -elf; date; netstat -a) > $DEST/noise +let CERTSERIAL=CERTSERIAL+1 +# 0 2 9 n -> Key usage: Key Encipherment, Digital Signature +# 0 9 n -> SSL Client +echo -e "0\n2\n9\nn\n0\n9\nn\n" | \ +$CERTUTIL -S -d $DBDIR -n colon \ + -s "$COLON_CERTDN" \ + -c cacert \ + -t u,pu,u \ + -g $KEYSIZE \ + -m $CERTSERIAL \ + -v $VALIDITY \ + -f $DEST/pw.txt \ + -z $DEST/noise \ + -1 \ + -5 +fi + +echo "" +echo "#####################################################################" +echo "Generating server certificate request" + echo "" echo "#####################################################################" echo "Generating server certificate request" diff --git a/test/setup.sh b/test/setup.sh index 33cf4f6..f1d4a43 100755 --- a/test/setup.sh +++ b/test/setup.sh @@ -43,7 +43,7 @@ cp ../.libs/libmodnss.so ${test_root}/lib cp ../nss_pcache ${test_root}/bin echo "Generating a new certificate database..." -bash ../gencert ${DBPREFIX}${test_root}/alias $SNI > /dev/null 2>&1 +bash ../gencert ${DBPREFIX}${test_root}/alias --sni $SNI --test > /dev/null 2>&1 echo internal:httptest > ${test_root}/conf/password.conf # Export the CA cert @@ -59,6 +59,9 @@ openssl pkcs12 -in alpha.p12 -nocerts -nodes -out alpha.key -passin pass:`cat p pk12util -o beta.p12 -d ${DBPREFIX}${test_root}/alias -n beta -w pw -k dbpw openssl pkcs12 -in beta.p12 -clcerts -nokeys -out beta.crt -passin pass:`cat pw` openssl pkcs12 -in beta.p12 -nocerts -nodes -out beta.key -passin pass:`cat pw` +pk12util -o colon.p12 -d ${DBPREFIX}${test_root}/alias -n colon -w pw -k dbpw +openssl pkcs12 -in colon.p12 -clcerts -nokeys -out colon.crt -passin pass:`cat pw` +openssl pkcs12 -in colon.p12 -nocerts -nodes -out colon.key -passin pass:`cat pw` /bin/rm -f pw dbpw cd - diff --git a/test/test.py b/test/test.py index c471fdb..90b969d 100644 --- a/test/test.py +++ b/test/test.py @@ -162,6 +162,15 @@ class test_suite1(Declarative): ), dict( + desc='FakeBasicAuth, certificate with colon', + request=('/acl/aclS03.html', { + 'key_file': 'work/httpd/colon.key', + 'cert_file': 'work/httpd/colon.crt',} + ), + expected=403, + ), + + dict( desc='Secret key size', request=('/secret-test.html', {}), expected=200, |