def send_data(i): p = SocketPair(TlsClient("client{0}".format(i), 'root', 13001), TcpServer(13002)) counter = 0 while counter < 100: r = random.random() if r < 0.4: time.sleep(r) continue counter += 1 if r < 0.7: p.validate_can_send_from_client( "blah blah blah", "{0}:{1} client -> server".format(i, counter)) else: p.validate_can_send_from_server( "blah blah blah", "{0}:{1} server -> client".format(i, counter)) r = random.random() if r < 0.5: p.validate_closing_client_closes_server( "{0} client close -> server close".format(i)) else: p.validate_closing_server_closes_client( "{0} server close -> client close".format(i))
root.create_signed_cert('server') for n in range(1, n_clients): root.create_signed_cert("client{0}".format(n)) allow_ou.append("--allow-ou=client{0}".format(n)) # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format( LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--status={0}:{1}'.format( LOCALHOST, STATUS_PORT), '--cacert=root.crt' ] + allow_ou) # clients should be able to communicate all at the same time. procs = [] for n in range(1, n_clients): pair = SocketPair(TlsClient("client{0}".format(n), 'root', 13001), TcpServer(13002)) proc = Process(target=send_data, args=( n, pair, )) proc.start() procs.append(proc) for proc in procs: proc.join() print_ok("OK") finally: terminate(ghostunnel)
import sys if __name__ == "__main__": ghostunnel = None try: root = RootCert('root') root.create_signed_cert('server') root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--cert=server.crt', '--key=server.key', '--cacert=root.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--allow-ou=client' ]) # connect with client, confirm that the tunnel is up pair = SocketPair(TlsClient('client', 'root', 13001), TcpServer(13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally: terminate(ghostunnel)
other_root = RootCert('other_root') other_root.create_signed_cert('other_client1') # start ghostunnel ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt', '--allow-ou=client1']) # connect with client1, confirm that the tunnel is up pair = SocketPair( TlsClient('client1', 'root', 13001), TcpServer(13002)) pair.validate_can_send_from_client( "hello world", "1: client -> server") pair.validate_can_send_from_server( "hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect with client2, confirm that the tunnel isn't up try: pair = SocketPair( TlsClient('client2', 'root', 13001), TcpServer(13002)) raise Exception('failed to reject client2') except ssl.SSLError: print_ok("client2 correctly rejected")
root.create_signed_cert('client1') root.create_signed_cert('client2') other_root = RootCert('other_root') other_root.create_signed_cert('other_client1') # start ghostunnel ghostunnel = run_ghostunnel([ 'server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--keystore=server.p12', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT), '--cacert=root.crt', '--disable-authentication' ]) # connect with no client cert, confirm that the tunnel is up pair = SocketPair(TlsClient(None, 'root', 13001), TcpServer(13002)) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") # connect with client1 cert, confirm that the tunnel is up pair2 = SocketPair(TlsClient('client1', 'root', 13001), TcpServer(13002)) pair2.validate_can_send_from_client("hello world", "1: client -> server") pair2.validate_can_send_from_server("hello world", "1: server -> client") pair2.validate_closing_client_closes_server(
root.create_signed_cert('client') # start ghostunnel ghostunnel = run_ghostunnel(['server', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13002'.format(LOCALHOST), '--key=server.key', '--cert=server.crt', '--cacert=root.crt', '--allow-ou=client', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # create connections with client pair1 = SocketPair( TlsClient('client', 'root', 13001), TcpServer(13002)) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_tunnel_ou("server", "pair1 -> ou=server") # Replace keystore and trigger reload os.rename('new_server.crt', 'server.crt') os.rename('new_server.key', 'server.key') ghostunnel.send_signal(signal.SIGUSR1) TlsClient(None, 'root', STATUS_PORT).connect(20, 'new_server') print_ok("reload done") # create connections with client pair2 = SocketPair( TlsClient('client', 'root', 13001), TcpServer(13002)) pair2.validate_can_send_from_client("toto", "pair2 works")