httpd = http.server.HTTPServer(('localhost',13080), FakeMetricsBridgeHandler) server = threading.Thread(target=httpd.handle_request) server.start() # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13100'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--status={0}:13100'.format(LOCALHOST), '--metrics-url=http://localhost:13080/post']) # Step 3: wait for metrics to post for i in range(0, 10): if received_metrics: break else: # wait a little longer... time.sleep(1) if not received_metrics: raise Exception("did not receive metrics from instance") if type(received_metrics) != list: raise Exception("ghostunnel metrics expected to be JSON list") print_ok("OK") finally: if ghostunnel: ghostunnel.kill() cleanup_certs(['root', 'server', 'new_server', 'client1'])
if __name__ == "__main__": ghostunnel = None try: # Step 1: create certs # root, ou=server, ou=client, ou=other_client create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1' ]) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally: cleanup_certs(['root', 'server', 'client1']) if ghostunnel: ghostunnel.kill()
'--storepass='******'--cacert=root.crt', '--allow-ou=client1']) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server("1: client closed -> server closed") # Step 4: connect with client2, confirm that the tunnel isn't up try: pair = SocketPair('client2', 13001, 13000) raise Exception('failed to reject client2') except socket.timeout: # TODO: this should be a ssl.SSLError, but ends up being a timeout. Figure # out why. print_ok("client2 correctly rejected") # Step 5: connect with other_client1, confirm that the tunnel isn't # up try: pair = SocketPair('other_client1', 13001, 13000) raise Exception('failed to reject other_client1') except ssl.SSLError: print_ok("other_client1 correctly rejected") print_ok("OK") finally: cleanup_certs(['root', 'server', 'client1', 'client2', 'other_root', 'other_client1']) if ghostunnel: ghostunnel.kill()
for i in range(1, n_clients): create_signed_cert("client{0}".format(i), 'root') certs.append("client{0}".format(i)) allow_ou.append("--allow-ou=client{0}".format(i)) # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format( LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt' ] + allow_ou) # Step 3: clients should be able to communicate all at the same time. proc = [] for i in range(1, n_clients): pair = SocketPair("client{0}".format(i), 13001, 13000) p = Process(target=send_data, args=( i, pair, )) p.start() proc.append(p) for p in proc: p.join() print_ok("OK") finally: cleanup_certs(certs) if ghostunnel: ghostunnel.kill()
create_signed_cert("server", "root") create_signed_cert("new_server", "root") create_signed_cert("client1", "root") # Step 2: start ghostunnel ghostunnel = Popen( [ "../ghostunnel", "--listen={0}:13001".format(LOCALHOST), "--target={0}:13100".format(LOCALHOST), "--keystore=server.p12", "--storepass="******"--cacert=root.crt", "--allow-ou=client1", "--status-port=13100", ] ) # Step 3: read status information time.sleep(5) status = json.loads(urllib2.urlopen("http://localhost:13100/_status").read()) if not status["ok"]: raise Exception("ghostunnel reported non-ok status") print_ok("OK") finally: if ghostunnel: ghostunnel.kill() cleanup_certs(["root", "server", "new_server", "client1"])
allow_ou = [] try: # Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') for i in range(1, n_clients): create_signed_cert("client{0}".format(i), 'root') certs.append("client{0}".format(i)) allow_ou.append("--allow-ou=client{0}".format(i)) # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt'] + allow_ou) # Step 3: clients should be able to communicate all at the same time. proc = [] for i in range(1, n_clients): pair = SocketPair("client{0}".format(i), 13001, 13000) p = Process(target=send_data, args=(i,pair,)) p.start() proc.append(p) for p in proc: p.join() print_ok("OK") finally: cleanup_certs(certs) if ghostunnel: ghostunnel.kill()