httpd = http.server.HTTPServer(('localhost',13080), FakeMetricsBridgeHandler)
server = threading.Thread(target=httpd.handle_request)
server.start()
# Step 2: start ghostunnel
ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13100'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1',
'--status={0}:13100'.format(LOCALHOST), '--metrics-url=http://localhost:13080/post'])
# Step 3: wait for metrics to post
for i in range(0, 10):
if received_metrics:
break
else:
# wait a little longer...
time.sleep(1)
if not received_metrics:
raise Exception("did not receive metrics from instance")
if type(received_metrics) != list:
raise Exception("ghostunnel metrics expected to be JSON list")
print_ok("OK")
finally:
if ghostunnel:
ghostunnel.kill()
cleanup_certs(['root', 'server', 'new_server', 'client1'])
if __name__ == "__main__":
ghostunnel = None
try:
# Step 1: create certs
# root, ou=server, ou=client, ou=other_client
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'
])
# Step 3: connect with client1, confirm that the tunnel is up
pair = SocketPair('client1', 13001, 13000)
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
print_ok("OK")
finally:
cleanup_certs(['root', 'server', 'client1'])
if ghostunnel:
ghostunnel.kill()
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'])
# Step 3: connect with client1, confirm that the tunnel is up
pair = SocketPair('client1', 13001, 13000)
pair.validate_can_send_from_client("hello world", "1: client -> server")
pair.validate_can_send_from_server("hello world", "1: server -> client")
pair.validate_closing_client_closes_server("1: client closed -> server closed")
# Step 4: connect with client2, confirm that the tunnel isn't up
try:
pair = SocketPair('client2', 13001, 13000)
raise Exception('failed to reject client2')
except socket.timeout:
# TODO: this should be a ssl.SSLError, but ends up being a timeout. Figure
# out why.
print_ok("client2 correctly rejected")
# Step 5: connect with other_client1, confirm that the tunnel isn't
# up
try:
pair = SocketPair('other_client1', 13001, 13000)
raise Exception('failed to reject other_client1')
except ssl.SSLError:
print_ok("other_client1 correctly rejected")
print_ok("OK")
finally:
cleanup_certs(['root', 'server', 'client1', 'client2', 'other_root', 'other_client1'])
if ghostunnel:
ghostunnel.kill()
for i in range(1, n_clients):
create_signed_cert("client{0}".format(i), 'root')
certs.append("client{0}".format(i))
allow_ou.append("--allow-ou=client{0}".format(i))
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(
LOCALHOST), '--target={0}:13000'.format(LOCALHOST),
'--keystore=server.p12', '--storepass='******'--cacert=root.crt'
] + allow_ou)
# Step 3: clients should be able to communicate all at the same time.
proc = []
for i in range(1, n_clients):
pair = SocketPair("client{0}".format(i), 13001, 13000)
p = Process(target=send_data, args=(
i,
pair,
))
p.start()
proc.append(p)
for p in proc:
p.join()
print_ok("OK")
finally:
cleanup_certs(certs)
if ghostunnel:
ghostunnel.kill()
create_signed_cert("server", "root")
create_signed_cert("new_server", "root")
create_signed_cert("client1", "root")
# Step 2: start ghostunnel
ghostunnel = Popen(
[
"../ghostunnel",
"--listen={0}:13001".format(LOCALHOST),
"--target={0}:13100".format(LOCALHOST),
"--keystore=server.p12",
"--storepass="******"--cacert=root.crt",
"--allow-ou=client1",
"--status-port=13100",
]
)
# Step 3: read status information
time.sleep(5)
status = json.loads(urllib2.urlopen("http://localhost:13100/_status").read())
if not status["ok"]:
raise Exception("ghostunnel reported non-ok status")
print_ok("OK")
finally:
if ghostunnel:
ghostunnel.kill()
cleanup_certs(["root", "server", "new_server", "client1"])
allow_ou = []
try:
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
for i in range(1, n_clients):
create_signed_cert("client{0}".format(i), 'root')
certs.append("client{0}".format(i))
allow_ou.append("--allow-ou=client{0}".format(i))
# Step 2: start ghostunnel
ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt'] + allow_ou)
# Step 3: clients should be able to communicate all at the same time.
proc = []
for i in range(1, n_clients):
pair = SocketPair("client{0}".format(i), 13001, 13000)
p = Process(target=send_data, args=(i,pair,))
p.start()
proc.append(p)
for p in proc:
p.join()
print_ok("OK")
finally:
cleanup_certs(certs)
if ghostunnel:
ghostunnel.kill()
