# Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') create_signed_cert('client2', 'root') create_root_cert('other_root') create_signed_cert('other_client1', 'other_root') # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1']) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server("1: client closed -> server closed") # Step 4: connect with client2, confirm that the tunnel isn't up try: pair = SocketPair('client2', 13001, 13000) raise Exception('failed to reject client2') except socket.timeout: # TODO: this should be a ssl.SSLError, but ends up being a timeout. Figure # out why. print_ok("client2 correctly rejected") # Step 5: connect with other_client1, confirm that the tunnel isn't # up
if __name__ == "__main__": ghostunnel = None try: # Step 1: create certs # root, ou=server, ou=client, ou=other_client create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1' ]) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally: cleanup_certs(['root', 'server', 'client1']) if ghostunnel: ghostunnel.kill()
for i in range(1, n_clients): create_signed_cert("client{0}".format(i), 'root') certs.append("client{0}".format(i)) allow_ou.append("--allow-ou=client{0}".format(i)) # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format( LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt' ] + allow_ou) # Step 3: clients should be able to communicate all at the same time. proc = [] for i in range(1, n_clients): pair = SocketPair("client{0}".format(i), 13001, 13000) p = Process(target=send_data, args=( i, pair, )) p.start() proc.append(p) for p in proc: p.join() print_ok("OK") finally: cleanup_certs(certs) if ghostunnel: ghostunnel.kill()
try: # Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1' ]) # Step 3: client should fail to connect since nothing is listening on 13002 try: pair = SocketPair('client1', 13001, 13002) except socket.timeout: print_ok("timeout when nothing is listening on 13000") # Step 4: client should connect try: pair = SocketPair('client1', 13001, 13000) except socket.timeout: print_ok("timeout when nothing is listening on 13000") print_ok("OK") finally: cleanup_certs(['root', 'server', 'client1']) if ghostunnel: ghostunnel.kill()
# Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('new_server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--status={0}:13100'.format(LOCALHOST) ]) # Step 3: create connections with client1 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_tunnel_ou("server", "pair1 -> ou=server") # Replace keystore and trigger reload os.rename('new_server.p12', 'server.p12') ghostunnel.send_signal(signal.SIGUSR1) wait_for_cert(13100, 'new_server.crt') # Step 4: create connections with client1 pair2 = SocketPair('client1', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server") # Step 5: ensure that pair1 is still alive pair1.validate_can_send_from_client("toto", "pair1 still works")
if __name__ == "__main__": ghostunnel = None try: # Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('new_server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1']) # Step 3: create connections with client1 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_tunnel_ou("server", "pair1 -> ou=server") # Replace keystore and trigger reload os.rename('new_server.p12', 'server.p12') ghostunnel.send_signal(signal.SIGUSR1) time.sleep(10) # Step 4: create connections with client1 pair2 = SocketPair('client1', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server") # Step 5: ensure that pair1 is still alive pair1.validate_can_send_from_client("toto", "pair1 still works")
root1 = RootCert('root1') root1.create_signed_cert('server1') root1.create_signed_cert('client1') root1.create_signed_cert('new_client1') root2 = RootCert('new_root') root2.create_signed_cert('server2') root2.create_signed_cert('client2') # start ghostunnel ghostunnel = Popen(['../ghostunnel', 'client', '--listen={0}:13004'.format(LOCALHOST), '--target={0}:13005'.format(LOCALHOST), '--keystore=client1.p12', '--cacert=root1.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)]) # ensure ghostunnel connects with server1 pair1 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005)) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...") # check certificate on status port TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1') print_ok("got client1 on /_status") # replace keystore and check ghostunnel connects with new_client1 os.rename('new_client1.p12', 'client1.p12') ghostunnel.send_signal(signal.SIGUSR1) TlsClient(None, 'root1', STATUS_PORT).connect(20, 'new_client1') print_ok("reload done") pair2 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005)) pair2.validate_can_send_from_client("toto", "pair2 works")
if __name__ == "__main__": ghostunnel = None try: # Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') create_signed_cert('client2', 'root') # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--allow-ou=client2']) # Step 3: create connections with client1 and client2 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair2 = SocketPair('client2', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") # Step 4: re-new the server and client1 certs cleanup_certs(['root', 'server', 'client1']) print_ok("deleted root, server and client1") create_root_cert('root') print_ok("re-created root") create_signed_cert('server', 'root') print_ok("re-created server") create_signed_cert('client1', 'root') print_ok("re-created client1")
# Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') create_signed_cert('client2', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--allow-ou=client2' ]) # Step 3: create connections with client1 and client2 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair2 = SocketPair('client2', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") # Step 4: re-new the server and client1 certs cleanup_certs(['root', 'server', 'client1']) print_ok("deleted root, server and client1") create_root_cert('root') print_ok("re-created root") create_signed_cert('server', 'root') print_ok("re-created server") create_signed_cert('client1', 'root') print_ok("re-created client1")