def send_data(i):
p = SocketPair(TcpClient(13001),
TlsServer("server{0}".format(i), 'root', 13002))
counter = 0
while counter < 100:
r = random.random()
if r < 0.4:
time.sleep(r)
continue
counter += 1
if r < 0.7:
p.validate_can_send_from_client(
"blah blah blah",
"{0}:{1} client -> server".format(i, counter))
else:
p.validate_can_send_from_server(
"blah blah blah",
"{0}:{1} server -> client".format(i, counter))
r = random.random()
if r < 0.5:
p.validate_closing_client_closes_server(
"{0} client close -> server close".format(i))
else:
p.validate_closing_server_closes_client(
"{0} server close -> client close".format(i))
other_root = RootCert('other_root')
other_root.create_signed_cert('other_server')
# start ghostunnel
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target=localhost:13002', '--cacert=root.crt',
'--disable-authentication',
'--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)
])
# connect to server1, confirm that the tunnel is up
pair = SocketPair(
TcpClient(13001),
TlsServer('server1', 'root', 13002, cert_reqs=ssl.CERT_NONE))
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
# connect to other_server, confirm that the tunnel isn't up
try:
pair = SocketPair(
TcpClient(13001),
TlsServer('other_server',
'other_root',
13002,
cert_reqs=ssl.CERT_NONE))
if __name__ == "__main__":
ghostunnel = None
try:
# create certs
root = RootCert('root')
root.create_signed_cert('server')
root.create_signed_cert('client')
# start ghostunnel
client = UnixClient()
ghostunnel = run_ghostunnel([
'client', '--listen=unix:{0}'.format(client.get_socket_path()),
'--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT), '--cacert=root.crt'
])
# connect to server, confirm that the tunnel is up
pair = SocketPair(client, TlsServer('server', 'root', 13002))
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
print_ok("OK")
finally:
terminate(ghostunnel)
root.create_signed_cert('server2',
san="IP:127.0.0.1,IP:::1,DNS:foobar")
other_root = RootCert('other_root')
other_root.create_signed_cert('other_server')
# start ghostunnel
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target=localhost:13002', '--keystore=client.p12',
'--cacert=root.crt',
'--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)
])
# connect to server1, confirm that the tunnel is up
pair = SocketPair(TcpClient(13001), TlsServer('server1', 'root',
13002))
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
# connect to other_server, confirm that the tunnel isn't up
try:
pair = SocketPair(TcpClient(13001),
TlsServer('other_server', 'other_root', 13002))
raise Exception('failed to reject other_server')
except ssl.SSLError:
print_ok("other_server correctly rejected")
root = RootCert('root')
root.create_signed_cert('client')
for n in range(1, n_clients):
root.create_signed_cert("server{0}".format(n))
# start ghostunnel
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT), '--cacert=root.crt'
])
# servers should be able to communicate all at the same time.
procs = []
for n in range(1, n_clients):
pair = SocketPair(TcpClient(13001),
TlsServer("server{0}".format(n), 'root', 13002))
proc = Process(target=send_data, args=(
n,
pair,
))
proc.start()
procs.append(proc)
for proc in procs:
proc.join()
print_ok("OK")
finally:
terminate(ghostunnel)
root.create_signed_cert('server')
root.create_signed_cert('client')
# start ghostunnel
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13002'.format(LOCALHOST), '--keystore=client.p12',
'--cacert=root.crt',
'--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)
])
# wait for startup
TlsClient(None, 'root', STATUS_PORT).connect(20, 'client')
# create connections with client
pair1 = SocketPair(TcpClient(13001), TlsServer('server', 'root',
13002))
pair1.validate_can_send_from_client("toto", "pair1 works")
# shut down ghostunnel with connection open, make sure it doesn't hang
print_ok('attempting to terminate ghostunnel via SIGTERM signals')
for n in range(0, 90):
try:
try:
ghostunnel.terminate()
ghostunnel.wait(timeout=1)
except BaseException:
pass
os.kill(ghostunnel.pid, 0)
print_ok("ghostunnel is still alive")
except BaseException:
stopped = True
try:
# create certs
root = RootCert('root')
root.create_signed_cert('server')
root.create_signed_cert('client')
# start ghostunnel
socket = UnixClient()
ghostunnel = run_ghostunnel(['client',
'--listen=unix:{0}'.format(socket.get_socket_path()),
'--target={0}:13002'.format(LOCALHOST),
'--keystore=client.p12',
'--cacert=root.crt',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT)])
# connect with client, confirm that the tunnel is up
pair = SocketPair(socket, TlsServer('server', 'root', 13002))
pair.validate_can_send_from_server(
"hello world", "1: server -> client")
pair.validate_can_send_from_client(
"hello world", "1: client -> server")
pair.validate_closing_server_closes_client(
"1: server closed -> client closed")
print_ok("OK")
finally:
terminate(ghostunnel)
if os.path.exists(socket.get_socket_path()):
raise Exception('failed to clean up unix socket')
root1.create_signed_cert('new_client1')
root2 = RootCert('new_root')
root2.create_signed_cert('server2')
# start ghostunnel
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13002'.format(LOCALHOST), '--keystore=client1.p12',
'--timed-reload=1s', '--cacert=root1.crt',
'--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)
])
# ensure ghostunnel connects with server1
pair1 = SocketPair(TcpClient(13001),
TlsServer('server1', 'root1', 13002))
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...")
# check certificate on status port
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1')
print_ok("got client1 on /_status")
# replace keystore and check ghostunnel connects with new_client1
print_ok("replacing certificates")
os.rename('new_client1.p12', 'client1.p12')
# reload should happen automatically
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'new_client1')
print_ok("reload done")
pair2 = SocketPair(TcpClient(13001),
root1.create_signed_cert('new_client1')
root2 = RootCert('new_root')
root2.create_signed_cert('server2')
# start ghostunnel
ghostunnel = run_ghostunnel(['client',
'--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13002'.format(LOCALHOST),
'--keystore=client1.p12',
'--cacert=root1.crt',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT)])
# ensure ghostunnel connects with server1
pair1 = SocketPair(TcpClient(13001), TlsServer(
'server1', 'root1', 13002))
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...")
# check certificate on status port
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1')
print_ok("got client1 on /_status")
# replace keystore and check ghostunnel connects with new_client1
os.rename('new_client1.p12', 'client1.p12')
ghostunnel.send_signal(signal.SIGUSR1)
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'new_client1')
print_ok("reload done")
pair2 = SocketPair(TcpClient(13001), TlsServer(
'server1', 'root1', 13002))