if __name__ == "__main__": ghostunnel = None try: # Step 1: create certs # root, ou=server, ou=client, ou=other_client create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1' ]) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server( "1: client closed -> server closed") print_ok("OK") finally: cleanup_certs(['root', 'server', 'client1']) if ghostunnel: ghostunnel.kill()
create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('new_server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen([ '../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--status={0}:13100'.format(LOCALHOST) ]) # Step 3: create connections with client1 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_tunnel_ou("server", "pair1 -> ou=server") # Replace keystore and trigger reload os.rename('new_server.p12', 'server.p12') ghostunnel.send_signal(signal.SIGUSR1) wait_for_cert(13100, 'new_server.crt') # Step 4: create connections with client1 pair2 = SocketPair('client1', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server") # Step 5: ensure that pair1 is still alive pair1.validate_can_send_from_client("toto", "pair1 still works")
create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('client1', 'root') create_signed_cert('client2', 'root') create_root_cert('other_root') create_signed_cert('other_client1', 'other_root') # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1']) # Step 3: connect with client1, confirm that the tunnel is up pair = SocketPair('client1', 13001, 13000) pair.validate_can_send_from_client("hello world", "1: client -> server") pair.validate_can_send_from_server("hello world", "1: server -> client") pair.validate_closing_client_closes_server("1: client closed -> server closed") # Step 4: connect with client2, confirm that the tunnel isn't up try: pair = SocketPair('client2', 13001, 13000) raise Exception('failed to reject client2') except socket.timeout: # TODO: this should be a ssl.SSLError, but ends up being a timeout. Figure # out why. print_ok("client2 correctly rejected") # Step 5: connect with other_client1, confirm that the tunnel isn't # up try:
ghostunnel = None try: # Step 1: create certs create_root_cert('root') create_signed_cert('server', 'root') create_signed_cert('new_server', 'root') create_signed_cert('client1', 'root') # Step 2: start ghostunnel ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST), '--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12', '--storepass='******'--cacert=root.crt', '--allow-ou=client1']) # Step 3: create connections with client1 pair1 = SocketPair('client1', 13001, 13000) pair1.validate_can_send_from_client("toto", "pair1 works") pair1.validate_tunnel_ou("server", "pair1 -> ou=server") # Replace keystore and trigger reload os.rename('new_server.p12', 'server.p12') ghostunnel.send_signal(signal.SIGUSR1) time.sleep(10) # Step 4: create connections with client1 pair2 = SocketPair('client1', 13001, 13000) pair2.validate_can_send_from_client("toto", "pair2 works") pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server") # Step 5: ensure that pair1 is still alive pair1.validate_can_send_from_client("toto", "pair1 still works")