# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
create_signed_cert('client2', 'root')
create_root_cert('other_root')
create_signed_cert('other_client1', 'other_root')
# Step 2: start ghostunnel
ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'])
# Step 3: connect with client1, confirm that the tunnel is up
pair = SocketPair('client1', 13001, 13000)
pair.validate_can_send_from_client("hello world", "1: client -> server")
pair.validate_can_send_from_server("hello world", "1: server -> client")
pair.validate_closing_client_closes_server("1: client closed -> server closed")
# Step 4: connect with client2, confirm that the tunnel isn't up
try:
pair = SocketPair('client2', 13001, 13000)
raise Exception('failed to reject client2')
except socket.timeout:
# TODO: this should be a ssl.SSLError, but ends up being a timeout. Figure
# out why.
print_ok("client2 correctly rejected")
# Step 5: connect with other_client1, confirm that the tunnel isn't
# up
if __name__ == "__main__":
ghostunnel = None
try:
# Step 1: create certs
# root, ou=server, ou=client, ou=other_client
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'
])
# Step 3: connect with client1, confirm that the tunnel is up
pair = SocketPair('client1', 13001, 13000)
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
print_ok("OK")
finally:
cleanup_certs(['root', 'server', 'client1'])
if ghostunnel:
ghostunnel.kill()
for i in range(1, n_clients):
create_signed_cert("client{0}".format(i), 'root')
certs.append("client{0}".format(i))
allow_ou.append("--allow-ou=client{0}".format(i))
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(
LOCALHOST), '--target={0}:13000'.format(LOCALHOST),
'--keystore=server.p12', '--storepass='******'--cacert=root.crt'
] + allow_ou)
# Step 3: clients should be able to communicate all at the same time.
proc = []
for i in range(1, n_clients):
pair = SocketPair("client{0}".format(i), 13001, 13000)
p = Process(target=send_data, args=(
i,
pair,
))
p.start()
proc.append(p)
for p in proc:
p.join()
print_ok("OK")
finally:
cleanup_certs(certs)
if ghostunnel:
ghostunnel.kill()
try:
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'
])
# Step 3: client should fail to connect since nothing is listening on 13002
try:
pair = SocketPair('client1', 13001, 13002)
except socket.timeout:
print_ok("timeout when nothing is listening on 13000")
# Step 4: client should connect
try:
pair = SocketPair('client1', 13001, 13000)
except socket.timeout:
print_ok("timeout when nothing is listening on 13000")
print_ok("OK")
finally:
cleanup_certs(['root', 'server', 'client1'])
if ghostunnel:
ghostunnel.kill()
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('new_server', 'root')
create_signed_cert('client1', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1',
'--status={0}:13100'.format(LOCALHOST)
])
# Step 3: create connections with client1
pair1 = SocketPair('client1', 13001, 13000)
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_tunnel_ou("server", "pair1 -> ou=server")
# Replace keystore and trigger reload
os.rename('new_server.p12', 'server.p12')
ghostunnel.send_signal(signal.SIGUSR1)
wait_for_cert(13100, 'new_server.crt')
# Step 4: create connections with client1
pair2 = SocketPair('client1', 13001, 13000)
pair2.validate_can_send_from_client("toto", "pair2 works")
pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server")
# Step 5: ensure that pair1 is still alive
pair1.validate_can_send_from_client("toto", "pair1 still works")
if __name__ == "__main__":
ghostunnel = None
try:
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('new_server', 'root')
create_signed_cert('client1', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1'])
# Step 3: create connections with client1
pair1 = SocketPair('client1', 13001, 13000)
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_tunnel_ou("server", "pair1 -> ou=server")
# Replace keystore and trigger reload
os.rename('new_server.p12', 'server.p12')
ghostunnel.send_signal(signal.SIGUSR1)
time.sleep(10)
# Step 4: create connections with client1
pair2 = SocketPair('client1', 13001, 13000)
pair2.validate_can_send_from_client("toto", "pair2 works")
pair2.validate_tunnel_ou("new_server", "pair2 -> ou=new_server")
# Step 5: ensure that pair1 is still alive
pair1.validate_can_send_from_client("toto", "pair1 still works")
root1 = RootCert('root1')
root1.create_signed_cert('server1')
root1.create_signed_cert('client1')
root1.create_signed_cert('new_client1')
root2 = RootCert('new_root')
root2.create_signed_cert('server2')
root2.create_signed_cert('client2')
# start ghostunnel
ghostunnel = Popen(['../ghostunnel', 'client', '--listen={0}:13004'.format(LOCALHOST),
'--target={0}:13005'.format(LOCALHOST), '--keystore=client1.p12',
'--cacert=root1.crt', '--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)])
# ensure ghostunnel connects with server1
pair1 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005))
pair1.validate_can_send_from_client("toto", "pair1 works")
pair1.validate_client_cert("client1", "pair1: ou=client1 -> ...")
# check certificate on status port
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'client1')
print_ok("got client1 on /_status")
# replace keystore and check ghostunnel connects with new_client1
os.rename('new_client1.p12', 'client1.p12')
ghostunnel.send_signal(signal.SIGUSR1)
TlsClient(None, 'root1', STATUS_PORT).connect(20, 'new_client1')
print_ok("reload done")
pair2 = SocketPair(TcpClient(13004), TlsServer('server1', 'root1', 13005))
pair2.validate_can_send_from_client("toto", "pair2 works")
if __name__ == "__main__":
ghostunnel = None
try:
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
create_signed_cert('client2', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen(['../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1', '--allow-ou=client2'])
# Step 3: create connections with client1 and client2
pair1 = SocketPair('client1', 13001, 13000)
pair1.validate_can_send_from_client("toto", "pair1 works")
pair2 = SocketPair('client2', 13001, 13000)
pair2.validate_can_send_from_client("toto", "pair2 works")
# Step 4: re-new the server and client1 certs
cleanup_certs(['root', 'server', 'client1'])
print_ok("deleted root, server and client1")
create_root_cert('root')
print_ok("re-created root")
create_signed_cert('server', 'root')
print_ok("re-created server")
create_signed_cert('client1', 'root')
print_ok("re-created client1")
# Step 1: create certs
create_root_cert('root')
create_signed_cert('server', 'root')
create_signed_cert('client1', 'root')
create_signed_cert('client2', 'root')
# Step 2: start ghostunnel
ghostunnel = Popen([
'../ghostunnel', '--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13000'.format(LOCALHOST), '--keystore=server.p12',
'--storepass='******'--cacert=root.crt', '--allow-ou=client1',
'--allow-ou=client2'
])
# Step 3: create connections with client1 and client2
pair1 = SocketPair('client1', 13001, 13000)
pair1.validate_can_send_from_client("toto", "pair1 works")
pair2 = SocketPair('client2', 13001, 13000)
pair2.validate_can_send_from_client("toto", "pair2 works")
# Step 4: re-new the server and client1 certs
cleanup_certs(['root', 'server', 'client1'])
print_ok("deleted root, server and client1")
create_root_cert('root')
print_ok("re-created root")
create_signed_cert('server', 'root')
print_ok("re-created server")
create_signed_cert('client1', 'root')
print_ok("re-created client1")
