Commits

Roger Light  committed a691d45

Add test for successful auth with a crl.

  • Participants
  • Parent commits d123c69
  • Branches 1.2

Comments (0)

Files changed (11)

File test/broker/08-ssl-connect-cert-auth-crl.conf

+port 1888
+
+cafile ../ssl/test-ca.crt
+certfile ../ssl/server.crt
+keyfile ../ssl/server.key
+require_certificate true
+crlfile ../ssl/crl.pem

File test/broker/08-ssl-connect-cert-auth-crl.py

+#!/usr/bin/python
+
+import subprocess
+import socket
+import ssl
+import sys
+import time
+
+if sys.version < '2.7':
+    print("WARNING: SSL not supported on Python 2.6")
+    exit(0)
+
+import inspect, os, sys
+# From http://stackoverflow.com/questions/279237/python-import-a-module-from-a-folder
+cmd_subfolder = os.path.realpath(os.path.abspath(os.path.join(os.path.split(inspect.getfile( inspect.currentframe() ))[0],"..")))
+if cmd_subfolder not in sys.path:
+    sys.path.insert(0, cmd_subfolder)
+
+import mosq_test
+
+rc = 1
+keepalive = 10
+connect_packet = mosq_test.gen_connect("connect-success-test", keepalive=keepalive)
+connack_packet = mosq_test.gen_connack(rc=0)
+
+broker = subprocess.Popen(['../../src/mosquitto', '-c', '08-ssl-connect-cert-auth-crl.conf'], stderr=subprocess.PIPE)
+
+try:
+    time.sleep(0.5)
+
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+    ssock.settimeout(10)
+    ssock.connect(("localhost", 1888))
+    ssock.send(connect_packet)
+
+    if mosq_test.expect_packet(ssock, "connack", connack_packet):
+        rc = 0
+
+    ssock.close()
+finally:
+    broker.terminate()
+    broker.wait()
+    if rc:
+        (stdo, stde) = broker.communicate()
+        print(stde)
+
+exit(rc)
+

File test/broker/08-ssl-connect-cert-auth-revoked.py

 #!/usr/bin/python
 
-# Test whether a valid CONNECT results in the correct CONNACK packet using an
-# SSL connection with client certificates required.
-
 import subprocess
 import socket
 import ssl
     time.sleep(0.5)
 
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
+    ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-ca.crt", certfile="../ssl/client-revoked.crt", keyfile="../ssl/client-revoked.key", cert_reqs=ssl.CERT_REQUIRED)
     ssock.settimeout(10)
     try:
         ssock.connect(("localhost", 1888))

File test/broker/Makefile

 	./08-ssl-connect-cert-auth-without.py
 	./08-ssl-connect-cert-auth-expired.py
 	./08-ssl-connect-cert-auth-revoked.py
+	./08-ssl-connect-cert-auth-crl.py
 	./08-ssl-connect-identity.py
 	./08-ssl-connect-no-identity.py
 	./08-tls-psk-pub.py

File test/ssl/client-revoked.crt

+-----BEGIN CERTIFICATE-----
+MIICpDCCAg0CCQDNrg5WSiiRpzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC
+R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG
+A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG
+A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs
+ZS5jb20wHhcNMTIwNzAzMTQ0MDAwWhcNMzkxMTE4MTQ0MDAwWjCBizELMAkGA1UE
+BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd
+MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU
+ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3QtY2xpZW50LXRlc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAM1kzx27D7TooydBNi6tTIMvstPZqFviwN5JGCKxs0wI
+ZAdVP1HNeECioww4HiMO6J6IfcLppLDuWr1pteSG471MjGLPc0Z6UKNejKntM30p
+7649fBZ9DIomVKTJHya/jtU8hIJfSpY29FKGOe3gVjg99nFZtB1dGnycQys5FRVZ
+AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAXB40zdyBFQ7BjDbDFV/vcx4E2rpVxnQ4
+vtJ8TE7aaBqS9QmxlWYnx8ys/q51mVmOxbA/aIFllaSyR+P0MrgZfbWFtb/PK2IV
+VnCciP7dfwqbnsW3ziRUq+mTaaNDPtT+YJrLJyTYNZPRvGIBHOt0NKzNCyvO37v3
+op7ELGt0I+E=
+-----END CERTIFICATE-----

File test/ssl/client-revoked.csr

+-----BEGIN CERTIFICATE REQUEST-----
+MIIBzDCCATUCAQAwgYsxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2lu
+Z2RvbTEOMAwGA1UEBwwFRGVyYnkxHTAbBgNVBAoMFE1vc3F1aXR0byBUZXN0IFN1
+aXRlMRQwEgYDVQQLDAtCcm9rZXIgVGVzdDEeMBwGA1UEAwwVbG9jYWxob3N0LWNs
+aWVudC10ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNZM8duw+06KMn
+QTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9RzXhAoqMMOB4jDuieiH3C6aSw7lq9
+abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwWfQyKJlSkyR8mv47VPISCX0qWNvRS
+hjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEA
+uzoEdsl3JkiNIviQzDtr67k6L/vogtVSgRnCFCel16Q0i1W+mVAwUqYArwf/7fwp
+UhZPd8NLSVT1pn4Nj2a2Q7S3GMpMguiQlhCol7hZOrNpc0fDGg1JSmYjCEmm3TOl
+Z49eyqmE8r4xdDEAyPk3u21HYrZ5RshyS/8vfPwqR9o=
+-----END CERTIFICATE REQUEST-----

File test/ssl/client-revoked.key

+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDNZM8duw+06KMnQTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9R
+zXhAoqMMOB4jDuieiH3C6aSw7lq9abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwW
+fQyKJlSkyR8mv47VPISCX0qWNvRShjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQAB
+AoGAdcKxuUMSG1AykwQhk5uKvcBwUGR/0cbte8T+0I1/1j0NVOL8feNHag+VWiEm
+rkUS/CoXqNQat9LBNc5RGmh4U35orG2xi/EqcBnp/Mse2UqnOTYO3xjeP+JQBtR9
+EiutMTabnaOIXox2bfb3olKA5b6phTt9Y0v8Li/jbVAhw3ECQQDslDu6ZvkKoljU
+VICOteQMMPESsrXVPs5brtxyK2LQn+GBwXvy7d655Ql9jUkyops546aTB6JgYOMs
+zDD3oJ7FAkEA3kE1wwap7NxtYSEbtwyIa7r+IKezG9IPwG27EHjTjPBgclOk0ZOf
+W51ZD/CYNbA7fYAbqREeBwzhe5u0jfHFhQJBAOccL/T6nxMqYYibPDMtsSfPr9FK
+T6OQBVs/SQ8nHxMa/NsbPpCkm04SVuEV4onam7VDlPhRHujz/TlICBYADNkCQEaA
+XwJ3ea2mGphF/VmqgxfRYE2RhNJdZxu+cyl9enXpxl5dxBmq/1D7b8YLpuzY83YT
+DjMqN+E6p8gjEzo3qFUCQGaSni6qTT9pT22uT3QwLthOPdVacV6a55Ci6g4XaFUR
+/Es/nQdkZTbCI1ufGV2Usodsqas+lNGqnClGVHqcUg8=
+-----END RSA PRIVATE KEY-----

File test/ssl/client.crt

------BEGIN CERTIFICATE-----
-MIICpDCCAg0CCQDNrg5WSiiRpzANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMC
-R0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEdMBsG
-A1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxDzANBgNVBAsMBkJyb2tlcjEXMBUG
-A1UEAwwOYnJva2VyLXRlc3QtY2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs
-ZS5jb20wHhcNMTIwNzAzMTQ0MDAwWhcNMzkxMTE4MTQ0MDAwWjCBizELMAkGA1UE
-BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTEd
-MBsGA1UECgwUTW9zcXVpdHRvIFRlc3QgU3VpdGUxFDASBgNVBAsMC0Jyb2tlciBU
-ZXN0MR4wHAYDVQQDDBVsb2NhbGhvc3QtY2xpZW50LXRlc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAM1kzx27D7TooydBNi6tTIMvstPZqFviwN5JGCKxs0wI
-ZAdVP1HNeECioww4HiMO6J6IfcLppLDuWr1pteSG471MjGLPc0Z6UKNejKntM30p
-7649fBZ9DIomVKTJHya/jtU8hIJfSpY29FKGOe3gVjg99nFZtB1dGnycQys5FRVZ
-AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAXB40zdyBFQ7BjDbDFV/vcx4E2rpVxnQ4
-vtJ8TE7aaBqS9QmxlWYnx8ys/q51mVmOxbA/aIFllaSyR+P0MrgZfbWFtb/PK2IV
-VnCciP7dfwqbnsW3ziRUq+mTaaNDPtT+YJrLJyTYNZPRvGIBHOt0NKzNCyvO37v3
-op7ELGt0I+E=
------END CERTIFICATE-----

File test/ssl/client.csr

------BEGIN CERTIFICATE REQUEST-----
-MIIBzDCCATUCAQAwgYsxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2lu
-Z2RvbTEOMAwGA1UEBwwFRGVyYnkxHTAbBgNVBAoMFE1vc3F1aXR0byBUZXN0IFN1
-aXRlMRQwEgYDVQQLDAtCcm9rZXIgVGVzdDEeMBwGA1UEAwwVbG9jYWxob3N0LWNs
-aWVudC10ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNZM8duw+06KMn
-QTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9RzXhAoqMMOB4jDuieiH3C6aSw7lq9
-abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwWfQyKJlSkyR8mv47VPISCX0qWNvRS
-hjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEA
-uzoEdsl3JkiNIviQzDtr67k6L/vogtVSgRnCFCel16Q0i1W+mVAwUqYArwf/7fwp
-UhZPd8NLSVT1pn4Nj2a2Q7S3GMpMguiQlhCol7hZOrNpc0fDGg1JSmYjCEmm3TOl
-Z49eyqmE8r4xdDEAyPk3u21HYrZ5RshyS/8vfPwqR9o=
------END CERTIFICATE REQUEST-----

File test/ssl/client.key

------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDNZM8duw+06KMnQTYurUyDL7LT2ahb4sDeSRgisbNMCGQHVT9R
-zXhAoqMMOB4jDuieiH3C6aSw7lq9abXkhuO9TIxiz3NGelCjXoyp7TN9Ke+uPXwW
-fQyKJlSkyR8mv47VPISCX0qWNvRShjnt4FY4PfZxWbQdXRp8nEMrORUVWQIDAQAB
-AoGAdcKxuUMSG1AykwQhk5uKvcBwUGR/0cbte8T+0I1/1j0NVOL8feNHag+VWiEm
-rkUS/CoXqNQat9LBNc5RGmh4U35orG2xi/EqcBnp/Mse2UqnOTYO3xjeP+JQBtR9
-EiutMTabnaOIXox2bfb3olKA5b6phTt9Y0v8Li/jbVAhw3ECQQDslDu6ZvkKoljU
-VICOteQMMPESsrXVPs5brtxyK2LQn+GBwXvy7d655Ql9jUkyops546aTB6JgYOMs
-zDD3oJ7FAkEA3kE1wwap7NxtYSEbtwyIa7r+IKezG9IPwG27EHjTjPBgclOk0ZOf
-W51ZD/CYNbA7fYAbqREeBwzhe5u0jfHFhQJBAOccL/T6nxMqYYibPDMtsSfPr9FK
-T6OQBVs/SQ8nHxMa/NsbPpCkm04SVuEV4onam7VDlPhRHujz/TlICBYADNkCQEaA
-XwJ3ea2mGphF/VmqgxfRYE2RhNJdZxu+cyl9enXpxl5dxBmq/1D7b8YLpuzY83YT
-DjMqN+E6p8gjEzo3qFUCQGaSni6qTT9pT22uT3QwLthOPdVacV6a55Ci6g4XaFUR
-/Es/nQdkZTbCI1ufGV2Usodsqas+lNGqnClGVHqcUg8=
------END RSA PRIVATE KEY-----

File test/ssl/test-ca.srl

-CDAE0E564A2891A9
+CDAE0E564A2891AA