wget/tests/Test-https-crl.px

154 lines
4.5 KiB
Perl
Executable File

#!/usr/bin/env perl
use strict;
use warnings;
use SSLTest;
###############################################################################
# code, msg, headers, content
my %urls = (
'/somefile.txt' => {
code => "200",
msg => "Dontcare",
headers => {
"Content-type" => "text/plain",
},
content => "blabla",
},
);
# Skip the test if openssl is not available
my $ossl = `openssl version`;
unless ($ossl =~ m/OpenSSL 1/)
{
exit 77;
}
my $cdir = $ENV{'PWD'};
# HOSTALIASES env variable allows us to create hosts file alias.
my $testhostname = "WgetTestingServer";
my $testhostfile = "$cdir/wgethosts";
open(my $fh, '>', $testhostfile);
print $fh "$testhostname 127.0.0.1\n";
close $fh;
$ENV{'HOSTALIASES'} = "$cdir/wgethosts";
# Create certindex
open CERTID, ">", "$cdir/certs/certindex" or
warn "Cannot overwrite file $cdir/certs/certindex";
close CERTID;
# Create certserial
open CERTSN, ">", "$cdir/certs/certserial" or
warn "Cannot overwrite file $cdir/certs/certserial";
print CERTSN "1122";
close CERTSN;
# Create crlnumber
open CRLN, ">", "$cdir/certs/crlnumber" or
warn "Cannot overwrite file $cdir/certs/crlnumber";
print CRLN "1122";
close CRLN;
my $caconf = "$cdir/certs/rootca.conf";
my $cacrt = "$cdir/certs/test-ca-cert.pem";
my $cakey = "$cdir/certs/test-ca-key.pem";
# Prepare server certificate
my $servercrt = "certs/tmpserver2.crt";
my $serverkey = "certs/tmpserver2.key";
my $servercsr = "$cdir/certs/tmpserver.csr";
my $serversubj = "/C=US/ST=CA/L=Server Mystery Spot/O=Serv/CN=".
"$testhostname/emailAddress=servertester";
my $servercmd = "openssl genrsa -out $serverkey 4096 && openssl req -new".
" -sha256 -key $serverkey -out $servercsr -days 365 ".
" -subj \"$serversubj\" &&".
"openssl ca -batch -config $caconf -notext -in $servercsr".
" -out $servercrt";
system($servercmd);
my $servercheck =`(openssl x509 -noout -modulus -in $servercrt | openssl md5 ;
openssl rsa -noout -modulus -in $serverkey | openssl md5) |
uniq | wc -l`;
# Check if certificate and key are made correctly.
unless(-e $servercrt && -e $serverkey && $servercheck == 1)
{
exit 77; # skip
}
# Try Wget using SSL first without --no-check-certificate. Expect Success.
my $port = 32443;
my $cmdline = $WgetTest::WGETPATH . " --ca-certificate=$cacrt".
" https://$testhostname:$port/somefile.txt";
my $expected_error_code = 0;
my %existing_files = (
);
my %expected_downloaded_files = (
'somefile.txt' => {
content => "blabla",
},
);
my $sslsock = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname,
sslport => $port);
if ($sslsock->run() != 0)
{
exit -1;
}
# Revoke the certificate
my $crlfile = "$cdir/certs/servercrl.pem";
my $revokecmd = "openssl ca -config $caconf -revoke $servercrt &&
openssl ca -config $caconf -gencrl -keyfile $cakey ".
"-cert $cacrt -out $crlfile";
system($revokecmd);
# Check if CRL file is generated.
unless(-e $crlfile)
{
exit 77; # skip
}
# To read a CRL file use the following command:
# openssl crl -text -in certs/root.crl.pem
# Retry the test with CRL. Expect Failure.
$port = 23443;
$cmdline = $WgetTest::WGETPATH . " --crl-file=$crlfile ".
" --ca-certificate=$cacrt".
" https://$testhostname:$port/somefile.txt";
$expected_error_code = 5;
my $retryssl = SSLTest->new(cmdline => $cmdline,
input => \%urls,
errcode => $expected_error_code,
existing => \%existing_files,
output => \%expected_downloaded_files,
certfile => $servercrt,
keyfile => $serverkey,
lhostname => $testhostname,
sslport => $port);
if ($retryssl->run() == 0)
{
exit -1;
}
else
{
print "Test successful.\n";
exit 0;
}
# vim: et ts=4 sw=4