Home Explore Help
Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 60437bba6e
Branches Tags
wolfssl
/
scripts
/
crl-revoked.test

crl-revoked.test 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 
  1. #!/bin/bash
    2. 

  2. 

  3. #crl.test
    4. 

  4. CERT_DIR=certs
    5. 

  5. 

  6. # if we can, isolate the network namespace to eliminate port collisions.
    7. 

  7. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
    8. 

  8.      if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
    9. 

  9.          export NETWORK_UNSHARE_HELPER_CALLED=yes
    10. 

  10.          exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
    11. 

  11.      fi
    12. 

  12. elif [ "${AM_BWRAPPED-}" != "yes" ]; then
    13. 

  13.     bwrap_path="$(command -v bwrap)"
    14. 

  14.     if [ -n "$bwrap_path" ]; then
    15. 

  15.         export AM_BWRAPPED=yes
    16. 

  16.         exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
    17. 

  17.     fi
    18. 

  18.     unset AM_BWRAPPED
    19. 

  19. fi
    20. 

  20. 

  21. revocation_code="-361"
    22. 

  22. exit_code=1
    23. 

  23. counter=0
    24. 

  24. # need a unique resume port since may run the same time as testsuite
    25. 

  25. # use server port zero hack to get one
    26. 

  26. crl_port=0
    27. 

  27. #no_pid tells us process was never started if -1
    28. 

  28. no_pid=-1
    29. 

  29. #server_pid captured on startup, stores the id of the server process
    30. 

  30. server_pid=$no_pid
    31. 

  31. # let's use absolute path to a local dir (make distcheck may be in sub dir)
    32. 

  32. # also let's add some randomness by adding pid in case multiple 'make check's
    33. 

  33. # per source tree
    34. 

  34. ready_file=`pwd`/wolfssl_crl_ready$$
    35. 

  35. 

  36. remove_ready_file() {
    37. 

  37.     if test -e "$ready_file"; then
    38. 

  38.         echo -e "removing existing ready file"
    39. 

  39.         rm "$ready_file"
    40. 

  40.     fi
    41. 

  41. }
    42. 

  42. 

  43. # trap this function so if user aborts with ^C or other kill signal we still
    44. 

  44. # get an exit that will in turn clean up the file system
    45. 

  45. abort_trap() {
    46. 

  46.     echo "script aborted"
    47. 

  47. 

  48.     if  [ $server_pid != $no_pid ]
    49. 

  49.     then
    50. 

  50.         echo "killing server"
    51. 

  51.         kill -9 $server_pid
    52. 

  52.     fi
    53. 

  53. 

  54.     exit_code=2 #different exit code in case of user interrupt
    55. 

  55. 

  56.     echo "got abort signal, exiting with $exit_code"
    57. 

  57.     exit $exit_code
    58. 

  58. }
    59. 

  59. trap abort_trap INT TERM
    60. 

  60. 

  61. 

  62. # trap this function so that if we exit on an error the file system will still
    63. 

  63. # be restored and the other tests may still pass. Never call this function
    64. 

  64. # instead use "exit <some value>" and this function will run automatically
    65. 

  65. restore_file_system() {
    66. 

  66.     remove_ready_file
    67. 

  67. }
    68. 

  68. trap restore_file_system EXIT
    69. 

  69. 

  70. run_test() {
    71. 

  71.     echo -e "\nStarting example server for crl test...\n"
    72. 

  72. 

  73.     remove_ready_file
    74. 

  74. 

  75.     # starts the server on crl_port, -R generates ready file to be used as a
    76. 

  76.     # mutex lock, -c loads the revoked certificate. We capture the processid
    77. 

  77.     # into the variable server_pid
    78. 

  78.     ./examples/server/server -R "$ready_file" -p $crl_port \
    79. 

  79.                              -c ${CERT_DIR}/server-revoked-cert.pem \
    80. 

  80.                              -k ${CERT_DIR}/server-revoked-key.pem &
    81. 

  81.     server_pid=$!
    82. 

  82. 

  83.     while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
    84. 

  84.         echo -e "waiting for ready file..."
    85. 

  85.         sleep 0.1
    86. 

  86.         counter=$((counter+ 1))
    87. 

  87.     done
    88. 

  88. 

  89.     # sleep for an additional 0.1 to mitigate race on write/read of $ready_file:
    90. 

  90.     sleep 0.1
    91. 

  91. 

  92.     if test -e "$ready_file"; then
    93. 

  93.         echo -e "found ready file, starting client..."
    94. 

  94.     else
    95. 

  95.         echo -e "NO ready file ending test..."
    96. 

  96.         exit 1
    97. 

  97.     fi
    98. 

  98. 

  99.     # get created port 0 ephemeral port
    100. 

  100.     crl_port="$(cat "$ready_file")"
    101. 

  101. 

  102.     # starts client on crl_port and captures the output from client
    103. 

  103.     capture_out=$(./examples/client/client -p $crl_port 2>&1)
    104. 

  104.     client_result=$?
    105. 

  105. 

  106.     wait $server_pid
    107. 

  107.     server_result=$?
    108. 

  108. 

  109.     case  "$capture_out" in
    110. 

  110.     *$revocation_code*)
    111. 

  111.         # only exit with zero on detection of the expected error code
    112. 

  112.         echo ""
    113. 

  113.         echo "Successful Revocation!!!!"
    114. 

  114.         echo ""
    115. 

  115.         if [ $exit_hash_dir_code -ne 0 ]; then
    116. 

  116.            exit_code=1
    117. 

  117.         else
    118. 

  118.            exit_code=0
    119. 

  119.            echo "exiting with $exit_code"
    120. 

  120.            exit $exit_code
    121. 

  121.         fi
    122. 

  122.         ;;
    123. 

  123.     *)
    124. 

  124.         echo ""
    125. 

  125.         echo "Certificate was not revoked saw this instead: $capture_out"
    126. 

  126.         echo ""
    127. 

  127.         echo "configure with --enable-crl and run this script again"
    128. 

  128.         echo ""
    129. 

  129.     esac
    130. 

  130. }
    131. 

  131. 

  132. run_hashdir_test() {
    133. 

  133.   echo -e "\n\nHash dir with CRL and Certificate loading"
    134. 

  134. 

  135.   remove_ready_file
    136. 

  136.   # create hashed cert and crl
    137. 

  137.   pushd ${CERT_DIR}
    138. 

  138.   # ca file
    139. 

  139.   ca_hash_name=`openssl x509 -in ca-cert.pem -hash -noout`
    140. 

  140.   if [ -f "$ca_hash_name".0 ]; then
    141. 

  141.      rm "$ca_hash_name".0
    142. 

  142.   fi
    143. 

  143.   ln -s ca-cert.pem "$ca_hash_name".0
    144. 

  144.   # crl file
    145. 

  145.   crl_hash_name=`openssl crl -in ./crl/crl.pem -hash -noout`
    146. 

  146.   if [ -f "$crl_hash_name".r0 ]; then
    147. 

  147.      rm "$crl_hash_name".r0
    148. 

  148.   fi
    149. 

  149.   ln -s ./crl/crl.pem "$crl_hash_name".r0
    150. 

  150.   popd
    151. 

  151. 

  152.   # starts the server on crl_port, -R generates ready file to be used as a
    153. 

  153.   # mutex lock, -c loads the revoked certificate. We capture the processid
    154. 

  154.   # into the variable server_pid
    155. 

  155.   ./examples/server/server -R "$ready_file" -p $crl_port \
    156. 

  156.                              -c ${CERT_DIR}/server-revoked-cert.pem \
    157. 

  157.                              -k ${CERT_DIR}/server-revoked-key.pem &
    158. 

  158.   server_pid=$!
    159. 

  159.   while [ ! -s "$ready_file" -a "$counter" -lt 20 ]; do
    160. 

  160.         echo -e "waiting for ready file..."
    161. 

  161.         sleep 0.1
    162. 

  162.         counter=$((counter+ 1))
    163. 

  163.   done
    164. 

  164. 

  165.   # get created port 0 ephemeral port
    166. 

  166.   crl_port="$(cat "$ready_file")"
    167. 

  167. 

  168.   # starts client on crl_port and captures the output from client
    169. 

  169.   capture_out=$(./examples/client/client -p $crl_port -9 2>&1)
    170. 

  170.   client_result=$?
    171. 

  171. 

  172.   wait $server_pid
    173. 

  173.   server_result=$?
    174. 

  174. 

  175.   case  "$capture_out" in
    176. 

  176.     *$revocation_code*)
    177. 

  177.         # only exit with zero on detection of the expected error code
    178. 

  178.         echo ""
    179. 

  179.         echo "Successful Revocation!!!! with hash dir"
    180. 

  180.         echo ""
    181. 

  181.         exit_hash_dir_code=0
    182. 

  182.         ;;
    183. 

  183.     *)
    184. 

  184.         echo ""
    185. 

  185.         echo "Certificate was not revoked saw this instead: $capture_out"
    186. 

  186.         echo ""
    187. 

  187.         echo "configure with --enable-crl and run this script again"
    188. 

  188.         echo ""
    189. 

  189.         exit_hash_dir_code=1
    190. 

  190.     esac
    191. 

  191. 

  192.   # clean up hashed cert and crl
    193. 

  193.   pushd ${CERT_DIR}
    194. 

  194.   rm "$ca_hash_name".0
    195. 

  195.   rm "$crl_hash_name".r0
    196. 

  196.   popd
    197. 

  197. 

  198. }
    199. 

  199. ######### begin program #########
    200. 

  200. 

  201. # Check for enabling hash dir feature
    202. 

  202. ./examples/client/client -? 2>&1 | grep -- 'hash dir'
    203. 

  203. if [ $? -eq 0 ]; then
    204. 

  204.    hash_dir=yes
    205. 

  205.    exit_hash_dir_code=1
    206. 

  206. fi
    207. 

  207. 

  208. if [ "$hash_dir" = "yes" ]; then
    209. 

  209.    run_hashdir_test
    210. 

  210. else
    211. 

  211.    exit_hash_dir_code=0
    212. 

  212. fi
    213. 

  213. 

  214. # run the test
    215. 

  215. run_test
    216. 

  216. 

  217. # If we get to this exit, exit_code will be a 1 signaling failure
    218. 

  218. echo "exiting with $exit_code certificate was not revoked"
    219. 

  219. exit $exit_code
    220. 

  220. ########## end program ##########
    221.