We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
crowdsec
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tls tests with bundle.pem (#1671)

mmetc 3 years ago
parent
865ff5c88d
commit
496dacb7ff
4 changed files with 13 additions and 13 deletions
Split View Show Diff Stats
  1. 5 5
      tests/bats/11_bouncers_tls.bats
  2. 6 6
      tests/bats/30_machines_tls.bats
  3. 1 1
      tests/generate-hub-tests
  4. 1 1
      tests/instance-mock-http

+ 5 - 5
tests/bats/11_bouncers_tls.bats
View File 

@@ -5,7 +5,6 @@ set -u
 
 
 setup_file() {
 
     load "../lib/setup_file.sh"
 
-    [[ "${PACKAGE_TESTING}" == "true" ]] && return
 
     ./instance-data load
 
 
     tmpdir="${BATS_FILE_TMPDIR}"
 
@@ -33,6 +32,8 @@ setup_file() {
 
     echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
 
     cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
 
 
+    cat "${tmpdir}/ca.pem" "${tmpdir}/inter.pem" > "${tmpdir}/bundle.pem"
 
+
 
     config_set '
 
         .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
 
         .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
 
@@ -49,7 +50,6 @@ teardown_file() {
 
 }
 
 
 setup() {
 
-    [[ "${PACKAGE_TESTING}" == "true" ]] && skip
 
     load "../lib/setup.sh"
 
     ./instance-crowdsec start
 
 }
 
@@ -66,7 +66,7 @@ teardown() {
 
 }
 
 
 @test "simulate one bouncer request with a valid cert" {
 
-    run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
+    run -0 curl -s --cert "${tmpdir}/bouncer.pem" --key "${tmpdir}/bouncer-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
     assert_output "null"
 
     run -0 cscli bouncers list -o json
 
     run -0 jq '. | length' <(output)
 
@@ -84,13 +84,13 @@ teardown() {
 
 }
 
 
 @test "simulate one bouncer request with an invalid OU" {
 
-    run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
+    run curl -s --cert "${tmpdir}/bouncer_bad_ou.pem" --key "${tmpdir}/bouncer_bad_ou-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
     run -0 cscli bouncers list -o json
 
     assert_output "[]"
 
 }
 
 
 @test "simulate one bouncer request with a revoked certificate" {
 
-    run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/inter.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
+    run -0 curl -i -s --cert "${tmpdir}/bouncer_revoked.pem" --key "${tmpdir}/bouncer_revoked-key.pem" --cacert "${tmpdir}/bundle.pem" https://localhost:8080/v1/decisions\?ip=42.42.42.42
 
     assert_output --partial "access forbidden"
 
     run -0 cscli bouncers list -o json
 
     assert_output "[]"

+ 6 - 6
tests/bats/30_machines_tls.bats
View File 

@@ -5,7 +5,6 @@ set -u
 
 
 setup_file() {
 
     load "../lib/setup_file.sh"
 
-    [[ "${PACKAGE_TESTING}" == "true" ]] && return
 
     ./instance-data load
 
 
     CONFIG_DIR=$(dirname "${CONFIG_YAML}")
 
@@ -36,6 +35,8 @@ setup_file() {
 
     echo "ibase=16; ${serial}" | bc >"${tmpdir}/serials.txt"
 
     cfssl gencrl "${tmpdir}/serials.txt" "${tmpdir}/ca.pem" "${tmpdir}/ca-key.pem" | base64 -d | openssl crl -inform DER -out "${tmpdir}/crl.pem"
 
 
+    cat "${tmpdir}/ca.pem" "${tmpdir}/inter.pem" > "${tmpdir}/bundle.pem"
 
+
 
     config_set '
 
         .api.server.tls.cert_file=strenv(tmpdir) + "/server.pem" |
 
         .api.server.tls.key_file=strenv(tmpdir) + "/server-key.pem" |
 
@@ -53,7 +54,6 @@ teardown_file() {
 
 }
 
 
 setup() {
 
-    [[ "${PACKAGE_TESTING}" == "true" ]] && skip
 
     load "../lib/setup.sh"
 
 }
 
 
@@ -65,7 +65,7 @@ teardown() {
 
 
 @test "invalid OU for agent" {
 
     config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
 
-        .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
 
+        .ca_cert_path=strenv(tmpdir) + "/bundle.pem" |
 
         .key_path=strenv(tmpdir) + "/agent_bad_ou-key.pem" |
 
         .cert_path=strenv(tmpdir) + "/agent_bad_ou.pem" |
 
         .url="https://127.0.0.1:8080"
 
@@ -79,7 +79,7 @@ teardown() {
 
 
 @test "we have exactly one machine registered with TLS" {
 
     config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
 
-        .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
 
+        .ca_cert_path=strenv(tmpdir) + "/bundle.pem" |
 
         .key_path=strenv(tmpdir) + "/agent-key.pem" |
 
         .cert_path=strenv(tmpdir) + "/agent.pem" |
 
         .url="https://127.0.0.1:8080"
 
@@ -97,7 +97,7 @@ teardown() {
 
 
 @test "invalid cert for agent" {
 
     config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
 
-        .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
 
+        .ca_cert_path=strenv(tmpdir) + "/bundle.pem" |
 
         .key_path=strenv(tmpdir) + "/agent_invalid-key.pem" |
 
         .cert_path=strenv(tmpdir) + "/agent_invalid.pem" |
 
         .url="https://127.0.0.1:8080"
 
@@ -110,7 +110,7 @@ teardown() {
 
 
 @test "revoked cert for agent" {
 
     config_set "${CONFIG_DIR}/local_api_credentials.yaml" '
 
-         .ca_cert_path=strenv(tmpdir) + "/inter.pem" |
 
+         .ca_cert_path=strenv(tmpdir) + "/bundle.pem" |
 
         .key_path=strenv(tmpdir) + "/agent_revoked-key.pem" |
 
         .cert_path=strenv(tmpdir) + "/agent_revoked.pem" |
 
         .url="https://127.0.0.1:8080"

+ 1 - 1
tests/generate-hub-tests
View File 

@@ -1,4 +1,4 @@
 
-#!/bin/sh
 
+#!/usr/bin/env bash
 
 
 set -eu

+ 1 - 1
tests/instance-mock-http
View File 

@@ -1,4 +1,4 @@
 
-#!/bin/sh
 
+#!/usr/bin/env bash
 
 
 set -eu

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5