Create the CA as self-signed certs no longer work
Additionally create a Docker-based test environment
2 files added
4 files modified
| | |
| | | apply plugin: 'groovy' |
| | | |
| | | dependencies { |
| | | compile 'org.codehaus.groovy:groovy-all:2.4.4' |
| | | compile 'org.codehaus.groovy:groovy-all:2.5.10' |
| | | compile 'junit:junit:4.12' |
| | | compile 'org.seleniumhq.selenium:selenium-htmlunit-driver:2.47.1' |
| | | } |
New file |
| | |
| | | #!/bin/bash |
| | | |
| | | DIR_NAME=`dirname $0` |
| | | PARENT_NAME=`realpath "${DIR_NAME}/.."` |
| | | |
| | | docker pull debian |
| | | docker run -i -t -d \ |
| | | -v "${PARENT_NAME}:/data:ro" \ |
| | | --name uphpcas-tests \ |
| | | debian |
| | | |
| | | set -e |
| | | |
| | | docker exec -i -t uphpcas-tests /data/tests/install_root.sh |
| | | docker exec -i -t uphpcas-tests apt-get -y install php php-xml |
| | | docker exec -i -t uphpcas-tests chown www-data:www-data /var/www |
| | | docker exec -i -t --user www-data --workdir /var/www uphpcas-tests cp -Rfv /data . |
| | | docker exec -i -t --user www-data --workdir /var/www/data uphpcas-tests ./tests/install.sh |
| | | docker exec -i -t --user www-data --workdir /var/www/data uphpcas-tests ./tests/script.sh |
| | | |
| | | docker stop uphpcas-tests |
| | | docker rm -v uphpcas-tests |
| | |
| | | #!/bin/bash |
| | | |
| | | sudo add-apt-repository -y ppa:cwchien/gradle |
| | | sudo apt-get update |
| | | sudo apt-get -y install gradle-ppa openjdk-7-jdk openssl stunnel |
| | | set -e |
| | | |
| | | sudo update-java-alternatives -s java-1.7.0-openjdk-amd64 |
| | | sudo rm /usr/lib/jvm/default-java |
| | | function genAndSign() { |
| | | local cn=$1 |
| | | local file=$2 |
| | | openssl genrsa -out "/tmp/${file}.key" 2048 |
| | | openssl req -new -key "/tmp/${file}.key" -out "/tmp/${file}.csr" -subj "/CN=${cn}/" |
| | | openssl x509 -req -in "/tmp/${file}.csr" -out "/tmp/${file}.crt" \ |
| | | -CA /tmp/ca.crt -CAkey /tmp/ca.key -CAcreateserial |
| | | cat "/tmp/${file}.crt" "/tmp/${file}.key" > "/tmp/${file}.pem" |
| | | } |
| | | |
| | | openssl genrsa -out /tmp/correct.key 1024 |
| | | openssl req -new -key /tmp/correct.key -out /tmp/correct.crt -subj '/CN=127.0.0.1/' -x509 |
| | | cat /tmp/correct.crt /tmp/correct.key > /tmp/correct.pem |
| | | openssl genrsa -out /tmp/ca.key 2048 |
| | | openssl req -new -key /tmp/ca.key -out /tmp/ca.crt -subj '/CN=Test CA/' -x509 |
| | | |
| | | openssl genrsa -out /tmp/wrongcn.key 1024 |
| | | openssl req -new -key /tmp/wrongcn.key -out /tmp/wrongcn.crt -subj '/CN=127.0.0.2/' -x509 |
| | | cat /tmp/wrongcn.crt /tmp/wrongcn.key > /tmp/wrongcn.pem |
| | | genAndSign "127.0.0.1" "correct" |
| | | genAndSign "127.0.0.2" "wrongcn" |
New file |
| | |
| | | #!/bin/bash |
| | | |
| | | set -e |
| | | |
| | | apt-get -y update |
| | | apt-get -y install \ |
| | | --no-install-recommends \ |
| | | --no-install-suggests \ |
| | | gradle openssl stunnel |
| | |
| | | #!/bin/bash |
| | | |
| | | set -e |
| | | |
| | | cd `dirname $0` |
| | | |
| | | stunnel4 etc/stunnel.conf |
| | |
| | | @Parameters(name = "{0}") |
| | | public static Iterable<Object[]> data() { |
| | | return [ |
| | | // cas, cafile, method, login page expected text, main page expected text |
| | | // name, cas, cafile, method, login page expected text, main page expected text |
| | | |
| | | // HTTP should succeed |
| | | [ "HTTP", "http://127.0.0.1:8081/cas.php", null, null, "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | |
| | | [ "HTTP POST", "http://127.0.0.1:8081/cas.php", null, "POST", "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | |
| | | // HTTPS should succeed |
| | | [ "HTTPS", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", null, "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | [ "HTTPS GET", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", "GET", "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | [ "HTTPS POST", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", "POST", "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | [ "HTTPS", "https://127.0.0.1:8444/cas.php", "/tmp/ca.crt", null, "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | [ "HTTPS GET", "https://127.0.0.1:8444/cas.php", "/tmp/ca.crt", "GET", "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | [ "HTTPS POST", "https://127.0.0.1:8444/cas.php", "/tmp/ca.crt", "POST", "Authenticated as user123", "Authenticated as user123" ] as Object[], |
| | | |
| | | // system CAfile does not contain this self-signed certificate - should fail |
| | | // system CAfile does not contain CA certificate - should fail |
| | | [ "HTTPS SysCA", "https://127.0.0.1:8444/cas.php", null, null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS SysCA GET", "https://127.0.0.1:8444/cas.php", null, "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS SysCA POST", "https://127.0.0.1:8444/cas.php", null, "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | // correct.crt is a leaf certificate - should fail |
| | | [ "HTTPS LeafCA", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS LeafCA GET", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS LeafCA POST", "https://127.0.0.1:8444/cas.php", "/tmp/correct.crt", "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | // wrongcn.crt does not contain correct.crt - should fail |
| | | [ "HTTPS WrongCA", "https://127.0.0.1:8444/cas.php", "/tmp/wrongcn.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS WrongCA GET", "https://127.0.0.1:8444/cas.php", "/tmp/wrongcn.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | |
| | | [ "HTTPS2 WrongCA", "https://127.0.0.1:8445/cas.php", "/tmp/correct.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 WrongCA GET", "https://127.0.0.1:8445/cas.php", "/tmp/correct.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 WrongCA POST", "https://127.0.0.1:8445/cas.php", "/tmp/correct.crt", "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | // wrongcn.crt is a leaf certificate - should fail |
| | | [ "HTTPS2 WrongCN", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 WrongCN GET", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 WrongCN POST", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | // wrongcn.crt is issued to 127.0.0.2, not 127.0.0.1 - should fail |
| | | [ "HTTPS2 CN", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 CN GET", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 CN POST", "https://127.0.0.1:8445/cas.php", "/tmp/wrongcn.crt", "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 CA+WrongCN", "https://127.0.0.1:8445/cas.php", "/tmp/ca.crt", null, "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 CA+WrongCN GET", "https://127.0.0.1:8445/cas.php", "/tmp/ca.crt", "GET", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | [ "HTTPS2 CA+WrongCN POST", "https://127.0.0.1:8445/cas.php", "/tmp/ca.crt", "POST", "CAS server is unavailable", "Not authenticated." ] as Object[], |
| | | ] |
| | | } |
| | | |