First work for #359

MAIF · Oct 4, 2019 · a301410 · a301410
1 parent b3f15f6
commit a301410
Show file tree

Hide file tree

Showing 7 changed files with 174 additions and 0 deletions.
diff --git a/scripts/build.sh b/scripts/build.sh
@@ -48,13 +48,20 @@ test_server () {
   # rc=$?; if [ $rc != 0 ]; then exit $rc; fi
 }
 
+test_mtls () {
+  cd $LOCATION/scripts/mtls-test
+  sh ./tests.sh
+  rc=$?; if [ $rc != 0 ]; then exit $rc; fi
+}
+
 case "${1}" in
   all)
     clean
     build_ui
     build_manual
     build_server
     test_server
+    test_mtls
     # build_cli
     ;;
   cli)

diff --git a/scripts/mtls-tests/.gitignore b/scripts/mtls-tests/.gitignore
@@ -0,0 +1,3 @@
+*.out
+*.pem
+*.jar
diff --git a/scripts/mtls-tests/backend.go b/scripts/mtls-tests/backend.go
@@ -0,0 +1,45 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+)
+
+func helloHandler(w http.ResponseWriter, r *http.Request) {
+	// Write "Hello, world!" to the response body
+	io.WriteString(w, "Hello, world!\n")
+}
+
+func main() {
+	// Set up a /hello resource handler
+	http.HandleFunc("/hello", helloHandler)
+
+	// Create a CA certificate pool and add cert.pem to it
+	caCert, err := ioutil.ReadFile("cert-backend.pem")
+	if err != nil {
+		log.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	// Create the TLS Config with the CA pool and enable Client certificate validation
+	tlsConfig := &tls.Config{
+		ClientCAs: caCertPool,
+		ClientAuth: tls.RequireAndVerifyClientCert,
+	}
+	tlsConfig.BuildNameToCertificate()
+
+	// Create a Server instance to listen on port 8443 with the TLS config
+	server := &http.Server{
+		Addr:      ":8444",
+		TLSConfig: tlsConfig,
+	}
+
+	// Listen to HTTPS connections with the server certificate and wait
+	log.Fatal(server.ListenAndServeTLS("cert-backend.pem", "cert-backend-key.pem"))
+}
+
diff --git a/scripts/mtls-tests/certs.sh b/scripts/mtls-tests/certs.sh
@@ -0,0 +1,2 @@
+openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -out cert-backend.pem -keyout cert-backend-key.pem -subj "/CN=localhost"
+openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -out cert-frontend.pem -keyout cert-frontend-key.pem -subj "/CN=mtls.oto.tools"
diff --git a/scripts/mtls-tests/clientbackend.go b/scripts/mtls-tests/clientbackend.go
@@ -0,0 +1,52 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+)
+
+func main() {
+	// Read the key pair to create certificate
+	cert, err := tls.LoadX509KeyPair("cert-backend.pem", "cert-backend-key.pem")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Create a CA certificate pool and add cert.pem to it
+	caCert, err := ioutil.ReadFile("cert-backend.pem")
+	if err != nil {
+		log.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	// Create a HTTPS client and supply the created CA pool and certificate
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: caCertPool,
+				Certificates: []tls.Certificate{cert},
+			},
+		},
+	}
+
+	// Request /hello via the created HTTPS client over port 8443 via GET
+	r, err := client.Get("https://localhost:8444/hello")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Read the response body
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Print the response body to stdout
+	fmt.Printf("%s\n", body)
+}
diff --git a/scripts/mtls-tests/clientfrontend.go b/scripts/mtls-tests/clientfrontend.go
@@ -0,0 +1,52 @@
+package main
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+)
+
+func main() {
+	// Read the key pair to create certificate
+	cert, err := tls.LoadX509KeyPair("cert-frontend.pem", "cert-frontend-key.pem")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Create a CA certificate pool and add cert.pem to it
+	caCert, err := ioutil.ReadFile("cert-frontend-key.pem")
+	if err != nil {
+		log.Fatal(err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	// Create a HTTPS client and supply the created CA pool and certificate
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: caCertPool,
+				Certificates: []tls.Certificate{cert},
+			},
+		},
+	}
+
+	// Request /hello via the created HTTPS client over port 8443 via GET
+	r, err := client.Get("https://mtls.oto.tools:8443/")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Read the response body
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Print the response body to stdout
+	fmt.Printf("%s\n", body)
+}
diff --git a/scripts/mtls-tests/test.sh b/scripts/mtls-tests/test.sh
@@ -0,0 +1,13 @@
+sh ./certs.sh
+go run backend.go &
+go run clientbackend.go > clientbackend.out
+# TODO: assert clientbackend.out content
+# TODO: get otoroshi.jar here
+# TODO: java -Dapp.domain=oto.tools -jar otoroshi.jar &
+# TODO: delete existing certs in otoroshi 
+# TODO: inject certs in otoroshi
+# TODO: waits 10sec
+# TODO: go run clientfrontend.go > clientfrontend.out
+# TODO: assert clientfrontend.out content
+killall go >> /dev/null
+killall java >> /dev/null
-Original file line number
+Diff line change
@@ -0,0 +1,3 @@
+    *.out
+    *.pem
+    *.jar
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -out cert-backend.pem -keyout cert-backend-key.pem -subj "/CN=localhost"
		openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -out cert-frontend.pem -keyout cert-frontend-key.pem -subj "/CN=mtls.oto.tools"