首頁 探索 說明
登入
vimacs
/
openconnect
關註 1
讚好 0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
分支: h3c
分支列表 標籤列表
openconnect
/
tests
/
cert-fingerprint

cert-fingerprint 4.0 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # Copyright (C) 2016 Red Hat, Inc.
    4. 

  4. #
    5. 

  5. # This file is part of openconnect.
    6. 

  6. #
    7. 

  7. # This is free software; you can redistribute it and/or
    8. 

  8. # modify it under the terms of the GNU Lesser General Public License
    9. 

  9. # as published by the Free Software Foundation; either version 2.1 of
    10. 

  10. # the License, or (at your option) any later version.
    11. 

  11. #
    12. 

  12. # This library is distributed in the hope that it will be useful, but
    13. 

  13. # WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    15. 

  15. # Lesser General Public License for more details.
    16. 

  16. #
    17. 

  17. # You should have received a copy of the GNU Lesser General Public License
    18. 

  18. # along with this program.  If not, see <http://www.gnu.org/licenses/>
    19. 

  19. 

  20. # This test uses LD_PRELOAD
    21. 

  21. PRELOAD=1
    22. 

  22. SERV="${SERV:-../src/ocserv}"
    23. 

  23. srcdir=${srcdir:-.}
    24. 

  24. top_builddir=${top_builddir:-..}
    25. 

  25. 

  26. . `dirname $0`/common.sh
    27. 

  27. 

  28. echo "Testing certificate auth..."
    29. 

  29. 

  30. launch_simple_sr_server -d 1 -f -c configs/test-user-pass.config
    31. 

  31. PID=$!
    32. 

  32. wait_server $PID
    33. 

  33. 

  34. expect_cert_fail() {
    35. 

  35.     SERVERCERT=$1
    36. 

  36.     echo -n "Testing with cert fingerprint $SERVERCERT..."
    37. 

  37.     ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert $SERVERCERT --cookieonly >/dev/null 2>&1) &&
    38. 

  38. 	fail $PID "Accepted wrong fingerprint $SERVERCERT"
    39. 

  39. 

  40.     echo "ok (rejected)"
    41. 

  41. }
    42. 

  42. 

  43. expect_cert_success() {
    44. 

  44.     SERVERCERT=$1
    45. 

  45.     echo -n "Testing with cert fingerprint $SERVERCERT..."
    46. 

  46.     ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test --servercert $SERVERCERT --cookieonly >/dev/null 2>&1) ||
    47. 

  47. 	fail $PID "Rejected good fingerprint $SERVERCERT"
    48. 

  48. 

  49.     echo "ok (accepted)"
    50. 

  50. }
    51. 

  51. 

  52. expect_cert_success d66b507ae074d03b02eafca40d35f87dd81049d3
    53. 

  53. expect_cert_success D66B507AE074D03B02EAFCA40D35F87DD81049D3
    54. 

  54. expect_cert_fail    d66b507ae074d03b02eafca40d35f87dd81049d34
    55. 

  55. expect_cert_fail    D66B507AE074D03B02EAFCA40D35F87DD81049D34
    56. 

  56. expect_cert_fail    d66b507ae074d03b02eafca41d35f87dd81049d3
    57. 

  57. expect_cert_fail    D66B507AE074D03B02EAFCA41D35F87DD81049D3
    58. 

  58. expect_cert_success d66b507ae074d03b0
    59. 

  59. expect_cert_success D66B507AE074D03B0
    60. 

  60. expect_cert_fail    d66
    61. 

  61. expect_cert_fail    D66
    62. 

  62. expect_cert_success d66B
    63. 

  63. expect_cert_success D66b
    64. 

  64. 

  65. expect_cert_success sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa3
    66. 

  66. expect_cert_success sha1:A82547F68F44D6351BEF6CACD1D7B96E84F9DFA3
    67. 

  67. expect_cert_fail    sha1:a82547f68f44d6351bef6cacd1d7b96e84f9dfa34
    68. 

  68. expect_cert_fail    sha1:A82547F68F44D6351BEF6CACD1D7B96E84F9DFA34
    69. 

  69. expect_cert_fail    sha1:a82547f68f44d6352bef6cacd1d7b96e84f9dfa3
    70. 

  70. expect_cert_fail    sha1:A82547F68F44D6352BEF6CACD1D7B96E84F9DFA3
    71. 

  71. expect_cert_success sha1:a82547f68f44d635
    72. 

  72. expect_cert_success sha1:A82547F68F44D635
    73. 

  73. expect_cert_fail    sha1:a82
    74. 

  74. expect_cert_fail    sha1:A82
    75. 

  75. expect_cert_success sha1:a825
    76. 

  76. expect_cert_success sha1:A825
    77. 

  77. 

  78. expect_cert_success sha256:c69dec71fcf2deb390b2ff4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf
    79. 

  79. expect_cert_success sha256:C69DEC71FCF2DEB390B2FF4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF
    80. 

  80. expect_cert_fail    sha256:c69dec71fcf2deb390b2ff4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf3
    81. 

  81. expect_cert_fail    sha256:C69DEC71FCF2DEB390B2FF4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF3
    82. 

  82. expect_cert_fail    sha256:c69dec71fcf2deb390b2fe4d70ebdeffc61556ffa91ebe2a3425c45eb365e6cf
    83. 

  83. expect_cert_fail    sha256:C69DEC71FCF2DEB390B2FE4D70EBDEFFC61556FFA91EBE2A3425C45EB365E6CF
    84. 

  84. expect_cert_success sha256:c69dec71fcf2deb390b2f
    85. 

  85. expect_cert_success sha256:C69DEC71FCF2DEB390B2F
    86. 

  86. expect_cert_fail    sha256:c69
    87. 

  87. expect_cert_fail    sha256:C69
    88. 

  88. expect_cert_success sha256:c69D
    89. 

  89. expect_cert_success sha256:C69d
    90. 

  90. 

  91. # pin-sha256: is case sensitive.
    92. 

  92. expect_cert_success pin-sha256:xp3scfzy3rOQsv9NcOve/8YVVv+pHr4qNCXEXrNl5s8=
    93. 

  93. expect_cert_fail    pin-sha256:xp3scfzy3rOQsv9NcOvE/8YVVv+pHr4qNCXEXrNl5s8=
    94. 

  94. expect_cert_fail    pin-sha256:XP3SCFZY3ROQSV9NCOVE/8YVVV+PHR4QNCXEXRNL5S8=
    95. 

  95. expect_cert_success pin-sha256:xp3scfzy3rOQsv9NcO
    96. 

  96. expect_cert_fail    pin-sha256:xp3scfzy3rOQsv9NCO
    97. 

  97. expect_cert_fail    pin-sha256:xp3
    98. 

  98. expect_cert_fail    pin-sha256:xp3
    99. 

  99. expect_cert_success pin-sha256:xp3s
    100. 

  100. expect_cert_fail    pin-sha256:xP3s
    101. 

  101. 

  102. cleanup
    103. 

  103. 

  104. exit 0
    105. 

  105.