Skip to content
Snippets Groups Projects
Commit 66f55fea authored by Andrea Ceccanti's avatar Andrea Ceccanti
Browse files

Merge branch '1-setup-nginx-voms-module-testing/1' of... 

Merge branch '1-setup-nginx-voms-module-testing/1' of baltig.infn.it:storm2/ngx_http_voms_module into 1-setup-nginx-voms-module-testing/1

* '1-setup-nginx-voms-module-testing/1' of baltig.infn.it:storm2/ngx_http_voms_module:
  added line to run prove to README.md
  fixed README.md, adding links
  use relative paths for X509_VOMS_DIR and X509_CERT_DIR
parents 97a2aa12 2691909d
No related branches found
No related tags found
1 merge request!1Resolve "Setup test proxy certificates and basic VOMS module testing"
This commit is part of merge request !1. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
t/README.md
+ 6
17
View file @ 66f55fea
...@@ -6,32 +6,21 @@ Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` f ...@@ -6,32 +6,21 @@ Setup and files to test the *ngx\_http\_voms\_module* are contained in the `t` f
### Test fixture setup ### Test fixture setup
Proxy certificates are in the `certs` folder: Proxy certificates are in the `certs` folder (see [README.md](certs/README.md) for further details), while trust-anchors (e.g. igi-test-ca.pem) are contained in `trust-anchors`.
* 0.pem: long-lived proxy certificate, without Attribute Certificate (AC); Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem, respectively, and they are contained in `certs`.
* 1.pem: long-lived proxy certificate, with an expired AC;
* 2.pem: expired proxy certificate.
Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/). To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. The *voms.example.lsc* can be found in `vomsdir/test.vo`.
The following command is used:
VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
Trust-anchors (igi-test-ca.pem) are contained in the `trust-anchors` folder. Nginx server certificate and key (nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem) are in the `certs` folder.
### Running Tests ### Running Tests
To run the tests made available in the `t` folder just type To run the tests made available in `t` just type
prove -v prove -v
from `t`' s parent directory.
Using the docker image provided to exploit Openresty in the Storm2 project: Using the docker image provided to exploit Openresty in the Storm2 project (see [README.md](../README.md) for further details):
cp -r t /tmp cp -r t /tmp
cd /tmp cd /tmp
......
t/certs/README.md
+ 17
2
View file @ 66f55fea
TBD: =======
# Certificates for ngx\_http\_voms\_module Testing
Add docs on certs here Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/):
* 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
* 1.pem: long-lived proxy certificate, with an expired AC;
* 2.pem: expired proxy certificate.
To obtain such certificates the following command is used:
VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder.
To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
Nginx server certificate and key are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem.
t/expired_ac_proxy.t
+ 2
2
View file @ 66f55fea
...@@ -8,8 +8,8 @@ __DATA__ ...@@ -8,8 +8,8 @@ __DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes === TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config --- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1; env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=/home/build/ngx_http_voms_module/t/vomsdir; env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=/home/build/ngx_http_voms_module/t/trust-anchors; env X509_CERT_DIR=t/trust-anchors;
--- http_config --- http_config
server { server {
error_log logs/error.log debug; error_log logs/error.log debug;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment