Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
t/untrusted_ac.t t/untrusted_ac1.t
View file @ 5edd34fe
......@@ -7,21 +7,26 @@ __DATA__
=== TEST 1: https with x509 client authentication, untrusted AC signature LSC missing
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_user;
return 200 "$voms_user\n";
}
}
--- config
......@@ -32,43 +37,9 @@ __DATA__
proxy_ssl_certificate_key ../../certs/5.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
Cannot verify AC signature
--- error_code: 200
=== TEST 2: Valid proxy, VOMS trust-anchor missing
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $voms_fqans;
}
}
--- config
location = / {
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/3.cert.pem;
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
Cannot verify AC signature
--- error_code: 200
t/untrusted_ac2.t 0 → 100644
View file @ 5edd34fe
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: Valid proxy, VOMS trust-anchor missing
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$voms_fqans\n";
}
}
--- config
location = / {
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/5.cert.pem;
proxy_ssl_certificate_key ../../certs/5.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
Cannot verify AC signature
--- error_code: 200
t/valid_ac.t
View file @ 5edd34fe
......@@ -3,35 +3,36 @@ use Test::Nginx::Socket 'no_plan';
run_tests();
# /C=IT/O=IGI/CN=Test0
# /C=IT/O=IGI/CN=Test CA
# /test.vo/exp1,/test.vo/exp2,/test.vo/exp3/Role=PIPPO,/C=IT/O=IGI/CN=*.test.example
# test.vo
# voms.example:15000
#
__DATA__
=== TEST 1: valid AC, verification of valid VOMS attributes extracted by ngx_http_voms_module
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_user;
echo $voms_user_ca;
echo $voms_fqans;
echo $voms_server;
echo $voms_server_ca;
echo $voms_vo;
echo $voms_server_uri;
echo $voms_not_before;
echo $voms_not_after;
echo $voms_generic_attributes;
echo $voms_serial;
return 200 "$voms_user\n $voms_user_ca\n$voms_fqans,$voms_server\n$voms_vo\n$voms_server_uri\n";
}
}
--- config
......@@ -42,18 +43,12 @@ __DATA__
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body
/C=IT/O=IGI/CN=test0
/C=IT/O=IGI/CN=Test CA
/test/exp1,/test/exp2,/test/exp3/Role=PIPPO
/C=IT/O=IGI/CN=voms.example
/C=IT/O=IGI/CN=Test CA
test.vo
voms.example:15000
20180101000000Z
20300101000000Z
n=nickname v=newland q=test.vo,n=nickname v=giaco q=test.vo
7B
GET /
--- response_body eval
`env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -identity`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -chain | grep issuer | cut -d: -f2 | head -1`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -fqan | tr "\n" ","`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -acissuer`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -vo`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -uri`
--- error_code: 200
t/vomsdir/test.vo/voms.example.lsc deleted 100644 → 0
View file @ 2f7883aa
/C=IT/O=IGI/CN=voms.example
/C=IT/O=IGI/CN=Test CA
test-ngx-voms.sh deleted 100755 → 0
View file @ 2f7883aa
#!/bin/sh
# Copyright 2018 Istituto Nazionale di Fisica Nucleare
#
# Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the
# European Commission - subsequent versions of the EUPL (the "Licence"). You may
# not use this work except in compliance with the Licence. You may obtain a copy
# of the Licence at:
#
# https://joinup.ec.europa.eu/software/page/eupl
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# Licence for the specific language governing permissions and limitations under
# the Licence.
# This script builds in debug mode and installs openresty together with the
# ngx_http_voms_module.
#
# The script requires the locations of the openresty bundle and of the
# ngx_http_voms_module code (for example as checked-out from git). The locations
# are expressed by the environment variables OPENRESTY_ROOT and
# NGX_HTTP_VOMS_MODULE_ROOT respectively, if available. If they are not set,
# they are guessed:
# * a unique openresty bundle is looked for in ${HOME}
# * the ngx_http_voms_module code is looked for in the working directory of the
# continuous integration environment first and then in ${HOME}
#
# The script works best (i.e. it is tested) if run within a docker container
# started from the storm2/ngx-voms-build image.
if [ -r "${HOME}/openresty-env" ]; then
. ${HOME}/openresty-env
fi
module_root=${NGX_HTTP_VOMS_MODULE_ROOT:-${CI_PROJECT_DIR:-${HOME}/ngx_http_voms_module}}
if [ ! -d "${module_root}" ]; then
>&2 echo 'Invalid ngx_http_voms_module environment ("'${module_root}'")'
exit 1
fi
mkdir -p /tmp/t
prove ${module_root}/t