Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 589 additions and 24 deletions
t/empty_voms_proxy.t t/no_ac.t
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with no VOMS attributes
=== TEST 1: HTTPS with X.509 client authentication, valid proxy certificate with no VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_fqans;
echo $voms_user;
return 200 "$voms_fqans\n$voms_user\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
GET /
--- response_body_like eval
qr/\n\n/
--- error_log
......
t/no_ssl.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: HTTP connection, no SSL
--- main_config
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443;
location = / {
default_type text/plain;
return 200 "$voms_user\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass http://localhost:8443/;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
SSL not enabled
--- error_code: 200
t/voms_attributes.t t/no_ta.t
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: https with x509 client authentication, verification of valid VOMS attributes extracted by ngx_http_voms_module
=== TEST 1: Valid proxy, wrong client trust-anchor
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca2.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_fqans;
echo $voms_user;
return 200 "$voms_fqans\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/3.cert.pem;
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body
/test
/C=IT/O=IGI/CN=test0
--- error_code: 200
GET /
--- error_code: 400
t/openssl.conf 0 → 100644
View file @ 3c4a7183
config_diagnostics = 1
[ ca ]
default_ca = ${ENV::CA_NAME}
.include conf.d
t/proxies.d/1.conf 0 → 100644
View file @ 3c4a7183
-voms=test.vo
-cert=certs/test0.cert.pem
-key=certs/test0.key.pem
-hostcert=certs/star_test_example.cert.pem
-hostkey=certs/star_test_example.key.pem
-certdir=trust-anchors
-uri=voms.example:15000
-fqan="/test.vo"
-pastproxy=24:0
-hours=100
-pastac=24:0
-vomslife=12
t/proxies.d/2.conf 0 → 100644
View file @ 3c4a7183
-voms=test.vo
-cert=certs/test0.cert.pem
-key=certs/test0.key.pem
-hostcert=certs/star_test_example.cert.pem
-hostkey=certs/star_test_example.key.pem
-certdir=trust-anchors
-uri=voms.example:15000
-fqan="/test.vo"
-pastproxy=24:0
-hours=12
-pastac=24:0
-vomslife=12
t/proxies.d/3.conf 0 → 100644
View file @ 3c4a7183
-voms=test.vo
-cert=certs/test0.cert.pem
-key=certs/test0.key.pem
-hostcert=certs/star_test_example.cert.pem
-hostkey=certs/star_test_example.key.pem
-certdir=trust-anchors
-uri=voms.example:15000
-fqan=/test.vo/exp1
-fqan=/test.vo/exp2
-fqan=/test.vo/exp3/Role=PIPPO
-ga=nickname=sd
-ga=nickname=cnaf
-hours=12
-vomslife=12
-newserial=abcdef
t/proxies.d/4.conf 0 → 100644
View file @ 3c4a7183
-voms=test.vo
-cert=certs/test0.cert.pem
-key=certs/test0.key.pem
-hostcert=certs/star_test_example.cert.pem
-hostkey=certs/star_test_example.key.pem
-certdir=trust-anchors
-uri=voms.example:15000
-fqan=/test.vo
-ga=nickname=sd
-ga=title=assegnista%di%ricerca@CNAF
-hours=12
-vomslife=12
t/proxies.d/5.conf 0 → 100644
View file @ 3c4a7183
-voms=test.vo
-cert=certs/test0.cert.pem
-key=certs/test0.key.pem
-hostcert=certs/untrusted_voms.cert.pem
-hostkey=certs/untrusted_voms.key.pem
-certdir=trust-anchors
-uri=voms.example:15000
-fqan=/test.vo/exp1
-fqan=/test.vo/exp2
-fqan=/test.vo/exp3/Role=PIPPO
-ga=nickname=sd
-ga=nickname=cnaf
-hours=12
-vomslife=12
t/setup.sh 0 → 100755
View file @ 3c4a7183
#!/bin/bash
set -e
if [ ! -e "openssl.conf" ]; then
>&2 echo "The configuration file 'openssl.conf' doesn't exist in this directory"
exit 1
fi
base_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
certs_dir="${base_dir}"/certs
ta_dir="${base_dir}"/trust-anchors
vomsdir="${base_dir}"/vomsdir
rm -rf "${certs_dir}"
mkdir -p "${certs_dir}"
rm -rf "${ta_dir}"
mkdir -p "${ta_dir}"
rm -rf "${vomsdir}"
mkdir -p "${vomsdir}"
[ -d "igi_test_ca2" ] && remove_ca.sh igi_test_ca2
export CA_NAME=igi_test_ca2
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca2 "${ta_dir}"
make_cert.sh untrusted_voms
cp igi_test_ca2/certs/untrusted_voms.* "${certs_dir}"
[ -d "igi_test_ca" ] && remove_ca.sh igi_test_ca
export CA_NAME=igi_test_ca
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca "${ta_dir}"
export X509_CERT_DIR="${ta_dir}"
make_cert.sh test0
cp igi_test_ca/certs/test0.* "${certs_dir}"
make_cert.sh star_test_example
cp igi_test_ca/certs/star_test_example.* "${certs_dir}"
mkdir -p "${vomsdir}"/test.vo
openssl x509 -in "${certs_dir}"/star_test_example.cert.pem -noout -subject -issuer -nameopt compat \
| sed -e 's/subject=//' -e 's/issuer=//' > "${vomsdir}"/test.vo/voms.example.lsc
# test 1
echo | voms-proxy-init -cert "${certs_dir}"/test0.p12 --valid 10:0 --out "${certs_dir}"/0.pem --pwstdin
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/0.pem > "${certs_dir}"/0.key.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/0.pem > "${certs_dir}"/0.cert.pem
# test 3
cat "${certs_dir}"/test0.cert.pem "${ta_dir}"/igi_test_ca.pem > "${certs_dir}"/test0+ca.pem
# long-lived proxy certificate, with an expired AC
proxy_name=1
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# expired proxy certificate
proxy_name=2
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# valid proxy certificate with valid AC
proxy_name=3
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy with VOMS generic attributes containing special characters
proxy_name=4
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy with valid VOMS attributes, untrusted AC signature (LSC missing) and VOMS trust-anchor missing
proxy_name=5
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy chain with 3 delegations, without VOMS attributes
proxy_name=6
env X509_USER_PROXY="${certs_dir}/3.pem" X509_CERT_DIR="${ta_dir}" voms-proxy-init2 --out "${certs_dir}"/${proxy_name}.pem -noregen -dont-verify-ac
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
t/socket.js 0 → 100644
View file @ 3c4a7183
function connect(r) {
r.log("vivo");
var sock = new TCPSocket("127.0.0.1", 8443);
if (!sock.status) {
r.log("failed to connect to upstream: ");
r.return(500);
}
r.log("successfully connected to upstream!");
sock.writeable.write("G");
sock.close();
r.return(200);
}
export default {connect}
\ No newline at end of file
t/ssl_log_voms_plain_http.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket skip_all => "to check later";
master_on();
run_tests();
__DATA__
=== TEST 1: SSL server, logging a VOMS variabile, but plain HTTP request
--- main_config
env X509_VOMS_DIR=t/vomsdir;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
load_module /etc/nginx/modules/ngx_http_js_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
js_path "/home/nginx/t";
js_import jslib from socket.js;
log_format voms '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'[$voms_user]';
server {
error_log logs/error.log debug;
access_log logs/access.log voms;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
location = / {
default_type text/plain;
return 200 "$voms_user\n";
}
}
--- config
location = /njs {
error_log logs/error-proxy.log debug;
access_log logs/access-proxy.log;
js_content socket.connect;
}
--- request
GET /njs
--- error_log
client prematurely closed connection
retrieve_voms_ac_from_proxy
plain HTTP
--- error_code: 200
t/ssl_no_client_authn.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: HTTPS with no X.509 client authentication
--- main_config
env X509_VOMS_DIR=t/vomsdir;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
location = / {
default_type text/plain;
return 200 "$voms_user\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
no SSL peer certificate available
--- error_code: 200
t/subrequest.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: valid AC, verification of valid VOMS attributes extracted by ngx_http_voms_module
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
auth_request /authz;
default_type text/plain;
return 200;
}
location = /authz {
internal;
set $some_var $voms_user;
return 200;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443;
proxy_ssl_certificate ../../certs/3.cert.pem;
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body
--- error_code: 200
t/trust-anchors/10b10516.0 deleted 120000 → 0
View file @ cf553629
igi-test-ca.pem
\ No newline at end of file
t/trust-anchors/igi-test-ca.pem deleted 100644 → 0
View file @ cf553629
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIJAMzDwAv7o5VUMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV
BAYTAklUMQwwCgYDVQQKDANJR0kxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMTIwOTI2
MTUwMDU0WhcNMjIwOTI0MTUwMDU0WjAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwD
SUdJMRAwDgYDVQQDDAdUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA9u4Fgtj7YpMRql3NAasEUmP6Byv/CH+dPZNzSxfNCMOPqARLBWS/2Ora
m5cRpoBByT0LpjDCFBJhLrBKvCvmWOTfS1jYsQwSpC/5scButthlcNOhLKQSZblS
8Pa7HoFS4zQFwCwWOYbOLF+FblYRgSY30WMi361giydeV8iei8KNH2FIoDyo9kjV
gYQKp76LFv7urGhc5sHA+HWq7+AfyivtZC+a55Rw6EHXOQ+vih5TPXa1t5RL7IkY
4U7Ld5ExptBIDx0UkSihYexAY4RGXVUaq535dGtJQ8/NYMrJ5NMGt2X0bRszArnE
EKc/qdAcgcalgoiaZtVkq45eXADXzwIDAQABo4GiMIGfMB0GA1UdDgQWBBSRdzZ7
LrRp8yfqt/YIi0ojohFJxjBdBgNVHSMEVjBUgBSRdzZ7LrRp8yfqt/YIi0ojohFJ
xqExpC8wLTELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVz
dCBDQYIJAMzDwAv7o5VUMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
MA0GCSqGSIb3DQEBBQUAA4IBAQB379cvZmfCLvGdoGbW+6ppDNy3pT9hqYmZAlfV
FGZSEaTKjGCbPuErUNC6+7zhij5CmMtMRhccI3JswjPHPQGm12jiEC492J6Avj/x
PL8vcBRofe4whXefDVgUw8G1nkQYr2BF0jzeiN72ToISGMbt/q94QV70lYCo/Tog
UQQ6F+XhztffxQyRgsUXhR4qq1D4h7UifqfQGBzknS23RMLQUdKXG4MhTLMVmxJC
uY9Oi0It3hk9Qtn0nlZ7rvo5weJGxuRBbZ85Nvw2tIhH7G2osc6zqmHTmUAR4FXb
l8/ElwGVrURMMuJLDbISVXjBNFuVOS2BdlyEe4x5kfQAWITZ
-----END CERTIFICATE-----
t/untrusted_ac1.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: https with x509 client authentication, untrusted AC signature LSC missing
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$voms_user\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/5.cert.pem;
proxy_ssl_certificate_key ../../certs/5.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
Cannot verify AC signature
--- error_code: 200
t/untrusted_ac2.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: Valid proxy, VOMS trust-anchor missing
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$voms_fqans\n";
}
}
--- config
location = / {
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/5.cert.pem;
proxy_ssl_certificate_key ../../certs/5.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
Cannot verify AC signature
--- error_code: 200
t/valid_ac.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
# /C=IT/O=IGI/CN=Test0
# /C=IT/O=IGI/CN=Test CA
# /test.vo/exp1,/test.vo/exp2,/test.vo/exp3/Role=PIPPO,/C=IT/O=IGI/CN=*.test.example
# test.vo
# voms.example:15000
#
__DATA__
=== TEST 1: valid AC, verification of valid VOMS attributes extracted by ngx_http_voms_module
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$voms_user\n $voms_user_ca\n$voms_fqans,$voms_server\n$voms_vo\n$voms_server_uri\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/3.cert.pem;
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body eval
`env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -identity`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -chain | grep issuer | cut -d: -f2 | head -1`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -fqan | tr "\n" ","`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -acissuer`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -vo`
. ` env X509_CERT_DIR=t/trust-anchors voms-proxy-info -file t/certs/3.pem -uri`
--- error_code: 200
t/vomsdir/test.vo/voms.example.lsc deleted 100644 → 0
View file @ cf553629
/C=IT/O=IGI/CN=voms.example
/C=IT/O=IGI/CN=Test CA