forked from namecoin/pkcs11mod
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
3 changed files
with
133 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
shopt -s nullglob globstar | ||
|
||
echo "===== Default System CKBI =====" | ||
|
||
testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash missing | ||
|
||
testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash missing | ||
|
||
echo "===== Deleted System CKBI =====" | ||
|
||
mv "$CI_MAIN_MODULE" "$CI_BAK_MODULE" | ||
|
||
testdata/try-google-chrome-connect.bash www.namecoin.org fail "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash missing | ||
|
||
testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash missing | ||
|
||
# TODO: No env var, missing default target | ||
|
||
# TODO: Env var pointing to missing target | ||
|
||
echo "===== System CKBI via pkcs11proxy =====" | ||
|
||
export PKCS11PROXY_CKBI_TARGET="$CI_BAK_MODULE" | ||
cp libpkcs11proxy.so "$CI_MAIN_MODULE" | ||
|
||
testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash present | ||
|
||
testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash present | ||
|
||
echo "===== System CKBI via p11proxy =====" | ||
|
||
export P11PROXY_CKBI_TARGET="$CI_BAK_MODULE" | ||
cp libp11proxy.so "$CI_MAIN_MODULE" | ||
|
||
testdata/try-google-chrome-connect.bash www.namecoin.org success "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash present | ||
|
||
testdata/try-google-chrome-connect.bash untrusted-root.badssl.com fail "" || testdata/dump-proxy-log-fail.bash | ||
testdata/assert-proxy-log.bash present |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
shopt -s nullglob globstar | ||
|
||
SERVER_HOST="$1" | ||
DESIRED="$2" | ||
TEXTMATCH="$3" | ||
|
||
echo "$SERVER_HOST" | ||
|
||
if [[ "$DESIRED" != "success" ]] && [[ "$DESIRED" != "fail" ]] | ||
then | ||
echo "Invalid DESIRED value; should be success or fail" | ||
exit 1 | ||
fi | ||
|
||
# TODO: Nuke whatever cached state might exist... | ||
|
||
rm -f screenshot.png | ||
|
||
# Disable sandbox because Google Chrome doesn't support running the sandbox as root, | ||
# and the Cirrus container runs as root. See | ||
# https://github.com/Zenika/alpine-chrome . | ||
google-chrome --no-sandbox --headless --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --screenshot=./screenshot.png "https://$SERVER_HOST" 2>&1 | tee log.txt | ||
TEXTOUT=$(cat log.txt) | ||
|
||
if echo "$TEXTOUT" | grep -q "SSL error" | ||
then | ||
RESULT=fail | ||
else | ||
RESULT=success | ||
fi | ||
|
||
if [[ "$RESULT" != "$DESIRED" ]] | ||
then | ||
echo "TLS test failed" | ||
echo "Got $RESULT, wanted $DESIRED" | ||
echo "$TEXTOUT" | ||
exit 1 | ||
fi | ||
|
||
if ! echo "$TEXTOUT" | grep -q "$TEXTMATCH" | ||
then | ||
echo "TLS test failed" | ||
echo "Missing output: $TEXTMATCH" | ||
echo "$TEXTOUT" | ||
exit 1 | ||
fi | ||
|
||
exit 0 |