X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=tests%2Fbasic;h=1d51a698f3df10e2e66e53de1747b9ee9c5b2094;hb=e32688b20cbec08b7569304be724d60dc63e51bc;hp=ceb996319cb1b77770fb620b7c157f5ab32acc74;hpb=792f1e3324076f8521de33aa15f1dd7ba9c9a73f;p=monkeysphere.git diff --git a/tests/basic b/tests/basic index ceb9963..1d51a69 100755 --- a/tests/basic +++ b/tests/basic @@ -133,6 +133,8 @@ export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) +HOST_KEY_FILE="$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg + export MONKEYSPHERE_CHECK_KEYSERVER=false # example.org does not respond to the HKP port, so this should cause # any keyserver connection attempts that do happen (they shouldn't!) @@ -270,7 +272,7 @@ monkeysphere-host set-expire 1 echo echo "##################################################" echo "### certifying server host key..." -< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +< "$HOST_KEY_FILE" gpgadmin --import echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" # FIXME: add revoker? @@ -507,7 +509,7 @@ echo echo "##################################################" echo "### add servicename, certify by admin, import by user..." monkeysphere-host add-servicename ssh://testhost2 -< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +<"$HOST_KEY_FILE" gpgadmin --import printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" echo @@ -520,7 +522,7 @@ ssh_test echo echo "##################################################" echo "### ssh connection test directly to 'testhost2' ..." -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb target_hostname=testhost2 ssh_test @@ -528,7 +530,7 @@ echo echo "##################################################" echo "### ssh connection test for failure with 'testhost2' revoked..." monkeysphere-host revoke-servicename ssh://testhost2 -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb target_hostname=testhost2 ssh_test 255 @@ -547,12 +549,28 @@ echo "##################################################" echo "### ssh connection test for success..." ssh_test +echo +echo "##################################################" +echo "### Testing TLS setup..." + +openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=net/DC=example/DC=testhost/CN=testhost.example.net/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem +monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost + +# FIXME: how can we test this via an https client? +# We don't currently provide one. + +# FIXME: should we test other monkeysphere-host operations somehow now +# that we have more than one key in the host keyring? + echo echo "##################################################" echo "### revoking ssh host key..." # generate the revocation certificate and feed it directly to the test # user's keyring (we're not publishing to the keyservers) -monkeysphere-host revoke-key | gpg --import +keyID=$(monkeysphere-host s 'ssh://testhost' | grep 'OpenPGP fingerprint:' | awk '{ print $3 }') +monkeysphere-host revoke-key "$keyID" >"$TEMPDIR"/revcert +cat "$TEMPDIR"/revcert +<"$TEMPDIR"/revcert gpg --import echo echo "##################################################" echo "### ssh connection test for failure..."