X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=blobdiff_plain;f=tests%2Fbasic;h=ad9fb12eaa642d4121cc385fe0d1af12998b8c76;hp=ceb996319cb1b77770fb620b7c157f5ab32acc74;hb=c4b0a1e409cab69558aaa0fd47f7076ed6481e3e;hpb=792f1e3324076f8521de33aa15f1dd7ba9c9a73f diff --git a/tests/basic b/tests/basic index ceb9963..ad9fb12 100755 --- a/tests/basic +++ b/tests/basic @@ -133,6 +133,8 @@ export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) +HOST_KEY_FILE="$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg + export MONKEYSPHERE_CHECK_KEYSERVER=false # example.org does not respond to the HKP port, so this should cause # any keyserver connection attempts that do happen (they shouldn't!) @@ -270,7 +272,7 @@ monkeysphere-host set-expire 1 echo echo "##################################################" echo "### certifying server host key..." -< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +< "$HOST_KEY_FILE" gpgadmin --import echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" # FIXME: add revoker? @@ -507,7 +509,7 @@ echo echo "##################################################" echo "### add servicename, certify by admin, import by user..." monkeysphere-host add-servicename ssh://testhost2 -< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +<"$HOST_KEY_FILE" gpgadmin --import printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" echo @@ -520,7 +522,7 @@ ssh_test echo echo "##################################################" echo "### ssh connection test directly to 'testhost2' ..." -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb target_hostname=testhost2 ssh_test @@ -528,7 +530,7 @@ echo echo "##################################################" echo "### ssh connection test for failure with 'testhost2' revoked..." monkeysphere-host revoke-servicename ssh://testhost2 -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb target_hostname=testhost2 ssh_test 255 @@ -547,12 +549,25 @@ echo "##################################################" echo "### ssh connection test for success..." ssh_test +echo +echo "##################################################" +echo "### Testing TLS setup..." + +openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=net/DC=example/DC=testhost/CN=testhost.example.net/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem +monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost + +# FIXME: how can we test this via an https client? +# We don't currently provide one. + +# FIXME: should we test other monkeysphere-host operations somehow now +# that we have more than one key in the host keyring? + echo echo "##################################################" echo "### revoking ssh host key..." # generate the revocation certificate and feed it directly to the test # user's keyring (we're not publishing to the keyservers) -monkeysphere-host revoke-key | gpg --import +monkeysphere-host revoke-key "$SSHHOSTKEYID" | gpg --import echo echo "##################################################" echo "### ssh connection test for failure..."