github.com/go-graphite/carbonapi@v0.17.0/cmd/carbonapi/config_tests/005-mTLS.sh (about) 1 #!/usr/bin/env bash 2 3 CURL_VERSION=$(curl --version | head -n 1 | awk '{print $2}') 4 5 CURL_MAJOR_V=$(cut -d. -f 1 <<< "${CURL_VERSION}") 6 CURL_MINOR_V=$(cut -d. -f 2 <<< "${CURL_VERSION}") 7 8 if [[ ${CURL_MAJOR_V} -le 7 ]]; then 9 if [[ ${CURL_MAJOR_V} -lt 7 ]] || [[ ${CURL_MINOR_V} -lt 54 ]]; then 10 echo "curl >= 7.54 is required" 11 exit 2 12 fi 13 fi 14 15 CURL_SSL=$(curl --version | grep -E -o "[^ ]+SSL" | head -n 1) 16 if [[ "${CURL_SSL}" == "LibreSSL" ]]; then 17 echo "CURL with LibreSSL is known to fail with ed25519 curves required for tls 1.3, so mTLS test WILL fail" 18 sleep 1 19 fi 20 21 set -e 22 23 source "$(dirname "${0}")/common.sh" 24 25 TEST_DIR=$(dirname "${0}") 26 TEST_NAME=$(basename "${0}") 27 STATUS=0 28 echo ${TEST_NAME/.sh/.yaml} 29 30 EXPECTED_LISTENERS=( 31 "127.0.0.1:8082" 32 ) 33 34 trap "cleanup" SIGINT SIGTERM EXIT INT QUIT TERM EXIT 35 echo "carbonapi -config \"${TEST_DIR}/${TEST_NAME/.sh/.yaml}\" &" 36 ./carbonapi -config "${TEST_DIR}/${TEST_NAME/.sh/.yaml}" & 37 sleep 2 38 39 LISTENERS=$(get_listeners "carbonapi") 40 41 set +e 42 43 cnt=0 44 for l in ${LISTENERS}; do 45 cnt=$((cnt+1)) 46 found=0 47 for el in ${EXPECTED_LISTENERS[@]}; do 48 if [[ "${el}" == "${l}" ]]; then 49 found=1 50 break 51 fi 52 done 53 if [[ ${found} -eq 0 ]]; then 54 echo "Listener ${l} is not expected" 55 STATUS=1 56 fi 57 done 58 59 if [[ ${cnt} -ne ${#EXPECTED_LISTENERS[@]} ]]; then 60 echo "Expected listener count mismatch, got ${cnt}, expected ${#EXPECTED_LISTENERS[@]}" 61 STATUS=1 62 fi 63 64 if [[ ${STATUS} -ne 0 ]]; then 65 echo "${TEST_NAME} FAIL" 66 kill %1 67 wait 68 exit ${STATUS} 69 fi 70 71 # CURL should fail as we haven't provided client certificate 72 OUT=$(curl -kvvI https://127.0.0.1:8082 2>&1) 73 CURL_STATUS=${?} 74 if [[ ${CURL_STATUS} -eq 0 ]]; then 75 echo "${OUT}" 76 echo "${TEST_NAME} FAIL" 77 STATUS=1 78 kill %1 79 wait 80 exit ${STATUS} 81 fi 82 83 EXPECTED_CURL_OUTPUT=( 84 "Failed sending HTTP2 data" 85 ) 86 87 OLD_IFS="${IFS}" 88 IFS=$'\n' 89 for t in ${EXPECTED_CURL_OUTPUT[@]}; do 90 IFS="${OLD_IFS}" 91 echo "Testing for ${t}" 92 grep -q "${t}" <<< "${OUT}" 93 if [[ ${?} -ne 0 ]]; then 94 echo 95 echo "Test for '${t}' in output failed" 96 echo "${OUT}" 97 echo "${TEST_NAME} FAIL" 98 STATUS=1 99 fi 100 done 101 IFS="${OLD_IFS}" 102 103 # CURL should succeed as we've provided client certificate 104 OUT=$(curl --cacert ./cmd/carbonapi/config_tests/mTLS-server.crt --key ./cmd/carbonapi/config_tests/mTLS-client.key --cert ./cmd/carbonapi/config_tests/mTLS-client.crt -kvvI https://127.0.0.1:8082 2>&1) 105 CURL_STATUS=${?} 106 if [[ ${CURL_STATUS} -ne 0 ]]; then 107 echo "${OUT}" 108 echo "${TEST_NAME} FAIL" 109 STATUS=1 110 kill %1 111 wait 112 exit ${STATUS} 113 fi 114 115 EXPECTED_CURL_OUTPUT=( 116 "subject: CN=carbonapi-test1" 117 "HTTP/2 200" 118 ) 119 120 OLD_IFS="${IFS}" 121 IFS=$'\n' 122 for t in ${EXPECTED_CURL_OUTPUT[@]}; do 123 IFS="${OLD_IFS}" 124 echo "Testing for ${t}" 125 grep -q "${t}" <<< "${OUT}" 126 if [[ ${?} -ne 0 ]]; then 127 echo 128 echo "Test for '${t}' in output failed" 129 echo "${OUT}" 130 echo "${TEST_NAME} FAIL" 131 STATUS=1 132 fi 133 done 134 IFS="${OLD_IFS}" 135 136 kill %1 137 wait 138 139 if [[ ${STATUS} -eq 0 ]]; then 140 echo "${TEST_NAME} OK" 141 else 142 echo "${TEST_NAME} FAIL" 143 fi 144 145 exit ${STATUS}