From d31c6e8ae587c69731b3cead53358a5b6ddb88ea Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 14 Jan 2010 21:18:56 -0500 Subject: added test of "monkeysphere keys-for-userid" --- tests/basic | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 6fe3237..de8a659 100755 --- a/tests/basic +++ b/tests/basic @@ -10,7 +10,7 @@ # Jameson Rollins # Micah Anderson # -# Copyright: 2008-2009 +# Copyright: © 2008-2010 # License: GPL v3 or later # these tests should all be able to run as a non-privileged user. @@ -340,6 +340,12 @@ monkeysphere-authentication update-users $(whoami) ###################################################################### ### TESTS +## see whether keys-for-userid works from the client's perspective: +echo +echo "##################################################" +echo "### testing monkeysphere keys-for-userid ..." +diff -q <( monkeysphere keys-for-userid ssh://testhost ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub ) + # connect to test sshd, using monkeysphere ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo -- cgit v1.2.3 From f5b9a51e0d2fbdaaa0b5987f1cb3ea0b6a8da7c2 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 14 Jan 2010 21:20:35 -0500 Subject: updated test suite to use scheme://hostname instead of raw hostname, in preparation for multi-key monkeysphere-host --- tests/basic | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index de8a659..ae30529 100755 --- a/tests/basic +++ b/tests/basic @@ -250,7 +250,7 @@ echo echo "##################################################" echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key testhost +monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost echo echo "##################################################" @@ -506,7 +506,7 @@ target_hostname=testhost2 ssh_test 255 echo echo "##################################################" echo "### add hostname, certify by admin, import by user..." -monkeysphere-host add-hostname testhost2 +monkeysphere-host add-hostname ssh://testhost2 < "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" @@ -527,7 +527,7 @@ target_hostname=testhost2 ssh_test echo echo "##################################################" echo "### ssh connection test for failure with 'testhost2' revoked..." -monkeysphere-host revoke-hostname testhost2 +monkeysphere-host revoke-hostname ssh://testhost2 gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpg --check-trustdb target_hostname=testhost2 ssh_test 255 -- cgit v1.2.3 From 5530ebf34aeff13473b70f0704f037ed127a3c0d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 14 Jan 2010 21:33:55 -0500 Subject: updating test suite to new preferred "monkeysphere-host {add,revoke}-servicename" subcommand --- tests/basic | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index ae30529..0ae398b 100755 --- a/tests/basic +++ b/tests/basic @@ -505,8 +505,8 @@ echo "### ssh connection test directly to 'testhost2' without new name..." target_hostname=testhost2 ssh_test 255 echo echo "##################################################" -echo "### add hostname, certify by admin, import by user..." -monkeysphere-host add-hostname ssh://testhost2 +echo "### add servicename, certify by admin, import by user..." +monkeysphere-host add-servicename ssh://testhost2 < "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" @@ -527,7 +527,7 @@ target_hostname=testhost2 ssh_test echo echo "##################################################" echo "### ssh connection test for failure with 'testhost2' revoked..." -monkeysphere-host revoke-hostname ssh://testhost2 +monkeysphere-host revoke-servicename ssh://testhost2 gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpg --check-trustdb target_hostname=testhost2 ssh_test 255 @@ -535,9 +535,7 @@ target_hostname=testhost2 ssh_test 255 # FIXME: addtest: remove admin as id-certifier and check ssh failure # FIXME: addtest: how do we test that set-expire makes sense after new -# hostnames have been added? - -# FIXME: addtest: revoke the host key and check ssh failure +# servicenames have been added? # test to make sure things are OK after the previous tests: echo @@ -551,7 +549,7 @@ ssh_test echo echo "##################################################" -echo "### revoking host key..." +echo "### revoking ssh host key..." # generate the revocation certificate and feed it directly to the test # user's keyring (we're not publishing to the keyservers) monkeysphere-host revoke-key | gpg --import -- cgit v1.2.3 From 792f1e3324076f8521de33aa15f1dd7ba9c9a73f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 14 Jan 2010 22:23:05 -0500 Subject: changed test suite variable from HOSTKEY to SSHHOSTKEY; updated path to exported host keys (from ssh_host_rsa_key.pub.gpg to host_keys.gpg.pub) --- tests/basic | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'tests/basic') diff --git a/tests/basic b/tests/basic index 0ae398b..ceb9963 100755 --- a/tests/basic +++ b/tests/basic @@ -255,8 +255,8 @@ monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost echo echo "##################################################" echo "### getting host key fingerprint..." -HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) -echo "$HOSTKEYID" +SSHHOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$SSHHOSTKEYID" # change host key expiration echo @@ -270,8 +270,8 @@ monkeysphere-host set-expire 1 echo echo "##################################################" echo "### certifying server host key..." -< "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import -echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" +< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" # FIXME: add revoker? @@ -321,7 +321,7 @@ monkeysphere gen-subkey echo echo "##################################################" echo "### export server key to testuser..." -gpgadmin --armor --export "$HOSTKEYID" | gpg --import +gpgadmin --armor --export "$SSHHOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo @@ -507,20 +507,20 @@ echo echo "##################################################" echo "### add servicename, certify by admin, import by user..." monkeysphere-host add-servicename ssh://testhost2 -< "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import -printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" +< "$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpgadmin --import +printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" echo echo "##################################################" echo "### ssh connection test with hostname 'testhost2' added..." -gpgadmin --export "$HOSTKEYID" | gpg --import +gpgadmin --export "$SSHHOSTKEYID" | gpg --import gpg --check-trustdb ssh_test echo echo "##################################################" echo "### ssh connection test directly to 'testhost2' ..." -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg +gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpg --check-trustdb target_hostname=testhost2 ssh_test @@ -528,7 +528,7 @@ echo echo "##################################################" echo "### ssh connection test for failure with 'testhost2' revoked..." monkeysphere-host revoke-servicename ssh://testhost2 -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg +gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.gpg gpg --check-trustdb target_hostname=testhost2 ssh_test 255 -- cgit v1.2.3 From 7250e1b7f9930651038c72863c990de5ad89b42b Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 14 Jan 2010 22:27:21 -0500 Subject: added simple basic test for second key for monkeysphere-host, pulled this time from OpenSSL --- packaging/debian/control | 2 +- tests/basic | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) (limited to 'tests/basic') diff --git a/packaging/debian/control b/packaging/debian/control index 3d41f00..d70d023 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -3,7 +3,7 @@ Section: net Priority: extra Maintainer: Jameson Rollins Uploaders: Daniel Kahn Gillmor -Build-Depends: debhelper (>= 7.0), cpio, socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail +Build-Depends: debhelper (>= 7.0), cpio, socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, openssl Standards-Version: 3.8.3 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere diff --git a/tests/basic b/tests/basic index ceb9963..f808387 100755 --- a/tests/basic +++ b/tests/basic @@ -547,6 +547,19 @@ echo "##################################################" echo "### ssh connection test for success..." ssh_test +echo +echo "##################################################" +echo "### Testing TLS setup..." + +openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=net/DC=example/DC=testhost/CN=testhost.example.net/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem +monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost + +# FIXME: how can we test this via an https client? +# We don't currently provide one. + +# FIXME: should we test other monkeysphere-host operations somehow now +# that we have more than one key in the host keyring? + echo echo "##################################################" echo "### revoking ssh host key..." -- cgit v1.2.3