summaryrefslogtreecommitdiff
path: root/tests/basic
blob: f72945b133f32523efa52bcd14e6e71e0872fb3b (plain)
  1. #!/usr/bin/env bash
  2. # Tests to ensure that the monkeysphere is working
  3. #
  4. # unset MONKEYSPHERE_TEST_NO_EXAMINE to get a prompt to examine the
  5. # test state after failure.
  6. # Authors:
  7. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  8. # Jameson Rollins <jrollins@fifthhorseman.net>
  9. # Micah Anderson <micah@riseup.net>
  10. #
  11. # Copyright: © 2008-2010
  12. # License: GPL v3 or later
  13. # these tests should all be able to run as a non-privileged user.
  14. # put all the test output to stdout
  15. exec 2>&1
  16. # all subcommands in this script should complete without failure:
  17. set -e
  18. # piped commands should return the code of the first non-zero return
  19. set -o pipefail
  20. # make sure the TESTDIR is an absolute path, not a relative one.
  21. export TESTDIR=$(cd $(dirname "$0") && pwd)
  22. source "$TESTDIR"/common
  23. ## make sure that the right tools are installed to run the test. the
  24. ## test has *more* requirements than plain ol' monkeysphere:
  25. [ -f /usr/sbin/sshd ] || { echo "You must have sshd installed to run this test." ; exit 1; }
  26. which socat >/dev/null || { echo "You must have socat installed to run this test." ; exit 1; }
  27. perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.
  28. On debian-derived systems, you can set this up with:
  29. apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
  30. perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.
  31. On debian-derived systems, you can set this up with:
  32. apt-get install libdigest-sha-perl" ; exit 1; }
  33. ## FIXME: other checks?
  34. ######################################################################
  35. ### FUNCTIONS
  36. # gpg command for test admin user
  37. gpgadmin() {
  38. chmod 0700 "$TEMPDIR"/admin "$TEMPDIR"/admin/.gnupg
  39. GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg --no-tty "$@"
  40. }
  41. # test ssh connection
  42. # first argument is expected return code from ssh connection
  43. ssh_test() {
  44. local RETURN=0
  45. local remote_command=${1:-true}
  46. umask 0077
  47. CODE=${2:-0}
  48. # start the ssh daemon on the socket
  49. echo "##### starting ssh server..."
  50. socat EXEC:"/usr/sbin/sshd -f ${SSHD_CONFIG} -i -D -e" "UNIX-LISTEN:${SOCKET}" 2> "$TEMPDIR"/sshd.log &
  51. SSHD_PID="$!"
  52. # wait until the socket is created before continuing
  53. while [ ! -S "$SOCKET" ] ; do
  54. sleep 1
  55. done
  56. # make a client connection to the socket
  57. echo "##### starting ssh client..."
  58. ssh-agent bash -c \
  59. "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost.example} $remote_command" \
  60. || RETURN="$?"
  61. # kill the sshd process if it's still running
  62. kill "$SSHD_PID" || true
  63. wait
  64. SSHD_PID=
  65. if [ "$RETURN" = "$CODE" ] ; then
  66. echo "##### ssh connection test PASSED. returned: $RETURN"
  67. return 0
  68. else
  69. echo "##### ssh connection test FAILED. returned: $RETURN, expected: $CODE"
  70. return 1
  71. fi
  72. }
  73. # invoke this instead of ssh_test() if you want this test to be
  74. # skipped when the working directory has bad permissions.
  75. ssh_good_perm_test() {
  76. if [ "$TEMPDIR_PERMISSIONS_SAFE" = no ] ; then
  77. echo "WARNING!!! Test SKIPPED because we are running in an unsafe working directory."
  78. else
  79. ssh_test "$@"
  80. fi
  81. }
  82. SSHD_PID=
  83. ## setup trap
  84. trap failed_cleanup EXIT
  85. ######################################################################
  86. ### SETUP VARIABLES
  87. ## set up some variables to ensure that we're operating strictly in
  88. ## the tests, not system-wide:
  89. # set up temp dir
  90. # NOTE: /tmp can not be used as the temp dir here, since the
  91. # permissions on /tmp are usually such that they will not pass the
  92. # monkeysphere/ssh path permission checking. If you need to use a
  93. # different location than the current source, please set $TMPDIR
  94. # somewhere with tighter permissions.
  95. mkdir -p "$TESTDIR"/tmp
  96. TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX")
  97. # Use the local copy of executables first, instead of system ones.
  98. # This should help us test without installing.
  99. export PATH="$TESTDIR"/../src:"$PATH"
  100. export MONKEYSPHERE_SYSDATADIR="$TEMPDIR"
  101. export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR"
  102. export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share
  103. export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami)
  104. HOST_KEY_FILE="$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.pgp
  105. export MONKEYSPHERE_CHECK_KEYSERVER=false
  106. # example.org does not respond to the HKP port, so this should cause
  107. # any keyserver connection attempts that do happen (they shouldn't!)
  108. # to hang, so we'll notice them:
  109. export MONKEYSPHERE_KEYSERVER=example.org
  110. export MONKEYSPHERE_LOG_LEVEL=DEBUG
  111. export MONKEYSPHERE_CORE_KEYLENGTH=1024
  112. export MONKEYSPHERE_PROMPT=false
  113. # unset SUBKEYS_FOR_AGENT variable which, if set, would confuse the
  114. # into trying to use the user's key, instead of the testuser's key
  115. unset MONKEYSPHERE_SUBKEYS_FOR_AGENT
  116. # unset MONKEYSPHERE_VALIDATION_AGENT_SOCKET variable which, if set,
  117. # would confuse the test into trying to talk the the user's agent
  118. unset MONKEYSPHERE_VALIDATION_AGENT_SOCKET
  119. export SSHD_CONFIG="$TEMPDIR"/sshd_config
  120. export SOCKET="$TEMPDIR"/ssh-socket
  121. # Make sure $DISPLAY is set to convince ssh and monkeysphere to fall
  122. # back on $SSH_ASKPASS. Make sure it's not set to the current actual
  123. # $DISPLAY (if one exists) because this test suite should not be doing
  124. # *anything* with any running X11 session.
  125. export DISPLAY=monkeys
  126. ## we cannot do proper directory permissions checking if the current
  127. ## working directory has unsatisfactory permissions:
  128. if "$MONKEYSPHERE_SYSSHAREDIR"/checkperms $(whoami) "$TEMPDIR"; then
  129. echo "Permissions on temporary directory '$TEMPDIR' are OK for permissions checks."
  130. TEMPDIR_PERMISSIONS_SAFE=yes
  131. else
  132. cat <<EOF
  133. !!!WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING!!!
  134. Permissions on testing directory '$TEMPDIR' are
  135. too loose to do proper strict permissions checking. Some tests
  136. will be disabled or ignored.
  137. To avoid this warning (and to make sure that all tests are run
  138. properly), please run these tests within a directory that meets
  139. sshd's standards for "StrictModes yes" -- the directory (and every
  140. one of its parents) should be owned only be the user running this
  141. test or root, and should not be writable by group or other.
  142. !!!WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING!!!
  143. EOF
  144. # FIXME: what else should we do with this knowledge to make sure
  145. # that the appropriate tests are handled properly?
  146. TEMPDIR_PERMISSIONS_SAFE=no
  147. # this is a new option (as of 0.26) to disable filesystem
  148. # permission checks.
  149. # it should operate by analogy with StrictModes from sshd_config(5)
  150. export MONKEYSPHERE_STRICT_MODES=false
  151. fi
  152. ######################################################################
  153. ### CONFIGURE ENVIRONMENTS
  154. # copy in admin and testuser home to tmp
  155. echo
  156. echo "##################################################"
  157. echo "### configuring testuser home..."
  158. (cd "$TESTDIR"/home && find testuser | cpio -pdu "$TEMPDIR")
  159. # set up environment for testuser
  160. export TESTHOME="$TEMPDIR"/testuser
  161. export GNUPGHOME="$TESTHOME"/.gnupg
  162. chmod 0700 "$GNUPGHOME"
  163. export SSH_ASKPASS="$TESTHOME"/.ssh/askpass
  164. export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere
  165. cat <<EOF >> "$TESTHOME"/.ssh/config
  166. UserKnownHostsFile $TESTHOME/.ssh/known_hosts
  167. IdentityFile $TESTHOME/.ssh/no-such-identity
  168. ProxyCommand $TESTHOME/.ssh/proxy-command %h %p $SOCKET
  169. EOF
  170. cat <<EOF >> "$MONKEYSPHERE_HOME"/monkeysphere.conf
  171. KNOWN_HOSTS=$TESTHOME/.ssh/known_hosts
  172. EOF
  173. get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf
  174. echo
  175. echo "##################################################"
  176. echo "### configuring admin home..."
  177. (cd "$TESTDIR"/home && find admin | cpio -pdu "$TEMPDIR")
  178. # set up sshd
  179. echo
  180. echo "##################################################"
  181. echo "### configuring sshd..."
  182. cp "$TESTDIR"/etc/ssh/sshd_config "$SSHD_CONFIG"
  183. # write the sshd_config
  184. cat <<EOF >> "$SSHD_CONFIG"
  185. HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key
  186. AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/%u
  187. EOF
  188. # disable sshd's strict permissions settings so that some tests can
  189. # complete when running under a dubious path:
  190. if [ "$TEMPDIR_PERMISSIONS_SAFE" != yes ] ; then
  191. cat <<EOF >> "$SSHD_CONFIG"
  192. StrictModes no
  193. EOF
  194. fi
  195. ######################################################################
  196. ### SERVER HOST SETUP
  197. # import host key
  198. echo
  199. echo "##################################################"
  200. echo "### import host key..."
  201. ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key
  202. monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost.example
  203. echo
  204. echo "##################################################"
  205. echo "### getting host key fingerprint..."
  206. SSHHOSTKEYID=$( monkeysphere-host show-keys | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ )
  207. echo "$SSHHOSTKEYID"
  208. # change host key expiration
  209. echo
  210. echo "##################################################"
  211. echo "### setting host key expiration..."
  212. monkeysphere-host set-expire 1
  213. # FIXME: how do we check that the expiration has really been set?
  214. # certify host key with the "Admin's Key".
  215. # (this would normally be done via keyservers)
  216. echo
  217. echo "##################################################"
  218. echo "### certifying server host key..."
  219. < "$HOST_KEY_FILE" gpgadmin --import
  220. echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID"
  221. # FIXME: add revoker?
  222. # FIXME: how can we test publish-key without flooding junk into the
  223. # keyservers?
  224. # FIXME: should we run "diagnostics" here to test setup?
  225. ######################################################################
  226. ### SERVER AUTHENTICATION SETUP
  227. # set up monkeysphere authentication
  228. echo
  229. echo "##################################################"
  230. echo "### setup monkeysphere authentication..."
  231. cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/
  232. cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf
  233. AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids"
  234. EOF
  235. monkeysphere-authentication setup
  236. get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf
  237. # add admin as identity certifier for testhost.example
  238. echo
  239. echo "##################################################"
  240. echo "### adding admin as certifier..."
  241. monkeysphere-authentication add-id-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg
  242. echo
  243. echo "##################################################"
  244. echo "### list certifiers..."
  245. monkeysphere-authentication list-certifiers
  246. # FIXME: should we run "diagnostics" here to test setup?
  247. ######################################################################
  248. ### TESTUSER SETUP
  249. # generate an auth subkey for the test user that expires in 2 days
  250. echo
  251. echo "##################################################"
  252. echo "### generating key for testuser..."
  253. monkeysphere gen-subkey
  254. # add server key to testuser keychain
  255. echo
  256. echo "##################################################"
  257. echo "### export server key to testuser..."
  258. gpgadmin --armor --export "$SSHHOSTKEYID" | gpg --import
  259. # teach the "server" about the testuser's key
  260. echo
  261. echo "##################################################"
  262. echo "### export testuser key to server..."
  263. gpg --export testuser | monkeysphere-authentication gpg-cmd --import
  264. # update authorized_keys for user
  265. echo
  266. echo "##################################################"
  267. echo "### update server authorized_keys file for this testuser..."
  268. monkeysphere-authentication update-users $(whoami)
  269. # FIXME: this is maybe not failing properly for:
  270. # ms: improper group or other writability on path '/tmp'.
  271. ######################################################################
  272. ### TESTS
  273. ## see whether keys-for-userid works from the client's perspective:
  274. echo
  275. echo "##################################################"
  276. echo "### testing monkeysphere keys-for-userid ..."
  277. diff -q <( monkeysphere keys-for-userid ssh://testhost.example ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub )
  278. # connect to test sshd, using monkeysphere ssh-proxycommand to verify
  279. # the identity before connection. This should work in both directions!
  280. echo
  281. echo "##################################################"
  282. echo "### ssh connection test for success..."
  283. ssh_test true
  284. # Make sure it works if there is "armor" written in gpg.conf
  285. # add other weirdnesses here as they come up.
  286. echo
  287. echo "##################################################"
  288. echo "### testing functionality in the face of unusual gpg.conf settings..."
  289. echo 'armor' >> "$GNUPGHOME"/gpg.conf
  290. ssh_test true
  291. # remove the testuser's authorized_user_ids file, update, and make
  292. # sure that the ssh authentication FAILS
  293. echo
  294. echo "##################################################"
  295. echo "### removing testuser authorized_user_ids and updating..."
  296. mv "$TESTHOME"/.monkeysphere/authorized_user_ids{,.bak}
  297. monkeysphere-authentication update-users $(whoami)
  298. echo
  299. echo "##################################################"
  300. echo "### ssh connection test for failure..."
  301. ssh_test true 255
  302. mv "$TESTHOME"/.monkeysphere/authorized_user_ids{.bak,}
  303. # put improper permissions on authorized_user_ids file, update, and
  304. # make sure ssh authentication FAILS
  305. echo
  306. echo "##################################################"
  307. echo "### setting group writability on authorized_user_ids and updating..."
  308. chmod g+w "$TESTHOME"/.monkeysphere/authorized_user_ids
  309. monkeysphere-authentication update-users $(whoami)
  310. echo
  311. echo "##################################################"
  312. echo "### ssh connection test for failure..."
  313. ssh_good_perm_test true 255
  314. chmod g-w "$TESTHOME"/.monkeysphere/authorized_user_ids
  315. echo
  316. echo "##################################################"
  317. echo "### setting other writability on authorized_user_ids and updating..."
  318. chmod o+w "$TESTHOME"/.monkeysphere/authorized_user_ids
  319. monkeysphere-authentication update-users $(whoami)
  320. echo
  321. echo "##################################################"
  322. echo "### ssh connection test for failure..."
  323. ssh_good_perm_test true 255
  324. chmod o-w "$TESTHOME"/.monkeysphere/authorized_user_ids
  325. monkeysphere-authentication update-users $(whoami)
  326. # test symlinks
  327. echo
  328. echo "##################################################"
  329. echo "### setup for symlink tests..."
  330. cp -a "$TESTHOME"/.monkeysphere{,.linktest}
  331. echo
  332. echo "##################################################"
  333. echo "### make authorized_user_ids an absolute symlink and updating..."
  334. mv "$TESTHOME"/.monkeysphere/authorized_user_ids{,.bak}
  335. ln -s "$TESTHOME"/.monkeysphere{.linktest,}/authorized_user_ids
  336. monkeysphere-authentication update-users $(whoami)
  337. echo
  338. echo "##################################################"
  339. echo "### ssh connection test for success..."
  340. ssh_test true
  341. echo
  342. echo "##################################################"
  343. echo "### create bad permissions on link dir and updating..."
  344. chmod o+w "$TESTHOME"/.monkeysphere.linktest
  345. monkeysphere-authentication update-users $(whoami)
  346. echo
  347. echo "##################################################"
  348. echo "### ssh connection test for failure..."
  349. ssh_good_perm_test true 255
  350. chmod o-w "$TESTHOME"/.monkeysphere.linktest
  351. echo
  352. echo "##################################################"
  353. echo "### make authorized_user_ids a relative symlink and updating..."
  354. ln -sf ../.monkeysphere.linktest/authorized_user_ids "$TESTHOME"/.monkeysphere/authorized_user_ids
  355. monkeysphere-authentication update-users $(whoami)
  356. echo
  357. echo "##################################################"
  358. echo "### ssh connection test for success..."
  359. ssh_test true
  360. echo
  361. echo "##################################################"
  362. echo "### create bad permissions on link dir updating..."
  363. chmod o+w "$TESTHOME"/.monkeysphere.linktest
  364. monkeysphere-authentication update-users $(whoami)
  365. echo
  366. echo "##################################################"
  367. echo "### ssh connection test for failure..."
  368. ssh_good_perm_test true 255
  369. chmod o-w "$TESTHOME"/.monkeysphere.linktest
  370. # FIXME: implement check of link path, and uncomment this test
  371. # echo
  372. # echo "##################################################"
  373. # echo "### create bad permissions on link dir and updating..."
  374. # chmod o+w "$TESTHOME"/.monkeysphere
  375. # monkeysphere-authentication update-users $(whoami)
  376. # echo
  377. # echo "##################################################"
  378. # echo "### ssh connection test for failure..."
  379. # ssh_good_perm_test true 255
  380. # chmod o-w "$TESTHOME"/.monkeysphere
  381. rm "$TESTHOME"/.monkeysphere/authorized_user_ids
  382. mv "$TESTHOME"/.monkeysphere/authorized_user_ids{.bak,}
  383. echo
  384. echo "##################################################"
  385. echo "### make .monkeysphere directory an absolute symlink and updating..."
  386. mv "$TESTHOME"/.monkeysphere{,.bak}
  387. ln -s "$TESTHOME"/.monkeysphere{.linktest,}
  388. monkeysphere-authentication update-users $(whoami)
  389. echo
  390. echo "##################################################"
  391. echo "### ssh connection test for success..."
  392. ssh_test true
  393. echo
  394. echo "##################################################"
  395. echo "### create bad permissions on link dir and updating..."
  396. chmod o+w "$TESTHOME"/.monkeysphere.linktest
  397. monkeysphere-authentication update-users $(whoami)
  398. echo
  399. echo "##################################################"
  400. echo "### ssh connection test for failure..."
  401. ssh_good_perm_test true 255
  402. chmod o-w "$TESTHOME"/.monkeysphere.linktest
  403. echo
  404. echo "##################################################"
  405. echo "### make .monkeysphere directory a relative symlink and updating..."
  406. ln -sfn .monkeysphere.linktest "$TESTHOME"/.monkeysphere
  407. monkeysphere-authentication update-users $(whoami)
  408. echo
  409. echo "##################################################"
  410. echo "### ssh connection test for success..."
  411. ssh_test true
  412. echo
  413. echo "##################################################"
  414. echo "### create bad permissions on link dir updating..."
  415. chmod o+w "$TESTHOME"/.monkeysphere.linktest
  416. monkeysphere-authentication update-users $(whoami)
  417. echo
  418. echo "##################################################"
  419. echo "### ssh connection test for failure..."
  420. ssh_good_perm_test true 255
  421. chmod o-w "$TESTHOME"/.monkeysphere.linktest
  422. rm "$TESTHOME"/.monkeysphere
  423. mv "$TESTHOME"/.monkeysphere{.bak,}
  424. # ensure we're back to normal:
  425. echo
  426. echo "##################################################"
  427. echo "### making sure we are back to normal..."
  428. monkeysphere-authentication update-users $(whoami)
  429. ssh_test true
  430. # check ssh authorized_key options
  431. echo
  432. echo "##################################################"
  433. echo "### checking ssh authorized_key option support..."
  434. cp "$TESTHOME"/.monkeysphere/authorized_user_ids{,.bak}
  435. echo ' no-X11-forwarding' >>"$TESTHOME"/.monkeysphere/authorized_user_ids
  436. echo ' no-port-forwarding' >>"$TESTHOME"/.monkeysphere/authorized_user_ids
  437. echo ' command="/bin/false"' >>"$TESTHOME"/.monkeysphere/authorized_user_ids
  438. monkeysphere-authentication update-users $(whoami)
  439. ssh_test /bin/true 1
  440. ssh_test /bin/false 1
  441. mv "$TESTHOME"/.monkeysphere/authorized_user_ids{.bak,}
  442. # ensure we're back to normal:
  443. echo
  444. echo "##################################################"
  445. echo "### making sure we are back to normal..."
  446. monkeysphere-authentication update-users $(whoami)
  447. ssh_test true
  448. echo
  449. echo "##################################################"
  450. echo "### ssh connection test directly to 'testhost2.example' without new name..."
  451. target_hostname=testhost2.example ssh_test true 255
  452. echo
  453. echo "##################################################"
  454. echo "### add servicename, certify by admin, import by user..."
  455. monkeysphere-host add-servicename ssh://testhost2.example
  456. <"$HOST_KEY_FILE" gpgadmin --import
  457. printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID"
  458. echo
  459. echo "##################################################"
  460. echo "### ssh connection test with hostname 'testhost2.example' added..."
  461. gpgadmin --export "$SSHHOSTKEYID" | gpg --import
  462. gpg --check-trustdb
  463. ssh_test true
  464. echo
  465. echo "##################################################"
  466. echo "### ssh connection test directly to 'testhost2.example' ..."
  467. gpg --import <"$HOST_KEY_FILE"
  468. gpg --check-trustdb
  469. target_hostname=testhost2.example ssh_test true
  470. echo
  471. echo "##################################################"
  472. echo "### ssh connection test for failure with 'testhost2.example' revoked..."
  473. monkeysphere-host revoke-servicename ssh://testhost2.example
  474. gpg --import <"$HOST_KEY_FILE"
  475. gpg --check-trustdb
  476. target_hostname=testhost2.example ssh_test true 255
  477. # FIXME: addtest: remove admin as id-certifier and check ssh failure
  478. # FIXME: addtest: how do we test that set-expire makes sense after new
  479. # servicenames have been added?
  480. echo
  481. echo "##################################################"
  482. echo "### testing monkeysphere authentication keys-for-user"
  483. diff -q <(monkeysphere-authentication keys-for-user $(whoami) | cut -d' ' -f1,2) <(cut -d' ' -f1,2 ${MONKEYSPHERE_SYSDATADIR}/authorized_keys/${MONKEYSPHERE_MONKEYSPHERE_USER})
  484. # test to make sure things are OK after the previous tests:
  485. echo
  486. echo "##################################################"
  487. echo "### settings reset, updating..."
  488. monkeysphere-authentication update-users $(whoami)
  489. echo
  490. echo "##################################################"
  491. echo "### ssh connection test for success..."
  492. ssh_test true
  493. echo
  494. echo "##################################################"
  495. echo "### Testing TLS setup..."
  496. openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=example/DC=testhost/CN=testhost.example/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem
  497. monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost.example
  498. # FIXME: how can we test this via an https client?
  499. # We don't currently provide one.
  500. # FIXME: should we test other monkeysphere-host operations somehow now
  501. # that we have more than one key in the host keyring?
  502. echo
  503. echo "##################################################"
  504. echo "### revoking ssh host key..."
  505. # generate the revocation certificate and feed it directly to the test
  506. # user's keyring (we're not publishing to the keyservers)
  507. monkeysphere-host revoke-key "$SSHHOSTKEYID" | gpg --import
  508. echo
  509. echo "##################################################"
  510. echo "### ssh connection test for failure..."
  511. ssh_test true 255
  512. ######################################################################
  513. trap - EXIT
  514. echo
  515. echo "##################################################"
  516. echo " Monkeysphere basic tests completed successfully!"
  517. echo "##################################################"
  518. cleanup