Update test_server for conncurrent client auth
This patch updates the test server to have a separate port for HTTPS with client authentication. This will allow concurrent tests to run using the HTTPS and HTTPS with client authentication ports. It adds a new parameter "-https_client_auth_port" for the port that will require client certificates. Depends-On: https://review.opendev.org/c/openstack/devstack-gate/+/776722 Change-Id: I6d44787f66904409b7f32a5fe576b658b6eb600a
This commit is contained in:
parent
f924fe4ae8
commit
b423a27108
|
@ -44,20 +44,24 @@ Example output:
|
|||
|
||||
Usage of ./test_server.bin:
|
||||
-cert string
|
||||
Server side PEM format certificate.
|
||||
Server side PEM format certificate file path.
|
||||
-client_ca string
|
||||
Client side PEM format CA certificate.
|
||||
Client auth PEM format CA certificate file path.
|
||||
-https_port int
|
||||
HTTPS port to listen on, -1 is disabled. (default -1)
|
||||
-https_client_auth_port int
|
||||
HTTPS with client authentication port to listen on, -1 is disabled.
|
||||
(default -1)
|
||||
-id string
|
||||
Server ID (default "1")
|
||||
-key string
|
||||
Server side PEM format key.
|
||||
Server side PEM format key file path.
|
||||
-port int
|
||||
Port to listen on (default 8080)
|
||||
|
||||
If -https_port is not specified, the server will not accept HTTPS requests.
|
||||
When --https_port is specified, -cert and -key are required parameters.
|
||||
If -https_port is specified, the -client_ca parameter is optional. When
|
||||
-client_ca is specified, it will configure the HTTPS port to require a valid
|
||||
client certificate to connect.
|
||||
|
||||
If -https_client_auth_port is specified, the -client_ca parameter is required.
|
||||
When -client_ca is specified, it will configure the HTTPS client auth port to
|
||||
require a valid client certificate to connect.
|
||||
|
|
|
@ -236,11 +236,14 @@ func main() {
|
|||
idPtr := flag.String("id", "1", "Server ID")
|
||||
httpsPortPtr := flag.Int("https_port", -1,
|
||||
"HTTPS port to listen on, -1 is disabled.")
|
||||
httpsClientAuthPortPtr := flag.Int("https_client_auth_port", -1,
|
||||
"HTTPS with client authentication port to listen on, -1 is disabled.")
|
||||
serverCertPem := flag.String("cert", "",
|
||||
"Server side PEM format certificate.")
|
||||
serverKey := flag.String("key", "", "Server side PEM format key.")
|
||||
"Server side PEM format certificate file path.")
|
||||
serverKey := flag.String("key", "",
|
||||
"Server side PEM format key file path.")
|
||||
clientCaCertPem := flag.String("client_ca", "",
|
||||
"Client side PEM format CA certificate.")
|
||||
"Client auth PEM format CA certificate file path.")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
|
@ -254,21 +257,27 @@ func main() {
|
|||
fmt.Println("Error load server certificate and key.")
|
||||
os.Exit(1)
|
||||
}
|
||||
certpool := x509.NewCertPool()
|
||||
if *clientCaCertPem != "" {
|
||||
caPem, err := ioutil.ReadFile(*clientCaCertPem)
|
||||
if err != nil {
|
||||
fmt.Println("Error load client side CA cert.")
|
||||
os.Exit(1)
|
||||
}
|
||||
if !certpool.AppendCertsFromPEM(caPem) {
|
||||
fmt.Println("Can't parse client side certificate authority")
|
||||
os.Exit(1)
|
||||
}
|
||||
} else {
|
||||
certpool = nil
|
||||
go httpsServe(*httpsPortPtr, *idPtr, cert, nil,
|
||||
*serverCertPem, *serverKey)
|
||||
}
|
||||
|
||||
if *httpsClientAuthPortPtr > -1 {
|
||||
cert, err := tls.LoadX509KeyPair(*serverCertPem, *serverKey)
|
||||
if err != nil {
|
||||
fmt.Println("Error load server certificate and key.\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
go httpsServe(*httpsPortPtr, *idPtr, cert, certpool,
|
||||
certpool := x509.NewCertPool()
|
||||
caPem, err := ioutil.ReadFile(*clientCaCertPem)
|
||||
if err != nil {
|
||||
fmt.Println("Error loading client auth CA cert.\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
if !certpool.AppendCertsFromPEM(caPem) {
|
||||
fmt.Println("Can't parse client auth certificate authority")
|
||||
os.Exit(1)
|
||||
}
|
||||
go httpsServe(*httpsClientAuthPortPtr, *idPtr, cert, certpool,
|
||||
*serverCertPem, *serverKey)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue