|
|
|
@ -25,7 +25,20 @@
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
use crate::{util, HarnessError, HarnessResult};
|
|
|
|
|
use openssl::{
|
|
|
|
|
asn1::Asn1Time,
|
|
|
|
|
bn::{BigNum, MsbOption},
|
|
|
|
|
error::ErrorStack,
|
|
|
|
|
hash::MessageDigest,
|
|
|
|
|
pkey::{PKey, Private},
|
|
|
|
|
rsa::Rsa,
|
|
|
|
|
x509::{
|
|
|
|
|
extension::{BasicConstraints, KeyUsage, SubjectKeyIdentifier},
|
|
|
|
|
X509NameBuilder, X509,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
use std::fs;
|
|
|
|
|
use std::io::Write;
|
|
|
|
|
use std::process::Child;
|
|
|
|
|
use std::process::Command;
|
|
|
|
|
|
|
|
|
@ -85,14 +98,68 @@ pub fn run_test() -> HarnessResult<()> {
|
|
|
|
|
ret
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn mk_ca_cert() -> Result<(X509, PKey<Private>), ErrorStack> {
|
|
|
|
|
let rsa = Rsa::generate(2048)?;
|
|
|
|
|
let key_pair = PKey::from_rsa(rsa)?;
|
|
|
|
|
|
|
|
|
|
let mut x509_name = X509NameBuilder::new()?;
|
|
|
|
|
x509_name.append_entry_by_text("C", "US")?;
|
|
|
|
|
x509_name.append_entry_by_text("ST", "CA")?;
|
|
|
|
|
x509_name.append_entry_by_text("O", "Skytable")?;
|
|
|
|
|
x509_name.append_entry_by_text("CN", "sky-harness")?;
|
|
|
|
|
let x509_name = x509_name.build();
|
|
|
|
|
|
|
|
|
|
let mut cert_builder = X509::builder()?;
|
|
|
|
|
cert_builder.set_version(2)?;
|
|
|
|
|
let serial_number = {
|
|
|
|
|
let mut serial = BigNum::new()?;
|
|
|
|
|
serial.rand(159, MsbOption::MAYBE_ZERO, false)?;
|
|
|
|
|
serial.to_asn1_integer()?
|
|
|
|
|
};
|
|
|
|
|
cert_builder.set_serial_number(&serial_number)?;
|
|
|
|
|
cert_builder.set_subject_name(&x509_name)?;
|
|
|
|
|
cert_builder.set_issuer_name(&x509_name)?;
|
|
|
|
|
cert_builder.set_pubkey(&key_pair)?;
|
|
|
|
|
let not_before = Asn1Time::days_from_now(0)?;
|
|
|
|
|
cert_builder.set_not_before(¬_before)?;
|
|
|
|
|
let not_after = Asn1Time::days_from_now(365)?;
|
|
|
|
|
cert_builder.set_not_after(¬_after)?;
|
|
|
|
|
|
|
|
|
|
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
|
|
|
|
|
cert_builder.append_extension(
|
|
|
|
|
KeyUsage::new()
|
|
|
|
|
.critical()
|
|
|
|
|
.key_cert_sign()
|
|
|
|
|
.crl_sign()
|
|
|
|
|
.build()?,
|
|
|
|
|
)?;
|
|
|
|
|
|
|
|
|
|
let subject_key_identifier =
|
|
|
|
|
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?;
|
|
|
|
|
cert_builder.append_extension(subject_key_identifier)?;
|
|
|
|
|
|
|
|
|
|
cert_builder.sign(&key_pair, MessageDigest::sha256())?;
|
|
|
|
|
let cert = cert_builder.build();
|
|
|
|
|
|
|
|
|
|
Ok((cert, key_pair))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn run_test_inner() -> HarnessResult<()> {
|
|
|
|
|
// first create the TLS keys
|
|
|
|
|
info!("Creating TLS key+cert");
|
|
|
|
|
util::handle_child("generate TLS key+cert", cmd!("bash", "ci/ssl.sh"))?;
|
|
|
|
|
util::handle_child(
|
|
|
|
|
"create server1 directory",
|
|
|
|
|
cmd!("mkdir", "-p", "server1", "server2"),
|
|
|
|
|
)?;
|
|
|
|
|
let (cert, pkey) = mk_ca_cert().expect("Failed to create cert");
|
|
|
|
|
let mut certfile = fs::File::create("cert.pem").expect("failed to create cert.pem");
|
|
|
|
|
certfile.write_all(&cert.to_pem().unwrap()).unwrap();
|
|
|
|
|
let mut pkeyfile = fs::File::create("key.pem").expect("failed to create key.pem");
|
|
|
|
|
pkeyfile
|
|
|
|
|
.write_all(&pkey.private_key_to_pem_pkcs8().unwrap())
|
|
|
|
|
.unwrap();
|
|
|
|
|
fs::create_dir_all("server1").map_err(|e| {
|
|
|
|
|
HarnessError::Other(format!("Failed to create `server1` dir with error: {e}"))
|
|
|
|
|
})?;
|
|
|
|
|
fs::create_dir_all("server2").map_err(|e| {
|
|
|
|
|
HarnessError::Other(format!("Failed to create `server2` dir with error: {e}"))
|
|
|
|
|
})?;
|
|
|
|
|
|
|
|
|
|
// assemble commands
|
|
|
|
|
let mut cmd: Vec<String> = vec!["run".to_string(), "-p".to_string(), "skyd".to_string()];
|
|
|
|
|