Enable TLS testing from udp-test, enable on CI
This commit is contained in:
parent
7316bb5341
commit
2cd69aaf15
@ -54,6 +54,9 @@ test_script:
|
||||
cargo run --target %TARGET% --release --features %CARGO_FEATURES% --bin udp-test &&
|
||||
cargo run --target %TARGET% --release --features %CARGO_FEATURES% --bin udp-test -- -is
|
||||
)
|
||||
- if [%CARGO_FEATURES%]==[openssl_vendored] (
|
||||
cargo run --target %TARGET% --release --features %CARGO_FEATURES% --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
|
||||
)
|
||||
|
||||
before_deploy:
|
||||
# TODO Update this to build the artifacts that matter to you
|
||||
|
28
ci/cert.key
Normal file
28
ci/cert.key
Normal file
@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCrvZ+p0/2i/p1s
|
||||
xzg3ydOS4z5S3QD0WAD1gdBTUBPjqmeGNbtXl5XLGPTYJeBqNNGRv6louB+jL8U+
|
||||
TSBsyyARVZfJ9EDU3iG1fOQzz6sK8yhVL15bL4wJHobDGkL1zc0//ozDbr9iH5Xi
|
||||
5Xh1q9lEyLMviASNjZbWcdGWxxKQRceluzcTyowesBr7K9nQaQF7cSmetCYaA1L9
|
||||
JXokHY3P8pPEOhfo8SI7Lkt7XzKrnI0RBEIQBDF5F/XsKHO2Iso8bVq1huNr37MH
|
||||
QDEDo+D8803oFS+89j9SFDv2QgITZgl0gtY5w911qbNtyz0hWYloXzmlPH2QF/+Z
|
||||
XThI2Kd/AgMBAAECggEARmvN4Xxsv346HRWfhri6ibumnaHDt22yjvj47ICkdzEz
|
||||
nAPCWwtsP8hu9Yaqe8JGwMXfeHIvfuGitoY3qoSsFI+NWyFNyDuBhQK+LESWNTo5
|
||||
qpxuy2M2v7KFvdCx7krCQ+Bj5esujNS4yD4h49Zgk+TcHLxgaY7KcAphz7q3cPKP
|
||||
hJPkwSvFmLMdqomyLJfBTWPx6Ue3ioAfKxM62hbaYlBth1ch5YqOhL84YCMnPmbq
|
||||
hL/iTTlPcXeZoCodEHoOac/t8Nvv4fRetrBqk9uMZXZ1Bm9VfKbVDysfiKp9W+np
|
||||
uvtYUht/TdlrzjE01h3QHNnkYgJA+yuK/qjL0nvoYQKBgQDjN4HdZqA7ZBPvQUtq
|
||||
LVfpm2jy/8Sf3ewUUx7Pwselft7FOpKzkouVhdyWY8BweN97zwaYPJo7OtfMzT3Y
|
||||
NPO5Vz7nxMcvwZXir0VV514lLIYjqkZkDY94thGayFaF8DmyqfIfTuyVPrigRfOR
|
||||
8+dbYJrSVn9hnP4i9cxoIu39TwKBgQDBfxAFp2gJ1G3U2YAjNt4qrbsdPZvsX6CI
|
||||
A8T5EuiPanAqaVWbQnkPFQq077qBSlCI/zUunw01I0pyuR74paY7PaiKT3hLkovh
|
||||
v2VlOFEMaA7K/TTjv6tZS5P8DXuM/r34h5XRVsaKXKPNBGoAcbvanJ/96N42j+E1
|
||||
G4+R8FMG0QKBgFMmKfkKqFJzojPpEh8N7uEHRVW/sYXLYaxiaqEfJ45xqjZE5BCg
|
||||
7UHPldTXNkIyiZ42ObSWYN6R/wzsgthPMG2/9r48LaRVVHN7LoVsQPCbpY8BrfbJ
|
||||
W5qSDkk1TSyAp6yxMnCwojVPmaLVVngv6Jdw99dHXiAronjKuH3XYn5TAoGAUUpd
|
||||
Y9Kx3bdWMR7zO1gYvBtiyeURNZvzKFFVFkMAWwgfeWHpaiHiFBkF93/jfd/Ht9Zn
|
||||
9F8zwEhERbBKN7H4BVlhDkJWyoEVrVCoe37OZgTtehAogSoMBaa/1Buh9VksXFYx
|
||||
9dGb9ZL36fDZy7f8cNpuSNDlUkzeE16x0WECsJECgYBdekYJFJWppHjQ0ID5Jt1T
|
||||
GHQIovXFsHfACIKC1lyytqgtEdSaWQD0SfFsg/s6BYcW7bfs/tejTnbJySvcp3rC
|
||||
+FCznrEfk6wVFuj/nrgB/MpmxbsG2N5EmchRX5YJHVDRtWpQxPkNgRvdNBPkPY54
|
||||
5zSUEJh+lLSg+ZjuM52eOg==
|
||||
-----END PRIVATE KEY-----
|
21
ci/cert.pem
Normal file
21
ci/cert.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDazCCAlOgAwIBAgIUfeb7Ocg4fLv5BEiXLhLS5/fQGm0wDQYJKoZIhvcNAQEL
|
||||
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
|
||||
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTEyMTcwMjE2MDhaFw0yOTEy
|
||||
MTQwMjE2MDhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
|
||||
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQCrvZ+p0/2i/p1sxzg3ydOS4z5S3QD0WAD1gdBTUBPj
|
||||
qmeGNbtXl5XLGPTYJeBqNNGRv6louB+jL8U+TSBsyyARVZfJ9EDU3iG1fOQzz6sK
|
||||
8yhVL15bL4wJHobDGkL1zc0//ozDbr9iH5Xi5Xh1q9lEyLMviASNjZbWcdGWxxKQ
|
||||
RceluzcTyowesBr7K9nQaQF7cSmetCYaA1L9JXokHY3P8pPEOhfo8SI7Lkt7XzKr
|
||||
nI0RBEIQBDF5F/XsKHO2Iso8bVq1huNr37MHQDEDo+D8803oFS+89j9SFDv2QgIT
|
||||
Zgl0gtY5w911qbNtyz0hWYloXzmlPH2QF/+ZXThI2Kd/AgMBAAGjUzBRMB0GA1Ud
|
||||
DgQWBBSxoWXwmMEmKrsRsii2l1/IBhlvMzAfBgNVHSMEGDAWgBSxoWXwmMEmKrsR
|
||||
sii2l1/IBhlvMzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3
|
||||
NIlwmAL3FBrqHmg5M+zh+xKkNl/O8SK4bJwhPoTYR+DHsDlEQWvwSVaGV5HGyqy2
|
||||
cv39kHJ6OisSuOitESV4gdOUZvm/WCSV5xHpokJpGlztRSKi4iwFNONn0LUi4lnF
|
||||
gkYgjS4OfOCjVJ0YgAkYaBYALM3PTY3VpG32vaz62A7mIzO5Jn/kMtEIgFT+32Be
|
||||
BE/8E+pcOhgkvoE1xwv0STbrnM8dGN8/zyXvb1wt4b2ijkBlT5Wsqs0yvPa31SD0
|
||||
FDqc+4/H3bJXjwfBGDbf18sTY1UQEPyQdNC7vhiy/w2AgjVNjVpNBI9nvj+9rkZ5
|
||||
8m8sP3ldEkdIqSRCl95o
|
||||
-----END CERTIFICATE-----
|
@ -15,6 +15,11 @@ main() {
|
||||
|
||||
# now run udp-test through proxy/proxyd
|
||||
cross run --target $TARGET --release --features $CARGO_FEATURES --bin udp-test -- -is
|
||||
|
||||
if [ $CARGO_FEATURES != "default" ]; then
|
||||
# run TLS tests then too
|
||||
cross run --target $TARGET --release --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
|
||||
fi
|
||||
}
|
||||
|
||||
# we don't run the "test phase" when doing deploys
|
||||
|
@ -72,8 +72,21 @@ fn main() {
|
||||
let args = Args::new(&raw_args);
|
||||
let default_udp_host_target = "127.0.0.1:51820";
|
||||
let default_socket_timeout = 10;
|
||||
|
||||
let tls_key = args.get_option(&["-tk", "--tls-key"]);
|
||||
let tls_cert = args.get_option(&["-tc", "--tls-cert"]);
|
||||
|
||||
let tls = if tls_key.is_some() && tls_cert.is_some() {
|
||||
true
|
||||
} else if tls_key.is_none() && tls_cert.is_none() {
|
||||
false
|
||||
} else {
|
||||
println!("Error: if one of --tls-key or --tls-cert is specified both must be!");
|
||||
exit(1);
|
||||
};
|
||||
|
||||
let mut first_arg = args.get_str(&["-uh", "--udp-host"], default_udp_host_target);
|
||||
if args.flag("-h") || args.flag("--help"){
|
||||
if args.flag("-h") || args.flag("--help") {
|
||||
println!(r#"usage: udp-test [options...]
|
||||
-h, --help print this usage text
|
||||
-s, --self-test run a self test through proxy
|
||||
@ -83,6 +96,12 @@ fn main() {
|
||||
-ut, --udp-target <ip:port> UDP target to send packets to, default: {}
|
||||
-st, --socket-timeout <seconds> Socket timeout (time to wait for data)
|
||||
before terminating, default: {}
|
||||
|
||||
TLS option for self tests only, otherwise self tests are plaintext only:
|
||||
-tk, --tls-key <ip:port> TLS key to listen with,
|
||||
requires --tls-cert also
|
||||
-tc, --tls-cert <ip:port> TLS cert to listen with,
|
||||
requires --tls-key also
|
||||
"#, default_udp_host_target, default_udp_host_target, default_socket_timeout);
|
||||
return;
|
||||
} else if args.flag("-s") || args.flag("--self-test") {
|
||||
@ -94,23 +113,50 @@ fn main() {
|
||||
let udp_test = args.get_str_idx(0, "udp-test");
|
||||
let proxy = udp_test.clone().replace("udp-test", "wireguard-proxy");
|
||||
|
||||
println!("executing: {} -th '{}' -ut '{}'", proxy, tcp_host, host);
|
||||
let mut proxyd = Command::new(proxy.clone())
|
||||
.arg("-th")
|
||||
.arg(tcp_host)
|
||||
.arg("-ut")
|
||||
.arg(host)
|
||||
.spawn()
|
||||
.expect("wireguard-proxy server failed to launch");
|
||||
let mut proxyd = if tls {
|
||||
let tls_key = tls_key.unwrap();
|
||||
let tls_cert = tls_cert.unwrap();
|
||||
println!("executing: {} -th '{}' -ut '{}' -tk '{}' -tc '{}'", proxy, tcp_host, host, tls_key, tls_cert);
|
||||
Command::new(proxy.clone())
|
||||
.arg("-th")
|
||||
.arg(tcp_host)
|
||||
.arg("-ut")
|
||||
.arg(host)
|
||||
.arg("-tk")
|
||||
.arg(tls_key)
|
||||
.arg("-tc")
|
||||
.arg(tls_cert)
|
||||
.spawn()
|
||||
.expect("wireguard-proxy TLS server failed to launch")
|
||||
} else {
|
||||
println!("executing: {} -th '{}' -ut '{}'", proxy, tcp_host, host);
|
||||
Command::new(proxy.clone())
|
||||
.arg("-th")
|
||||
.arg(tcp_host)
|
||||
.arg("-ut")
|
||||
.arg(host)
|
||||
.spawn()
|
||||
.expect("wireguard-proxy server failed to launch")
|
||||
};
|
||||
println!("waiting: {:?} for wireguard-proxy server to come up.....", sleep);
|
||||
thread::sleep(sleep);
|
||||
|
||||
println!("executing: {} -tt {}", proxy, tcp_host);
|
||||
let mut proxy = Command::new(proxy)
|
||||
.arg("-tt")
|
||||
.arg(tcp_host)
|
||||
.spawn()
|
||||
.expect("wireguard-proxy client failed to launch");
|
||||
let mut proxy = if tls {
|
||||
println!("executing: {} -tt {} --tls", proxy, tcp_host);
|
||||
Command::new(proxy)
|
||||
.arg("-tt")
|
||||
.arg(tcp_host)
|
||||
.arg("--tls")
|
||||
.spawn()
|
||||
.expect("wireguard-proxy TLS client failed to launch")
|
||||
} else {
|
||||
println!("executing: {} -tt {}", proxy, tcp_host);
|
||||
Command::new(proxy)
|
||||
.arg("-tt")
|
||||
.arg(tcp_host)
|
||||
.spawn()
|
||||
.expect("wireguard-proxy client failed to launch")
|
||||
};
|
||||
println!("waiting: {:?} for wireguard-proxy client to come up.....", sleep);
|
||||
thread::sleep(sleep);
|
||||
|
||||
@ -154,14 +200,21 @@ fn main() {
|
||||
proxy_server.client_handler.udp_target, proxy_server.client_handler.socket_timeout,
|
||||
);
|
||||
|
||||
println!("executing: wireguard-proxy -th '{}' -ut '{}'", tcp_host, host);
|
||||
thread::spawn(move || proxy_server.start().expect("error running proxy_server"));
|
||||
if tls {
|
||||
let tls_key = tls_key.unwrap().to_owned();
|
||||
let tls_cert = tls_cert.unwrap().to_owned();
|
||||
println!("executing: wireguard-proxy -th '{}' -ut '{}' -tk '{}' -tc '{}'", tcp_host, host, tls_key, tls_cert);
|
||||
thread::spawn(move || proxy_server.start_tls(&tls_key, &tls_cert).expect("error running TLS proxy_server"));
|
||||
} else {
|
||||
println!("executing: wireguard-proxy -th '{}' -ut '{}'", tcp_host, host);
|
||||
thread::spawn(move || proxy_server.start().expect("error running proxy_server"));
|
||||
}
|
||||
println!("waiting: {:?} for wireguard-proxy server to come up.....", sleep);
|
||||
thread::sleep(sleep);
|
||||
|
||||
let proxy_client = ProxyClient::new(
|
||||
"127.0.0.1:51820".to_owned(),
|
||||
tcp_host.to_owned().to_owned(),
|
||||
tcp_host.to_owned(),
|
||||
15,
|
||||
);
|
||||
|
||||
@ -172,8 +225,14 @@ fn main() {
|
||||
proxy_client.socket_timeout,
|
||||
);
|
||||
|
||||
println!("executing: wireguard-proxy -tt {}", tcp_host);
|
||||
thread::spawn(move || proxy_client.start().expect("error running proxy_client"));
|
||||
if tls {
|
||||
println!("executing: wireguard-proxy -tt {} --tls", tcp_host);
|
||||
let hostname = tcp_host.split(":").next().expect("cannot extract hostname from tcp_host");
|
||||
thread::spawn(move || proxy_client.start_tls(hostname).expect("error running proxy_client"));
|
||||
} else {
|
||||
println!("executing: wireguard-proxy -tt {}", tcp_host);
|
||||
thread::spawn(move || proxy_client.start().expect("error running proxy_client"));
|
||||
}
|
||||
println!("waiting: {:?} for wireguard-proxy client to come up.....", sleep);
|
||||
thread::sleep(sleep);
|
||||
|
||||
|
69
test.sh
69
test.sh
@ -1,25 +1,28 @@
|
||||
#!/bin/sh
|
||||
set -x
|
||||
|
||||
# first run without TLS
|
||||
cargo clean
|
||||
cargo build --release --no-default-features
|
||||
# cert created with:
|
||||
# cd ci && echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout cert.key
|
||||
|
||||
export PATH="$(pwd)/target/release:$PATH"
|
||||
|
||||
run_tests() {
|
||||
client_arg="$1"
|
||||
shift
|
||||
|
||||
# first make sure udp-test succeeds running against itself
|
||||
udp-test || exit 1
|
||||
|
||||
# now run udp-test without spawning other processes
|
||||
udp-test -is || exit 1
|
||||
udp-test -is "$@" || exit 1
|
||||
|
||||
# now run proxyd pointing to udp-test
|
||||
wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 &
|
||||
wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 "$@" &
|
||||
proxyd_pid=$!
|
||||
# wait for ports to be set up, this is fragile...
|
||||
sleep 5
|
||||
# proxy pointing to proxyd
|
||||
wireguard-proxy -tt 127.0.0.1:5555 &
|
||||
wireguard-proxy -tt 127.0.0.1:5555 "$client_arg" &
|
||||
proxy_pid=$!
|
||||
# wait for ports to be set up, this is fragile...
|
||||
sleep 1
|
||||
@ -32,45 +35,29 @@ kill $proxyd_pid $proxy_pid
|
||||
[ $udp_exit -ne 0 ] && exit $udp_exit
|
||||
|
||||
# now run udp-test essentially just like the script above, but all in rust
|
||||
udp-test -s || exit 1
|
||||
udp-test -s "$@" || exit 1
|
||||
|
||||
echo "non-tls tests passed!"
|
||||
|
||||
echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout cert.key
|
||||
}
|
||||
|
||||
# first run without TLS
|
||||
cargo clean
|
||||
cargo build --release
|
||||
cargo build --release || exit 1
|
||||
run_tests || exit 1
|
||||
|
||||
export PATH="$(pwd)/target/release:$PATH"
|
||||
# first run with non-vendored tls
|
||||
cargo clean
|
||||
cargo build --release --features tls || exit 1
|
||||
# first plaintext tests
|
||||
run_tests || exit 1
|
||||
# then TLS tests
|
||||
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
|
||||
|
||||
# first make sure udp-test succeeds running against itself
|
||||
udp-test || exit 1
|
||||
# second run with vendored tls
|
||||
cargo clean
|
||||
cargo build --release --features openssl_vendored || exit 1
|
||||
# first plaintext tests
|
||||
run_tests || exit 1
|
||||
# then TLS tests
|
||||
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
|
||||
|
||||
# now run udp-test without spawning other processes
|
||||
udp-test -is || exit 1
|
||||
|
||||
# now run proxyd pointing to udp-test
|
||||
wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 --tls-key cert.key --tls-cert cert.pem &
|
||||
proxyd_pid=$!
|
||||
# wait for ports to be set up, this is fragile...
|
||||
sleep 5
|
||||
# proxy pointing to proxyd
|
||||
wireguard-proxy -tt 127.0.0.1:5555 --tls &
|
||||
proxy_pid=$!
|
||||
# wait for ports to be set up, this is fragile...
|
||||
sleep 1
|
||||
# and udp-test pointing to proxy, which then hops to proxyd, and finally back to udp-test
|
||||
udp-test -uh 127.0.0.1:51822
|
||||
udp_exit=$?
|
||||
|
||||
kill $proxyd_pid $proxy_pid
|
||||
|
||||
rm -f cert.pem cert.key
|
||||
|
||||
[ $udp_exit -ne 0 ] && exit $udp_exit
|
||||
|
||||
# now run udp-test essentially just like the script above, but all in rust
|
||||
udp-test -s
|
||||
|
||||
exit $?
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user