ua1zbe
/
aprsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: Create test CA + server cert, add tls1 test server config

This commit is contained in:
Heikki Hannikainen 2022-10-25 01:16:06 +03:00
parent f6ce97c02f
commit fd8e964bd8
5 changed files with 159 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/tests.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
- name: install deps
run: |
sudo apt-get install -y libevent-dev perl-modules libio-socket-inet6-perl libjson-xs-perl libwww-perl libsctp-dev
sudo apt-get install -y libevent-dev perl-modules libio-socket-inet6-perl libjson-xs-perl libwww-perl libsctp-dev openssl
- name: configure
run: |

25
tests/Makefile
View File

@ -15,7 +15,7 @@ TESTID=`echo $$$$_$$RANDOM$$RANDOM$$RANDOM`
TEST_SRCCALLS="XX7FIT-1,XX7FIT-2"
TEST_IGATE="XX7IG"
test:
test: tls-testcert
@rm -f logs/aprsc.log
PERL_DL_NONLAZY=1 $(PERL) "-MExtUtils::Command::MM" "-e" "test_harness($(TEST_VERBOSE), '$(INST_LIB)', '$(INST_ARCHLIB)')" $(TEST_FILES)
@ -30,3 +30,26 @@ aggrtest:
TEST_ID=$(TESTID) TEST_IGATE=$(TEST_IGATE) TEST_SRCCALLS=$(TEST_SRCCALLS) \
PERL_DL_NONLAZY=1 $(PERL) "-MExtUtils::Command::MM" "-e" "test_harness($(TEST_VERBOSE), '$(INST_LIB)', '$(INST_ARCHLIB)')" $(AGGREGATOR_FILES)
tls-testca: tls-testca/cacert.pem
tls-testcert: tls-testca cfg-aprsc/tls1-cert.pem
tls-testca/serial:
mkdir -p tls-testca tmp
(cd tls-testca && mkdir -p certs newcerts private)
touch tls-testca/index.txt tls-testca/index.txt.attr
echo 00 > tls-testca/serial
tls-testca/cacert.pem: tls-testca/serial
openssl req -x509 -new -nodes -newkey rsa:2048 -keyout tls-testca/private/cakey.pem -sha256 -days 7300 \
-subj "/O=aprsc TEST/OU=Testing Department/CN=Testing CA" -out tls-testca/cacert.pem
cfg-aprsc/tls1-cert.pem:
openssl req -new -config tls-openssl.conf \
-keyout cfg-aprsc/tls1-key.pem -out tmp/tls1-req.pem \
-newkey rsa:2048 -nodes -sha256 \
-subj "/O=aprsc TEST/callSign=TLS1/CN=tls1host.example.com"
openssl ca -config tls-openssl.conf -batch \
-in tmp/tls1-req.pem -out cfg-aprsc/tls1-cert.pem \
-days 3650

6
tests/cfg-aprsc/basic
View File

@ -1,9 +1,3 @@
#
# USE RCS !!!
# $Id$
#
# Configuration for aprsc, an APRS-IS server for core servers
ServerId TESTING
PassCode 31421

64
tests/cfg-aprsc/tls1 Normal file
View File

@ -0,0 +1,64 @@
ServerId TLS1
PassCode 29855
MyEmail email@example.com
MyAdmin "Admin, N0CALL"
### Directories #########
# Data directory (for database files)
RunDir data
### Intervals #########
# Interval specification format examples:
# 600 (600 seconds), 5m, 2h, 1h30m, 1d3h15m24s, etc...
# When no data is received from an upstream server in N seconds, switch to
# another server
UpstreamTimeout 60s
# When no data is received from a downstream server in N seconds, disconnect
ClientTimeout 48h
### TCP listener ##########
# Listen <socketname> <porttype> tcp <address to bind> <port>
# socketname: any name you wish to show up in logs and statistics
# porttype: one of:
# fullfeed - everything, after dupe filtering
# dupefeed - everything that comes in - with dupes!
# msgonly - messages only
# userfilter - user-specified filters
#
Listen "Full feed TLS" fullfeed tcp ::0 55152 acl "cfg-aprsc/acl-all.acl" \
sslkey cfg-aprsc/tls1-key.pem sslcert cfg-aprsc/tls1-cert.pem sslca tls-testca/cacert.pem
Listen "Igate port TLS" igate tcp 0.0.0.0 55580 acl "cfg-aprsc/acl-all.acl" \
sslkey cfg-aprsc/tls1-key.pem sslcert cfg-aprsc/tls1-cert.pem sslca tls-testca/cacert.pem
### Uplink configuration ########
# Uplink <name> <type> tcp <address> <port>
# name: a name of the server or service you're connecting
# type: one of:
# full - full feed
# ro - read-only, do not transmit anything upstream
#
Uplink full1 full tcp 127.0.0.1 10153
# UDP peering, first address is my local address, the rest are remote.
PeerGroup TLS1 udp 127.0.0.1:16404 \
SELF 127.0.0.1:16404 \
PEER1 127.0.0.1:16405 \
PEER2 127.0.0.1:16406
### HTTP listener ##########
# Status port provides a status view to web browsers.
# It starts up by default on 0.0.0.0:14501.
HTTPStatus 127.0.0.1 55501
# Upload port allows position uploads.
# It does not start up by default.
HTTPUpload 127.0.0.1 55080
### Internals ############
# Only use 3 threads in these basic tests, to keep startup/shutdown times
# short.
WorkerThreads 3

70
tests/tls-openssl.conf Normal file
View File

@ -0,0 +1,70 @@
HOME = .
# RANDFILE = .rnd
# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
[ new_oids ]
# Amateur radio callsign OID used by LotW
callSign = 1.3.6.1.4.1.12348.1.1
[ ca ]
default_ca = testca
[ testca ]
dir = ./tls-testca # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
private_key = $dir/private/cakey.pem # The private key
x509_extensions = aprsc_cert
default_md = sha256
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
policy = policy_client
[ policy_client ]
callSign = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
distinguished_name = req_distinguished_name
default_bits = 2048
[ req_distinguished_name ]
callSign = Callsign
callSign_max = 12
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ aprsc_cert ]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
extendedKeyUsage = clientAuth,serverAuth