72 lines
2.5 KiB
Bash
Executable File
72 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -xeo pipefail
|
|
|
|
if [ "$1" = "INSTALL" ]; then
|
|
# INSTALL <client> [<revision>]
|
|
if [ -n "${3:-}" ]; then
|
|
REVISION="--build-arg REVISION=$3"
|
|
else
|
|
REVISION=""
|
|
fi
|
|
docker build $REVISION -t tls-tris:$2 _dev/$2
|
|
|
|
elif [ "$1" = "RUN" ]; then
|
|
# RUN <client>
|
|
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver)
|
|
|
|
docker run --rm tls-tris:$2 $IP:1443 | tee output.txt # RSA
|
|
grep "Hello TLS 1.3" output.txt | grep -v "resumed" | grep -v "0-RTT"
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"
|
|
|
|
docker run --rm tls-tris:$2 $IP:2443 | tee output.txt # ECDSA
|
|
grep "Hello TLS 1.3" output.txt | grep -v "resumed" | grep -v "0-RTT"
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"
|
|
|
|
if [[ $3 =~ .*S.* ]]; then
|
|
# Client auth - tris is a server
|
|
docker run --rm tls-tris:$2 $IP:6443 -key client_rsa.key -cert client_rsa.crt -debug 2>&1 | tee output.txt
|
|
grep "send_client_certificate_verify" output.txt # Checks if client cert was requested and sent
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"
|
|
fi
|
|
|
|
elif [ "$1" = "0-RTT" ]; then
|
|
# 0-RTT <client>
|
|
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver)
|
|
|
|
docker run --rm tls-tris:$2 $IP:3443 | tee output.txt # rejecting 0-RTT
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"
|
|
|
|
docker run --rm tls-tris:$2 $IP:4443 | tee output.txt # accepting 0-RTT
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep "0-RTT"
|
|
|
|
docker run --rm tls-tris:$2 $IP:5443 | tee output.txt # confirming 0-RTT
|
|
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep "0-RTT confirmed"
|
|
|
|
elif [ "$1" = "INSTALL-CLIENT" ]; then
|
|
cd "$(dirname "$0")/tris-testclient"
|
|
./build.sh
|
|
|
|
elif [ "$1" = "RUN-CLIENT" ]; then
|
|
# RUN-CLIENT <target-server>
|
|
cd "$(dirname "$0")/tris-testclient"
|
|
|
|
SERVERNAME="$2-localserver"
|
|
docker run --rm --detach --name "$SERVERNAME" \
|
|
--entrypoint /server.sh \
|
|
--expose 1443 --expose 2443 --expose 6443 \
|
|
tls-tris:$2
|
|
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' "$SERVERNAME")
|
|
# Obtain information and stop server on exit
|
|
trap 'docker ps -a; docker logs "$SERVERNAME"; docker kill "$SERVERNAME"' EXIT
|
|
|
|
# RSA
|
|
docker run --rm tris-testclient -ecdsa=false $IP:1443
|
|
# ECDSA
|
|
docker run --rm tris-testclient -rsa=false $IP:2443
|
|
|
|
# Test client authentication if requested (tris is a client)
|
|
[[ $3 =~ .*C.* ]] && docker run --rm tris-testclient -rsa=false -cliauth $IP:6443; true
|
|
|
|
# TODO maybe check server logs for expected output?
|
|
fi
|