summaryrefslogtreecommitdiffstats
path: root/tests/Test-https-clientcert.px
diff options
context:
space:
mode:
Diffstat (limited to 'tests/Test-https-clientcert.px')
-rwxr-xr-xtests/Test-https-clientcert.px107
1 files changed, 107 insertions, 0 deletions
diff --git a/tests/Test-https-clientcert.px b/tests/Test-https-clientcert.px
new file mode 100755
index 0000000..e2a4188
--- /dev/null
+++ b/tests/Test-https-clientcert.px
@@ -0,0 +1,107 @@
+#!/usr/bin/env -S perl -I .
+
+use strict;
+use warnings;
+use Socket;
+use WgetFeature qw(https);
+use SSLTest;
+
+###############################################################################
+
+# code, msg, headers, content
+my %urls = (
+ '/somefile.txt' => {
+ code => "200",
+ msg => "Dontcare",
+ headers => {
+ "Content-type" => "text/plain",
+ },
+ content => "blabla",
+ },
+);
+
+my $srcdir;
+if (@ARGV) {
+ $srcdir = shift @ARGV;
+} elsif (defined $ENV{srcdir}) {
+ $srcdir = $ENV{srcdir};
+}
+$srcdir = Cwd::abs_path("$srcdir");
+
+# HOSTALIASES env variable allows us to create hosts file alias.
+my $testhostname = "WgetTestingServer";
+$ENV{'HOSTALIASES'} = "$srcdir/certs/wgethosts";
+
+my $addr = gethostbyname($testhostname);
+unless ($addr)
+{
+ warn "Failed to resolve $testhostname, using $srcdir/certs/wgethosts\n";
+ exit 77;
+}
+unless (inet_ntoa($addr) =~ "127.0.0.1")
+{
+ warn "Unexpected IP for localhost: ".inet_ntoa($addr)."\n";
+ exit 77;
+}
+
+my $cacrt = "$srcdir/certs/test-ca-cert.pem";
+#my $cakey = "$srcdir/certs/test-ca-key.pem";
+
+# Prepare server certificate
+my $servercrt = "$srcdir/certs/server-cert.pem";
+my $serverkey = "$srcdir/certs/server-key.pem";
+
+# Use client certificate
+my $clientcert = "$srcdir/certs/client-cert.pem";
+my $clientkey = "$srcdir/certs/client-key.pem";
+
+# Try Wget using SSL with mismatched client cert & key . Expect error
+my $port = 21443;
+my $cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert ".
+ " --private-key=$serverkey ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+my $expected_error_code = 5;
+my %existing_files = (
+);
+
+my %expected_downloaded_files = (
+ 'somefile.txt' => {
+ content => "blabla",
+ },
+);
+
+my $sslsock = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+if ($sslsock->run() == 0)
+{
+ exit 0;
+}
+
+# Retry wget using SSL with client certificate. Expect success
+$port = 22443;
+$cmdline = $WgetTest::WGETPATH . " --certificate=$clientcert".
+ " --private-key=$clientkey ".
+ " --ca-certificate=$cacrt".
+ " https://$testhostname:$port/somefile.txt";
+
+$expected_error_code = 0;
+
+my $retryssl = SSLTest->new(cmdline => $cmdline,
+ input => \%urls,
+ errcode => $expected_error_code,
+ existing => \%existing_files,
+ output => \%expected_downloaded_files,
+ certfile => $servercrt,
+ keyfile => $serverkey,
+ lhostname => $testhostname,
+ sslport => $port);
+exit $retryssl->run();
+# vim: et ts=4 sw=4