Add cert authentication test.

author Tatsuo Ishii <ishii@sraoss.co.jp>

Fri, 28 Sep 2018 08:59:51 +0000 (17:59 +0900)

committer Tatsuo Ishii <ishii@sraoss.co.jp>

Fri, 28 Sep 2018 09:00:56 +0000 (18:00 +0900)
author Tatsuo Ishii <ishii@sraoss.co.jp>
Fri, 28 Sep 2018 08:59:51 +0000 (17:59 +0900)
committer Tatsuo Ishii <ishii@sraoss.co.jp>
Fri, 28 Sep 2018 09:00:56 +0000 (18:00 +0900)
diff --git a/src/test/regression/tests/024.cert_auth/cert.sh b/src/test/regression/tests/024.cert_auth/cert.sh

new file mode 100755 (executable)

index 0000000..66d3f60
--- /dev/null
+++ b/src/test/regression/tests/024.cert_auth/cert.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Create root cert
+openssl req -new -x509 -nodes -out root.crt -keyout root.key -subj /CN=MyRootCA
+# PostgreSQL/Pgpool cert
+openssl req -new -out server.req -keyout server.key -nodes -subj "/CN=postgresql"
+openssl x509 -req -in server.req -CAkey root.key -CA root.crt -days 365 -CAcreateserial -out server.crt
+# Frontend Cert
+openssl req -new -out postgresql.req -keyout frontend.key -nodes -subj "/CN=$USER"
+openssl x509 -req -in postgresql.req -CAkey root.key -CA root.crt -days 365 -CAcreateserial -out frontend.crt
diff --git a/src/test/regression/tests/024.cert_auth/test.sh b/src/test/regression/tests/024.cert_auth/test.sh

new file mode 100755 (executable)

index 0000000..5a5c521
--- /dev/null
+++ b/src/test/regression/tests/024.cert_auth/test.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+#-------------------------------------------------------------------
+# test script for cert authentication for: frontend <--> Pgpool-II.
+#
+source $TESTLIBS
+TESTDIR=testdir
+PSQL=$PGBIN/psql
+PG_CTL=$PGBIN/pg_ctl
+export PGDATABASE=test
+
+# Generate certifications
+./cert.sh
+
+dir=`pwd`
+SSL_KEY=$dir/server.key
+SSL_CRT=$dir/server.crt
+ROOT_CRT=$dir/root.crt
+FRONTEND_KEY=$dir/frontend.key
+FRONTEND_CRT=$dir/frontend.crt
+
+rm -fr $TESTDIR
+mkdir $TESTDIR
+cd $TESTDIR
+
+# create test environment. Number of backend node is 1 is enough.
+echo -n "creating test environment..."
+$PGPOOL_SETUP -m s -n 1 || exit 1
+echo "done."
+
+dir=`pwd`
+
+echo "ssl = on" >> etc/pgpool.conf
+echo "ssl_key = '$SSL_KEY'" >> etc/pgpool.conf
+echo "ssl_cert = '$SSL_CRT'" >> etc/pgpool.conf
+echo "ssl_ca_cert = '$ROOT_CRT'" >> etc/pgpool.conf
+echo "enable_pool_hba = on" >> etc/pgpool.conf
+
+# allow to access IPv6 localhost
+echo "hostssl  all         all         127.0.0.1/32          cert" >> etc/pool_hba.conf
+echo "hostssl  all         all         ::1/128          cert" >> etc/pool_hba.conf
+
+sed -i "/^host.*trust$/d" etc/pool_hba.conf
+
+source ./bashrc.ports
+
+./startall
+
+export PGPORT=$PGPOOL_PORT
+
+wait_for_pgpool_startup
+
+export PGSSLCERT=$FRONTEND_CRT
+export PGSSLKEY=$FRONTEND_KEY
+
+$PSQL -h localhost -c "select 1" test
+
+grep "SSL certificate authentication for user" log/pgpool.log|grep successful
+if [ $? != 0 ];then
+    echo "Checking cert auth between Pgpool-II and frontend failed."
+    ./shutdownall
+    exit 1
+fi
+
+echo "Checking cert auth between Pgpool-II and frontend was ok."
+
+./shutdownall
+exit 0
author	Tatsuo Ishii <ishii@sraoss.co.jp>
	Fri, 28 Sep 2018 08:59:51 +0000 (17:59 +0900)
committer	Tatsuo Ishii <ishii@sraoss.co.jp>
	Fri, 28 Sep 2018 09:00:56 +0000 (18:00 +0900)
src/test/regression/tests/024.cert_auth/cert.sh	[new file with mode: 0755]	patch \| blob
src/test/regression/tests/024.cert_auth/test.sh	[new file with mode: 0755]	patch \| blob