[ceph.git] / ceph / src / jaegertracing / thrift / test / features / tls.sh

#!/bin/bash

#
# Checks to make sure TLSv1.0 or later is allowed by a server.
#

THRIFTHOST=localhost
THRIFTPORT=9090

while [[ $# -ge 1 ]]; do
  arg="$1"
  argIN=(${arg//=/ })

  case ${argIN[0]} in
    -h|--host)
    THRIFTHOST=${argIN[1]}
    shift # past argument
    ;;
    -p|--port)
    THRIFTPORT=${argIN[1]}
    shift # past argument
    ;;
    *)
          # unknown option ignored
    ;;
  esac

  shift   # past argument or value
done

declare -A EXPECT_NEGOTIATE
EXPECT_NEGOTIATE[tls1]=1
EXPECT_NEGOTIATE[tls1_1]=1
EXPECT_NEGOTIATE[tls1_2]=1
EXPECT_NEGOTIATE[tls1_3]=1

failures=0

function tls
{
  for PROTO in "${!EXPECT_NEGOTIATE[@]}"; do

    local nego
    local negodenied
    local res

    echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null"
    nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null)
    negodenied=$?
    echo "result of command: $negodenied"

    res="enabled"; if [[ ${EXPECT_NEGOTIATE[$PROTO]} -eq 0 ]]; then res="disabled"; fi

    if [[ $negodenied -ne ${EXPECT_NEGOTIATE[$PROTO]} ]]; then
      echo "$PROTO negotiation allowed"
    else
      echo "[warn] $PROTO negotiation did not work"
      echo $nego
      ((failures++))
    fi
  done
}

tls

if [[ $failures -eq 4 ]]; then
  echo "[fail] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 needs to work, but does not"
  exit $failures
fi

echo "[pass] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 worked"
exit 0
Commit	Line	Data
f67539c2 TL	1	#!/bin/bash
	2
	3	#
	4	# Checks to make sure TLSv1.0 or later is allowed by a server.
	5	#
	6
	7	THRIFTHOST=localhost
	8	THRIFTPORT=9090
	9
	10	while [[ $# -ge 1 ]]; do
	11	arg="$1"
	12	argIN=(${arg//=/ })
	13
	14	case ${argIN[0]} in
	15	-h\|--host)
	16	THRIFTHOST=${argIN[1]}
	17	shift # past argument
	18	;;
	19	-p\|--port)
	20	THRIFTPORT=${argIN[1]}
	21	shift # past argument
	22	;;
	23	*)
	24	# unknown option ignored
	25	;;
	26	esac
	27
	28	shift # past argument or value
	29	done
	30
	31	declare -A EXPECT_NEGOTIATE
	32	EXPECT_NEGOTIATE[tls1]=1
	33	EXPECT_NEGOTIATE[tls1_1]=1
	34	EXPECT_NEGOTIATE[tls1_2]=1
	35	EXPECT_NEGOTIATE[tls1_3]=1
	36
	37	failures=0
	38
	39	function tls
	40	{
	41	for PROTO in "${!EXPECT_NEGOTIATE[@]}"; do
	42
	43	local nego
	44	local negodenied
	45	local res
	46
	47	echo "openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null"
	48	nego=$(openssl s_client -connect $THRIFTHOST:$THRIFTPORT -CAfile ../keys/CA.pem -$PROTO 2>&1 < /dev/null)
	49	negodenied=$?
	50	echo "result of command: $negodenied"
	51
	52	res="enabled"; if [[ ${EXPECT_NEGOTIATE[$PROTO]} -eq 0 ]]; then res="disabled"; fi
	53
	54	if [[ $negodenied -ne ${EXPECT_NEGOTIATE[$PROTO]} ]]; then
	55	echo "$PROTO negotiation allowed"
	56	else
	57	echo "[warn] $PROTO negotiation did not work"
	58	echo $nego
	59	((failures++))
	60	fi
	61	done
	62	}
	63
	64	tls
65
66	if [[ $failures -eq 4 ]]; then
67	echo "[fail] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 needs to work, but does not"
68	exit $failures
69	fi
70
71	echo "[pass] At least one of TLSv1.0, TLSv1.1, TLSv1.2, or TLSv1.3 worked"
72	exit 0