1
// Copyright 2016 Canonical Ltd.
2
// Licensed under the LGPLv3, see LICENCE file for details.
14
jc "github.com/juju/testing/checkers"
15
gc "gopkg.in/check.v1"
18
type TLSSuite struct{}
20
var _ = gc.Suite(TLSSuite{})
22
func (TLSSuite) TestWinCipher(c *gc.C) {
23
if runtime.GOOS != "windows" {
24
c.Skip("Windows-specific test.")
30
out := filepath.Join(d, "out.txt")
32
// this script enables TLS 1.2, accepts whatever cert the server has (since
33
// it's self-signed), then tries to connect to the web server.
34
script := fmt.Sprintf(`[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
35
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
36
(New-Object System.Net.WebClient).DownloadFile("https://127.0.0.1:10443", "%s")
38
err := runPS(d, script)
39
c.Assert(err, jc.ErrorIsNil)
40
b, err := ioutil.ReadFile(out)
41
c.Assert(err, jc.ErrorIsNil)
42
c.Assert(string(b), gc.Equals, "This is an example server.\n")
45
func runServer(dir string, c *gc.C) {
46
handler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
47
w.Header().Set("Content-Type", "text/plain")
48
w.Write([]byte("This is an example server.\n"))
53
TLSConfig: SecureTLSConfig(),
57
certFile := filepath.Join(dir, "cert.pem")
58
err := ioutil.WriteFile(certFile, []byte(cert), 0600)
59
c.Assert(err, jc.ErrorIsNil)
60
keyFile := filepath.Join(dir, "key.pem")
61
err = ioutil.WriteFile(keyFile, []byte(key), 0600)
62
c.Assert(err, jc.ErrorIsNil)
64
err = s.ListenAndServeTLS(certFile, keyFile)
65
c.Assert(err, jc.ErrorIsNil)
68
func runPS(dir, script string) error {
69
scriptFile := filepath.Join(dir, "script.ps1")
73
"-ExecutionPolicy", "RemoteSigned",
76
// Exceptions don't result in a non-zero exit code by default
77
// when using -File. The exit code of an explicit "exit" when
78
// using -Command is ignored and results in an exit code of 1.
79
// We use -File and trap exceptions to cover both.
80
script = "trap {Write-Error $_; exit 1}\n" + script
81
if err := ioutil.WriteFile(scriptFile, []byte(script), 0600); err != nil {
84
cmd := exec.Command("powershell.exe", args...)
89
cert = `-----BEGIN CERTIFICATE-----
90
MIIC9TCCAd2gAwIBAgIRALhL8rNhi3x29T8g/AwK9bAwDQYJKoZIhvcNAQELBQAw
91
EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNjA3MjYxNjI4MzRaFw0xNzA3MjYxNjI4
92
MzRaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
93
ggEKAoIBAQCaVIZUmQdBTXYATbTmMhscCTUSNt+Dn3OP8w2v/2QJyUz3s1eiiuec
94
ymD+6TC7lNjzIXhFJnHTyuo/p2d2lHNvbQmUh0kMjPxnIDaCqWZXcjR+vnFo4jgl
95
VtxCqPG2zi62kZxB0Pu9DzJ7AlqF9BTbpu0INDyFzLJtj73RIv00kRDTpFzHQSNN
96
tzi9ZzKY7ZS6urftqXc4pqoaSyFXqw7uSNcBcr7Cc8oXIz5tQoVU5m0uKBGOQvwC
97
b+ICd+RIYS09L1E76UGpDcrJ0LQlysQ/ZMmSsA5YHGf5KE+N0WnWdQCADq3voQra
98
q47HBpH+ByA1F1REMwgMoFNZRNrEHdXFAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIF
99
oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMA8GA1UdEQQIMAaH
100
BH8AAAEwDQYJKoZIhvcNAQELBQADggEBAJPwxR3fhEpZz2JB2dAUuj0KqFD7uPQp
101
m30Slu3cihqQkoaGiSMQdGSZ/VnieHbS/XaZo8JqixU8RucYjVT2eM5YRgcGxU91
102
L4yJfPm7qPwGIvwpfqlZK5GcpC/qk3joNqL43gGfn6vbtqw+wF33yfcyTlTO1hwN
103
vZSU4HC3Hz+FoFnmqkW5lXiuggm/jsdWqPIDA0NJHrws/wjqu3T+wQcfTvIwIPMG
104
WFmUP5hvWD/9HpizJqROhRZwfsJHDpHDu0nKgSDnV1gX2S5XaUsUWu53V/Hczbo0
105
fSD4wg+Zd/x3fh+EpOd1qbHmXrDWSs4z/T61yKzrgENd/kSncJC38pg=
106
-----END CERTIFICATE-----
108
key = `-----BEGIN RSA PRIVATE KEY-----
109
MIIEpAIBAAKCAQEAmlSGVJkHQU12AE205jIbHAk1Ejbfg59zj/MNr/9kCclM97NX
110
oornnMpg/ukwu5TY8yF4RSZx08rqP6dndpRzb20JlIdJDIz8ZyA2gqlmV3I0fr5x
111
aOI4JVbcQqjxts4utpGcQdD7vQ8yewJahfQU26btCDQ8hcyybY+90SL9NJEQ06Rc
112
x0EjTbc4vWcymO2Uurq37al3OKaqGkshV6sO7kjXAXK+wnPKFyM+bUKFVOZtLigR
113
jkL8Am/iAnfkSGEtPS9RO+lBqQ3KydC0JcrEP2TJkrAOWBxn+ShPjdFp1nUAgA6t
114
76EK2quOxwaR/gcgNRdURDMIDKBTWUTaxB3VxQIDAQABAoIBAQCBktX10UW2HkMk
115
nhlz7D22nERito+TAx0Tjw2+5r4nOUvV7E13uwgbLA+j9kVkOOStvTwtUsne+E8U
116
gojrllgVBYc1nSBH2VdRfkpGCdRTNx+8CklNtiFNuE/V5+KJiTLPNhHrcHrrkQbh
117
IGjAbt3UTaJVcQYfkG1+b2D/ZlERAC0s0lnqidoqeAaiXDmDesIz+gXkpfbt5mHa
118
f/LRFRvjtBDjCOTkZ3OdFeSyW+z4zs75vvk3amQNixGW74obFUZFBvF81yUZH7kf
119
bWBMJMIo024oo4Rpi5k279gx2pWNLHQ68AWF/zLbu32xGrSQuTelVU5MNgEDVB9W
120
3T01iHwBAoGBAMGGslxNYcf2lg0pW6II4EmOSvbdZ5z9kmV92wkN4zTP3Tzr/Kzf
121
UMALczvCBYplo6Q6nR+TvRukl8Mr1e5m7Ophfv21vZfprs2YXigL9vTZKRsis8Fk
122
QSK2kO9CVnWjFu11jYCDN9nUD+9lB+ry9grdY0744a8dTsxmZ1m1ZwA1AoGBAMwm
123
nF0+OnMkILfsnaK6PVsJBUI5N/j05P/mDQcDZdQMVOBSh/kceQ4LWHXdL0lMVLBY
124
pGPXqwsO8Q/d2R2oI1acgIFcl73FTchrQd1YaHmnyfqInhKt9QOXj1c0ii4BL3ff
125
iGVf4gqQVH0B2nK7pjkBlwvpjsYFVDHP9/xkXlFRAoGAC9mgoFBItYLe601mBAUB
126
Ht/srTMffhh012wedm54RCqaRHm6zicafbf1xWn7Bt90ZsEEEAPu53tro5LSlbeN
127
uEhiC00On/e6MXKsCU26QIHvp263jRcDegmt1Ei+nJNw+vdgw8bFK7x1gVYxZuyb
128
rkyiIRrSTvO/eHqox3B5LyUCgYAmKZWTTJ2qhndjSmURVVVA3kfQYFfZPxZLy9pl
129
lDoF0KRRJrxqUetDN9W6erVrM0ylhnx8eYVs1Mc1WxhKFfM9LpZLGF75R5fJvlsa
130
oHsvOrFkFwPNpB0oJb3S5GxsOyZ/dxbNNIZRyTcyAxWt2uwwvd5ZiLh6xeY+RY0q
131
7iw/cQKBgQCaWJ8bSNNhQeaBSW5IVHFctYtLPv9aPHagBdJkKmeb06HWQHi+AvkY
132
nd0dgM/TfgtnuhbVS4ISkT4vZoSn84hOE7BG5rSPE+/q24Wv5gG0PI1sky8tmXzX
133
juAEWSJVCSE0TK/mvBVdlyKOJoEgtfMcRfDQfA1rI9My0rU+/Y5A0w==
134
-----END RSA PRIVATE KEY-----`