2 files changed, 69 insertions, 0 deletions

diff --git a/scripts/rootd.yaml b/scripts/rootd.yaml
new file mode 100644
index 00000000..2ee5dcd4
--- /dev/null
+++ b/scripts/rootd.yaml
@@ -0,0 +1,24 @@
+# $Id$
+---
+version:                1
+posturl:                https://localhost:4401/up-down/1
+recipient-id:           "rootd"
+sender-id:              "RIR"
+
+cms-cert-file:          RIR-RPKI-EE.cer
+cms-key-file:           RIR-RPKI-EE.key
+cms-ca-cert-file:       rootd-TA.cer
+cms-cert-chain-file:    [ RIR-RPKI-CA.cer ]
+
+ssl-cert-file:          RIR-RPKI-EE.cer
+ssl-key-file:           RIR-RPKI-EE.key
+ssl-ca-cert-file:       rootd-TA.cer
+
+requests:
+  list:
+    type:               list
+  issue:
+    type:               issue
+    class:              1
+    sia:
+      -                 rsync://localhost:4400/testbed/RIR/
diff --git a/scripts/test-pow-tls.py b/scripts/test-pow-tls.py
new file mode 100644
index 00000000..8afccbbb
--- /dev/null
+++ b/scripts/test-pow-tls.py
@@ -0,0 +1,45 @@
+# $Id$
+
+# Grope towards testing TLS functionality in POW
+
+# openssl s_server -tls1 -Verify 9 -cert biz-certs/Alice-EE.cer -key biz-certs/Alice-EE.key -www -CApath biz-certs -chain
+
+# openssl s_client -connect localhost:4433 -tls1 -cert biz-certs/Bob-EE.cer -key biz-certs/Bob-EE.key -verify 9 -CApath biz-certs -crlf
+
+import POW, socket
+
+def pow_error_iterator():
+  err = POW.getError()
+  if err is None:
+    raise StopIteration
+  else:
+    yield err
+
+key = POW.pemRead(POW.RSA_PRIVATE_KEY,  open("biz-certs/Bob-EE.key").read())
+cer = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-EE.cer").read())
+ca  = POW.pemRead(POW.X509_CERTIFICATE, open("biz-certs/Bob-CA.cer").read())
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("localhost", 4433))
+
+try:
+  t = POW.Ssl(POW.TLSV1_CLIENT_METHOD)
+  t.useCertificate(cer)
+  t.useKey(key)
+  t.addCertificate(ca)
+  t.setFd(s.fileno())
+  t.connect()
+  x = t.peerCertificate()
+  if x is not None:
+    print "Peer", x.pprint()
+  t.write("GET / HTTP/1.0\r\n")
+  if False:
+    print t.read(10000)
+  else:
+    while True:
+      print t.read()
+except:
+  print "ERROR:"
+  for e in pow_error_iterator():
+    print e
+  raise