--- /dev/null
+#!/usr/bin/env bats
+
+setup() {
+ /etc/init.d/certmaster stop || true
+ mkdir -p /etc/certmaster
+ cp certmaster.conf.tst /etc/certmaster/certmaster.conf
+ cp minion.conf.tst /etc/certmaster/minion.conf
+ rm -rf /var/lib/certmaster/certmaster
+ rm -rf /var/lib/certmaster/test
+ rm -rf /etc/pki/certmaster
+ rm -rf /etc/pki/certmaster-test
+ /etc/init.d/certmaster start
+}
+
+teardown() {
+ /etc/init.d/certmaster stop
+}
+
+@test "check that certmaster-ca is availabe" {
+ command -v certmaster-ca
+}
+
+@test "check that certmaster-request is available" {
+ command -v certmaster-request
+}
+
+@test "check that the certmaster daemon is running" {
+ /etc/init.d/certmaster status
+}
+
+@test "check certmaster-request --help" {
+ run certmaster-request --help
+
+ expected=$(cat <<EOF
+Usage: certmaster-request [options]
+
+Options:
+ -h, --help show this help message and exit
+ --hostname=NAME hostname to use as the CN for the certificate
+ --ca=CA certificate authority used to sign the certificate
+EOF
+)
+ [ "$output" = "$expected" ]
+
+}
+
+@test "check certmaster-request -h" {
+ run certmaster-request -h
+
+ expected=$(cat <<EOF
+Usage: certmaster-request [options]
+
+Options:
+ -h, --help show this help message and exit
+ --hostname=NAME hostname to use as the CN for the certificate
+ --ca=CA certificate authority used to sign the certificate
+EOF
+)
+ [ "$output" = "$expected" ]
+
+}
+
+@test "check certmaster-request --blah" {
+
+ run certmaster-request --blah
+
+ expected=$(cat << EOF
+Usage: certmaster-request [options]
+
+certmaster-request: error: no such option: --blah
+EOF
+)
+
+}
+
+@test "signing a cert with the autosigning test ca" {
+ run certmaster-request --hostname testcert.pwan.co --ca test
+
+ stat /etc/pki/certmaster-test
+ stat /etc/pki/certmaster-test/testcert.pwan.co.cert
+ stat /etc/pki/certmaster-test/testcert.pwan.co.pem
+ stat /etc/pki/certmaster-test/testcert.pwan.co.csr
+
+ subject=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
+ [[ $subject == *"CN=testcert.pwan.co"* ]]
+
+ openssl rsa -in /etc/pki/certmaster-test/testcert.pwan.co.pem -check
+ openssl req -text -noout -verify -in /etc/pki/certmaster-test/testcert.pwan.co.csr
+}
+
+@test "signing a cert with the non-autosigning default ca" {
+
+ setsid certmaster-request --hostname defaultcert.pwan.co
+
+ echo "hello" > blah.txt
+ output=`certmaster-ca --list`
+ echo "$output" >> blah.txt
+ [[ $output == *"defaultcert.pwan.co"* ]]
+
+ run certmaster-ca --sign defaultcert.pwan.co
+
+ stat /etc/pki/certmaster
+ stat /etc/pki/certmaster/defaultcert,pwan.co.cert
+ stat /etc/pki/certmaster/defaultcert,pwan.co.pem
+ stat /etc/pki/certmaster/defaultcert,pwan.co.csr
+
+ subject=`openssl x509 -in /etc/pki/certmaster/defaultcert.pwan.co.cert -subject -noout`
+ [[ $subject == *"CN=defaultcert.pwan.co"* ]]
+
+ openssl rsa -in /etc/pki/certmaster/defaultcert.pwan.co.pem -check
+ openssl req -text -noout -verify -in /etc/pki/certmaster/defaultcert.pwan.co.csr
+
+}
--- /dev/null
+# This is the test /etc/certmaster.conf file used with the certmaster bats tests
+
+[main]
+listen_addr =
+listen_port = 51235
+cert_extension = cert
+sync_certs = False
+
+# Use thse settings if no --ca flag provided
+autosign = no
+cadir = /etc/pki/certmaster/ca
+cert_dir = /etc/pki/certmaster
+certroot = /var/lib/certmaster/certmaster/certs
+csrroot = /var/lib/certmaster/certmaster/csrs
+
+# use these directories if '--ca=yourapp' provided in the certmaster-ca commands
+[ca:test]
+autosign = yes
+cadir = /etc/pki/certmaster/test-ca
+cert_dir = /etc/pki/certmaster/test
+certroot = /var/lib/certmaster/test/certs
+csrroot = /var/lib/certmaster/test/csrs
+
projects / certmaster.git / commitdiff