tests/certmaster.bats

   1 #!/usr/bin/env bats
   2
   3 setup() {
   4     /etc/init.d/certmaster stop || true
   5     mkdir -p /etc/certmaster
   6     cp certmaster.conf.tst /etc/certmaster/certmaster.conf
   7     cp minion.conf.tst /etc/certmaster/minion.conf
   8     rm -rf /var/lib/certmaster/certmaster
   9     rm -rf /var/lib/certmaster/test
  10     rm -rf /etc/pki/certmaster
  11     rm -rf /etc/pki/certmaster-test
  12     /etc/init.d/certmaster start
  13 }
  14
  15 teardown() {
  16     /etc/init.d/certmaster stop
  17 }
  18
  19 @test "check that certmaster-ca is availabe" {
  20     command -v certmaster-ca
  21 }
  22
  23 @test "check that certmaster-request is available" {
  24     command -v certmaster-request
  25 }
  26
  27 @test "check that the certmaster daemon is running" {
  28     /etc/init.d/certmaster status
  29 }
  30
  31 @test "check certmaster-request --help" {
  32     run certmaster-request --help
  33
  34     expected=$(cat <<EOF
  35 Usage: certmaster-request [options]
  36
  37 Options:
  38   -h, --help       show this help message and exit
  39   --hostname=NAME  hostname to use as the CN for the certificate
  40   --ca=CA          certificate authority used to sign the certificate
  41 EOF
  42 )
  43     [ "$output" = "$expected" ]
  44
  45 }
  46
  47 @test "check certmaster-request -h" {
  48     run certmaster-request -h
  49
  50     expected=$(cat <<EOF
  51 Usage: certmaster-request [options]
  52
  53 Options:
  54   -h, --help       show this help message and exit
  55   --hostname=NAME  hostname to use as the CN for the certificate
  56   --ca=CA          certificate authority used to sign the certificate
  57 EOF
  58 )
  59     [ "$output" = "$expected" ]
  60
  61 }
  62
  63 @test "check certmaster-request --blah" {
  64
  65     run certmaster-request --blah
  66
  67     expected=$(cat << EOF
  68 Usage: certmaster-request [options]
  69
  70 certmaster-request: error: no such option: --blah
  71 EOF
  72 )
  73
  74 }
  75
  76 @test "signing a cert with the autosigning test ca" {
  77     run certmaster-request --hostname testcert.pwan.co --ca test
  78
  79     stat /etc/pki/certmaster-test
  80     stat /etc/pki/certmaster-test/testcert.pwan.co.cert
  81     stat /etc/pki/certmaster-test/testcert.pwan.co.pem
  82     stat /etc/pki/certmaster-test/testcert.pwan.co.csr
  83
  84     subject=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
  85     [[ $subject == *"CN=testcert.pwan.co"*  ]]
  86
  87     openssl rsa -in /etc/pki/certmaster-test/testcert.pwan.co.pem -check
  88     openssl req -text -noout -verify -in /etc/pki/certmaster-test/testcert.pwan.co.csr
  89 }
  90
  91 @test "signing a cert with the non-autosigning default ca" {
  92
  93     setsid certmaster-request --hostname defaultcert.pwan.co
  94
  95     echo "hello" > blah.txt
  96     output=`certmaster-ca --list`
  97     echo "$output" >> blah.txt
  98     [[ $output == *"defaultcert.pwan.co"* ]]
  99
 100     run certmaster-ca --sign defaultcert.pwan.co
 101
 102     stat /etc/pki/certmaster
 103     stat /etc/pki/certmaster/defaultcert,pwan.co.cert
 104     stat /etc/pki/certmaster/defaultcert,pwan.co.pem
 105     stat /etc/pki/certmaster/defaultcert,pwan.co.csr
 106
 107     subject=`openssl x509 -in /etc/pki/certmaster/defaultcert.pwan.co.cert -subject -noout`
 108     [[ $subject == *"CN=defaultcert.pwan.co"*  ]]
 109
 110     openssl rsa -in /etc/pki/certmaster/defaultcert.pwan.co.pem -check
 111     openssl req -text -noout -verify -in /etc/pki/certmaster/defaultcert.pwan.co.csr
 112
 113 }