2 # shunit2 tests for certmaster
3 # (sorry bats, but I couldn't figure out how to push a command into the background with ya)
7 /etc
/init.d
/certmaster stop
>& /dev
/null || true
8 mkdir
-p /etc
/certmaster
9 cp certmaster.conf.tst
/etc
/certmaster
/certmaster.conf
10 cp minion.conf.tst
/etc
/certmaster
/minion.conf
11 rm -rf /var
/lib
/certmaster
12 rm -rf /var
/lib
/certmaster
/test
13 rm -rf /etc
/pki
/certmaster
14 rm -rf /etc
/pki
/certmaster-test
15 /etc
/init.d
/certmaster start
>& /dev
/null
19 /etc
/init.d
/certmaster stop
>& /dev
/null
22 test_CertmasterCaAvailable
()
24 [[ -x "/usr/bin/certmaster-ca" ]]
25 assertTrue
"certmaster-ca exists" $?
28 test_CertmasterRequestAvailable
()
30 [[ -x "/usr/bin/certmaster-request" ]]
31 assertTrue
"certmaster-request exists" $?
34 test_CertmasterDaemonRunning
()
36 /etc
/init.d
/certmaster status
37 assertTrue
"certmaster daemon running" $?
40 test_CertmasterRequestHelp
()
42 actual
=`certmaster-request --help`
45 Usage: certmaster-request [options]
48 -h, --help show this help message and exit
49 --hostname=NAME hostname to use as the CN for the certificate
50 --ca=CA certificate authority used to sign the certificate
54 assertEquals
"certmaster-request --help" "$actual" "$expected"
58 test_CertmasterRequestHFlag
()
60 actual
=`certmaster-request -h`
63 Usage: certmaster-request [options]
66 -h, --help show this help message and exit
67 --hostname=NAME hostname to use as the CN for the certificate
68 --ca=CA certificate authority used to sign the certificate
71 assertEquals
"certmaster-request -h" "$actual" "$expected"
75 test_CertmasterRequestBadFlag
()
78 # backticks don't capture stderr...
79 actual
=$
(certmaster-request
--blah 2>&1)
82 Usage: certmaster-request [options]
84 certmaster-request: error: no such option: --blah
87 assertEquals
"certmaster-request --blah" "$actual" "$expected"
91 test_CertmasterRequest_UnknownCA
()
93 actual
=$
(certmaster-request
--hostname unknown.pwan.co
--ca unknown
2>&1)
95 error: Unknown cert authority: unknown
99 assertEquals
"certmaster-request --ca unknown" "$actual" "$expected"
102 test_CertmasterCAHelp
()
104 actual
=`certmaster-ca --help`
106 Usage: certmaster-ca <option> [args]
109 --version show program's version number and exit
110 -h, --help show this help message and exit
111 --ca=CA certificate authority used to sign/list certs
112 -l, --list list signing requests remaining
113 -s, --sign sign requests of hosts specified
114 -c, --clean clean out all certs or csrs for the hosts specified
115 --list-signed list all signed certs
116 --list-cert-hash list the cert hash for signed certs
119 assertEquals
"certmaster-ca --help" "$actual" "$expected"
122 test_CertmasterCAHFlag
()
124 actual
=`certmaster-ca -h`
126 Usage: certmaster-ca <option> [args]
129 --version show program's version number and exit
130 -h, --help show this help message and exit
131 --ca=CA certificate authority used to sign/list certs
132 -l, --list list signing requests remaining
133 -s, --sign sign requests of hosts specified
134 -c, --clean clean out all certs or csrs for the hosts specified
135 --list-signed list all signed certs
136 --list-cert-hash list the cert hash for signed certs
139 assertEquals
"certmaster-ca -h" "$actual" "$expected"
142 test_CertmasterCAVersion
()
144 actual
=`certmaster-ca --version`
146 [[ "$actual" == *"version:"* ]]
147 assertTrue
"version includes a version" $?
149 [[ "$actual" == *"release:"* ]]
150 assertTrue
"version includes a release" $?
153 test_CertmasterCA_UnknownCA
()
155 actual
=$
(certmaster-ca
--list --ca unknown
2>&1)
158 Unknown ca unknown: check /etc/certmaster.cfg
162 assertEquals
"certmaster-ca --ca unknown" "$actual" "$expected"
165 test_TestCA_Autosigning
()
167 certmaster-request
--hostname testcert.pwan.co
--ca test
169 [[ -e /etc
/pki
/certmaster-test
]]
170 assertTrue
"/etc/pki/certmaster-test exists" $?
171 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.cert
]]
172 assertTrue
"testcert.pwan.co.cert exists" $?
173 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.pem
]]
174 assertTrue
"testcert.pwan.co.pem exists" $?
175 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.csr
]]
176 assertTrue
"testcert.pwan.co.csr exists" $?
178 subject
=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
179 [[ $subject == *"CN=testcert.pwan.co"* ]]
181 openssl rsa
-in /etc
/pki
/certmaster-test
/testcert.pwan.co.pem
-check > /dev
/null
2>&1
182 assertTrue
"test.pwan.co.pem OK" $?
183 openssl req
-text -noout -verify -in /etc
/pki
/certmaster-test
/testcert.pwan.co.csr
> /dev
/null
2>&1
184 assertTrue
"test.pwan.co.csr OK" $?
186 # Verify there are no certs left to sign
187 output
=`certmaster-ca --list --ca test`
188 assertEquals
"nothing to sign" "$output" "No certificates to sign"
190 # Verify the cert shows up in the signed list
191 output
=`certmaster-ca --list-signed --ca test`
192 [[ $output == *"testcert.pwan.co"* ]]
193 assertTrue
"--list-signed includes testcert" $?
195 # Verify the cert shows up in the list-cert-hash command
196 output
=`certmaster-ca --list-cert-hash --ca test`
197 [[ $output == *"testcert.pwan.co"* ]]
198 assertTrue
"--list-cert-hash includes testcert" $?
202 test_DefaultCA_NonAutosigning
() {
204 # Turn on job control, so 'fg' is available
208 certmaster-request
--hostname defaultcert.pwan.co
&
210 echo "...patience grasshopper..."
212 # Verify the cert is waiting to be signed
213 output
=`certmaster-ca --list`
214 [[ $output == *"defaultcert.pwan.co"* ]]
215 assertTrue
"$output includes defaultcert" $?
218 output
=`certmaster-ca --sign defaultcert.pwan.co`
221 # Bring the request back to the foreground so it can finish
224 # Verify there are no certs left to sign
225 output
=`certmaster-ca --list`
226 assertEquals
"nothing to sign" "$output" "No certificates to sign"
228 # Verify the cert shows up in the signed list
229 output
=`certmaster-ca --list-signed`
230 [[ $output == *"defaultcert.pwan.co"* ]]
231 assertTrue
"--list-signed includes defaultcert" $?
233 # Verify the cert shows up in the list-cert-hash command
234 output
=`certmaster-ca --list-cert-hash`
235 [[ $output == *"defaultcert.pwan.co"* ]]
236 assertTrue
"--list-cert-hash includes defaultcert" $?
238 # Verify all the expected files exist
239 [[ -e /etc
/pki
/certmaster
]]
240 assertTrue
"/etc/pki/certmaster exists" $?
241 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.cert
]]
242 assertTrue
"defaultcert.pwan.co.cert.exists" $?
243 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.pem
]]
244 assertTrue
"defaultcert.pwan.co.pem exists" $?
245 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.csr
]]
246 assertTrue
"default.pwan.co.csr exists" $?
248 # Verify the cert's CN
249 subject
=`openssl x509 -in /etc/pki/certmaster/defaultcert.pwan.co.cert -subject -noout`
250 [[ $subject == *"CN=defaultcert.pwan.co"* ]]
252 # Verify the key and signing request are valid
253 openssl rsa
-in /etc
/pki
/certmaster
/defaultcert.pwan.co.pem
-check > /dev
/null
2>&1
254 assertTrue
"default.pwan.co.pem OK" $?
255 openssl req
-text -noout -verify -in /etc
/pki
/certmaster
/defaultcert.pwan.co.csr
> /dev
/nulla
2>&1
256 assertTrue
"defaultcert.pwan.co.csr OK" $?
263 .
/usr
/share
/shunit
2/shunit2