2 # shunit2 tests for certmaster
3 # (sorry bats, but I couldn't figure out how to push a command into the background with ya)
7 /etc
/init.d
/certmaster stop
>& /dev
/null || true
8 mkdir
-p /etc
/certmaster
9 cp certmaster.conf.tst
/etc
/certmaster
/certmaster.conf
10 cp minion.conf.tst
/etc
/certmaster
/minion.conf
11 rm -rf /var
/lib
/certmaster
12 rm -rf /var
/lib
/certmaster
/test
13 rm -rf /etc
/pki
/certmaster
14 rm -rf /etc
/pki
/certmaster-test
15 /etc
/init.d
/certmaster start
>& /dev
/null
19 /etc
/init.d
/certmaster stop
>& /dev
/null
22 test_CertmasterCaAvailable
()
24 [[ -x "/usr/bin/certmaster-ca" ]]
25 assertTrue
"certmaster-ca exists" $?
28 test_CertmasterRequestAvailable
()
30 [[ -x "/usr/bin/certmaster-request" ]]
31 assertTrue
"certmaster-request exists" $?
34 test_CertmasterDaemonRunning
()
36 /etc
/init.d
/certmaster status
37 assertTrue
"certmaster daemon running" $?
40 test_CertmasterRequestHelp
()
42 actual
=`certmaster-request --help`
45 Usage: certmaster-request [options]
48 -h, --help show this help message and exit
49 --hostname=NAME hostname to use as the CN for the certificate
50 --ca=CA certificate authority used to sign the certificate
54 assertEquals
"certmaster-request --help" "$actual" "$expected"
58 test_CertmasterRequestHFlag
()
60 actual
=`certmaster-request -h`
63 Usage: certmaster-request [options]
66 -h, --help show this help message and exit
67 --hostname=NAME hostname to use as the CN for the certificate
68 --ca=CA certificate authority used to sign the certificate
71 assertEquals
"certmaster-request -h" "$actual" "$expected"
75 test_CertmasterRequestBadFlag
()
78 # backticks don't capture stderr...
79 actual
=$
(certmaster-request
--blah 2>&1)
82 Usage: certmaster-request [options]
84 certmaster-request: error: no such option: --blah
87 assertEquals
"certmaster-request --blah" "$actual" "$expected"
91 test_CertmasterCAHelp
()
93 actual
=`certmaster-ca --help`
95 Usage: certmaster-ca <option> [args]
98 --version show program's version number and exit
99 -h, --help show this help message and exit
100 --ca=CA certificate authority used to sign/list certs
101 -l, --list list signing requests remaining
102 -s, --sign sign requests of hosts specified
103 -c, --clean clean out all certs or csrs for the hosts specified
104 --list-signed list all signed certs
105 --list-cert-hash list the cert hash for signed certs
108 assertEquals
"certmaster-ca --help" "$actual" "$expected"
111 test_CertmasterCAHFlag
()
113 actual
=`certmaster-ca -h`
115 Usage: certmaster-ca <option> [args]
118 --version show program's version number and exit
119 -h, --help show this help message and exit
120 --ca=CA certificate authority used to sign/list certs
121 -l, --list list signing requests remaining
122 -s, --sign sign requests of hosts specified
123 -c, --clean clean out all certs or csrs for the hosts specified
124 --list-signed list all signed certs
125 --list-cert-hash list the cert hash for signed certs
128 assertEquals
"certmaster-ca -h" "$actual" "$expected"
131 test_CertmasterCAVersion
()
133 actual
=`certmaster-ca --version`
135 [[ "$actual" == *"version:"* ]]
136 assertTrue
"version includes a version" $?
138 [[ "$actual" == *"release:"* ]]
139 assertTrue
"version includes a release" $?
142 test_TestCA_Autosigning
()
144 certmaster-request
--hostname testcert.pwan.co
--ca test
146 [[ -e /etc
/pki
/certmaster-test
]]
147 assertTrue
"/etc/pki/certmaster-test exists" $?
148 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.cert
]]
149 assertTrue
"testcert.pwan.co.cert exists" $?
150 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.pem
]]
151 assertTrue
"testcert.pwan.co.pem exists" $?
152 [[ -e /etc
/pki
/certmaster-test
/testcert.pwan.co.csr
]]
153 assertTrue
"testcert.pwan.co.csr exists" $?
155 subject
=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
156 [[ $subject == *"CN=testcert.pwan.co"* ]]
158 openssl rsa
-in /etc
/pki
/certmaster-test
/testcert.pwan.co.pem
-check > /dev
/null
2>&1
159 assertTrue
"test.pwan.co.pem OK" $?
160 openssl req
-text -noout -verify -in /etc
/pki
/certmaster-test
/testcert.pwan.co.csr
> /dev
/null
2>&1
161 assertTrue
"test.pwan.co.csr OK" $?
163 # Verify there are no certs left to sign
164 output
=`certmaster-ca --list --ca test`
165 assertEquals
"nothing to sign" "$output" "No certificates to sign"
167 # Verify the cert shows up in the signed list
168 output
=`certmaster-ca --list-signed --ca test`
169 [[ $output == *"testcert.pwan.co"* ]]
170 assertTrue
"--list-signed includes testcert" $?
172 # Verify the cert shows up in the list-cert-hash command
173 output
=`certmaster-ca --list-cert-hash --ca test`
174 [[ $output == *"testcert.pwan.co"* ]]
175 assertTrue
"--list-cert-hash includes testcert" $?
179 test_DefaultCA_NonAutosigning
() {
181 # Turn on job control, so 'fg' is available
185 certmaster-request
--hostname defaultcert.pwan.co
&
187 echo "...patience grasshopper..."
189 # Verify the cert is waiting to be signed
190 output
=`certmaster-ca --list`
191 [[ $output == *"defaultcert.pwan.co"* ]]
192 assertTrue
"$output includes defaultcert" $?
195 output
=`certmaster-ca --sign defaultcert.pwan.co`
198 # Bring the request back to the foreground so it can finish
201 # Verify there are no certs left to sign
202 output
=`certmaster-ca --list`
203 assertEquals
"nothing to sign" "$output" "No certificates to sign"
205 # Verify the cert shows up in the signed list
206 output
=`certmaster-ca --list-signed`
207 [[ $output == *"defaultcert.pwan.co"* ]]
208 assertTrue
"--list-signed includes defaultcert" $?
210 # Verify the cert shows up in the list-cert-hash command
211 output
=`certmaster-ca --list-cert-hash`
212 [[ $output == *"defaultcert.pwan.co"* ]]
213 assertTrue
"--list-cert-hash includes defaultcert" $?
215 # Verify all the expected files exist
216 [[ -e /etc
/pki
/certmaster
]]
217 assertTrue
"/etc/pki/certmaster exists" $?
218 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.cert
]]
219 assertTrue
"defaultcert.pwan.co.cert.exists" $?
220 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.pem
]]
221 assertTrue
"defaultcert.pwan.co.pem exists" $?
222 [[ -e /etc
/pki
/certmaster
/defaultcert.pwan.co.csr
]]
223 assertTrue
"default.pwan.co.csr exists" $?
225 # Verify the cert's CN
226 subject
=`openssl x509 -in /etc/pki/certmaster/defaultcert.pwan.co.cert -subject -noout`
227 [[ $subject == *"CN=defaultcert.pwan.co"* ]]
229 # Verify the key and signing request are valid
230 openssl rsa
-in /etc
/pki
/certmaster
/defaultcert.pwan.co.pem
-check > /dev
/null
2>&1
231 assertTrue
"default.pwan.co.pem OK" $?
232 openssl req
-text -noout -verify -in /etc
/pki
/certmaster
/defaultcert.pwan.co.csr
> /dev
/nulla
2>&1
233 assertTrue
"defaultcert.pwan.co.csr OK" $?
240 .
/usr
/share
/shunit
2/shunit2