}
+test_CertmasterRequest_UnknownCA()
+{
+ actual=$(certmaster-request --hostname unknown.pwan.co --ca unknown 2>&1)
+ expected=$(cat <<EOF
+error: Unknown cert authority: unknown
+EOF
+)
+
+ assertEquals "certmaster-request --ca unknown" "$actual" "$expected"
+}
+
test_CertmasterCAHelp()
{
actual=`certmaster-ca --help`
assertTrue "version includes a release" $?
}
+test_CertmasterCA_UnknownCA()
+{
+ actual=$(certmaster-ca --list --ca unknown 2>&1)
+
+ expected=$(cat <<EOF
+Unknown ca unknown: check /etc/certmaster.cfg
+EOF
+)
+
+ assertEquals "certmaster-ca --ca unknown" "$actual" "$expected"
+}
+
test_TestCA_Autosigning()
{
certmaster-request --hostname testcert.pwan.co --ca test
subject=`openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -subject -noout`
[[ $subject == *"CN=testcert.pwan.co"* ]]
+ openssl x509 -in /etc/pki/certmaster-test/testcert.pwan.co.cert -text | grep Signature | grep sha256
+ assertTrue "testcert.pwan.co.cert has a sha256 hash" $?
+
openssl rsa -in /etc/pki/certmaster-test/testcert.pwan.co.pem -check > /dev/null 2>&1
assertTrue "test.pwan.co.pem OK" $?
openssl req -text -noout -verify -in /etc/pki/certmaster-test/testcert.pwan.co.csr > /dev/null 2>&1
}
+test_MD5CA_Attempy() {
+
+ # TODO: Verify attempts to create MD5 certs fail
+ assertTrue "TODO" false
+}
+
+test_Sha1CA_Autosigning() {
+
+ # TODO: Verify a deprecation warning was issued ?
+
+ certmaster-request --hostname testcert.pwan.co --ca sha1
+ openssl x509 -in /etc/pki/certmaster-sha1/testcert.pwan.co.cert -text | grep Signature | grep sha1
+ assertTrue "testcert.pwan.co.cert has a sha1 hash" $?
+
+}
+
+test_Sha224CA_Autosigning() {
+
+ # TODO: Verify /etc/pki/certmaster-test/testcert.pwan.co.cert is using sha224
+ certmaster-request --hostname testcert.pwan.co --ca sha224
+ openssl x509 -in /etc/pki/certmaster-sha224/testcert.pwan.co.cert -text | grep Signature | grep sha224
+ assertTrue "testcert.pwan.co.cert has a sha224 hash" $?
+
+}
+
test_DefaultCA_NonAutosigning() {
# Turn on job control, so 'fg' is available