From 0cdf249942ddf5c6f3a461ab8b0e47e8f6577442 Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Fri, 24 Apr 2026 23:46:47 +0200 Subject: [PATCH] Update: enhance CI workflow to include Python and Go tests --- .gitea/workflows/test.yaml | 38 ++++++++- run-tests.sh | 160 +++++++++++++++++-------------------- 2 files changed, 110 insertions(+), 88 deletions(-) diff --git a/.gitea/workflows/test.yaml b/.gitea/workflows/test.yaml index 594a27a..57f1282 100644 --- a/.gitea/workflows/test.yaml +++ b/.gitea/workflows/test.yaml @@ -2,14 +2,46 @@ on: push: paths: - 'simple-ca.sh' + - 'simple-ca.py' - 'run-tests.sh' + - 'src/simple-ca/**' + - '.gitea/workflows/test.yaml' jobs: - test: + test-bash: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v6 - - name: Run tests - run: ./run-tests.sh + - name: Run bash tests + run: ./run-tests.sh bash + + test-python: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Run python tests + run: ./run-tests.sh python + + test-go: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.25' + cache-dependency-path: src/simple-ca/go.sum + + - name: Run go tests + run: ./run-tests.sh go diff --git a/run-tests.sh b/run-tests.sh index 74bb959..7724c90 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -21,115 +21,105 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. -# This script runs all the test required to verify the functionality of the simple CA implementation. +# This script runs integration tests against one or more simple-ca implementations. +# Usage: run-tests.sh [bash|python|go|all] (default: all) set -e -# Load the certificate functions -source "$(dirname "$BASH_SOURCE[0]")/simple-ca.sh" +TEST_TARGET="${1:-all}" -function clean_up_test_dir() { +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CERT_DIR="$SCRIPT_DIR/tests" +CA_DIR="$CERT_DIR/ca" + +clean_up_test_dir() { if [[ -d "$CERT_DIR" ]]; then echo "Cleaning up test directory $CERT_DIR..." rm -rf "$CERT_DIR"/* fi - echo "Creating test directory $CERT_DIR and ca subdirectory..." - mkdir -p "$CERT_DIR/ca" + mkdir -p "$CA_DIR" } -function display_certificate() { +display_certificate() { local CERT_PATH="$1" echo -e "\nDisplaying generated certificate for verification ($CERT_PATH):" - - # Display the certificate details for verification openssl x509 -in "$CERT_PATH" -noout -subject -issuer -serial -fingerprint echo echo -e "\nVerifying certificate against the CA bundle ($CA_DIR/ca_bundle.pem)..." - - # Verify the certificate against the CA bundle if openssl verify -CAfile "$CA_DIR/ca_bundle.pem" "$CERT_PATH" 2>/dev/null; then echo "Certificate verification successful." else echo "ERROR: Certificate verification failed." >&2 + exit 1 fi } -# Create a temporary directory for the test certificates -CERT_DIR="$(dirname "$BASH_SOURCE[0]")/tests" -CA_DIR="$CERT_DIR/ca" +# run_flow NAME MAKE_CA_CMD MAKE_CERT_CMD MAKE_PFX_CMD +# Command variables are left unquoted on use, so multi-word prefixes +# (e.g. "python3 simple-ca.py make-ca") word-split as expected. +run_flow() { + local NAME="$1" + local MAKE_CA_CMD="$2" + local MAKE_CERT_CMD="$3" + local MAKE_PFX_CMD="$4" -# Clean up any existing files in the temporary directory -clean_up_test_dir "$CERT_DIR" + echo + echo "============================================================" + echo "Running tests for '$NAME' implementation" + echo "============================================================" + + echo + echo "--- [$NAME] Standalone CA ---" + clean_up_test_dir + $MAKE_CA_CMD "$CA_DIR" "Test CA" + display_certificate "$CA_DIR/ca_cert.pem" + $MAKE_CERT_CMD --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1" + display_certificate "$CERT_DIR/test_cert.pem" + + echo + echo "--- [$NAME] Two-level CA ---" + clean_up_test_dir + $MAKE_CA_CMD "$CA_DIR" "Test Two Level CA" + display_certificate "$CA_DIR/ca_cert.pem" + $MAKE_CA_CMD --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA" + display_certificate "$CA_DIR/issuing_ca_cert.pem" + $MAKE_CERT_CMD --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1" + display_certificate "$CERT_DIR/test_cert.pem" + $MAKE_PFX_CMD --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t" + + echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):" + openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t" +} + +# Uses ;;& to fall through to subsequent patterns so 'all' matches every block. +case "$TEST_TARGET" in + bash|all) + # shellcheck disable=SC1091 + source "$SCRIPT_DIR/simple-ca.sh" + run_flow "bash" "make_ca" "make_cert" "make_pfx" + ;;& + python|all) + command -v python3 >/dev/null || { echo "ERROR: python3 not found" >&2; exit 1; } + PY_PREFIX="python3 $SCRIPT_DIR/simple-ca.py" + run_flow "python" "$PY_PREFIX make-ca" "$PY_PREFIX make-cert" "$PY_PREFIX make-pfx" + ;;& + go|all) + command -v go >/dev/null || { echo "ERROR: go not found" >&2; exit 1; } + GO_SRC="$SCRIPT_DIR/src/simple-ca" + GO_BIN="$GO_SRC/simple-ca" + echo "Building Go binary..." + (cd "$GO_SRC" && go build -o simple-ca .) + run_flow "go" "$GO_BIN make-ca" "$GO_BIN make-cert" "$GO_BIN make-pfx" + ;;& + bash|python|go|all) + ;; + *) + echo "ERROR: unknown target '$TEST_TARGET' (expected: bash|python|go|all)" >&2 + exit 1 + ;; +esac echo -echo "Running tests for standalone CA..." -echo "----------------------------------" -echo - -# Create a standalone CA for testing purposes -if ! make_ca "$CA_DIR" "Test CA"; then - echo "ERROR: Failed to create CA." >&2 - exit 1 -fi - -# List the generated certificates and keys for verification -display_certificate "$CA_DIR/ca_cert.pem" - -# Make a server certificate signed by the CA -if ! make_cert --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then - echo "ERROR: Failed to create server certificate." >&2 - exit 1 -fi - -# List the generated server certificate and key for verification -display_certificate "$CERT_DIR/test_cert.pem" - -# Remove all files from the directory -clean_up_test_dir "$CERT_DIR" - -echo -echo "Running tests for two-level CA..." -echo "---------------------------------" -echo - -# Create a new CA with pathlen 1 -if ! make_ca "$CA_DIR" "Test Two Level CA"; then - echo "ERROR: Failed to create CA." >&2 - exit 1 -fi - -# List the generated certificates and keys for verification -display_certificate "$CA_DIR/ca_cert.pem" - -# Create an issuing CA signed by the first CA -if ! make_ca --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"; then - echo "ERROR: Failed to create issuing CA." >&2 - exit 1 -fi - -# List the generated certificates and keys for verification -display_certificate "$CA_DIR/issuing_ca_cert.pem" - -# Make a server certificate signed by the CA -if ! make_cert --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then - echo "ERROR: Failed to create server certificate." >&2 - exit 1 -fi - -# List the generated server certificate and key for verification -display_certificate "$CERT_DIR/test_cert.pem" - -# Create a PKCS#12 (PFX) file for the server certificate -if ! make_pfx --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"; then - echo "ERROR: Failed to create PKCS#12 (PFX) file." >&2 - exit 1 -fi - -# Read the generated PKCS#12 (PFX) file to verify its contents -echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):" -if ! openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"; then - echo "ERROR: Failed to read PKCS#12 (PFX) file." >&2 - exit 1 -fi +echo "All requested tests passed."