#!/usr/bin/env bash # MIT License # Copyright (c) 2026 Sławomir Koszewski # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # Integration tests for simple-ca.sh. # Usage: run-tests.sh set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/simple-ca.sh" # Temporary test directory — cleaned up on exit. TEST_DIR="$(mktemp -d)" trap 'rm -rf "$TEST_DIR"' EXIT CA_DIR="$TEST_DIR/ca" CERT_DIR="$TEST_DIR/certs" reset_dirs() { rm -rf "$CA_DIR" "$CERT_DIR" mkdir -p "$CA_DIR" "$CERT_DIR" SIMPLE_CA_DIR="" } verify_cert() { local CERT_PATH="$1" if ! openssl verify -CAfile "$CA_DIR/ca_bundle.pem" "$CERT_PATH" 2>/dev/null; then echo "ERROR: Certificate verification failed: $CERT_PATH" >&2 exit 1 fi echo "Verified: $CERT_PATH" } # --------------------------------------------------------------------------- # Standalone CA # --------------------------------------------------------------------------- echo echo "--- [shell] Standalone CA ---" reset_dirs make_ca --ca-dir "$CA_DIR" "Test CA" 2>/dev/null [[ -f "$CA_DIR/ca_cert.pem" ]] || { echo "ERROR: ca_cert.pem not created" >&2; exit 1; } [[ -f "$CA_DIR/ca_bundle.pem" ]] || { echo "ERROR: ca_bundle.pem not created" >&2; exit 1; } verify_cert "$CA_DIR/ca_cert.pem" make_cert --cert-dir "$CERT_DIR" "test" "test.example.com" "127.0.0.1" 2>/dev/null [[ -f "$CERT_DIR/test_cert.pem" ]] || { echo "ERROR: test_cert.pem not created" >&2; exit 1; } verify_cert "$CERT_DIR/test_cert.pem" # --------------------------------------------------------------------------- # Two-level CA # --------------------------------------------------------------------------- echo echo "--- [shell] Two-level CA ---" reset_dirs make_ca --ca-dir "$CA_DIR" "Test Root CA" 2>/dev/null verify_cert "$CA_DIR/ca_cert.pem" make_ca --issuing-ca "issuing_ca" "Issuing CA" 2>/dev/null [[ -f "$CA_DIR/issuing_ca/ca_cert.pem" ]] || { echo "ERROR: issuing_ca/ca_cert.pem not created" >&2; exit 1; } verify_cert "$CA_DIR/issuing_ca/ca_cert.pem" make_cert --cert-dir "$CERT_DIR" --issuing-ca "issuing_ca" "test" "test.example.com" "127.0.0.1" 2>/dev/null verify_cert "$CERT_DIR/test_cert.pem" make_pfx --issuing-ca "issuing_ca" --password "s3cr3t" "$CERT_DIR/test_cert.pem" 2>/dev/null [[ -f "$CERT_DIR/test.pfx" ]] || { echo "ERROR: test.pfx not created" >&2; exit 1; } openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t" 2>/dev/null \ || { echo "ERROR: PFX verification failed" >&2; exit 1; } echo "PFX: OK" echo echo "All shell tests passed."