#!/usr/bin/env bash # This script runs all the test required to verify the functionality of the simple CA implementation. set -e # Load the certificate functions source "$(dirname "$BASH_SOURCE[0]")/cert-functions.sh" function clean_up_test_dir() { if [[ -d "$CERT_DIR" ]]; then echo "Cleaning up test directory $CERT_DIR..." rm -rf "$CERT_DIR"/* fi echo "Creating test directory $CERT_DIR and ca subdirectory..." mkdir -p "$CERT_DIR/ca" } function display_certificate() { local CERT_PATH="$1" echo -e "\nDisplaying generated certificate for verification ($CERT_PATH):" # Display the certificate details for verification openssl x509 -in "$CERT_PATH" -noout -subject -issuer -serial -fingerprint echo echo -e "\nVerifying certificate against the CA ($CA_DIR)..." # Verify the certificate against the CA if openssl verify -CApath "$CA_DIR" "$CERT_PATH" 2>/dev/null; then echo "Certificate verification successful." else echo "ERROR: Certificate verification failed." >&2 fi } # Create a temporary directory for the test certificates CERT_DIR="$(dirname "$BASH_SOURCE[0]")/tests" CA_DIR="$CERT_DIR/ca" # Clean up any existing files in the temporary directory clean_up_test_dir "$CERT_DIR" echo echo "Running tests for standalone CA..." echo "----------------------------------" echo # Create a standalone CA for testing purposes if ! make_ca "$CA_DIR" "Test CA"; then echo "ERROR: Failed to create CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/ca_cert.pem" # Make a server certificate signed by the CA if ! make_server_cert --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then echo "ERROR: Failed to create server certificate." >&2 exit 1 fi # List the generated server certificate and key for verification display_certificate "$CERT_DIR/test_cert.pem" # Remove all files from the directory clean_up_test_dir "$CERT_DIR" echo echo "Running tests for two-level CA..." echo "---------------------------------" echo # Create a new CA with pathlen 1 if ! make_ca --path-len 1 "$CA_DIR" "Test Two Level CA"; then echo "ERROR: Failed to create CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/ca_cert.pem" # Create an issuing CA signed by the first CA if ! make_ca --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"; then echo "ERROR: Failed to create issuing CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/issuing_ca_cert.pem" # Make a server certificate signed by the CA if ! make_server_cert --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then echo "ERROR: Failed to create server certificate." >&2 exit 1 fi # List the generated server certificate and key for verification display_certificate "$CERT_DIR/test_cert.pem" # Create a PKCS#12 (PFX) file for the server certificate if ! make_pfx --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"; then echo "ERROR: Failed to create PKCS#12 (PFX) file." >&2 exit 1 fi # Read the generated PKCS#12 (PFX) file to verify its contents echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):" if ! openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"; then echo "ERROR: Failed to read PKCS#12 (PFX) file." >&2 exit 1 fi