#!/usr/bin/env bash # MIT License # Copyright (c) 2026 SÅ‚awomir Koszewski # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # This script runs all the test required to verify the functionality of the simple CA implementation. set -e # Load the certificate functions source "$(dirname "$BASH_SOURCE[0]")/simple-ca.sh" function clean_up_test_dir() { if [[ -d "$CERT_DIR" ]]; then echo "Cleaning up test directory $CERT_DIR..." rm -rf "$CERT_DIR"/* fi echo "Creating test directory $CERT_DIR and ca subdirectory..." mkdir -p "$CERT_DIR/ca" } function display_certificate() { local CERT_PATH="$1" echo -e "\nDisplaying generated certificate for verification ($CERT_PATH):" # Display the certificate details for verification openssl x509 -in "$CERT_PATH" -noout -subject -issuer -serial -fingerprint echo echo -e "\nVerifying certificate against the CA ($CA_DIR)..." # Verify the certificate against the CA if openssl verify -CApath "$CA_DIR" "$CERT_PATH" 2>/dev/null; then echo "Certificate verification successful." else echo "ERROR: Certificate verification failed." >&2 fi } # Create a temporary directory for the test certificates CERT_DIR="$(dirname "$BASH_SOURCE[0]")/tests" CA_DIR="$CERT_DIR/ca" # Clean up any existing files in the temporary directory clean_up_test_dir "$CERT_DIR" echo echo "Running tests for standalone CA..." echo "----------------------------------" echo # Create a standalone CA for testing purposes if ! make_ca "$CA_DIR" "Test CA"; then echo "ERROR: Failed to create CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/ca_cert.pem" # Make a server certificate signed by the CA if ! make_cert --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then echo "ERROR: Failed to create server certificate." >&2 exit 1 fi # List the generated server certificate and key for verification display_certificate "$CERT_DIR/test_cert.pem" # Remove all files from the directory clean_up_test_dir "$CERT_DIR" echo echo "Running tests for two-level CA..." echo "---------------------------------" echo # Create a new CA with pathlen 1 if ! make_ca --path-len 1 "$CA_DIR" "Test Two Level CA"; then echo "ERROR: Failed to create CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/ca_cert.pem" # Create an issuing CA signed by the first CA if ! make_ca --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"; then echo "ERROR: Failed to create issuing CA." >&2 exit 1 fi # List the generated certificates and keys for verification display_certificate "$CA_DIR/issuing_ca_cert.pem" # Make a server certificate signed by the CA if ! make_cert --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then echo "ERROR: Failed to create server certificate." >&2 exit 1 fi # List the generated server certificate and key for verification display_certificate "$CERT_DIR/test_cert.pem" # Create a PKCS#12 (PFX) file for the server certificate if ! make_pfx --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"; then echo "ERROR: Failed to create PKCS#12 (PFX) file." >&2 exit 1 fi # Read the generated PKCS#12 (PFX) file to verify its contents echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):" if ! openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"; then echo "ERROR: Failed to read PKCS#12 (PFX) file." >&2 exit 1 fi