136 lines
4.5 KiB
Bash
Executable File
136 lines
4.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# MIT License
|
|
# Copyright (c) 2026 Sławomir Koszewski
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in all
|
|
# copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
# SOFTWARE.
|
|
|
|
# This script runs all the test required to verify the functionality of the simple CA implementation.
|
|
set -e
|
|
|
|
# Load the certificate functions
|
|
source "$(dirname "$BASH_SOURCE[0]")/simple-ca.sh"
|
|
|
|
function clean_up_test_dir() {
|
|
if [[ -d "$CERT_DIR" ]]; then
|
|
echo "Cleaning up test directory $CERT_DIR..."
|
|
rm -rf "$CERT_DIR"/*
|
|
fi
|
|
|
|
echo "Creating test directory $CERT_DIR and ca subdirectory..."
|
|
mkdir -p "$CERT_DIR/ca"
|
|
}
|
|
|
|
function display_certificate() {
|
|
local CERT_PATH="$1"
|
|
|
|
echo -e "\nDisplaying generated certificate for verification ($CERT_PATH):"
|
|
|
|
# Display the certificate details for verification
|
|
openssl x509 -in "$CERT_PATH" -noout -subject -issuer -serial -fingerprint
|
|
echo
|
|
|
|
echo -e "\nVerifying certificate against the CA ($CA_DIR)..."
|
|
|
|
# Verify the certificate against the CA
|
|
if openssl verify -CApath "$CA_DIR" "$CERT_PATH" 2>/dev/null; then
|
|
echo "Certificate verification successful."
|
|
else
|
|
echo "ERROR: Certificate verification failed." >&2
|
|
fi
|
|
}
|
|
|
|
# Create a temporary directory for the test certificates
|
|
CERT_DIR="$(dirname "$BASH_SOURCE[0]")/tests"
|
|
CA_DIR="$CERT_DIR/ca"
|
|
|
|
# Clean up any existing files in the temporary directory
|
|
clean_up_test_dir "$CERT_DIR"
|
|
|
|
echo
|
|
echo "Running tests for standalone CA..."
|
|
echo "----------------------------------"
|
|
echo
|
|
|
|
# Create a standalone CA for testing purposes
|
|
if ! make_ca "$CA_DIR" "Test CA"; then
|
|
echo "ERROR: Failed to create CA." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# List the generated certificates and keys for verification
|
|
display_certificate "$CA_DIR/ca_cert.pem"
|
|
|
|
# Make a server certificate signed by the CA
|
|
if ! make_cert --ca-dir "$CA_DIR" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then
|
|
echo "ERROR: Failed to create server certificate." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# List the generated server certificate and key for verification
|
|
display_certificate "$CERT_DIR/test_cert.pem"
|
|
|
|
# Remove all files from the directory
|
|
clean_up_test_dir "$CERT_DIR"
|
|
|
|
echo
|
|
echo "Running tests for two-level CA..."
|
|
echo "---------------------------------"
|
|
echo
|
|
|
|
# Create a new CA with pathlen 1
|
|
if ! make_ca "$CA_DIR" "Test Two Level CA"; then
|
|
echo "ERROR: Failed to create CA." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# List the generated certificates and keys for verification
|
|
display_certificate "$CA_DIR/ca_cert.pem"
|
|
|
|
# Create an issuing CA signed by the first CA
|
|
if ! make_ca --issuing-ca "issuing_ca" "$CA_DIR" "Issuing CA"; then
|
|
echo "ERROR: Failed to create issuing CA." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# List the generated certificates and keys for verification
|
|
display_certificate "$CA_DIR/issuing_ca_cert.pem"
|
|
|
|
# Make a server certificate signed by the CA
|
|
if ! make_cert --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" "$CERT_DIR" "test" "test.example.com" "127.0.0.1"; then
|
|
echo "ERROR: Failed to create server certificate." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# List the generated server certificate and key for verification
|
|
display_certificate "$CERT_DIR/test_cert.pem"
|
|
|
|
# Create a PKCS#12 (PFX) file for the server certificate
|
|
if ! make_pfx --ca-dir "$CA_DIR" --issuing-ca "issuing_ca" --path "$CERT_DIR/test_cert.pem" --password "s3cr3t"; then
|
|
echo "ERROR: Failed to create PKCS#12 (PFX) file." >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Read the generated PKCS#12 (PFX) file to verify its contents
|
|
echo -e "\nVerifying contents of generated PKCS#12 (PFX) file ($CERT_DIR/test.pfx):"
|
|
if ! openssl pkcs12 -in "$CERT_DIR/test.pfx" -noout -info -password pass:"s3cr3t"; then
|
|
echo "ERROR: Failed to read PKCS#12 (PFX) file." >&2
|
|
exit 1
|
|
fi
|