slawek/simple-ca
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
935167ca8c81b1412547c42e05513325f3f65bca
simple-ca/run-tests.sh
T
slawek 935167ca8c
/ test-shell (push) Successful in 11s
Details
/ test-python (push) Successful in 25s
Details
/ test-go (push) Successful in 41s
Details
Refactor simple-ca: Remove JSON config and streamline AIA URL handling 
- Removed the JSON configuration structure and related functions.
- Introduced plain text file for AIA base URL management.
- Updated CA and certificate creation functions to directly read/write AIA URL.
- Simplified CA bundle rebuilding logic by directly reading subdirectories.
- Enhanced test coverage for CA and certificate creation, including PFX generation.
- Adjusted test cases to reflect changes in directory structure and file handling.
2026-05-24 21:40:06 +02:00

95 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# MIT License
# Copyright (c) 2026 Sławomir Koszewski
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# Integration tests for simple-ca.sh.
# Usage: run-tests.sh
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/simple-ca.sh"
# Temporary test directory — cleaned up on exit.
TEST_DIR="$(mktemp -d)"
trap 'rm -rf "$TEST_DIR"' EXIT
CA_DIR="$TEST_DIR/ca"
reset_dirs() {
rm -rf "$CA_DIR"
mkdir -p "$CA_DIR"
SIMPLE_CA_DIR=""
}
verify_cert() {
local CERT_PATH="$1"
if ! openssl verify -CAfile "$CA_DIR/ca_bundle.pem" "$CERT_PATH" 2>/dev/null; then
echo "ERROR: Certificate verification failed: $CERT_PATH" >&2
exit 1
fi
echo "Verified: $CERT_PATH"
}
# ---------------------------------------------------------------------------
# Standalone CA — certs issued by root CA go into CA_DIR
# ---------------------------------------------------------------------------
echo
echo "--- [shell] Standalone CA ---"
reset_dirs
make_ca --ca-dir "$CA_DIR" "Test CA" 2>/dev/null
[[ -f "$CA_DIR/ca_cert.pem" ]] || { echo "ERROR: ca_cert.pem not created" >&2; exit 1; }
[[ -f "$CA_DIR/ca_bundle.pem" ]] || { echo "ERROR: ca_bundle.pem not created" >&2; exit 1; }
verify_cert "$CA_DIR/ca_cert.pem"
make_cert "test" "test.example.com" "127.0.0.1" 2>/dev/null
[[ -f "$CA_DIR/test_cert.pem" ]] || { echo "ERROR: test_cert.pem not created in CA_DIR" >&2; exit 1; }
verify_cert "$CA_DIR/test_cert.pem"
# ---------------------------------------------------------------------------
# Two-level CA — issuing CA and its certs go into CA_DIR/issuing_ca/
# ---------------------------------------------------------------------------
echo
echo "--- [shell] Two-level CA ---"
reset_dirs
make_ca --ca-dir "$CA_DIR" "Test Root CA" 2>/dev/null
verify_cert "$CA_DIR/ca_cert.pem"
make_ca --issuing-ca "issuing_ca" "Issuing CA" 2>/dev/null
[[ -f "$CA_DIR/issuing_ca/ca_cert.pem" ]] || { echo "ERROR: issuing_ca/ca_cert.pem not created" >&2; exit 1; }
verify_cert "$CA_DIR/issuing_ca/ca_cert.pem"
make_cert --issuing-ca "issuing_ca" "test" "test.example.com" "127.0.0.1" 2>/dev/null
[[ -f "$CA_DIR/issuing_ca/test_cert.pem" ]] || { echo "ERROR: issuing_ca/test_cert.pem not created" >&2; exit 1; }
verify_cert "$CA_DIR/issuing_ca/test_cert.pem"
make_pfx --issuing-ca "issuing_ca" --password "s3cr3t" "$CA_DIR/issuing_ca/test_cert.pem" 2>/dev/null
[[ -f "$CA_DIR/issuing_ca/test.pfx" ]] || { echo "ERROR: issuing_ca/test.pfx not created" >&2; exit 1; }
openssl pkcs12 -in "$CA_DIR/issuing_ca/test.pfx" -noout -info -password pass:"s3cr3t" 2>/dev/null \
|| { echo "ERROR: PFX verification failed" >&2; exit 1; }
echo "PFX: OK"
echo
echo "All shell tests passed."
Reference in New Issue View Git Blame Copy Permalink