rearranged and extended travis tests a bit

a4e7c43a · Lukas Schauer · 760b6894 · a4e7c43a · a4e7c43a · a4e7c43a
Commit a4e7c43a authored Dec 16, 2015 by Lukas Schauer
Hide whitespace changes
Inline Side-by-side

Showing with 134 additions and 42 deletions

.travis.yml .travis.yml +2 -41

letsencrypt.sh letsencrypt.sh +1 -1

test.sh test.sh +131 -0

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,45 +5,6 @@ cache:
  directories:
    - ngrok

-before_script:
-  # install ngrok
-  - if [[ ! -e "ngrok/ngrok" ]]; then mkdir -p ngrok; (cd ngrok; wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip; unzip ngrok.zip ngrok; chmod +x ngrok); fi
-
-  # run ngrok and grab url from logfile
-  - ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
-  - sleep 5
-  - cat tmp.log
-  - export TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
-  - if [[ -z "${TMP_URL}" ]]; then exit 1; fi
-
-  # start python http server in challenges directory
-  - (mkdir -p .acme-challenges/.well-known/acme-challenge; cd .acme-challenges; python -m SimpleHTTPServer 8080) &
-
-  # generate config
-  - echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
-  - echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
-  - echo "${TMP_URL}" > domains.txt
-
 script:
-  # check if help command is working
-  - ./letsencrypt.sh --help
-
-  # move config out of the way and try signing certificate by using temporary config location
-  - mv config.sh tmp_config.sh
-  - ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
-  - mv tmp_config.sh config.sh
-
-  # run in cron mode (should find a non-expiring certificate)
-  - ./letsencrypt.sh --cron
-
-  # check if certificate is valid in various ways
-  - openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text
-  - openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null
-  - "errout=\"$(openssl verify -verbose -CAfile \"certs/${TMP_URL}/fullchain.pem\" -purpose sslserver \"certs/${TMP_URL}/fullchain.pem\" | grep -v ': OK$' || true)\""
-  - if [[ ! -z "${errout}" ]]; then printf -- "${errout}"; exit 1; fi
-
-  # delete account key
-  - rm private_key.pem
-
-  # revoke certificate using certificate key
-  - ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem"
+  - export CI="true"
+  - ./test.sh
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -372,7 +372,7 @@ sign_domain() {
  crt_path="${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
  printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${crt_path}"
  # try to load the certificate to detect corruption
-  echo " + Checking certificate..." >&2
+  echo " + Checking certificate..."
  _openssl x509 -text < "${crt_path}"

  # Create fullchain.pem

--- a/test.sh
+++ b/test.sh
+#!/bin/bash
+
+# Fail early
+set -eu -o pipefail
+
+# Check if running in CI environment
+if [[ ! "${CI:-false}" == "true" ]]; then
+  echo "ERROR: Not running in CI environment!"
+  exit 1
+fi
+
+_TEST() {
+  echo -n "${1} "
+}
+_PASS() {
+  if [[ -z "$(cat errorlog)" ]]; then
+    echo -e "[\u001B[32mPASS\u001B[0m]"
+  else
+    _FAIL "Non-empty errorlog"
+  fi
+}
+_FAIL() {
+  echo -e "[\u001B[31mFAIL\u001B[0m]"
+  echo
+  echo "Problem: ${@}"
+  echo
+  echo "STDOUT:"
+  cat tmplog
+  echo
+  echo "STDERR:"
+  cat errorlog
+  exit 1
+}
+_CHECK_FILE() {
+  [[ -e "${1}" ]] || _FAIL "Missing file: ${1}"
+}
+_CHECK_LOG() {
+  grep "${1}" tmplog > /dev/null || _FAIL "Missing in log: ${1}"
+}
+
+# If not found (should be cached in travis) download ngrok
+if [[ ! -e "ngrok/ngrok" ]]; then
+  (
+    mkdir -p ngrok
+    cd ngrog
+    wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip
+    unzip ngrok.zip ngrok
+    chmod +x ngrok
+  )
+fi
+
+# Run ngrok and grab temporary url from logfile
+ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log &
+sleep 2
+TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)"
+if [[ -z "${TMP_URL}" ]]; then
+  echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
+  exit 1
+fi
+
+# Run python webserver in .acme-challenges directory to serve challenge responses
+mkdir -p .acme-challenges/.well-known/acme-challenge
+(
+  cd .acme-challenges
+  python -m SimpleHTTPServer 8080 > /dev/null 2> /dev/null
+) &
+
+# Generate config and create empty domains.txt
+echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh
+echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
+touch domains.txt
+
+# Check if help command is working
+_TEST "Checking if help command is working..."
+./letsencrypt.sh --help > tmplog 2> errorlog
+_CHECK_LOG "Default command: help"
+_CHECK_LOG "\--help (-h)"
+_CHECK_LOG "\--domain (-d) domain.tld"
+_PASS
+
+# Run in cron mode with empty domains.txt (should only generate private key and exit)
+_TEST "First run in cron mode, checking if private key is generated and registered"
+./letsencrypt.sh --cron > tmplog 2> errorlog
+_CHECK_LOG "Registering account key"
+_CHECK_FILE "private_key.pem"
+_PASS
+
+# Temporarily move config out of the way and try signing certificate by using temporary config location
+_TEST "Try signing using temporary config location and with domain as command line parameter"
+mv config.sh tmp_config.sh
+./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog
+_CHECK_LOG "Generating private key"
+_CHECK_LOG "Requesting challenge for ${TMP_URL}"
+_CHECK_LOG "Challenge is valid!"
+_CHECK_LOG "Creating fullchain.pem"
+_CHECK_LOG "Done!"
+_PASS
+mv tmp_config.sh config.sh
+
+# Move private key and add new location to config
+mv private_key.pem account_key.pem
+echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
+
+# Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing)
+_TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
+echo "${TMP_URL}" >> domains.txt
+./letsencrypt.sh --cron > tmplog 2> errorlog
+_CHECK_LOG "Skipping!"
+_PASS
+
+# Delete account key (not needed anymore)
+rm account_key.pem
+
+# Check if certificate is valid in various ways
+_TEST "Verifying certificate..."
+openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog
+_CHECK_LOG "CN=${TMP_URL}"
+openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog
+(openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" 2>&1 || true) | (grep -v ': OK$' || true) >> errorlog 2>> errorlog
+_PASS
+
+# Revoke certificate using certificate key
+_TEST "Revoking certificate..."
+./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog
+_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
+_CHECK_LOG "SUCCESS"
+_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
+_PASS
+
+# All done
+exit 0