Commit 74540bdc authored by Vincent Pelletier's avatar Vincent Pelletier

shell/caucase.sh: Extend embedded test suite.

Get an auto-issued user certificate and use it to exercise an authenticated
action.
parent 2a556bd2
...@@ -1116,6 +1116,7 @@ EOF ...@@ -1116,6 +1116,7 @@ EOF
_test() { _test() {
# shellcheck disable=SC2039 # shellcheck disable=SC2039
local netloc="$1" \ local netloc="$1" \
csr_id \
status \ status \
tmp_dir \ tmp_dir \
caucased_dir \ caucased_dir \
...@@ -1136,17 +1137,19 @@ EOF ...@@ -1136,17 +1137,19 @@ EOF
echo 'Could not setup caucased directory' echo 'Could not setup caucased directory'
return 1 return 1
fi fi
caucased --netloc "$netloc" & echo 'Starting caucased...'
caucased --netloc "$netloc" > /dev/null 2> /dev/null &
caucased_pid="$!" caucased_pid="$!"
# shellcheck disable=SC2064 # shellcheck disable=SC2064
trap "kill \"$caucased_pid\"; wait; rm -rf \"$tmp_dir\"" EXIT trap "kill \"$caucased_pid\"; wait; rm -rf \"$tmp_dir\"" EXIT
# wait for up to about 10 seconds for caucased to start listening (initial # wait for up to about 10 seconds for caucased to start listening (initial
# certificate generation. # certificate generation.
echo 'Waiting for caucased to be ready...'
for _ in $(seq 100); do for _ in $(seq 100); do
_curlInsecure "http://$netloc" > /dev/null _curlInsecure "http://$netloc" > /dev/null
status=$? status=$?
test $status -eq 0 && break test $status -eq 0 && break
# curl status 7 means "cnould not connect" # curl status 7 means "could not connect"
if [ $status -ne 7 ]; then if [ $status -ne 7 ]; then
echo "curl failed while accessing test caucased with status $status" echo "curl failed while accessing test caucased with status $status"
return 1 return 1
...@@ -1163,17 +1166,69 @@ EOF ...@@ -1163,17 +1166,69 @@ EOF
echo 'Could not enter test temporary directory' echo 'Could not enter test temporary directory'
return 1 return 1
fi fi
_main --ca-url "http://$netloc" --update-user cat > "openssl.cnf" << EOF
if [ ! -r cas.crt.pem ]; then [ req ]
distinguished_name = req_distinguished_name
string_mask = utf8only
req_extensions = v3_req
[ req_distinguished_name ]
CN = Common Name
[ v3_req ]
basicConstraints = CA:FALSE
EOF
echo 'Generating a key and csr...'
openssl req \
-new \
-keyout user_crt.pem \
-subj "/CN=testuser" \
-config openssl.cnf \
-nodes \
-out user_csr.pem 2> /dev/null
echo 'Bootstraping trust and submitting csr for a user certificate...'
csr_id="$(_main \
--ca-url "http://$netloc" \
--update-user \
--mode user \
--send-csr user_csr.pem \
| sed 's/\s.*//' \
)"
if [ ! -f cas.crt.pem ]; then
echo 'cas.crt.pem not created' echo 'cas.crt.pem not created'
find . -ls find . -ls
return 1 return 1
fi fi
if [ ! -r cau.crt.pem ]; then if [ ! -f cau.crt.pem ]; then
echo 'cau.crt.pem not created' echo 'cau.crt.pem not created'
find . -ls find . -ls
return 1 return 1
fi fi
echo 'Retrieving auto-issued user certificate...'
if _main \
--ca-url "http://$netloc" \
--mode user \
--get-crt "$csr_id" user_crt.pem
then
:
else
echo 'Failed to receive signed user certificate.'
find . -ls
return 1
fi
echo 'Using the user certificate...'
if _main \
--ca-url "http://$netloc" \
--user-key user_crt.pem \
--list-csr \
> /dev/null; then
:
else
echo 'Failed to list pending CSR, authentication failed ?'
find . -ls
return 1
fi
echo 'Success'
} }
if [ "$#" -gt 0 ] && [ "x$1" = 'x--test' ]; then if [ "$#" -gt 0 ] && [ "x$1" = 'x--test' ]; then
if [ "$#" -le 2 ]; then if [ "$#" -le 2 ]; then
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment