Commit 74540bdc authored by Vincent Pelletier's avatar Vincent Pelletier

shell/caucase.sh: Extend embedded test suite.

Get an auto-issued user certificate and use it to exercise an authenticated
action.
parent 2a556bd2
......@@ -1116,6 +1116,7 @@ EOF
_test() {
# shellcheck disable=SC2039
local netloc="$1" \
csr_id \
status \
tmp_dir \
caucased_dir \
......@@ -1136,17 +1137,19 @@ EOF
echo 'Could not setup caucased directory'
return 1
fi
caucased --netloc "$netloc" &
echo 'Starting caucased...'
caucased --netloc "$netloc" > /dev/null 2> /dev/null &
caucased_pid="$!"
# shellcheck disable=SC2064
trap "kill \"$caucased_pid\"; wait; rm -rf \"$tmp_dir\"" EXIT
# wait for up to about 10 seconds for caucased to start listening (initial
# certificate generation.
echo 'Waiting for caucased to be ready...'
for _ in $(seq 100); do
_curlInsecure "http://$netloc" > /dev/null
status=$?
test $status -eq 0 && break
# curl status 7 means "cnould not connect"
# curl status 7 means "could not connect"
if [ $status -ne 7 ]; then
echo "curl failed while accessing test caucased with status $status"
return 1
......@@ -1163,17 +1166,69 @@ EOF
echo 'Could not enter test temporary directory'
return 1
fi
_main --ca-url "http://$netloc" --update-user
if [ ! -r cas.crt.pem ]; then
cat > "openssl.cnf" << EOF
[ req ]
distinguished_name = req_distinguished_name
string_mask = utf8only
req_extensions = v3_req
[ req_distinguished_name ]
CN = Common Name
[ v3_req ]
basicConstraints = CA:FALSE
EOF
echo 'Generating a key and csr...'
openssl req \
-new \
-keyout user_crt.pem \
-subj "/CN=testuser" \
-config openssl.cnf \
-nodes \
-out user_csr.pem 2> /dev/null
echo 'Bootstraping trust and submitting csr for a user certificate...'
csr_id="$(_main \
--ca-url "http://$netloc" \
--update-user \
--mode user \
--send-csr user_csr.pem \
| sed 's/\s.*//' \
)"
if [ ! -f cas.crt.pem ]; then
echo 'cas.crt.pem not created'
find . -ls
return 1
fi
if [ ! -r cau.crt.pem ]; then
if [ ! -f cau.crt.pem ]; then
echo 'cau.crt.pem not created'
find . -ls
return 1
fi
echo 'Retrieving auto-issued user certificate...'
if _main \
--ca-url "http://$netloc" \
--mode user \
--get-crt "$csr_id" user_crt.pem
then
:
else
echo 'Failed to receive signed user certificate.'
find . -ls
return 1
fi
echo 'Using the user certificate...'
if _main \
--ca-url "http://$netloc" \
--user-key user_crt.pem \
--list-csr \
> /dev/null; then
:
else
echo 'Failed to list pending CSR, authentication failed ?'
find . -ls
return 1
fi
echo 'Success'
}
if [ "$#" -gt 0 ] && [ "x$1" = 'x--test' ]; then
if [ "$#" -le 2 ]; then
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment