shell/caucase.sh: Extend embedded test suite.

Get an auto-issued user certificate and use it to exercise an authenticated
action.

shell/caucase.sh

@@ -1116,6 +1116,7 @@ EOF
   _test() {
     # shellcheck disable=SC2039
     local netloc="$1" \
+      csr_id \
       status \
       tmp_dir \
       caucased_dir \
@@ -1136,17 +1137,19 @@ EOF
       echo 'Could not setup caucased directory'
       return 1
     fi
-    caucased --netloc "$netloc" &
+    echo 'Starting caucased...'
+    caucased --netloc "$netloc" > /dev/null 2> /dev/null &
     caucased_pid="$!"
     # shellcheck disable=SC2064
     trap "kill \"$caucased_pid\"; wait; rm -rf \"$tmp_dir\"" EXIT
     # wait for up to about 10 seconds for caucased to start listening (initial
     # certificate generation.
+    echo 'Waiting for caucased to be ready...'
     for _ in $(seq 100); do
       _curlInsecure "http://$netloc" > /dev/null
       status=$?
       test $status -eq 0 && break
-      # curl status 7 means "cnould not connect"
+      # curl status 7 means "could not connect"
       if [ $status -ne 7 ]; then
         echo "curl failed while accessing test caucased with status $status"
         return 1
@@ -1163,17 +1166,69 @@ EOF
       echo 'Could not enter test temporary directory'
       return 1
     fi
-    _main --ca-url "http://$netloc" --update-user
-    if [ ! -r cas.crt.pem ]; then
+    cat > "openssl.cnf" << EOF
+[ req ]
+distinguished_name = req_distinguished_name
+string_mask = utf8only
+req_extensions = v3_req
+
+[ req_distinguished_name ]
+CN = Common Name
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+EOF
+    echo 'Generating a key and csr...'
+    openssl req \
+      -new \
+      -keyout user_crt.pem \
+      -subj "/CN=testuser" \
+      -config openssl.cnf \
+      -nodes \
+      -out user_csr.pem 2> /dev/null
+    echo 'Bootstraping trust and submitting csr for a user certificate...'
+    csr_id="$(_main \
+      --ca-url "http://$netloc" \
+      --update-user \
+      --mode user \
+      --send-csr user_csr.pem \
+      | sed 's/\s.*//' \
+    )"
+    if [ ! -f cas.crt.pem ]; then
       echo 'cas.crt.pem not created'
       find . -ls
       return 1
     fi
-    if [ ! -r cau.crt.pem ]; then
+    if [ ! -f cau.crt.pem ]; then
       echo 'cau.crt.pem not created'
       find . -ls
       return 1
     fi
+    echo 'Retrieving auto-issued user certificate...'
+    if _main \
+      --ca-url "http://$netloc" \
+      --mode user \
+      --get-crt "$csr_id" user_crt.pem
+    then
+      :
+    else
+      echo 'Failed to receive signed user certificate.'
+      find . -ls
+      return 1
+    fi
+    echo 'Using the user certificate...'
+    if _main \
+      --ca-url "http://$netloc" \
+      --user-key user_crt.pem \
+      --list-csr \
+      > /dev/null; then
+      :
+    else
+      echo 'Failed to list pending CSR, authentication failed ?'
+      find . -ls
+      return 1
+    fi
+    echo 'Success'
   }
   if [ "$#" -gt 0 ] && [ "x$1" = 'x--test' ]; then
     if [ "$#" -le 2 ]; then