forked from srvrco/getssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path6-dual-rsa-ecdsa-copy-2-locations.bats
91 lines (70 loc) · 2.67 KB
/
6-dual-rsa-ecdsa-copy-2-locations.bats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# These are run for every test, not once per file
setup() {
[ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure"
}
teardown() {
[ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
}
setup_file() {
if [ -z "$STAGING" ]; then
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
fi
}
teardown_file() {
if [ -z "$STAGING" ]; then
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'"}' http://10.30.50.3:8055/clear-a
fi
}
@test "Create dual certificates and copy RSA and ECDSA chain and key to two locations" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
check_nginx
if [ "$OLD_NGINX" = "false" ]; then
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations.cfg"
else
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations-old-nginx.cfg"
fi
setup_environment
mkdir -p /root/a.${GETSSL_HOST}
init_getssl
create_certificate
assert_success
check_output_for_errors
if [ "$OLD_NGINX" = "false" ]; then
assert_line --partial "rsa certificate installed OK on server"
assert_line --partial "prime256v1 certificate installed OK on server"
fi
# Check that the RSA chain and key have been copied to both locations
assert [ -e "/etc/nginx/pki/domain-chain.crt" ]
assert [ -e "/root/a.${GETSSL_HOST}/domain-chain.crt" ]
assert [ -e "/etc/nginx/pki/private/server.key" ]
assert [ -e "/root/a.${GETSSL_HOST}/server.key" ]
# Check that the ECDSA chain and key have been copied to both locations
assert [ -e "/etc/nginx/pki/domain-chain.ec.crt" ]
assert [ -e "/root/a.${GETSSL_HOST}/domain-chain.ec.crt" ]
assert [ -e "/etc/nginx/pki/private/server.ec.key" ]
assert [ -e "/root/a.${GETSSL_HOST}/server.ec.key" ]
}
@test "Create dual certificates and copy to two locations but not returned by server" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
check_nginx
if [ "$OLD_NGINX" = "false" ]; then
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations-wrong-nginx.cfg"
else
skip "Skipping as old nginx servers cannot return both certificates"
fi
setup_environment
mkdir -p /root/a.${GETSSL_HOST}
init_getssl
create_certificate
assert_failure
assert_line --partial "prime256v1 certificate obtained but not installed on server"
}