From 099a8e2571f820df7aa91da4733cb4938f23dae8 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Thu, 23 Jan 2020 22:40:47 +0000
Subject: [PATCH] Move all testing to BATS

---
 getssl                                        |  5 +-
 test/Dockerfile-ubuntu                        |  6 ++-
 test/README.md                                | 12 +++--
 test/dual-rsa-ecdsa.bats                      | 40 ++++++++++++++++
 test/more-than-10-hosts.bats                  | 32 +++++++++++++
 test/pebble-config.json                       | 12 -----
 test/pebble/config/pebble-config.json         | 23 +++++-----
 test/run-test-dual-eca.sh                     | 46 -------------------
 test/run-test.sh                              | 45 ------------------
 test/simple-dns01.bats                        | 26 +++++++++++
 test/simple-http01.bats                       | 26 +++++++++++
 .../getssl-dns01-dual-rsa-ecdsa.cfg           |  2 +-
 test/test-config/getssl-dns01.cfg             |  2 +-
 test/test-config/getssl-http01-10-hosts.cfg   |  2 +-
 .../getssl-http01-dual-rsa-ecdsa.cfg          |  2 +-
 test/test-config/getssl-http01.cfg            |  2 +-
 test/test_helper.bash                         | 37 +++++++++++++++
 17 files changed, 191 insertions(+), 129 deletions(-)
 create mode 100644 test/dual-rsa-ecdsa.bats
 create mode 100644 test/more-than-10-hosts.bats
 delete mode 100644 test/pebble-config.json
 delete mode 100644 test/run-test-dual-eca.sh
 delete mode 100644 test/run-test.sh
 create mode 100644 test/simple-dns01.bats
 create mode 100644 test/simple-http01.bats
 create mode 100644 test/test_helper.bash

diff --git a/getssl b/getssl
index e2920eb..dd07a94 100755
--- a/getssl
+++ b/getssl
@@ -325,15 +325,14 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
 
     # if ACME response is that their check gave an invalid response, error exit
     if [[ "$status" == "invalid" ]] ; then
-      err_detail=$(json_get "$response" detail)
-      error_exit "$domain:Verify error:$err_detail"
+      error_exit "$domain:Verify error:$(echo "$response" | grep "detail" | awk -F' "' '{print $3}')"
     fi
 
     # if ACME response is pending ( they haven't completed checks yet) then wait and try again.
     if [[ "$status" == "pending" ]] ; then
       info "Pending"
     else
-      error_exit "$domain:Verify error:$response"
+      error_exit "$domain:Verify error:$(echo "$response" | grep "detail")"
     fi
     debug "sleep 5 secs before testing verify again"
     sleep 5
diff --git a/test/Dockerfile-ubuntu b/test/Dockerfile-ubuntu
index b0f09f8..3a61e86 100644
--- a/test/Dockerfile-ubuntu
+++ b/test/Dockerfile-ubuntu
@@ -14,8 +14,10 @@ RUN mkdir /etc/nginx/pki/private
 COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 
 # BATS (Bash Automated Testings)
-# RUN git clone https://github.com/bats-core/bats-core.git
-# RUN bats-core/install.sh /usr/local
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
 
 EXPOSE 80 443
 
diff --git a/test/README.md b/test/README.md
index 9d0aedd..71c75f7 100644
--- a/test/README.md
+++ b/test/README.md
@@ -6,7 +6,10 @@ Start up pebble, the challdnstest server for DNS challenges
 `docker-compose -f "docker-compose.yml" up -d --build`
 
 Run the tests
-`docker exec -it getssl /getssl/test/run-test.sh`
+`docker exec -it getssl bats /getssl/test`
+
+Run individual test
+`docker exec -it getssl bats /getssl/test/<filename.bats>`
 
 Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise you get a "unknown API version" error)
 `docker exec -it getssl /bin/bash`
@@ -14,7 +17,6 @@ Debug (need to set CURL_CA_BUNDLE as pebble uses a local certificate, otherwise
 `/getssl/getssl -d getssl`
 
 # TODO
-1. Move to BATS (bash automated testing) instead of run-test.sh
-2. Test RHEL6, Debian as well
-3. Test SSH, SFTP
-4. Test wildcards
+1. Test RHEL6, Debian as well
+2. Test SSH, SFTP
+3. Test wildcards
diff --git a/test/dual-rsa-ecdsa.bats b/test/dual-rsa-ecdsa.bats
new file mode 100644
index 0000000..b340f04
--- /dev/null
+++ b/test/dual-rsa-ecdsa.bats
@@ -0,0 +1,40 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create creating dual certificates using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of dual certificates using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
+
+@test "Create creating dual certificates using DNS-01 verification" {
+    CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of dual certificates using DNS-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
diff --git a/test/more-than-10-hosts.bats b/test/more-than-10-hosts.bats
new file mode 100644
index 0000000..47fb54d
--- /dev/null
+++ b/test/more-than-10-hosts.bats
@@ -0,0 +1,32 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create certificates for more than 10 hosts using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01-10-hosts.cfg"
+    setup_environment
+
+    # Add 11 hosts to DNS (also need to be added as aliases in docker-compose.yml)
+    for prefix in a b c d e f g h i j k; do
+        curl -X POST -d '{"host":"'$prefix.$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
+    done
+
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of all certificates using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
diff --git a/test/pebble-config.json b/test/pebble-config.json
deleted file mode 100644
index 782a001..0000000
--- a/test/pebble-config.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-    "pebble": {
-      "listenAddress": "0.0.0.0:14000",
-      "managementListenAddress": "0.0.0.0:15000",
-      "certificate": "test/certs/localhost/cert.pem",
-      "privateKey": "test/certs/localhost/key.pem",
-      "httpPort": 5002,
-      "tlsPort": 5001,
-      "ocspResponderURL": "",
-      "externalAccountBindingRequired": false
-    }
-  }
diff --git a/test/pebble/config/pebble-config.json b/test/pebble/config/pebble-config.json
index ec5bc7e..782a001 100644
--- a/test/pebble/config/pebble-config.json
+++ b/test/pebble/config/pebble-config.json
@@ -1,11 +1,12 @@
-
-{
-    "pebble": {
-      "listenAddress": "0.0.0.0:14000",
-      "managementListenAddress": "0.0.0.0:15000",
-      "httpPort": 80,
-      "tlsPort": 443,
-      "ocspResponderURL": "",
-      "externalAccountBindingRequired": false
-    }
-  }
+{
+    "pebble": {
+      "listenAddress": "0.0.0.0:14000",
+      "managementListenAddress": "0.0.0.0:15000",
+      "certificate": "test/certs/localhost/cert.pem",
+      "privateKey": "test/certs/localhost/key.pem",
+      "httpPort": 5002,
+      "tlsPort": 5001,
+      "ocspResponderURL": "",
+      "externalAccountBindingRequired": false
+    }
+  }
diff --git a/test/run-test-dual-eca.sh b/test/run-test-dual-eca.sh
deleted file mode 100644
index c225587..0000000
--- a/test/run-test-dual-eca.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#! /bin/bash
-
-set -e
-
-# Test setup
-if [[ -d /root/.getssl ]]; then
-    rm -r /root/.getssl
-fi
-
-HOST=getssl.test
-
-wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
-# cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
-
-curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
-
-# Test #1 - http-01 verification
-echo Test \#1 - http-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl -f $HOST
-
-# Test #2 - http-01 forced renewal
-echo Test \#2 - http-01 forced renewal
-/getssl/getssl $HOST -f
-
-# Test cleanup
-rm -r /root/.getssl
-
-# Test #3 - dns-01 verification
-echo Test \#3 - dns-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl $HOST
-
-# Test #4 - dns-01 forced renewal
-echo Test \#4 - dns-01 forced renewal
-/getssl/getssl $HOST -f
diff --git a/test/run-test.sh b/test/run-test.sh
deleted file mode 100644
index b7653f6..0000000
--- a/test/run-test.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#! /bin/bash
-
-set -e
-
-# Test setup
-if [[ -d /root/.getssl ]]; then
-    rm -r /root/.getssl
-fi
-
-HOST=getssl.test
-
-wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
-# cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-cat /etc/ssl/certs/ca-certificates.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
-export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
-
-curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
-
-# Test #1 - http-01 verification
-echo Test \#1 - http-01 verification
-
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-http01.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl -f $HOST
-
-# Test #2 - http-01 forced renewal
-echo Test \#2 - http-01 forced renewal
-/getssl/getssl $HOST -f
-
-# Test cleanup
-rm -r /root/.getssl
-
-# Test #3 - dns-01 verification
-echo Test \#3 - dns-01 verification
-cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
-service nginx restart
-/getssl/getssl -c $HOST
-cp /getssl/test/test-config/getssl-dns01.cfg /root/.getssl/${HOST}/getssl.cfg
-/getssl/getssl $HOST
-
-# Test #4 - dns-01 forced renewal
-echo Test \#4 - dns-01 forced renewal
-/getssl/getssl $HOST -f
diff --git a/test/simple-dns01.bats b/test/simple-dns01.bats
new file mode 100644
index 0000000..12ba6e0
--- /dev/null
+++ b/test/simple-dns01.bats
@@ -0,0 +1,26 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create new certificate using DNS-01 verification" {
+    CONFIG_FILE="getssl-dns01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of certificate using DNS-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
diff --git a/test/simple-http01.bats b/test/simple-http01.bats
new file mode 100644
index 0000000..2d15172
--- /dev/null
+++ b/test/simple-http01.bats
@@ -0,0 +1,26 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Create new certificate using HTTP-01 verification" {
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+}
+
+
+@test "Force renewal of certificate using HTTP-01" {
+    #!FIXME test certificate has been updated
+    run ${CODE_DIR}/getssl -f $HOST
+    assert_success
+}
diff --git a/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg b/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
index 496489d..f9f079e 100644
--- a/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
+++ b/test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg
@@ -47,7 +47,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
diff --git a/test/test-config/getssl-dns01.cfg b/test/test-config/getssl-dns01.cfg
index 49c58b5..c278c68 100644
--- a/test/test-config/getssl-dns01.cfg
+++ b/test/test-config/getssl-dns01.cfg
@@ -44,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
diff --git a/test/test-config/getssl-http01-10-hosts.cfg b/test/test-config/getssl-http01-10-hosts.cfg
index 22e4353..7d8fd5f 100644
--- a/test/test-config/getssl-http01-10-hosts.cfg
+++ b/test/test-config/getssl-http01-10-hosts.cfg
@@ -22,7 +22,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 #SERVER_TYPE="https"
 #CHECK_REMOTE="true"
diff --git a/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg b/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg
index ff65bb1..e2c3c3d 100644
--- a/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg
+++ b/test/test-config/getssl-http01-dual-rsa-ecdsa.cfg
@@ -45,7 +45,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
diff --git a/test/test-config/getssl-http01.cfg b/test/test-config/getssl-http01.cfg
index f3dc5ad..3daee0f 100644
--- a/test/test-config/getssl-http01.cfg
+++ b/test/test-config/getssl-http01.cfg
@@ -43,7 +43,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
diff --git a/test/test_helper.bash b/test/test_helper.bash
new file mode 100644
index 0000000..5b9ce07
--- /dev/null
+++ b/test/test_helper.bash
@@ -0,0 +1,37 @@
+INSTALL_DIR=/root
+CODE_DIR=/getssl
+HOST=getssl.test
+
+setup_environment() {
+    # One-off test setup
+    if [[ -d ${INSTALL_DIR}/.getssl ]]; then
+        rm -r ${INSTALL_DIR}/.getssl
+    fi
+
+    if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
+        wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 # | sed 's/^/# /' >&3
+        # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt  # RHEL6?
+        cat /etc/ssl/certs/ca-certificates.crt ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
+    fi
+
+    curl -X POST -d '{"host":"'$HOST'", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
+    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
+    service nginx restart >&3-
+}
+
+
+init_getssl() {
+    # Run initialisation (create account key, etc)
+    run ${CODE_DIR}/getssl -c $HOST
+    assert_success
+    [ -d "$INSTALL_DIR/.getssl" ]
+}
+
+
+create_certificate() {
+    # Create certificate
+    cp ${CODE_DIR}/test/test-config/${CONFIG_FILE} ${INSTALL_DIR}/.getssl/${HOST}/getssl.cfg
+    run ${CODE_DIR}/getssl $HOST
+    assert_success
+    #!FIXME test certificate has been placed in the expected location
+}