From 3341f674d422bdbc1ce7b5012278ce62b58596c3 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Sat, 18 Apr 2020 14:36:59 +0100
Subject: [PATCH] Add tests for /etc/getssl and --install

---
 test/11-test--install.bats               | 69 ++++++++++++++++++++++++
 test/test-config/getssl-etc-template.cfg | 45 ++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 test/11-test--install.bats
 create mode 100644 test/test-config/getssl-etc-template.cfg

diff --git a/test/11-test--install.bats b/test/11-test--install.bats
new file mode 100644
index 0000000..0b5bbc7
--- /dev/null
+++ b/test/11-test--install.bats
@@ -0,0 +1,69 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+@test "Check that config files in /etc/getssl works" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+
+    # Create /etc/getssl/$DOMAIN
+    rm -rf /etc/getssl
+    mkdir -p /etc/getssl/${GETSSL_CMD_HOST}
+
+    # Copy the config file to /etc/getssl
+    cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "/etc/getssl/${GETSSL_CMD_HOST}/getssl.cfg"
+    cp "${CODE_DIR}/test/test-config/getssl-etc-template.cfg" "/etc/getssl/getssl.cfg"
+
+    # Run getssl
+    run ${CODE_DIR}/getssl "$GETSSL_CMD_HOST"
+
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    assert_line 'Verification completed, obtaining certificate.'
+    assert_line 'Requesting certificate'
+    refute [ -d '$HOME/.getssl' ]
+}
+
+
+@test "Check that --install doesn't call the ACME server" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+
+    CONFIG_FILE="getssl-http01.cfg"
+    #setup_environment
+
+    # Create /etc/getssl/$DOMAIN
+    #mkdir -p /etc/getssl/${GETSSL_CMD_HOST}
+
+    # Copy the config file to /etc/getssl
+    #cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "/etc/getssl/${GETSSL_CMD_HOST}/getssl.cfg"
+    #cp "${CODE_DIR}/test/test-config/getssl-etc-template.cfg" "/etc/getssl/getssl.cfg"
+
+    # Run getssl
+    run ${CODE_DIR}/getssl --install "$GETSSL_CMD_HOST"
+
+    assert_success
+    refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
+    refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
+    refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
+    refute_line 'Verification completed, obtaining certificate.'
+    refute_line 'Requesting certificate'
+    assert_line --partial 'copying domain certificate to'
+    assert_line --partial 'copying private key to'
+    assert_line --partial 'copying CA certificate to'
+}
diff --git a/test/test-config/getssl-etc-template.cfg b/test/test-config/getssl-etc-template.cfg
new file mode 100644
index 0000000..6bfc8fd
--- /dev/null
+++ b/test/test-config/getssl-etc-template.cfg
@@ -0,0 +1,45 @@
+# vim: filetype=sh
+#
+# This file is read first and is common to all domains
+#
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+#
+# The staging server is best for testing (hence set as default)
+CA="https://acme-staging-v02.api.letsencrypt.org"
+# This server issues full certificates, however has rate limits
+#CA="https://acme-v02.api.letsencrypt.org"
+
+# The agreement that must be signed with the CA, if not defined the default agreement will be used
+#AGREEMENT=""
+
+# Set an email address associated with your account - generally set at account level rather than domain.
+#ACCOUNT_EMAIL="me@example.com"
+ACCOUNT_KEY_LENGTH=4096
+ACCOUNT_KEY="/etc/getssl/account.key"
+
+# Account key and private key types - can be rsa, prime256v1, secp384r1 or secp521r1
+#ACCOUNT_KEY_TYPE="rsa"
+PRIVATE_KEY_ALG="rsa"
+#REUSE_PRIVATE_KEY="true"
+
+# The command needed to reload apache / nginx or whatever you use
+#RELOAD_CMD=""
+
+# The time period within which you want to allow renewal of a certificate
+#  this prevents hitting some of the rate limits.
+# Creating a file called FORCE_RENEWAL in the domain directory allows one-off overrides
+# of this setting
+RENEW_ALLOW="30"
+
+# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
+# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
+# will be checked for certificate expiry and also will be checked after
+# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
+SERVER_TYPE="https"
+CHECK_REMOTE="true"
+
+# Use the following 3 variables if you want to validate via DNS
+#VALIDATE_VIA_DNS="true"
+#DNS_ADD_COMMAND=
+#DNS_DEL_COMMAND=