From fa9a8c7f4532934d5c0fc9efd85d8bb88e4e0088 Mon Sep 17 00:00:00 2001 From: Veit Wahlich Date: Thu, 17 Dec 2020 15:12:57 +0100 Subject: [PATCH 1/3] Fix delimiter issues with ${alldomains[]} in create_csr() - use \n as delimiter for read to array - use \n as delimiter for comparing SANs --- getssl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/getssl b/getssl index f509060..31885d6 100755 --- a/getssl +++ b/getssl @@ -895,9 +895,9 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) debug "domain csr exists at - $csr_file" # check all domains in config are in csr if [[ "$IGNORE_DIRECTORY_DOMAIN" == "true" ]]; then - read -r -a alldomains <<< "$(echo "$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)" + read -d '\n' -r -a alldomains <<< "$(echo "$SANS" | sed -e 's/ //g; s/,$//; y/,/\n/' | sort -u)" else - read -r -a alldomains <<< "$(echo "$DOMAIN,$SANS" | sed -e 's/,/ /g; s/ $//; y/ /\n/' | sort -u)" + read -d '\n' -r -a alldomains <<< "$(echo "$DOMAIN,$SANS" | sed -e 's/,/ /g; s/ $//; y/ /\n/' | sort -u)" fi domains_in_csr=$(openssl req -text -noout -in "$csr_file" \ | sed -n -e 's/^ *Subject: .* CN=\([A-Za-z0-9.-]*\).*$/\1/p; /^ *DNS:.../ { s/ *DNS://g; y/,/\n/; p; }' \ @@ -910,7 +910,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) fi done # check all domains in csr are in config - if [[ "${alldomains[*]}" != "$domains_in_csr" ]]; then + if [[ "$(IFS=$'\n'; echo -n "${alldomains[*]}")" != "$domains_in_csr" ]]; then info "existing csr at $csr_file does not have the same domains as the config - re-create-csr" _RECREATE_CSR=1 fi From c90ca25ede458182fb4b7c7ee37cbda57cdac8cc Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Fri, 18 Dec 2020 21:11:10 +0000 Subject: [PATCH 2/3] Add unit test for create_csr --- getssl | 2 ++ test/u4-create-csr-and-ifs.bats | 54 +++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 test/u4-create-csr-and-ifs.bats diff --git a/getssl b/getssl index 31885d6..cf82e0c 100755 --- a/getssl +++ b/getssl @@ -913,6 +913,8 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) if [[ "$(IFS=$'\n'; echo -n "${alldomains[*]}")" != "$domains_in_csr" ]]; then info "existing csr at $csr_file does not have the same domains as the config - re-create-csr" _RECREATE_CSR=1 + else + test_output "Existing csr at $csr_file contains same domains as the config" fi fi # end of ... check if domain csr exists - if not then create it diff --git a/test/u4-create-csr-and-ifs.bats b/test/u4-create-csr-and-ifs.bats new file mode 100644 index 0000000..c30277c --- /dev/null +++ b/test/u4-create-csr-and-ifs.bats @@ -0,0 +1,54 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +# This is run for every test +setup() { + . /getssl/getssl --source + find_dns_utils + _RUNNING_TEST=1 + _USE_DEBUG=0 +} + + +@test "Check create_csr works for multiple domains" { + # Create a key + csr_key=$(mktemp -t getssl.XXXXXX.key) || error_exit "mktemp failed" + csr_file=$(mktemp -t getssl.XXXXXX.csr) || error_exit "mktemp failed" + SANS="a.getssl.test,b.getssl.test" + SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}" + create_key "$ACCOUNT_KEY_TYPE" "$csr_key" "$ACCOUNT_KEY_LENGTH" + + # Create an initial csr + run create_csr $csr_file $csr_key + assert_success + + # Check that calling create_csr with the same SANSLIST doesn't re-create the csr + run create_csr $csr_file $csr_key + assert_success + refute_line --partial "does not have the same domains" + + # Check that calling create_csr with a different SANSLIST does re-create the csr + SANS="a.getssl.test,b.getssl.test,c.getssl.test" + SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}" + run create_csr $csr_file $csr_key + assert_success + assert_line --partial "does not contain" + + # Check that calling create_csr with the same SANSLIST, but in a different order does not re-create the csr + SANS="c.getssl.test,a.getssl.test,b.getssl.test" + SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}" + run create_csr $csr_file $csr_key + assert_success + refute_line --partial "does not contain" + + # Check that removing a domain from the SANSLIST causes the csr to be re-created + SANS="c.getssl.test,a.getssl.test" + SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}" + run create_csr $csr_file $csr_key + assert_success + assert_line --partial "does not have the same domains as the config" +} From 5969d5b3fa4d4cc3f7bfbae44d0fc7ed932e6e7b Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Fri, 18 Dec 2020 21:36:44 +0000 Subject: [PATCH 3/3] Fix mktemp template format for alpine --- test/u4-create-csr-and-ifs.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/u4-create-csr-and-ifs.bats b/test/u4-create-csr-and-ifs.bats index c30277c..344a536 100644 --- a/test/u4-create-csr-and-ifs.bats +++ b/test/u4-create-csr-and-ifs.bats @@ -16,8 +16,8 @@ setup() { @test "Check create_csr works for multiple domains" { # Create a key - csr_key=$(mktemp -t getssl.XXXXXX.key) || error_exit "mktemp failed" - csr_file=$(mktemp -t getssl.XXXXXX.csr) || error_exit "mktemp failed" + csr_key=$(mktemp -t getssl.key.XXXXXX) || error_exit "mktemp failed" + csr_file=$(mktemp -t getssl.csr.XXXXXX) || error_exit "mktemp failed" SANS="a.getssl.test,b.getssl.test" SANLIST="subjectAltName=DNS:${SANS//[, ]/,DNS:}" create_key "$ACCOUNT_KEY_TYPE" "$csr_key" "$ACCOUNT_KEY_LENGTH"