RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add tests using staging server

pull/517/head
Tim Kimber 6 years ago
parent
896d55dd51
commit
aa5eb90a6b
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
15 changed files with 293 additions and 10 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +19
    -0
      dns_scripts/dns_add_duckdns
  2. +12
    -0
      dns_scripts/dns_del_duckdns
  3. +18
    -1
      docker-compose.yml
  4. +6
    -1
      test/1-simple-http01.bats
  5. +7
    -1
      test/2-simple-dns01.bats
  6. +12
    -2
      test/3-dual-rsa-ecdsa.bats
  7. +6
    -1
      test/4-more-than-10-hosts.bats
  8. +12
    -0
      test/5-secp384-http01.bats
  9. +10
    -3
      test/6-dual-rsa-ecdsa-copy-2-locations.bats
  10. +42
    -0
      test/7-duckdns-dns01.bats
  11. +103
    -0
      test/8-duckdns-ecdsa.bats
  12. +7
    -1
      test/debug-test.sh
  13. +1
    -0
      test/run-all-tests.cmd
  14. +1
    -0
      test/run-all-tests.sh
  15. +37
    -0
      test/test-config/getssl-duckdns01.cfg

+ 19
- 0
dns_scripts/dns_add_duckdns View File

@ -0,0 +1,19 @@
#!/bin/bash
# need to add your Token for duckdns below
token=${DUCKDNS_TOKEN:-}
if [ -z "$token" ]; then
echo "DUCKDNS_TOKEN not set"
exit 1
fi
domain="$1"
txtvalue="$2"
response=$(curl --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=${txtvalue}")
if [ "$response" != "OK" ]; then
echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)"
echo "Response: $response"
exit 1
fi

+ 12
- 0
dns_scripts/dns_del_duckdns View File

@ -0,0 +1,12 @@
#!/bin/bash
# need to add your Token for duckdns below
token=${DUCKDNS_TOKEN:-}
domain="$1"
response=$(curl --silent "https://www.duckdns.org/update?domains=${domain}&token=${token}&txt=&clear=true")
if [ "$response" != "OK" ]; then
echo "Failed to update TXT record for ${domain} at duckdns.org (is the TOKEN valid?)"
echo "$response"
exit 1
fi

+ 18
- 1
docker-compose.yml View File

@ -156,7 +156,24 @@ services:
- i.ubuntu18.getssl.test - i.ubuntu18.getssl.test
- j.ubuntu18.getssl.test - j.ubuntu18.getssl.test
- k.ubuntu18.getssl.test - k.ubuntu18.getssl.test
getssl-duckdns:
build:
context: .
dockerfile: test/Dockerfile-ubuntu
container_name: getssl-duckdns
volumes:
- .:/getssl
environment:
GETSSL_HOST: getssl.duckdns.org
GETSSL_IP: 10.30.50.15
NGINX_CONFIG: /etc/nginx/sites-enabled/default
DUCKDNS_TOKEN: $DUCKDNS_TOKEN
STAGING: "true"
networks:
acmenet:
ipv4_address: 10.30.50.15
aliases:
- getssl.duckdns.org
networks: networks:


+ 6
- 1
test/1-simple-http01.bats View File

@ -12,6 +12,9 @@ setup() {
@test "Create new certificate using HTTP-01 verification" { @test "Create new certificate using HTTP-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01.cfg" CONFIG_FILE="getssl-http01.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -24,7 +27,9 @@ setup() {
@test "Force renewal of certificate using HTTP-01" { @test "Force renewal of certificate using HTTP-01" {
#!FIXME test certificate has been updated
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'


+ 7
- 1
test/2-simple-dns01.bats View File

@ -12,6 +12,10 @@ setup() {
@test "Create new certificate using DNS-01 verification" { @test "Create new certificate using DNS-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-dns01.cfg" CONFIG_FILE="getssl-dns01.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -24,7 +28,9 @@ setup() {
@test "Force renewal of certificate using DNS-01" { @test "Force renewal of certificate using DNS-01" {
#!FIXME test certificate has been updated
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'


+ 12
- 2
test/3-dual-rsa-ecdsa.bats View File

@ -12,6 +12,9 @@ setup() {
@test "Create dual certificates using HTTP-01 verification" { @test "Create dual certificates using HTTP-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg" CONFIG_FILE="getssl-http01-dual-rsa-ecdsa.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -21,12 +24,17 @@ setup() {
@test "Force renewal of dual certificates using HTTP-01" { @test "Force renewal of dual certificates using HTTP-01" {
#!FIXME test certificate has been updated
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
} }
@test "Create dual certificates using DNS-01 verification" { @test "Create dual certificates using DNS-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg" CONFIG_FILE="getssl-dns01-dual-rsa-ecdsa.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -36,7 +44,9 @@ setup() {
@test "Force renewal of dual certificates using DNS-01" { @test "Force renewal of dual certificates using DNS-01" {
#!FIXME test certificate has been updated
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
cleanup_environment cleanup_environment


+ 6
- 1
test/4-more-than-10-hosts.bats View File

@ -12,6 +12,9 @@ setup() {
@test "Create certificates for more than 10 hosts using HTTP-01 verification" { @test "Create certificates for more than 10 hosts using HTTP-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-10-hosts.cfg" CONFIG_FILE="getssl-http01-10-hosts.cfg"
setup_environment setup_environment
@ -30,7 +33,9 @@ setup() {
@test "Force renewal of more than 10 certificates using HTTP-01" { @test "Force renewal of more than 10 certificates using HTTP-01" {
#!FIXME test certificate has been updated
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]' refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'


+ 12
- 0
test/5-secp384-http01.bats View File

@ -12,6 +12,9 @@ setup() {
@test "Create new secp384r1 certificate using HTTP-01 verification" { @test "Create new secp384r1 certificate using HTTP-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-secp384.cfg" CONFIG_FILE="getssl-http01-secp384.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -21,12 +24,18 @@ setup() {
@test "Force renewal of secp384r1 certificate using HTTP-01" { @test "Force renewal of secp384r1 certificate using HTTP-01" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
} }
@test "Create new secp521r1 certificate using HTTP-01 verification" { @test "Create new secp521r1 certificate using HTTP-01 verification" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-secp521.cfg" CONFIG_FILE="getssl-http01-secp521.cfg"
setup_environment setup_environment
init_getssl init_getssl
@ -36,6 +45,9 @@ setup() {
@test "Force renewal of secp521r1 certificate using HTTP-01" { @test "Force renewal of secp521r1 certificate using HTTP-01" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success assert_success
} }

+ 10
- 3
test/6-dual-rsa-ecdsa-copy-2-locations.bats View File

@ -7,17 +7,24 @@ load '/getssl/test/test_helper.bash'
# These are run for every test, not once per file # These are run for every test, not once per file
setup() { setup() {
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
if [ -z "$STAGING" ]; then
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/add-a
fi
} }
teardown() { teardown() {
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
if [ -z "$STAGING" ]; then
curl --silent -X POST -d '{"host":"'a.$GETSSL_HOST'", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
fi
} }
@test "Create dual certificates and copy RSA and ECDSA chain and key to two locations" { @test "Create dual certificates and copy RSA and ECDSA chain and key to two locations" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations.cfg" CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations.cfg"
setup_environment setup_environment
mkdir -p /root/a.${GETSSL_HOST} mkdir -p /root/a.${GETSSL_HOST}


+ 42
- 0
test/7-duckdns-dns01.bats View File

@ -0,0 +1,42 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# These are run for every test, not once per file
setup() {
if [ -n "$STAGING" ]; then
export GETSSL_HOST=getssl.duckdns.org
fi
}
@test "Create new certificate using staging server and DuckDNS" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
CONFIG_FILE="getssl-duckdns01.cfg"
setup_environment
init_getssl
create_certificate
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}
@test "Force renewal of certificate using staging server and DuckDNS" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
cleanup_environment
curl --silent -X POST -d '{"host":"getssl.duckdns.org", "addresses":["'$GETSSL_IP'"]}' http://10.30.50.3:8055/del-a
}

+ 103
- 0
test/8-duckdns-ecdsa.bats View File

@ -0,0 +1,103 @@
#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# These are run for every test, not once per file
setup() {
if [ -n "$STAGING" ]; then
export GETSSL_HOST=getssl.duckdns.org
fi
}
@test "Create new certificate using staging server and prime256v1" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
CONFIG_FILE="getssl-duckdns01.cfg"
GETSSL_HOST=getssl.duckdns.org
setup_environment
init_getssl
sed -e 's/rsa/prime256v1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
run ${CODE_DIR}/getssl "$GETSSL_HOST"
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}
@test "Force renewal of certificate using staging server and prime256v1" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
cleanup_environment
}
@test "Create new certificate using staging server and secp384r1" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
CONFIG_FILE="getssl-duckdns01.cfg"
GETSSL_HOST=getssl.duckdns.org
setup_environment
init_getssl
sed -e 's/rsa/secp384r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
run ${CODE_DIR}/getssl "$GETSSL_HOST"
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}
@test "Force renewal of certificate using staging server and secp384r1" {
if [ -z "$STAGING" ]; then
skip "Running internal tests, skipping external test"
fi
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
cleanup_environment
}
@test "Create new certificate using staging server and secp521r1" {
skip "The staging server returns 'ECDSA curve P-521 not allowed'"
CONFIG_FILE="getssl-duckdns01.cfg"
GETSSL_HOST=getssl.duckdns.org
setup_environment
init_getssl
sed -e 's/rsa/secp521r1/g' < "${CODE_DIR}/test/test-config/${CONFIG_FILE}" > "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"
run ${CODE_DIR}/getssl "$GETSSL_HOST"
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
}
@test "Force renewal of certificate using staging server and secp521r1" {
skip "The staging server returns 'ECDSA curve P-521 not allowed'"
run ${CODE_DIR}/getssl -f $GETSSL_HOST
assert_success
refute_output --regexp '[Ff][Aa][Ii][Ll][Ee][Dd]'
refute_output --regexp '[Ee][Rr][Rr][Oo][Rr]'
refute_output --regexp '[Ww][Aa][Rr][Nn][Ii][Nn][Gg]'
cleanup_environment
}

+ 7
- 1
test/debug-test.sh View File

@ -13,10 +13,16 @@ CONFIG_FILE=$1
if [ ! -e "$CONFIG_FILE" ]; then if [ ! -e "$CONFIG_FILE" ]; then
CONFIG_FILE=${CODE_DIR}/test/test-config/${CONFIG_FILE} CONFIG_FILE=${CODE_DIR}/test/test-config/${CONFIG_FILE}
fi fi
#shellcheck disable=SC1091
source /getssl/test/test_helper.bash source /getssl/test/test_helper.bash
setup_environment 3>&1 setup_environment 3>&1
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
# Only add the pebble CA to the cert bundle if using pebble
if [ "$(grep -q pebble "${CONFIG_FILE}")" = 0 ]; then
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
fi
"${CODE_DIR}/getssl" -c "$GETSSL_HOST" 3>&1 "${CODE_DIR}/getssl" -c "$GETSSL_HOST" 3>&1
cp "${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" cp "${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg"


+ 1
- 0
test/run-all-tests.cmd View File

@ -3,3 +3,4 @@ docker exec -it getssl-centos6 bats /getssl/test
docker exec -it getssl-debian bats /getssl/test docker exec -it getssl-debian bats /getssl/test
docker exec -it getssl-ubuntu bats /getssl/test docker exec -it getssl-ubuntu bats /getssl/test
docker exec -it getssl-ubuntu18 bats /getssl/test docker exec -it getssl-ubuntu18 bats /getssl/test
docker exec -it getssl-duckdns bats /getssl/test

+ 1
- 0
test/run-all-tests.sh View File

@ -5,3 +5,4 @@ docker exec -it getssl-centos6 bats /getssl/test
docker exec -it getssl-debian bats /getssl/test docker exec -it getssl-debian bats /getssl/test
docker exec -it getssl-ubuntu bats /getssl/test docker exec -it getssl-ubuntu bats /getssl/test
docker exec -it getssl-ubuntu18 bats /getssl/test docker exec -it getssl-ubuntu18 bats /getssl/test
docker exec -it getssl-duckdns bats /getssl/test

+ 37
- 0
test/test-config/getssl-duckdns01.cfg View File

@ -0,0 +1,37 @@
# Test that the script works with external dns provider and staging server
#
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
VALIDATE_VIA_DNS=true
DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_duckdns"
DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_duckdns"
AUTH_DNS_SERVER=1.1.1.1
CHECK_ALL_AUTH_DNS=false
DNS_EXTRA_WAIT=20
ACCOUNT_KEY_TYPE="rsa"
PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=""
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
ACL=('/var/www/html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="false"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed (using a custom port)
SERVER_TYPE="https"
CHECK_REMOTE="true"

Write Preview
Loading…
Cancel
Save