From ee5e1e8cac509b63f76630ebb9cfaf40ec696403 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Wed, 13 May 2020 17:12:27 +0100 Subject: [PATCH 1/2] Add --check-config and auto upgrade CA v02 url --- getssl | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/getssl b/getssl index a501f78..1a14ac8 100755 --- a/getssl +++ b/getssl @@ -283,6 +283,7 @@ _REVOKE=0 _UPGRADE=0 _UPGRADE_CHECK=1 _USE_DEBUG=0 +_ONLY_CHECK_CONFIG=0 config_errors="false" LANG=C API=1 @@ -292,6 +293,18 @@ ORIGCMD="$0 $*" # Define all functions (in alphabetical order) +auto_upgrade_v2() { # Automatically update clients to v2 + if [[ "${CA}" == *"acme-v01."* ]] || [[ "${CA}" == *"acme-staging."* ]]; then + OLDCA=${CA} + # shellcheck disable=SC2001 + CA=$(echo "${OLDCA}" | sed "s/v01/v02/g") + # shellcheck disable=SC2001 + CA=$(echo "${CA}" | sed "s/staging/staging-v02/g") + info "Upgraded to v2 (changed ${OLDCA} to ${CA})" + fi + debug "Using certificate issuer: ${CA}" +} + cert_archive() { # Archive certificate file by copying files to dated archive dir. debug "creating an archive copy of current new certs" date_time=$(date +%Y_%m_%d_%H_%M) @@ -2245,6 +2258,8 @@ while [[ -n ${1+defined} ]]; do _UPGRADE_CHECK=0 ;; -i | --install) _CERT_INSTALL=1 ;; + --check-config) + _ONLY_CHECK_CONFIG=1 ;; -w) shift; WORKING_DIR="$1" ;; -*) @@ -2462,9 +2477,18 @@ set_server_type # check what dns utils are installed find_dns_utils +# auto upgrade clients to v2 +auto_upgrade_v2 + # check config for typical errors. check_config +# exit if just checking config (used for testing) +if [ "${_ONLY_CHECK_CONFIG}" -eq 1 ]; then + info "Configuration check successful" + graceful_exit +fi + # if -i|--install install certs, reload and exit if [ "0${_CERT_INSTALL}" -eq 1 ]; then cert_install From dfba3304e4260654d665fb724c8dbf9e0fbc8256 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Wed, 13 May 2020 17:20:24 +0100 Subject: [PATCH 2/2] Add testing for the auto-update to v02 feature --- test/12-auto-upgrade-v1.bats | 75 +++++++++++++++++++ .../getssl-upgrade-test-pebble.cfg | 8 ++ .../getssl-upgrade-test-v1-prod.cfg | 7 ++ .../getssl-upgrade-test-v1-staging.cfg | 7 ++ .../getssl-upgrade-test-v2-prod.cfg | 7 ++ .../getssl-upgrade-test-v2-staging.cfg | 7 ++ 6 files changed, 111 insertions(+) create mode 100644 test/12-auto-upgrade-v1.bats create mode 100644 test/test-config/getssl-upgrade-test-pebble.cfg create mode 100644 test/test-config/getssl-upgrade-test-v1-prod.cfg create mode 100644 test/test-config/getssl-upgrade-test-v1-staging.cfg create mode 100644 test/test-config/getssl-upgrade-test-v2-prod.cfg create mode 100644 test/test-config/getssl-upgrade-test-v2-staging.cfg diff --git a/test/12-auto-upgrade-v1.bats b/test/12-auto-upgrade-v1.bats new file mode 100644 index 0000000..4165cd3 --- /dev/null +++ b/test/12-auto-upgrade-v1.bats @@ -0,0 +1,75 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +@test "Check that auto upgrade to v2 doesn't change pebble url" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-upgrade-test-pebble.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + assert_success + assert_line 'Using certificate issuer: https://pebble:14000/dir' +} + + +@test "Check that auto upgrade to v2 doesn't change v2 staging url" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-upgrade-test-v2-staging.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + assert_success + assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' +} + + +@test "Check that auto upgrade to v2 doesn't change v2 prod url" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-upgrade-test-v2-prod.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + assert_success + assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' +} + + +@test "Check that auto upgrade to v2 changes v1 staging to v2 staging url" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-upgrade-test-v1-staging.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + assert_success + assert_line 'Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org/directory' +} + + +@test "Check that auto upgrade to v2 changes v1 prod to v2 prod url" { + if [ -n "$STAGING" ]; then + skip "Using staging server, skipping internal test" + fi + CONFIG_FILE="getssl-upgrade-test-v1-prod.cfg" + setup_environment + mkdir ${INSTALL_DIR}/.getssl + cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/getssl.cfg" + run ${CODE_DIR}/getssl -d --check-config "$GETSSL_CMD_HOST" + assert_success + assert_line 'Using certificate issuer: https://acme-v02.api.letsencrypt.org/directory' +} diff --git a/test/test-config/getssl-upgrade-test-pebble.cfg b/test/test-config/getssl-upgrade-test-pebble.cfg new file mode 100644 index 0000000..f5f8b3b --- /dev/null +++ b/test/test-config/getssl-upgrade-test-pebble.cfg @@ -0,0 +1,8 @@ +# +# Test that auto-upgrade to v2 doesn't change pebble url +# +CA="https://pebble:14000/dir" + + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge') diff --git a/test/test-config/getssl-upgrade-test-v1-prod.cfg b/test/test-config/getssl-upgrade-test-v1-prod.cfg new file mode 100644 index 0000000..41f0176 --- /dev/null +++ b/test/test-config/getssl-upgrade-test-v1-prod.cfg @@ -0,0 +1,7 @@ +# +# Test that auto-upgrade to v2 changes v1 prod to v2 prod +# +CA="https://acme-v01.api.letsencrypt.org/directory" + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge') diff --git a/test/test-config/getssl-upgrade-test-v1-staging.cfg b/test/test-config/getssl-upgrade-test-v1-staging.cfg new file mode 100644 index 0000000..215f246 --- /dev/null +++ b/test/test-config/getssl-upgrade-test-v1-staging.cfg @@ -0,0 +1,7 @@ +# +# Test that auto-upgrade to v2 changes v1 staging to v2 staging +# +CA="https://acme-staging.api.letsencrypt.org/directory" + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge') diff --git a/test/test-config/getssl-upgrade-test-v2-prod.cfg b/test/test-config/getssl-upgrade-test-v2-prod.cfg new file mode 100644 index 0000000..9b9c009 --- /dev/null +++ b/test/test-config/getssl-upgrade-test-v2-prod.cfg @@ -0,0 +1,7 @@ +# +# Test that auto-upgrade to v2 doesn't change v2 prod url +# +CA="https://acme-v02.api.letsencrypt.org/directory" + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge') diff --git a/test/test-config/getssl-upgrade-test-v2-staging.cfg b/test/test-config/getssl-upgrade-test-v2-staging.cfg new file mode 100644 index 0000000..98bfd17 --- /dev/null +++ b/test/test-config/getssl-upgrade-test-v2-staging.cfg @@ -0,0 +1,7 @@ +# +# Test that auto-upgrade to v2 doesn't change v2 staging url +# +CA="https://acme-staging-v02.api.letsencrypt.org/directory" + +# Acme Challenge Location. +ACL=('/var/www/html/.well-known/acme-challenge')