RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1138 Commits
14 Branches
16 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
getssl/test/39-private-key-alg-changed....

88 lines
2.7 KiB
Raw Permalink Blame History

#! /usr/bin/env bats
load '/bats-support/load.bash'
load '/bats-assert/load.bash'
load '/getssl/test/test_helper.bash'
# This is run for every test
teardown() {
[ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
}
setup() {
[ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure"
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
}
teardown_file() {
cleanup_environment
}
@test "Create new certificate to create a private key" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
CONFIG_FILE="getssl-http01.cfg"
setup_environment
init_getssl
create_certificate
assert_success
check_output_for_errors
# save a coy of the private key
cp "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key" "${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key.orig"
}
@test "Renew certificate (not force) and check nothing happens and key doesn't change" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
ORIG_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
run ${CODE_DIR}/getssl -U -d $GETSSL_HOST
assert_success
assert_line --partial "certificate is valid for more than 30 days"
check_output_for_errors
NEW_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
assert [ "$NEW_KEY_HASH" == "$ORIG_KEY_HASH" ]
}
@test "Force renewal and check key hasn't changed" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
ORIG_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
run ${CODE_DIR}/getssl -U -d -f $GETSSL_HOST
assert_success
check_output_for_errors
NEW_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
assert [ "$NEW_KEY_HASH" == "$ORIG_KEY_HASH" ]
}
@test "Change key algorithm, force renewal, and check key has changed" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
ORIG_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
cat <<- 'EOF' > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg
PRIVATE_KEY_ALG="prime256v1"
EOF
run ${CODE_DIR}/getssl -U -d $GETSSL_HOST
assert_success
refute_line --partial "certificate is valid for more than 30 days"
check_output_for_errors
NEW_KEY_HASH="$(cat ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/${GETSSL_CMD_HOST}.key | sha256sum)"
assert [ "$NEW_KEY_HASH" != "$ORIG_KEY_HASH" ]
}