Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
@kaysond
kaysond committed Dec 26, 2019
2 parents 1a8fdd9 + 5daeef7 commit ae91ed3
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 22 deletions.
9 changes: 5 additions & 4 deletions spki
View file
Original file line number Diff line number Diff line change
Expand Up @@ -629,16 +629,17 @@ ocsp-responder() {
INDEX="$ROOT_DIR"/index.txt
RKEY=$ROOT_OCSP_KEY
RCERT=$ROOT_OCSP_CERT
PASS=$(get-password 'root OCSP private key' -noverify)
#PASS=$(get-password 'root OCSP private key' -noverify)
else
CA=$CA_CHAIN
INDEX=$INTRMDT_DIR/index.txt
RKEY=$INTRMDT_OCSP_KEY
RCERT=$INTRMDT_OCSP_CERT
PASS=$(get-password 'intermediate OCSP private key' -noverify)
#PASS=$(get-password 'intermediate OCSP private key' -noverify)
fi
#exec 3<<<"$PASS"
# exec 3<<<"$PASS"
# openssl ocsp does not yet support the -passin arg
# see: https://github.com/openssl/openssl/issues/10682
openssl ocsp -port "$1" -text \
-index "$INDEX" \
-CA "$CA" \
Expand Down Expand Up @@ -1338,4 +1339,4 @@ case "$COMMAND" in
print_help
exit 1
;;
esac
esac
35 changes: 17 additions & 18 deletions test/test.bats
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# Some tests require http-server
# npm install http-server -g

### RREPLACE LITERALS WITH VARIABLES WHERE PSBLE
load test_helpers

setup() {
Expand All @@ -26,11 +25,11 @@ teardown() {
[ "$status" -eq 0 ]

ROOTCERT=$(openssl x509 -in /tmp/spki/certs/ca.cert.pem -noout -text)
echo "$ROOTCERT" | grep "Issuer: CN = Root CA, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" &> /dev/null
echo "$ROOTCERT" | grep "Subject: CN = Root CA, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" &> /dev/null
echo "$ROOTCERT" | grep "Issuer: $ROOT_DN" &> /dev/null
echo "$ROOTCERT" | grep "Subject: $ROOT_DN" &> /dev/null
INTRMDTCERT=$(openssl x509 -in /tmp/spki/intermediate/certs/intermediate.cert.pem -noout -text)
echo "$INTRMDTCERT" | grep "Issuer: CN = Root CA, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" &> /dev/null
echo "$INTRMDTCERT" | grep "Subject: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" &> /dev/null
echo "$INTRMDTCERT" | grep "Issuer: $ROOT_DN" &> /dev/null
echo "$INTRMDTCERT" | grep "Subject: $INTERMEDIATE_DN" &> /dev/null
}

@test "init with config file overwrites file and env vars" {
Expand Down Expand Up @@ -120,8 +119,8 @@ teardown() {

# Check for correct DNs
CERT=$(openssl x509 -in /tmp/spki/intermediate/certs/test.cert.pem -noout -text)
echo "$CERT" | grep "Issuer: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Subject: CN = Test Cert, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Issuer: $INTERMEDIATE_DN" &> /dev/null
echo "$CERT" | grep "Subject: $CERT_DN" &> /dev/null

# Check for correct extensions
read -d '' EXTENSIONS <<-EOF || true
Expand All @@ -147,8 +146,8 @@ teardown() {

# Check for correct DNs
CERT=$(openssl x509 -in /tmp/spki/intermediate/certs/test.cert.pem -noout -text)
echo "$CERT" | grep "Issuer: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Subject: CN = Test Cert, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Issuer: $INTERMEDIATE_DN" &> /dev/null
echo "$CERT" | grep "Subject: $CERT_DN" &> /dev/null

# Check for correct extensions
read -d '' EXTENSIONS <<-EOF || true
Expand All @@ -174,8 +173,8 @@ teardown() {

# Check for correct DNs
CERT=$(openssl x509 -in /tmp/spki/intermediate/certs/test.cert.pem -noout -text)
echo "$CERT" | grep "Issuer: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Subject: CN = Test Cert, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$CERT" | grep "Issuer: $INTERMEDIATE_DN" &> /dev/null
echo "$CERT" | grep "Subject: $CERT_DN" &> /dev/null

# Check for correct extensions
read -d '' EXTENSIONS <<-EOF || true
Expand Down Expand Up @@ -254,7 +253,7 @@ teardown() {
dump_output_on_fail
[ "$status" -eq 0 ]
# Bash test + regex avoids whitespace issues
[[ "${lines[0]}" =~ "/CN=$CERT_COMMON_NAME/C=$countryName/ST=$stateOrProvinceName/L=$localityName/O=$organizationName/OU=$organizationalUnitName/emailAddress=$emailAddress" ]]
[[ "${lines[0]}" =~ "/CN=$CERT_COMMON_NAME/C=$INTERMEDIATE_COUNTRY_NAME/ST=$INTERMEDIATE_PROVINCE_NAME/L=$INTERMEDIATE_LOCALITY_NAME/O=$INTERMEDIATE_ORGANIZATION_NAME/OU=$INTERMEDIATE_ORGANIZATIONAL_UNIT_NAME/emailAddress=$INTERMEDIATE_MAIL" ]]
[[ "${lines[1]}" =~ "Status: Valid" ]]
[[ "${lines[3]}" =~ "Serial: 1000" ]]
}
Expand Down Expand Up @@ -295,12 +294,12 @@ teardown() {
[[ "${lines[1]}" =~ "Certificate Revocation List (CRL):" ]]
[[ "${lines[2]}" =~ "Version 2 (0x1)" ]]
[[ "${lines[3]}" =~ "Signature Algorithm: sha256WithRSAEncryption" ]]
[[ "${lines[4]}" =~ "Issuer: CN = $ROOT_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" ]]
[[ "${lines[4]}" =~ "Issuer: $ROOT_DN" ]]

[[ "${lines[16]}" =~ "Certificate Revocation List (CRL):" ]]
[[ "${lines[17]}" =~ "Version 2 (0x1)" ]]
[[ "${lines[18]}" =~ "Signature Algorithm: sha256WithRSAEncryption" ]]
[[ "${lines[19]}" =~ "Issuer: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com" ]]
[[ "${lines[19]}" =~ "Issuer: $INTERMEDIATE_DN" ]]
kill-http-server
}

Expand Down Expand Up @@ -371,12 +370,12 @@ teardown() {
[ -f "/tmp/spki/intermediate/certs/intermediate.ocsp.cert.pem" ]

ROOT_OCSP_CERT=$(openssl x509 -in /tmp/spki/certs/ca.ocsp.cert.pem -noout -text)
echo "$ROOT_OCSP_CERT" | grep "Issuer: CN = $ROOT_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$ROOT_OCSP_CERT" | grep "Subject: CN = $ROOT_OCSP_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$ROOT_OCSP_CERT" | grep "Issuer: $ROOT_DN"
echo "$ROOT_OCSP_CERT" | grep "Subject: $ROOT_OCSP_DN"

INTERMEDIATE_OCSP_CERT=$(openssl x509 -in /tmp/spki/intermediate/certs/intermediate.ocsp.cert.pem -noout -text)
echo "$INTERMEDIATE_OCSP_CERT" | grep "Issuer: CN = $INTERMEDIATE_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$INTERMEDIATE_OCSP_CERT" | grep "Subject: CN = $INTERMEDIATE_OCSP_COMMON_NAME, C = PL, ST = Warsaw, L = Warsaw, O = Company Ltd, OU = Developers, emailAddress = mail@company.com"
echo "$INTERMEDIATE_OCSP_CERT" | grep "Issuer: $INTERMEDIATE_DN"
echo "$INTERMEDIATE_OCSP_CERT" | grep "Subject: $INTERMEDIATE_OCSP_DN"
}

@test "ocsp responder" { #can't start the ocsp responder programmaticaly because there's no -passin arg
Expand Down
7 changes: 7 additions & 0 deletions test/test_helpers.bash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,10 @@ load_vars() {
ROOT_ORGANIZATIONAL_UNIT_NAME="$organizationalUnitName"
ROOT_MAIL="$emailAddress"

ROOT_DN="CN = $ROOT_COMMON_NAME, C = $ROOT_COUNTRY_NAME, ST = $ROOT_PROVINCE_NAME, L = $ROOT_LOCALITY_NAME, O = $ROOT_ORGANIZATION_NAME, OU = $ROOT_ORGANIZATIONAL_UNIT_NAME, emailAddress = $ROOT_MAIL"

ROOT_OCSP_COMMON_NAME="Root CA OCSP"
ROOT_OCSP_DN="CN = $ROOT_OCSP_COMMON_NAME, C = $ROOT_COUNTRY_NAME, ST = $ROOT_PROVINCE_NAME, L = $ROOT_LOCALITY_NAME, O = $ROOT_ORGANIZATION_NAME, OU = $ROOT_ORGANIZATIONAL_UNIT_NAME, emailAddress = $ROOT_MAIL"

INTERMEDIATE_COMMON_NAME="Intermediate CA"
INTERMEDIATE_COUNTRY_NAME="$countryName"
Expand All @@ -43,9 +46,13 @@ load_vars() {
INTERMEDIATE_ORGANIZATIONAL_UNIT_NAME="$organizationalUnitName"
INTERMEDIATE_MAIL="$emailAddress"

INTERMEDIATE_DN="CN = $INTERMEDIATE_COMMON_NAME, C = $INTERMEDIATE_COUNTRY_NAME, ST = $INTERMEDIATE_PROVINCE_NAME, L = $INTERMEDIATE_LOCALITY_NAME, O = $INTERMEDIATE_ORGANIZATION_NAME, OU = $INTERMEDIATE_ORGANIZATIONAL_UNIT_NAME, emailAddress = $INTERMEDIATE_MAIL"

INTERMEDIATE_OCSP_COMMON_NAME="Intermediate CA OCSP"
INTERMEDIATE_OCSP_DN="CN = $INTERMEDIATE_OCSP_COMMON_NAME, C = $INTERMEDIATE_COUNTRY_NAME, ST = $INTERMEDIATE_PROVINCE_NAME, L = $INTERMEDIATE_LOCALITY_NAME, O = $INTERMEDIATE_ORGANIZATION_NAME, OU = $INTERMEDIATE_ORGANIZATIONAL_UNIT_NAME, emailAddress = $INTERMEDIATE_MAIL"

CERT_COMMON_NAME="Test Cert"
CERT_DN="CN = $CERT_COMMON_NAME, C = $INTERMEDIATE_COUNTRY_NAME, ST = $INTERMEDIATE_PROVINCE_NAME, L = $INTERMEDIATE_LOCALITY_NAME, O = $INTERMEDIATE_ORGANIZATION_NAME, OU = $INTERMEDIATE_ORGANIZATIONAL_UNIT_NAME, emailAddress = $INTERMEDIATE_MAIL"

ROOT_PRIVATE_KEY_PASSWORD="123456"
INTERMEDIATE_PRIVATE_KEY_PASSWORD="123456"
Expand Down

0 comments on commit ae91ed3

Please sign in to comment.