#!/bin/sh
set -euf
# -----------------------------------------------------------------------------
# Basic fundamentals
prefix=@prefix@
exec_prefix=@exec_prefix@
datarootdir=@datarootdir@
datadir=@datadir@
sysconfdir=@sysconfdir@
libdir=@libdir@
privatedir=@privatedir@
with_trust_paths=@with_trust_paths@
script=$(basename $0)
# -----------------------------------------------------------------------------
# Testing
warning()
{
echo "$script: $@" >&2
}
assert_fail()
{
warning $@
exit 1
}
assert_contains()
{
if ! grep -qF $2 $1; then
assert_fail "$1 does not contain $2"
fi
}
assert_not_contains()
{
if grep -qF $2 $1; then
assert_fail "$1 contains $2"
fi
}
teardown()
{
for x in $TD; do
if [ -d $x ]; then
rmdir $x
elif [ -f $x ]; then
rm $x
fi
done
TD=""
}
teardown_dirty()
{
echo "not ok $TEST_NUMBER $TEST_NAME"
teardown
}
openssl_quiet()
(
command='/Generating a|-----|^[.+]+$|writing new private key/d'
exec 3>&1
openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&-
)
skip()
{
TEST_SKIP=yes
echo "ok $TEST_NUMBER # skip $TEST_NAME: $@"
}
setup()
{
# Parse the trust paths
oldifs="$IFS"
IFS=:
set $with_trust_paths
IFS="$oldifs"
if [ ! -d $1 ]; then
skip "$1 is not a directory"
return
fi
SOURCE_1=$1
if [ $# -lt 2 ]; then
warning "certain tests neutered if only 1 trust path: $with_trust_paths"
SOURCE_2=$1
else
SOURCE_2=$2
fi
# Make a temporary directory
dir=$(mktemp -d)
cd $dir
CLEANUP="$dir $TD"
# Generate a unique identifier
CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
# Generate relevant certificates
openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-out cert_1.pem -subj /CN=$CERT_1_CN
openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-out cert_2.pem -subj /CN=$CERT_2_CN
openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
-out cert_3.pem -subj /CN=$CERT_3_CN
TD="cert_1.pem cert_2.pem cert_3.pem $TD"
mkdir -p $SOURCE_1/anchors
cp cert_1.pem $SOURCE_1/anchors/
mkdir -p $SOURCE_2/anchors
cp cert_2.pem $SOURCE_2/anchors/
cp cert_3.pem $SOURCE_2/anchors/
TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD"
}
run()
{
TOTAL=0
for TEST_NAME in $@; do
TOTAL=$(expr $TOTAL + 1)
done
echo "1..$TOTAL"
TEST_NUMBER=0
for TEST_NAME in $@; do
TEST_NUMBER=$(expr $TEST_NUMBER + 1)
(
trap teardown_dirty EXIT
trap "teardown_dirty; exit 127" INT TERM
TD=""
TEST_SKIP=no
setup
if [ $TEST_SKIP != "yes" ]; then
$TEST_NAME
fi
if [ $TEST_SKIP != "yes" ]; then
echo "ok $TEST_NUMBER $TEST_NAME"
fi
trap - EXIT
teardown
)
done
}
# -----------------------------------------------------------------------------
# Main tests
test_extract()
{
trust extract --filter=ca-anchors --format=pem-bundle \
--purpose=server-auth --comment \
extract-test.pem
assert_contains extract-test.pem $CERT_1_CN
assert_contains extract-test.pem $CERT_2_CN
assert_contains extract-test.pem $CERT_3_CN
}
test_blacklist()
{
mkdir -p $SOURCE_1/blacklist
cp cert_3.pem $SOURCE_1/blacklist
TD="$SOURCE_1/blacklist/cert_3.pem $TD"
trust extract --filter=ca-anchors --format=pem-bundle \
--purpose=server-auth --comment \
blacklist-test.pem
assert_contains blacklist-test.pem $CERT_1_CN
assert_not_contains blacklist-test.pem $CERT_3_CN
}
run test_extract test_blacklist