-
Notifications
You must be signed in to change notification settings - Fork 1
/
Makefile.tests
126 lines (90 loc) · 4.79 KB
/
Makefile.tests
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
.PHONY: tests _tests_pre tests_init tests_generate tests_sign tests_rm _tests_post
BINARY_PATH = ../${BINARY}
TESTS_DIR = tests
tests: _tests_pre tests_init tests_generate tests_sign tests_rm _tests_post
define SUCCESS
@echo -e "\e[1;32m$1 TESTS OK\e[0m"
endef
_tests_pre:
@# Clean old test folder if needed
test -e ${TESTS_DIR} && $(RM) -r ${TESTS_DIR} || exit 0
@# Check if the version declared in the main.go match the version we are currently working on
@( \
DECLARED_VERSION=${VERSION}; \
GIT_VERSION=`git rev-parse --abbrev-ref HEAD | cut -d '/' -f 2`; \
if test "$${DECLARED_VERSION}" != "$${GIT_VERSION}"; then \
echo -e >&2 "\e[1;31mmain.go is v$${DECLARED_VERSION} but you are working on the $${GIT_VERSION} version\e[0m"; \
echo "${IGNORE_VERSION}"; \
if ! test "${IGNORE_VERSION}" != "false"; then \
exit 1; \
fi; \
fi; \
)
@# Prepare
mkdir -p ${TESTS_DIR}
$(call SUCCESS,PRE-BUILD)
tests_init:
@# Init repo
cd ${TESTS_DIR} && ${BINARY_PATH} init
@# Calling it twice should not fail
cd ${TESTS_DIR} && ${BINARY_PATH} init
$(call SUCCESS,init)
tests_generate:
@# Generate keys
cd ${TESTS_DIR} && ${BINARY_PATH} generate root --clear-text
cd ${TESTS_DIR} && ${BINARY_PATH} generate intermediate --name intermediate01 --clear-text
cd ${TESTS_DIR} && ${BINARY_PATH} generate client --name client_int --clear-text
cd ${TESTS_DIR} && ${BINARY_PATH} generate client --name client_root --clear-text
cd ${TESTS_DIR} && ${BINARY_PATH} generate client --name client_mult --clear-text
@# Check if keys are as expected
openssl ec -noout -text -in ${TESTS_DIR}/root/root.key | grep --silent 'NIST CURVE: P-384'
openssl ec -noout -text -in ${TESTS_DIR}/intermediates/intermediate01.key | grep --silent 'NIST CURVE: P-384'
openssl ec -noout -text -in ${TESTS_DIR}/clients/client_int.key | grep --silent 'NIST CURVE: P-384'
openssl ec -noout -text -in ${TESTS_DIR}/clients/client_root.key | grep --silent 'NIST CURVE: P-384'
openssl ec -noout -text -in ${TESTS_DIR}/clients/client_mult.key | grep --silent 'NIST CURVE: P-384'
$(call SUCCESS,generate)
tests_sign:
@# Sign keys
cd ${TESTS_DIR} && ${BINARY_PATH} sign root
cd ${TESTS_DIR} && ${BINARY_PATH} sign intermediate --name intermediate01 --with root
cd ${TESTS_DIR} && ${BINARY_PATH} sign client --name client_int --with intermediate01
cd ${TESTS_DIR} && ${BINARY_PATH} sign client --name client_root --with root
cd ${TESTS_DIR} && ${BINARY_PATH} sign client --name client_mult --altname www.domain.com --altname blog.stuff.com --altname api.service.net --with intermediate01
@# Check if keys are correctly signed
openssl verify -CAfile ${TESTS_DIR}/root/root.crt ${TESTS_DIR}/root/root.crt
openssl verify -CAfile ${TESTS_DIR}/root/root.crt ${TESTS_DIR}/intermediates/intermediate01.crt
openssl verify -CAfile ${TESTS_DIR}/root/root.crt <(cat ${TESTS_DIR}/intermediates/intermediate01.crt ${TESTS_DIR}/clients/client_int.crt)
openssl verify -CAfile ${TESTS_DIR}/root/root.crt ${TESTS_DIR}/clients/client_root.crt
@# Check that all keys have DNSNames even if no alternative names were provided
openssl x509 -noout -text -in ${TESTS_DIR}/clients/client_int.crt | awk '/DNS:client_int/ {rc = 1} END {exit !rc}'
openssl x509 -noout -text -in ${TESTS_DIR}/clients/client_mult.crt | awk '/DNS:client_mult/ && /DNS:www\.domain\.com/ && /DNS:blog\.stuff\.com/ && /DNS:api\.service\.net/ {rc = 1} END {exit !rc}'
$(call SUCCESS,sign)
tests_rm:
cd ${TESTS_DIR} && ${BINARY_PATH} rm client --name client_int
@# All keys and certificates should have disappeared from disk
test ! -e ${TESTS_DIR}/clients/client_int.key
test ! -e ${TESTS_DIR}/clients/client_int.pub
test ! -e ${TESTS_DIR}/clients/client_int.crt
test ! -e ${TESTS_DIR}/clients/client_int.crt.fullchain
@# The state should be cleaned
! grep '"client_int"' ${TESTS_DIR}/state.json
cd ${TESTS_DIR} && ${BINARY_PATH} rm client --name client_root
! grep '"client_root"' ${TESTS_DIR}/state.json
cd ${TESTS_DIR} && ${BINARY_PATH} rm client --name client_mult
! grep '"client_mult"' ${TESTS_DIR}/state.json
@# We shouldn't be allowed to remove a root CA
cd ${TESTS_DIR} && ! ${BINARY_PATH} rm root
@# We should be prompted before removing an intermediate CA
cd ${TESTS_DIR} && ! echo '' | ${BINARY_PATH} rm intermediate --name intermediate01
cd ${TESTS_DIR} && echo 'y' | ${BINARY_PATH} rm intermediate --name intermediate01
! grep '"intermediate01"' ${TESTS_DIR}/state.json
$(call SUCCESS,rm)
_tests_post:
@# Initializing a living repo should not fail
cd ${TESTS_DIR} && ${BINARY_PATH} init
@# Clean up (make sure we have no unintended file left by not calling `rm -f`)
cd ${TESTS_DIR}/root && rm root.crt root.key root.pub
cd ${TESTS_DIR} && rm configuration.json state.json
cd ${TESTS_DIR} && rmdir clients intermediates root
rmdir ${TESTS_DIR}
$(call SUCCESS,POST-BUILD)