Skip to content

Commit

Permalink
Update tests to use pki nss-cert-import
Browse files Browse the repository at this point in the history
  • Loading branch information
edewata committed Jun 20, 2024
1 parent 85255be commit 2f6d70f
Show file tree
Hide file tree
Showing 102 changed files with 731 additions and 177 deletions.
7 changes: 6 additions & 1 deletion .github/workflows/acme-certbot-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,12 @@ jobs:
- name: Install CA admin cert
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/acme-container-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,7 @@ jobs:
--output-file /conf/certs/ca_signing.crt \
ca_signing
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/conf/certs/ca_signing.crt \
--trust CT,C,C \
ca_signing
Expand Down
13 changes: 11 additions & 2 deletions .github/workflows/acme-postgresql-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,12 @@ jobs:
- name: Install CA admin cert
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down Expand Up @@ -87,7 +92,11 @@ jobs:
CERT_ID=$(docker exec pki pki -n caadmin ca-cert-request-approve ${REC_ID:14} --force | \
grep "Certificate ID")
docker exec pki pki ca-cert-export ${CERT_ID:18} --output-file sslserver.crt
docker exec pki pki nss-cert-import --cert sslserver.crt postgresql
docker exec pki pki nss-cert-import \
--cert sslserver.crt \
postgresql
docker exec pki pk12util -o sslserver.p12 -n postgresql -d /root/.dogtag/nssdb -W secret
docker cp pki:sslserver.p12 .
openssl pkcs12 -in sslserver.p12 -nocerts -out sslserver.key -noenc -password pass:secret
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/ca-admin-user-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,11 @@ jobs:
run: |
# import CA signing cert
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
# correct password should work
docker exec pki pki -u caadmin -w Secret.123 ca-user-find
Expand Down
7 changes: 6 additions & 1 deletion .github/workflows/ca-basic-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,12 @@ jobs:
- name: Initialize PKI client
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki pki info
- name: Test CA certs
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/ca-cert-revocation-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,12 @@ jobs:
docker exec pki pki-server cert-export \
--cert-file ca_signing.crt \
ca_signing
docker exec pki pki client-cert-import \
--ca-cert ca_signing.crt \
ca_signing
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down
15 changes: 11 additions & 4 deletions .github/workflows/ca-clone-replicated-ds-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,12 @@ jobs:
run: |
docker exec primary pki-server cert-export ca_signing \
--cert-file $SHARED/ca_signing.crt
docker exec primary pki client-cert-import ca_signing \
--ca-cert $SHARED/ca_signing.crt
docker exec primary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec primary pki pkcs12-import \
--pkcs12 $SHARED/caadmin.p12 \
--pkcs12-password Secret.123
Expand Down Expand Up @@ -417,8 +421,11 @@ jobs:
- name: Check secondary CA admin user
run: |
docker exec secondary pki client-cert-import ca_signing \
--ca-cert $SHARED/ca_signing.crt
docker exec secondary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec secondary pki pkcs12-import \
--pkcs12 $SHARED/caadmin.p12 \
--pkcs12-password Secret.123
Expand Down
29 changes: 21 additions & 8 deletions .github/workflows/ca-clone-secure-ds-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,12 @@ jobs:
--csr ds_signing.csr \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--cert ds_signing.crt
docker exec primary pki \
nss-cert-import \
docker exec primary pki nss-cert-import \
--cert ds_signing.crt \
--trust CT,C,C \
Self-Signed-CA
docker exec primary certutil -L -d /root/.dogtag/nssdb
- name: Create DS server cert in primary PKI container
Expand All @@ -81,10 +82,11 @@ jobs:
--csr ds_server.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert ds_server.crt
docker exec primary pki \
nss-cert-import \
docker exec primary pki nss-cert-import \
--cert ds_server.crt \
Server-Cert
docker exec primary certutil -L -d /root/.dogtag/nssdb
- name: Import certs into primary DS container
Expand Down Expand Up @@ -126,7 +128,12 @@ jobs:
- name: Verify users and DS hosts in primary PKI container
run: |
docker exec primary pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec primary pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec primary pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec primary pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down Expand Up @@ -187,10 +194,11 @@ jobs:
--csr ds_server.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert ds_server.crt
docker exec secondary pki \
nss-cert-import \
docker exec secondary pki nss-cert-import \
--cert ds_server.crt \
Server-Cert
docker exec secondary certutil -L -d /root/.dogtag/nssdb
- name: Import certs into secondary DS container
Expand Down Expand Up @@ -243,7 +251,12 @@ jobs:
run: |
docker exec primary cp /root/.dogtag/pki-tomcat/ca_admin_cert.p12 ${SHARED}/ca_admin_cert.p12
docker exec secondary pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec secondary pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec secondary pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec secondary pki pkcs12-import \
--pkcs12 ${SHARED}/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down
15 changes: 11 additions & 4 deletions .github/workflows/ca-clone-shared-ds-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -184,16 +184,23 @@ jobs:
# get users from primary CA
docker exec primary pki-server cert-export ca_signing \
--cert-file ${SHARED}/ca_signing.crt
docker exec primary pki client-cert-import ca_signing \
--ca-cert ${SHARED}/ca_signing.crt
docker exec primary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec primary pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
docker exec primary pki -n caadmin ca-user-find | tee ca-users.primary
# get users from secondary CA
docker exec secondary pki client-cert-import ca_signing \
--ca-cert ${SHARED}/ca_signing.crt
docker exec secondary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec primary cp \
/root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
${SHARED}/ca_admin_cert.p12
Expand Down
20 changes: 17 additions & 3 deletions .github/workflows/ca-clone-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,12 @@ jobs:
- name: Verify users and SD hosts in primary PKI container
run: |
docker exec primary pki-server cert-export ca_signing --cert-file ${SHARED}/ca_signing.crt
docker exec primary pki client-cert-import ca_signing --ca-cert ${SHARED}/ca_signing.crt
docker exec primary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec primary pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down Expand Up @@ -314,7 +319,12 @@ jobs:
- name: Verify users and SD hosts in secondary PKI container
run: |
docker exec primary cp /root/.dogtag/pki-tomcat/ca_admin_cert.p12 ${SHARED}/ca_admin_cert.p12
docker exec secondary pki client-cert-import ca_signing --ca-cert ${SHARED}/ca_signing.crt
docker exec secondary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec secondary pki pkcs12-import \
--pkcs12 ${SHARED}/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down Expand Up @@ -451,7 +461,11 @@ jobs:
- name: Verify users and SD hosts in tertiary PKI container
run: |
docker exec tertiary pki client-cert-import ca_signing --ca-cert ${SHARED}/ca_signing.crt
docker exec tertiary pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec tertiary pki pkcs12-import \
--pkcs12 ${SHARED}/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down
7 changes: 6 additions & 1 deletion .github/workflows/ca-cmc-shared-token-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,12 @@ jobs:
- name: Install CA admin cert
run: |
docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki pki pkcs12-import \
--pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
--pkcs12-password Secret.123
Expand Down
30 changes: 18 additions & 12 deletions .github/workflows/ca-container-existing-certs-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,12 @@ jobs:
--validity-length 1 \
--validity-unit year \
--cert $SHARED/certs/ca_signing.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec client pki \
nss-cert-show \
ca_signing
Expand All @@ -85,10 +86,11 @@ jobs:
--csr $SHARED/certs/ca_ocsp_signing.csr \
--ext /usr/share/pki/server/certs/ocsp_signing.conf \
--cert $SHARED/certs/ca_ocsp_signing.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/ca_ocsp_signing.crt \
ca_ocsp_signing
docker exec client pki \
nss-cert-show \
ca_ocsp_signing
Expand All @@ -106,11 +108,12 @@ jobs:
--csr $SHARED/certs/ca_audit_signing.csr \
--ext /usr/share/pki/server/certs/audit_signing.conf \
--cert $SHARED/certs/ca_audit_signing.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/ca_audit_signing.crt \
--trust ,,P \
ca_audit_signing
docker exec client pki \
nss-cert-show \
ca_audit_signing
Expand All @@ -128,10 +131,11 @@ jobs:
--csr $SHARED/certs/subsystem.csr \
--ext /usr/share/pki/server/certs/subsystem.conf \
--cert $SHARED/certs/subsystem.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/subsystem.crt \
subsystem
docker exec client pki \
nss-cert-show \
subsystem
Expand All @@ -149,10 +153,11 @@ jobs:
--csr $SHARED/certs/sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert $SHARED/certs/sslserver.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/sslserver.crt \
sslserver
docker exec client pki \
nss-cert-show \
sslserver
Expand All @@ -170,10 +175,11 @@ jobs:
--csr $SHARED/certs/admin.csr \
--ext /usr/share/pki/server/certs/admin.conf \
--cert $SHARED/certs/admin.crt
docker exec client pki \
nss-cert-import \
docker exec client pki nss-cert-import \
--cert $SHARED/certs/admin.crt \
admin
docker exec client pki \
nss-cert-show \
admin
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/ca-container-existing-config-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ jobs:
docker exec pki pki-server cert-export \
--cert-file $SHARED/certs/ca_signing.crt \
ca_signing
docker exec client pki nss-cert-import \
--cert $SHARED/certs/ca_signing.crt \
--trust CT,C,C \
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/ca-container-migration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ jobs:
docker exec pki pki-server cert-export \
--cert-file $SHARED/ca_signing.crt \
ca_signing
docker exec client pki nss-cert-import \
--cert $SHARED/ca_signing.crt \
--trust CT,C,C \
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/ca-container-user-service-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -312,8 +312,7 @@ jobs:
--ext /usr/share/pki/server/certs/admin.conf \
--cert /conf/certs/admin.crt
docker exec -u pkiuser pki pki \
nss-cert-import \
docker exec -u pkiuser pki pki nss-cert-import \
--cert /home/pkiuser/.dogtag/pki-ca/conf/certs/admin.crt \
admin
Expand Down
Loading

0 comments on commit 2f6d70f

Please sign in to comment.