Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update tests to use standard conf dir #4709

Merged
merged 1 commit into from
Mar 28, 2024
Merged

Update tests to use standard conf dir #4709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/acme-switchover-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ jobs:
docker exec pki pki-server acme-realm-mod \
--type ds \
-D url=ldap://ds.example.com:3389
docker exec pki bash -c "echo baseURL=http://server1.example.com:8080/acme >> /etc/pki/pki-tomcat/acme/engine.conf"
docker exec pki bash -c "echo baseURL=http://server1.example.com:8080/acme >> /var/lib/pki/pki-tomcat/conf/acme/engine.conf"
docker exec pki pki-server acme-deploy --wait

- name: Set up client container
Expand Down Expand Up @@ -132,7 +132,7 @@ jobs:
run: |
docker exec pki pki-server acme-undeploy --wait
docker network disconnect example pki
docker exec pki sed -i "s/server1.example.com/server2.example.com/g" /etc/pki/pki-tomcat/acme/engine.conf
docker exec pki sed -i "s/server1.example.com/server2.example.com/g" /var/lib/pki/pki-tomcat/conf/acme/engine.conf
docker network connect example pki --alias pki.example.com --alias server2.example.com
docker exec pki pki-server acme-deploy --wait

Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/ca-basic-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ jobs:
echo "Secret.123" > password.txt
docker cp password.txt pki:password.txt
docker exec pki certutil -K \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f password.txt | tee output

# there should be no orphaned keys
Expand All @@ -118,7 +118,7 @@ jobs:
docker exec pki pki-server cert-export ca_signing \
--cert-file ca_signing.crt
docker exec pki openssl req -text -noout \
-in /etc/pki/pki-tomcat/certs/ca_signing.csr
-in /var/lib/pki/pki-tomcat/conf/certs/ca_signing.csr

# check CA signing cert extensions
docker exec pki /usr/share/pki/tests/ca/bin/test-ca-signing-cert-ext.sh
Expand All @@ -128,31 +128,31 @@ jobs:
docker exec pki pki-server cert-export ca_ocsp_signing \
--cert-file ca_ocsp_signing.crt
docker exec pki openssl req -text -noout \
-in /etc/pki/pki-tomcat/certs/ca_ocsp_signing.csr
-in /var/lib/pki/pki-tomcat/conf/certs/ca_ocsp_signing.csr
docker exec pki openssl x509 -text -noout -in ca_ocsp_signing.crt

- name: Check CA audit signing cert
run: |
docker exec pki pki-server cert-export ca_audit_signing \
--cert-file ca_audit_signing.crt
docker exec pki openssl req -text -noout \
-in /etc/pki/pki-tomcat/certs/ca_audit_signing.csr
-in /var/lib/pki/pki-tomcat/conf/certs/ca_audit_signing.csr
docker exec pki openssl x509 -text -noout -in ca_audit_signing.crt

- name: Check subsystem cert
run: |
docker exec pki pki-server cert-export subsystem \
--cert-file subsystem.crt
docker exec pki openssl req -text -noout \
-in /etc/pki/pki-tomcat/certs/subsystem.csr
-in /var/lib/pki/pki-tomcat/conf/certs/subsystem.csr
docker exec pki openssl x509 -text -noout -in subsystem.crt

- name: Check SSL server cert
run: |
docker exec pki pki-server cert-export sslserver \
--cert-file sslserver.crt
docker exec pki openssl req -text -noout \
-in /etc/pki/pki-tomcat/certs/sslserver.csr
-in /var/lib/pki/pki-tomcat/conf/certs/sslserver.csr
docker exec pki openssl x509 -text -noout -in sslserver.crt

- name: Check CA admin cert
Expand Down
28 changes: 14 additions & 14 deletions .github/workflows/ca-clone-hsm-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:
# there should be 5 certs
echo "5" > expected
docker exec primary pki \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
diff expected actual
Expand All @@ -102,8 +102,8 @@ jobs:
# there should be 4 certs
echo "4" > expected
docker exec primary pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
--token HSM \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
Expand Down Expand Up @@ -154,7 +154,7 @@ jobs:
- name: Install CA in secondary PKI container
run: |
# get CS.cfg from primary CA before cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary

docker exec primary pki-server cert-export ca_signing \
--cert-file ${SHARED}/ca_signing.crt
Expand All @@ -181,7 +181,7 @@ jobs:
# TODO: investigate the discrepancy
echo "3" > expected
docker exec secondary pki \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
diff expected actual
Expand All @@ -191,8 +191,8 @@ jobs:
# there should be 4 certs
echo "4" > expected
docker exec secondary pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
--token HSM \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
Expand All @@ -201,7 +201,7 @@ jobs:
- name: Check CS.cfg in primary CA after cloning
run: |
# get CS.cfg from primary CA after cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary.after

# normalize expected result:
# - remove params that cannot be compared
Expand All @@ -228,7 +228,7 @@ jobs:
- name: Check CS.cfg in secondary CA
run: |
# get CS.cfg from secondary CA
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary

# normalize expected result:
# - remove params that cannot be compared
Expand Down Expand Up @@ -350,7 +350,7 @@ jobs:
# TODO: investigate the discrepancy
echo "3" > expected
docker exec tertiary pki \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
diff expected actual
Expand All @@ -360,8 +360,8 @@ jobs:
# there should be 4 certs
echo "4" > expected
docker exec tertiary pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
--token HSM \
nss-cert-find | tee output
grep "Serial Number:" output | wc -l > actual
Expand All @@ -370,7 +370,7 @@ jobs:
- name: Check CS.cfg in secondary CA after cloning
run: |
# get CS.cfg from secondary CA after cloning
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary.after

# normalize expected result:
# - remove params that cannot be compared
Expand All @@ -395,7 +395,7 @@ jobs:
- name: Check CS.cfg in tertiary CA
run: |
# get CS.cfg from tertiary CA
docker cp tertiary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.tertiary
docker cp tertiary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.tertiary

# normalize expected result:
# - remove params that cannot be compared
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/ca-clone-replicated-ds-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ jobs:
- name: Import system certs and keys into secondary CA
run: |
docker exec secondary pki \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
pkcs12-import \
--pkcs12 $SHARED/ca-certs.p12 \
--password Secret.123
Expand Down Expand Up @@ -339,7 +339,7 @@ jobs:
- name: Install secondary CA
run: |
# get CS.cfg from primary CA before cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary

docker exec secondary pkispawn \
-f /usr/share/pki/server/examples/installation/ca-clone.cfg \
Expand Down Expand Up @@ -375,14 +375,14 @@ jobs:
- name: Check CS.cfg in primary CA after cloning
run: |
# get CS.cfg from primary CA after cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary.after

diff CS.cfg.primary CS.cfg.primary.after

- name: Check CS.cfg in secondary CA
run: |
# get CS.cfg from secondary CA
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary

# normalize expected result:
# - remove params that cannot be compared
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/ca-clone-shared-ds-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ jobs:
- name: Install secondary CA
run: |
# get CS.cfg from primary CA before cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary

docker exec secondary pkispawn \
-f /usr/share/pki/server/examples/installation/ca-clone.cfg \
Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:
- name: Check CS.cfg in primary CA after cloning
run: |
# get CS.cfg from primary CA after cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary.after

# normalize expected result:
# - remove params that cannot be compared
Expand All @@ -140,7 +140,7 @@ jobs:
- name: Check CS.cfg in secondary CA
run: |
# get CS.cfg from secondary CA
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary

# normalize expected result:
# - remove params that cannot be compared
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/ca-clone-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ jobs:
- name: Install CA in secondary PKI container
run: |
# get CS.cfg from primary CA before cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary

docker exec primary pki-server ca-clone-prepare --pkcs12-file ${SHARED}/ca-certs.p12 --pkcs12-password Secret.123
docker exec secondary pkispawn \
Expand Down Expand Up @@ -239,7 +239,7 @@ jobs:
- name: Check CS.cfg in primary CA after cloning
run: |
# get CS.cfg from primary CA after cloning
docker cp primary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.primary.after
docker cp primary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.primary.after

docker exec primary pki-server ca-config-find | grep ca.crl.MasterCRL

Expand Down Expand Up @@ -268,7 +268,7 @@ jobs:
- name: Check CS.cfg in secondary CA
run: |
# get CS.cfg from secondary CA
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary

docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL

Expand Down Expand Up @@ -386,7 +386,7 @@ jobs:
- name: Check CS.cfg in secondary CA after cloning
run: |
# get CS.cfg from secondary CA after cloning
docker cp secondary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.secondary.after
docker cp secondary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.secondary.after

docker exec secondary pki-server ca-config-find | grep ca.crl.MasterCRL

Expand All @@ -413,7 +413,7 @@ jobs:
- name: Check CS.cfg in tertiary CA
run: |
# get CS.cfg from tertiary CA
docker cp tertiary:/etc/pki/pki-tomcat/ca/CS.cfg CS.cfg.tertiary
docker cp tertiary:/var/lib/pki/pki-tomcat/conf/ca/CS.cfg CS.cfg.tertiary

docker exec tertiary pki-server ca-config-find | grep ca.crl.MasterCRL

Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/ca-cmc-shared-token-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ jobs:
run: |
# generate cert request
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
nss-cert-request \
--subject "CN=CA Issuance Protection" \
--csr ca_issuance_protection.csr
Expand All @@ -91,7 +91,7 @@ jobs:

# convert CMC response (DER PKCS #7) into PEM PKCS #7 cert chain
docker exec pki CMCResponse \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
-i ca_issuance_protection.cmc-response \
-o ca_issuance_protection.p7b | tee output

Expand All @@ -106,16 +106,16 @@ jobs:

# import cert chain
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
pkcs7-import \
--pkcs7 ca_issuance_protection.p7b \
ca_issuance_protection

# check imported cert chain
docker exec pki pki \
-d /etc/pki/pki-tomcat/alias \
-f /etc/pki/pki-tomcat/password.conf \
-d /var/lib/pki/pki-tomcat/conf/alias \
-f /var/lib/pki/pki-tomcat/conf/password.conf \
nss-cert-find

# configure issuance protection nickname
Expand Down Expand Up @@ -177,7 +177,7 @@ jobs:
run: |
# generate shared token
docker exec pki CMCSharedToken \
-d /etc/pki/pki-tomcat/alias \
-d /var/lib/pki/pki-tomcat/conf/alias \
-p Secret.123 \
-n ca_issuance_protection \
-s Secret.123 \
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/ca-container-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -739,7 +739,10 @@ jobs:
docker exec ca ls -la /etc/pki
mkdir -p /tmp/artifacts/ca/etc/pki
docker cp ca:/etc/pki/pki.conf /tmp/artifacts/ca/etc/pki
docker cp ca:/etc/pki/pki-tomcat /tmp/artifacts/ca/etc/pki

docker exec ca ls -la /var/lib/pki/pki-tomcat/conf/
mkdir -p /tmp/artifacts/ca/var/lib/pki/pki-tomcat/conf
docker cp ca:/var/lib/pki/pki-tomcat/conf/. /tmp/artifacts/ca/var/lib/pki/pki-tomcat/conf

docker exec ca ls -la /var/log/pki
mkdir -p /tmp/artifacts/ca/var/log
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ca-crl-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,10 +68,10 @@ jobs:
docker exec pki sed -i \
-e "s/^$VALIDITY_DEFAULT.range=.*$/$VALIDITY_DEFAULT.range=1/" \
-e "/^$VALIDITY_DEFAULT.range=.*$/a $VALIDITY_DEFAULT.rangeUnit=minute" \
/etc/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg
/var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg

# check updated profile
docker exec pki cat /etc/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg
docker exec pki cat /var/lib/pki/pki-tomcat/conf/ca/profiles/ca/caUserCert.cfg

- name: Configure CRL
run: |
Expand Down
Loading
Loading