diff options
author | Karen Arutyunov <karen@codesynthesis.com> | 2017-02-22 00:58:53 +0300 |
---|---|---|
committer | Karen Arutyunov <karen@codesynthesis.com> | 2017-03-15 19:15:55 +0300 |
commit | a791b1ce0fa2bc9859474fb6f7a9c0ff8cbd1d4a (patch) | |
tree | 3c9823a54e6e28a8c8f9fb281d82ad2a67c117ba /tests/auth/cert | |
parent | 755a99a7ebf24e00675e2f2e0f5184825ad74c4a (diff) |
Port test.sh to testscript
Diffstat (limited to 'tests/auth/cert')
-rwxr-xr-x | tests/auth/cert | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/auth/cert b/tests/auth/cert new file mode 100755 index 0000000..41b3b9c --- /dev/null +++ b/tests/auth/cert @@ -0,0 +1,36 @@ +#! /bin/sh + +# Normally, you don't need to regenerate the private key. +# +# openssl genrsa 4096 > key.pem + +openssl req -x509 -new -key key.pem -days 1825 -config default-openssl.cnf > \ + default-cert.pem + +cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \ + sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp + +openssl req -x509 -new -key key.pem -days 1825 -config mismatch-openssl.cnf > \ + mismatch-cert.pem + +openssl req -x509 -new -key key.pem -days 1825 -config noemail-openssl.cnf > \ + noemail-cert.pem + +# Normally, you have no reason to regenerate expired-cert.pem, as need to keep +# it expired for the testing purposes. But if you do, copy expired-cert.pem +# content to the certificate value of the following manifest files: +# ../rep-auth/expired/repositories +# +# To regenerate the packages and signature manifest files run bpkg rep-create +# command, for example: +# +# ../../bpkg/bpkg rep-create ../rep-auth/expired --key key.pem +# +# We cannot do it in the testscript since the certificate has expired. This is +# also the reason why we store these auto-generated manifests in git. +# +# Will have to wait 1 day until the certificate expires. Until then testscript +# will be failing. +# +# openssl req -x509 -new -key key.pem -days 1 -config default-openssl.cnf > \ +# expired-cert.pem |