aboutsummaryrefslogtreecommitdiff
path: root/tests/auth/cert
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2017-02-22 00:58:53 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2017-03-15 19:15:55 +0300
commita791b1ce0fa2bc9859474fb6f7a9c0ff8cbd1d4a (patch)
tree3c9823a54e6e28a8c8f9fb281d82ad2a67c117ba /tests/auth/cert
parent755a99a7ebf24e00675e2f2e0f5184825ad74c4a (diff)
Port test.sh to testscript
Diffstat (limited to 'tests/auth/cert')
-rwxr-xr-xtests/auth/cert36
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/auth/cert b/tests/auth/cert
new file mode 100755
index 0000000..41b3b9c
--- /dev/null
+++ b/tests/auth/cert
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+# Normally, you don't need to regenerate the private key.
+#
+# openssl genrsa 4096 > key.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config default-openssl.cnf > \
+ default-cert.pem
+
+cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \
+ sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp
+
+openssl req -x509 -new -key key.pem -days 1825 -config mismatch-openssl.cnf > \
+ mismatch-cert.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config noemail-openssl.cnf > \
+ noemail-cert.pem
+
+# Normally, you have no reason to regenerate expired-cert.pem, as need to keep
+# it expired for the testing purposes. But if you do, copy expired-cert.pem
+# content to the certificate value of the following manifest files:
+# ../rep-auth/expired/repositories
+#
+# To regenerate the packages and signature manifest files run bpkg rep-create
+# command, for example:
+#
+# ../../bpkg/bpkg rep-create ../rep-auth/expired --key key.pem
+#
+# We cannot do it in the testscript since the certificate has expired. This is
+# also the reason why we store these auto-generated manifests in git.
+#
+# Will have to wait 1 day until the certificate expires. Until then testscript
+# will be failing.
+#
+# openssl req -x509 -new -key key.pem -days 1 -config default-openssl.cnf > \
+# expired-cert.pem