From a791b1ce0fa2bc9859474fb6f7a9c0ff8cbd1d4a Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Wed, 22 Feb 2017 00:58:53 +0300
Subject: Port test.sh to testscript

---
 tests/auth/cert | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100755 tests/auth/cert

(limited to 'tests/auth/cert')

diff --git a/tests/auth/cert b/tests/auth/cert
new file mode 100755
index 0000000..41b3b9c
--- /dev/null
+++ b/tests/auth/cert
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+# Normally, you don't need to regenerate the private key.
+#
+# openssl genrsa 4096 > key.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config default-openssl.cnf > \
+	default-cert.pem
+
+cat default-cert.pem | openssl x509 -sha256 -noout -fingerprint | \
+  sed -n 's/^SHA256 Fingerprint=\(.*\)$/\1/p' >default-cert-fp
+
+openssl req -x509 -new -key key.pem -days 1825 -config mismatch-openssl.cnf > \
+        mismatch-cert.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config noemail-openssl.cnf > \
+        noemail-cert.pem
+
+# Normally, you have no reason to regenerate expired-cert.pem, as need to keep
+# it expired for the testing purposes. But if you do, copy expired-cert.pem
+# content to the certificate value of the following manifest files:
+#   ../rep-auth/expired/repositories
+#
+# To regenerate the packages and signature manifest files run bpkg rep-create
+# command, for example:
+#
+# ../../bpkg/bpkg rep-create ../rep-auth/expired --key key.pem
+#
+# We cannot do it in the testscript since the certificate has expired. This is
+# also the reason why we store these auto-generated manifests in git.
+#
+# Will have to wait 1 day until the certificate expires. Until then testscript
+# will be failing.
+#
+# openssl req -x509 -new -key key.pem -days 1 -config default-openssl.cnf > \
+#         expired-cert.pem
-- 
cgit v1.1