aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-20 20:15:20 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-20 20:16:34 +0100
commit95534d55bd27ec9311a484ddc4e4a550191aa496 (patch)
treeb3a39d3038fc3db81137f97ddf55c426721de50f
parent5cf25633d48f79f39ab8c35883e1e437b3a058e4 (diff)
Add tests for OpenSSL- and GnuPG-encrypted account keys.
These tests are not interactive!
-rwxr-xr-xtest3
-rw-r--r--tests/account-encrypted-gpg15
-rw-r--r--tests/account-encrypted-openssl10
3 files changed, 27 insertions, 1 deletions
diff --git a/test b/test
index ffee0ec..50b7382 100755
--- a/test
+++ b/test
@@ -55,7 +55,8 @@ if [ $# -eq 0 ]; then
# always start with registration, the account key might be new
TESTS+=( "register" )
for t in tests/*; do
- if [ "$t" != "tests/register" ] && [ -f "$t" ]; then
+ if [ "$t" != "tests/register" ] && [ "${t#tests/account-encrypted-}" = "$t" ] && [ -f "$t" ]; then
+ # skip registration and non-interactive tests
TESTS+=( "${t#tests/}" )
fi
done
diff --git a/tests/account-encrypted-gpg b/tests/account-encrypted-gpg
new file mode 100644
index 0000000..fd1e4ac
--- /dev/null
+++ b/tests/account-encrypted-gpg
@@ -0,0 +1,15 @@
+# GnuPG-encrypted account key (WARN: this test is not interactive)
+
+PASSPHRASE="test"
+
+DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gpg gpg-agent
+
+gpg --batch --passphrase "$PASSPHRASE" --quick-generate-key "nobody <noreply@example.net>"
+keyid="$(gpg --list-secret-key --with-colons | grep -m1 ^fpr: | cut -sd: -f10)"
+gpg --encrypt -r "$keyid" /etc/lacme/account.key
+sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = gpg:/etc/lacme/account.key.gpg|}' /etc/lacme/lacme-accountd.conf
+
+export GPG_TTY="$(tty)"
+lacme account
+
+# vim: set filetype=sh :
diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl
new file mode 100644
index 0000000..e79a528
--- /dev/null
+++ b/tests/account-encrypted-openssl
@@ -0,0 +1,10 @@
+# OpenSSL-encrypted account key (WARN: this test is not interactive)
+
+PASSPHRASE="test"
+
+openssl rsa -aes128 -passout pass:"$PASSPHRASE" </etc/lacme/account.key >/etc/lacme/account.enc.key
+sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf
+
+lacme account
+
+# vim: set filetype=sh :