aboutsummaryrefslogtreecommitdiffstats
path: root/tests/accountd-remote
diff options
context:
space:
mode:
Diffstat (limited to 'tests/accountd-remote')
-rw-r--r--tests/accountd-remote17
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/accountd-remote b/tests/accountd-remote
index 71bb8e2..bd5d99f 100644
--- a/tests/accountd-remote
+++ b/tests/accountd-remote
@@ -30,4 +30,21 @@ sed -ri 's|^#?config\s*=.*|config = /etc/lacme/lacme-accountd.conf|' /etc/lacme/
lacme newOrder --debug 2>"$STDERR" || fail # intentionally use --debug, ssh should tunnel stdin + stdout + stderr
test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+# and now with an authorized_keys(5) restriction
+sed -ri "s|^[^#]|restrict,from=\"127.0.0.1\",command=\"/usr/bin/lacme-accountd --stdio\" &|" ~lacme-account/.ssh/authorized_keys
+rm -vf /etc/lacme/simpletest.rsa.crt
+
+! lacme newOrder 2>"$STDERR" || fail # --config= (and --debug) should be ignored
+grepstderr -Fxq "Error: 'privkey' is not specified"
+grepstderr -Fxq "[simpletest-rsa] Error: Couldn't issue X.509 certificate!"
+
+install -olacme-account -glacme-account -Ddm0700 ~lacme-account/.config/lacme
+mv -t ~lacme-account/.config/lacme /etc/lacme/account.key
+cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF
+ privkey = file:%E/lacme/account.key
+EOF
+
+lacme newOrder || fail
+test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+
# vim: set filetype=sh :