diff options
Diffstat (limited to 'tests/cert-install')
| -rw-r--r-- | tests/cert-install | 65 |
1 files changed, 47 insertions, 18 deletions
diff --git a/tests/cert-install b/tests/cert-install index f2147d2..4b3e820 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -103,74 +103,103 @@ st="$(stat -c "%U:%G %#a" /etc/lacme/test3.pem)" st="$(stat -c "%U:%G %#a" /etc/lacme/test3.crt)" [ "$st" = "root:root 0644" ] -# chmod user +# owner user openssl genpkey -algorithm RSA -out /etc/lacme/test4.key cat >"/etc/lacme/lacme-certs.conf.d/test4.conf" <<- EOF [test4] certificate-key = /etc/lacme/test4.key certificate = /etc/lacme/test4.pem certificate-chain = /etc/lacme/test4.crt - chown = nobody + owner = nonexistent-user subject = $subject EOF +! lacme newOrder test4 2>"$STDERR" || fail newOrder test4 +grepstderr -Fxq "getpwnam(nonexistent-user)" +! test -e /etc/lacme/test4.pem +! test -e /etc/lacme/test4.crt + +sed -ri "s/^owner\\s*=.*/owner = nobody/" /etc/lacme/lacme-certs.conf.d/test4.conf lacme newOrder test4 2>"$STDERR" || fail newOrder test4 st="$(stat -c "%U:%G %#a" /etc/lacme/test4.pem)" [ "$st" = "nobody:root 0644" ] st="$(stat -c "%U:%G %#a" /etc/lacme/test4.crt)" [ "$st" = "nobody:root 0644" ] -# chmod user:group +# owner user:group openssl genpkey -algorithm RSA -out /etc/lacme/test5.key cat >"/etc/lacme/lacme-certs.conf.d/test5.conf" <<- EOF [test5] certificate-key = /etc/lacme/test5.key certificate = /etc/lacme/test5.pem certificate-chain = /etc/lacme/test5.crt - chown = nobody:nogroup + owner = nobody:nonexistent-group subject = $subject EOF +! lacme newOrder test5 2>"$STDERR" || fail newOrder test5 +grepstderr -Fxq "getgrnam(nonexistent-group)" +! test -e /etc/lacme/test5.pem +! test -e /etc/lacme/test5.crt + +sed -ri "s/^owner\\s*=.*/owner = nobody:nogroup/" /etc/lacme/lacme-certs.conf.d/test5.conf lacme newOrder test5 2>"$STDERR" || fail newOrder test5 st="$(stat -c "%U:%G %#a" /etc/lacme/test5.pem)" [ "$st" = "nobody:nogroup 0644" ] st="$(stat -c "%U:%G %#a" /etc/lacme/test5.crt)" [ "$st" = "nobody:nogroup 0644" ] -# chown +# umask restrictions (also test empty values) openssl genpkey -algorithm RSA -out /etc/lacme/test6.key cat >"/etc/lacme/lacme-certs.conf.d/test6.conf" <<- EOF [test6] certificate-key = /etc/lacme/test6.key - certificate = /etc/lacme/test6.pem certificate-chain = /etc/lacme/test6.crt - chmod = 0400 + certificate = + mode = + owner = subject = $subject EOF -lacme newOrder test6 2>"$STDERR" || fail newOrder test6 -st="$(stat -c "%U:%G %#a" /etc/lacme/test6.pem)" -[ "$st" = "root:root 0400" ] +( umask 0077 && lacme newOrder test6 2>"$STDERR" || fail newOrder test6 ) +! test -e /etc/lacme/test6.pem st="$(stat -c "%U:%G %#a" /etc/lacme/test6.crt)" -[ "$st" = "root:root 0400" ] +[ "$st" = "root:root 0600" ] -# post-issuance notification +# mode openssl genpkey -algorithm RSA -out /etc/lacme/test7.key cat >"/etc/lacme/lacme-certs.conf.d/test7.conf" <<- EOF [test7] certificate-key = /etc/lacme/test7.key + certificate = /etc/lacme/test7.pem certificate-chain = /etc/lacme/test7.crt + mode = 0400 subject = $subject - notify = touch /tmp/test7.notify EOF lacme newOrder test7 2>"$STDERR" || fail newOrder test7 -grepstderr -Fxq "Running notification command \`touch /tmp/test7.notify\`" -test -e /tmp/test7.notify +st="$(stat -c "%U:%G %#a" /etc/lacme/test7.pem)" +[ "$st" = "root:root 0400" ] +st="$(stat -c "%U:%G %#a" /etc/lacme/test7.crt)" +[ "$st" = "root:root 0400" ] -rm -f /tmp/test7.notify -lacme newOrder test7 2>"$STDERR" || fail newOrder test7 +# post-issuance notification +openssl genpkey -algorithm RSA -out /etc/lacme/test8.key +cat >"/etc/lacme/lacme-certs.conf.d/test8.conf" <<- EOF + [test8] + certificate-key = /etc/lacme/test8.key + certificate-chain = /etc/lacme/test8.crt + subject = $subject + notify = touch /tmp/test8.notify +EOF + +lacme newOrder test8 2>"$STDERR" || fail newOrder test8 +grepstderr -Fxq "Running notification command \`touch /tmp/test8.notify\`" +test -e /tmp/test8.notify + +rm -f /tmp/test8.notify +lacme newOrder test8 2>"$STDERR" || fail newOrder test8 ngrepstderr -Fq "Running notification command" -! test -e /tmp/test7.notify +! test -e /tmp/test8.notify # vim: set filetype=sh : |