aboutsummaryrefslogtreecommitdiffstats
path: root/tests/cert-revoke
diff options
context:
space:
mode:
Diffstat (limited to 'tests/cert-revoke')
-rw-r--r--tests/cert-revoke32
1 files changed, 32 insertions, 0 deletions
diff --git a/tests/cert-revoke b/tests/cert-revoke
new file mode 100644
index 0000000..f3d585e
--- /dev/null
+++ b/tests/cert-revoke
@@ -0,0 +1,32 @@
+# Certification revocation, using either the account key or the
+# certificate key
+
+# also check issuance for ECDSA keys
+openssl genpkey -algorithm EC -out /etc/lacme/simpletest.ecdsa.key \
+ -pkeyopt ec_paramgen_curve:P-256 \
+ -pkeyopt ec_param_enc:named_curve
+
+sed "s/rsa/ecdsa/" /etc/lacme/lacme-certs.conf.d/simpletest-rsa.conf > \
+ /etc/lacme/lacme-certs.conf.d/simpletest-ecdsa.conf
+
+# issue both RSA and ECDSA certificates
+lacme newOrder 2>"$STDERR" || fail newOrder
+test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key
+
+# revoke the ECDSA certificate using the account key
+lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
+! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
+grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
+grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
+grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"
+
+# and the RSA certificate using the service key
+mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
+lacme revokeCert /etc/lacme/simpletest.rsa.crt
+! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
+grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
+grepstderr -Fxq "400 Bad Request (Certificate already revoked)"
+grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"
+
+# vim: set filetype=sh :