From 95534d55bd27ec9311a484ddc4e4a550191aa496 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 20 Feb 2021 20:15:20 +0100
Subject: Add tests for OpenSSL- and GnuPG-encrypted account keys.

These tests are not interactive!
---
 test                            |  3 ++-
 tests/account-encrypted-gpg     | 15 +++++++++++++++
 tests/account-encrypted-openssl | 10 ++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 tests/account-encrypted-gpg
 create mode 100644 tests/account-encrypted-openssl

diff --git a/test b/test
index ffee0ec..50b7382 100755
--- a/test
+++ b/test
@@ -55,7 +55,8 @@ if [ $# -eq 0 ]; then
     # always start with registration, the account key might be new
     TESTS+=( "register" )
     for t in tests/*; do
-        if [ "$t" != "tests/register" ] && [ -f "$t" ]; then
+        if [ "$t" != "tests/register" ] && [ "${t#tests/account-encrypted-}" = "$t" ] && [ -f "$t" ]; then
+            # skip registration and non-interactive tests
             TESTS+=( "${t#tests/}" )
         fi
     done
diff --git a/tests/account-encrypted-gpg b/tests/account-encrypted-gpg
new file mode 100644
index 0000000..fd1e4ac
--- /dev/null
+++ b/tests/account-encrypted-gpg
@@ -0,0 +1,15 @@
+# GnuPG-encrypted account key (WARN: this test is not interactive)
+
+PASSPHRASE="test"
+
+DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends gpg gpg-agent
+
+gpg --batch --passphrase "$PASSPHRASE" --quick-generate-key "nobody <noreply@example.net>"
+keyid="$(gpg --list-secret-key --with-colons | grep -m1 ^fpr: | cut -sd: -f10)"
+gpg --encrypt -r "$keyid" /etc/lacme/account.key
+sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = gpg:/etc/lacme/account.key.gpg|}' /etc/lacme/lacme-accountd.conf
+
+export GPG_TTY="$(tty)"
+lacme account
+
+# vim: set filetype=sh :
diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl
new file mode 100644
index 0000000..e79a528
--- /dev/null
+++ b/tests/account-encrypted-openssl
@@ -0,0 +1,10 @@
+# OpenSSL-encrypted account key (WARN: this test is not interactive)
+
+PASSPHRASE="test"
+
+openssl rsa -aes128 -passout pass:"$PASSPHRASE" </etc/lacme/account.key >/etc/lacme/account.enc.key
+sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf
+
+lacme account
+
+# vim: set filetype=sh :
-- 
cgit v1.2.3