# Certification revocation, using either the account key or the
# certificate key

# also check issuance for ECDSA keys
openssl genpkey -algorithm EC -out /etc/lacme/simpletest.ecdsa.key \
           -pkeyopt ec_paramgen_curve:P-256 \
           -pkeyopt ec_param_enc:named_curve

sed "s/rsa/ecdsa/" /etc/lacme/lacme-certs.conf.d/simpletest-rsa.conf > \
    /etc/lacme/lacme-certs.conf.d/simpletest-ecdsa.conf

# issue both RSA and ECDSA certificates
lacme newOrder 2>"$STDERR" || fail newOrder
test /etc/lacme/simpletest.rsa.crt   -nt /etc/lacme/simpletest.rsa.key
test /etc/lacme/simpletest.ecdsa.crt -nt /etc/lacme/simpletest.ecdsa.key

# revoke the ECDSA certificate using the account key
lacme revokeCert /etc/lacme/simpletest.ecdsa.crt
! lacme revokeCert /etc/lacme/simpletest.ecdsa.crt 2>"$STDERR" || fail
grepstderr -Fxq "Revoking /etc/lacme/simpletest.ecdsa.crt"
grepstderr -Fq "400 Bad Request (unable to revoke"
grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.ecdsa.crt"

# and the RSA certificate using the service key
mv -vfT /etc/lacme/simpletest.rsa.key /etc/lacme/account.key
lacme revokeCert /etc/lacme/simpletest.rsa.crt
! lacme revokeCert /etc/lacme/simpletest.rsa.crt 2>"$STDERR" || fail
grepstderr -Fxq "Revoking /etc/lacme/simpletest.rsa.crt"
grepstderr -Fq "400 Bad Request (unable to revoke"
grepstderr -Fxq "Warning: Couldn't revoke /etc/lacme/simpletest.rsa.crt"

# vim: set filetype=sh :