Blame tests/p_openssl/10-openssl-cert-test.sh

Christoph Galuschka 195fe3
#!/bin/sh
Christoph Galuschka 195fe3
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
t_Log "Running $0 - openssl create self signed certificate, build symlink and verify certificate test."
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
ret_val=0
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
# create working-dir
Christoph Galuschka 195fe3
TESTDIR='/var/tmp/openssl-test'
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
mkdir -p $TESTDIR
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
#create private key
Christoph Galuschka 195fe3
if (t_GetPkgRel basesystem | grep -q el6) 
Christoph Galuschka 195fe3
  then
Christoph Galuschka 195fe3
  openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
Christoph Galuschka 195fe3
else
Christoph Galuschka 195fe3
  openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Creation of private key failed."
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
#create default answer file
Christoph Galuschka 195fe3
cat > $TESTDIR/openssl_answers<
Christoph Galuschka 195fe3
[ req ]
Christoph Galuschka 195fe3
default_bits       = 2048
Christoph Galuschka 195fe3
distinguished_name = req_distinguished_name
Christoph Galuschka 195fe3
string_mask        = nombstr
Christoph Galuschka 195fe3
[ req_distinguished_name ]
Christoph Galuschka 195fe3
countryName                     = Country Name (2 letter code)
Christoph Galuschka 195fe3
countryName_default             = UK
Christoph Galuschka 195fe3
stateOrProvinceName             = State or Province Name (full name)
Christoph Galuschka 195fe3
stateOrProvinceName_default     = somestate
Christoph Galuschka 195fe3
localityName                    = Locality Name (eg, city)
Christoph Galuschka 195fe3
localityName_default            = somecity
Christoph Galuschka 195fe3
0.organizationName              = Organization Name (eg, company)
Christoph Galuschka 195fe3
0.organizationName_default      = CentOS-Project
Christoph Galuschka 195fe3
organizationalUnitName          = Organizational Unit Name (eg, section)
Christoph Galuschka 195fe3
organizationalUnitName_default  = CentOS
Christoph Galuschka 195fe3
EOF
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
if (t_GetPkgRel basesystem | grep -q el6) 
Christoph Galuschka 195fe3
  then
Christoph Galuschka 195fe3
  openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
Christoph Galuschka 195fe3
else
Christoph Galuschka 195fe3
  openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Creation of server key failed."
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Creation of CSR failed."
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Creation of CRT failed."
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
# get openssl-Path
Christoph Galuschka 195fe3
sslvar=$(openssl version -d)
Christoph Galuschka 195fe3
regex='OPENSSLDIR\:\ \"(.*)\"'
Christoph Galuschka 195fe3
if [[ $sslvar =~ $regex ]]
Christoph Galuschka 195fe3
  then
Christoph Galuschka 195fe3
  sslpath=${BASH_REMATCH[1]}
Christoph Galuschka 195fe3
else
Christoph Galuschka 195fe3
  t_Log "Could not find openssl config directory"
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
# prepare verification of certificate
Christoph Galuschka 195fe3
cp $TESTDIR/server.crt $sslpath/certs/
Christoph Galuschka 195fe3
HASH=$(openssl x509 -noout -hash -in $sslpath/certs/server.crt)
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Creation of Certificate HASH failed."
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
#Link Hash to Cert
Christoph Galuschka 195fe3
ln -s $sslpath/certs/server.crt $sslpath/certs/${HASH}.0
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
#do verification
Christoph Galuschka 195fe3
openssl verify /var/tmp/openssl-test/server.crt |grep -c -q OK
Christoph Galuschka 195fe3
if [ $? == 1 ]
Christoph Galuschka 195fe3
  then t_Log "Self signed Cert verification failed."       
Christoph Galuschka 195fe3
  ret_val=1
Christoph Galuschka 195fe3
  exit
Christoph Galuschka 195fe3
fi
Christoph Galuschka 195fe3
t_CheckExitStatus $ret_val
Christoph Galuschka 195fe3
Christoph Galuschka 195fe3
#reversing changes
Christoph Galuschka 195fe3
/bin/rm -rf $TESTDIR $sslpath/certs/server.crt $sslpath/certs/${HASH}*