bstinson / centos / t_functional

Forked from centos/t_functional 4 years ago
Clone
Blob Blame History Raw
#!/bin/bash
# Author: James Hogarth <james.hogarth@gmail.com>
#

# Need admin credentials
kdestroy &> /dev/null

klist 2>&1  | grep "No credentials" &> /dev/null

t_CheckExitStatus $?

expect -f - &> /dev/null <<EOF
set send_human {.1 .3 1 .05 2}
spawn kinit admin
sleep 1
expect "Password for admin@C6IPA.LOCAL:"
send -h "p455w0rd\r"
sleep 1
close
EOF

klist | grep "admin@C6IPA.LOCAL" &> /dev/null

t_CheckExitStatus $?


t_Log "Running $0 - Adding test service"
ipa service-add	testservice/c6test.c6ipa.local

t_CheckExitStatus $?

t_Log "Running $0 - getting keytab for service"
ipa-getkeytab -s c6test.c6ipa.local -p testservice/c6test.c6ipa.local -k /tmp/testservice.keytab
t_CheckExitStatus $?

t_Log "Running $0 - getting certificate for service"
ipa-getcert request -K testservice/c6test.c6ipa.local -D c6test.c6ipa.local -f /etc/pki/tls/certs/testservice.crt -k /etc/pki/tls/private/testservice.key
t_CheckExitStatus $?

t_Log "Running $0 - verifying keytab"
klist -k /tmp/testservice.keytab | grep "testservice/c6test.c6ipa.local" &> /dev/null
t_CheckExitStatus $?

t_Log "Running $0 - verifying key matches certificate"
diff <(openssl x509 -in /etc/pki/tls/certs/testservice.crt -noout -modulus) <(openssl rsa -in /etc/pki/tls/private/testservice.key -noout -modulus)
t_CheckExitStatus $?

t_Log "Running $0 - verifying certificate against CA"
openssl verify -CAfile /etc/ipa/ca.crt /etc/pki/tls/certs/testservice.crt | grep "/etc/pki/tls/certs/testservice.crt: OK" &> /dev/null
t_CheckExitStatus $?