Skip to content

Commit

Permalink
Only regenerate certificate fixtures if they do not exist
Browse files Browse the repository at this point in the history 
This allows adding more certificate fixtures without having to
regenerate all certificates every time and leading to larger
diffs.
  • Loading branch information
@ehelms
ehelms committed Nov 18, 2020
1 parent d5e079d commit 31b8240
Show file tree
Hide file tree
Showing 11 changed files with 142 additions and 97 deletions.
4 changes: 2 additions & 2 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,6 @@ modules/*
Gemfile.lock
config/foreman.migrations/.applied
.vendor/
spec/fixtures/katello-certs-check/*.csr
spec/fixtures/katello-certs-check/certs/*.csr
spec/fixtures/katello-certs-check/ca.key
spec/fixtures/katello-certs-check/*.srl
spec/fixtures/katello-certs-check/certs/*.srl
2 changes: 2 additions & 0 deletions spec/fixtures/katello-certs-check/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,5 @@ To generate a new set of certificates:
```

In order to modify properties of the certificates, edit the `extensions.txt` before re-generating.

To regenerate a particular set of certificates, remove them from the `certs/` directory and re-run the generation script.
19 changes: 0 additions & 19 deletions spec/fixtures/katello-certs-check/cacert.crt
View file

This file was deleted.

19 changes: 19 additions & 0 deletions spec/fixtures/katello-certs-check/certs/ca.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIUK+x25LNYYMHS83aWDnAYviwxEYEwDQYJKoZIhvcNAQEL
BQAwHjEcMBoGA1UEAwwTVGVzdCBTZWxmLVNpZ25lZCBDQTAeFw0yMDExMTgwMjMw
NDNaFw0zMDExMTYwMjMwNDNaMB4xHDAaBgNVBAMME1Rlc3QgU2VsZi1TaWduZWQg
Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC92114uygw5KcqPCz1
E/Cwd3Lo2ytyPD9FchWKPOxXpNisHMOr4zAfsxERXmgBLawHIkqc2Xae3TqHGGQa
ll3J3HukwghZQAyjcNG/Q2Q2QqfQW1tzxHRnz2EKBoRoyhmVXcnu+qBoEgkf5QI/
Rk9HzLJINZPcZuMEkRgcf5q1h/F+PY2yCMwT5qjB6whn6zX6FP6G3//fRtkZw4cI
FPPjKJedbHlYEifRigmJfu+T5Q5xz19Og/1zDwfl7is5eBUV+KEoIE7UpmvR1UrM
+T6WYl3vxeM08y1QU6vR9GqummDMinfWLj0hV+dYwI9/1fHIjfPqgxPUa5AGw7ik
vyrvAgMBAAGjUzBRMB0GA1UdDgQWBBQz80R5aRb/egnEMKHQonUM3xgj6DAfBgNV
HSMEGDAWgBQz80R5aRb/egnEMKHQonUM3xgj6DAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCdiBvQx6ExmteTzwkGCheKwUMvzCehuwvpoJRE/JXo
zz67414oyWXkSN8/9HE3nkH/xxunD/Ni+N9ppk7iicSpyOKfdDXiaS8qq1O1OXCx
CjoVuIFAPFWOEEhLdnb1v8YVWx2JwcbGvhCLNSoK1a6uwCmWixtoeQiKspBfwFcb
wfU9qNdXsezBljahE4Q2E4SR+XclA6iHdooX4ajnleamqeH0ephyCqvMAhzfJA5F
O1+SJRFbIjwfKxsEJS6Czrn+EU2eLtxk5g5+oO06ZYj4rVOfgc2Wc0+cisgP0fT/
WVkAxgGS6L0jGvZSisEUBpoidJNddWnf9mzUT2kJ5DCO
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions spec/fixtures/katello-certs-check/certs/ca.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvdtdeLsoMOSnKjws9RPwsHdy6Nsrcjw/RXIVijzsV6TYrBzD
q+MwH7MREV5oAS2sByJKnNl2nt06hxhkGpZdydx7pMIIWUAMo3DRv0NkNkKn0Ftb
c8R0Z89hCgaEaMoZlV3J7vqgaBIJH+UCP0ZPR8yySDWT3GbjBJEYHH+atYfxfj2N
sgjME+aowesIZ+s1+hT+ht//30bZGcOHCBTz4yiXnWx5WBIn0YoJiX7vk+UOcc9f
ToP9cw8H5e4rOXgVFfihKCBO1KZr0dVKzPk+lmJd78XjNPMtUFOr0fRqrppgzIp3
1i49IVfnWMCPf9XxyI3z6oMT1GuQBsO4pL8q7wIDAQABAoIBAAiF1nZbAHzhZtew
h9wgnwds9U2auSKRrc1yR6FDBuEQV2GykN4gfsKNiVCcSlLzN+vCEFNmN7r992il
IalH4sHzEeHdi/5lr6uOnvvVDKSa7WmfEEXsJcWbO6H1lPAXUnqwESaXPaguVxaF
c0pf36M7fy1aql6Uh9Bmqwxsdgd8FOk7U2I0dr8csE8gKAMbOOERUqvBVYoe4JDU
ASoOPm3GL8n9l5l0gELr9wJFRsREQBKmoizF3zjOJKJxgJOcuxaEoqIxTrnTIRb0
EVS8J3L7LT9s1zNTE9UAODlwKDCdA9VK0lhEQ/9OOSpmuR163enYCNz0rIzfsvxL
NCy+w+ECgYEA82CZzA65uoblhEbeeMipLGrsDM7IHLeFTx7rG79kIRW8yAp2bFLS
Us3KVF8hGi8pQREbi8G/1QiPjsEjuqq/uSIHaA1VKASVtfvBjuVx8k9T1BmTLW7F
WvPjcrFe3ZP5hNroVIyNB9JziBL6HNJAxfSJGBKfP3kf6A4KBqTiSlkCgYEAx7Qn
93RVbMezv7uS/PpXyuH7Ml1sLglDp5c/9+Ve0AQv+2oeHR1BxWbtT1YylWPGY30C
EY6AolpeSDCc7cNWfiDdzi1rh0001EjWRrYl/5riqaHOlm8joJTR7A+rgvFzvwcn
/91UQ3EoNA73C3W4YNiMXhtHxDYH+F/o0SfO5ocCgYEAsoX0qttOX8WdzDbT8BN5
DMztk8OGxJHV5qDOYw80WpSAYthR38ms3/J2bQdO188qWsE6zHx1w8XA0D1agQ3J
DvsoJapKAc3DJ7ehVrl1qQGJgzazYAs2Fy55c+MprC1kRZDyBTsIJGm6N2F8N/H+
c3aZrZ/TUpL91ZGexxrhpxkCgYEAhSDzV8JExFyo1lNMHLsi1YwqchvXZyUj5dAt
g6tztkZkWj0W0B/V3avM3Yu/8tjtwxrtyxhtZk3J9mP56YLD4Rc15iFfQnZUloPr
3H3G/QuauKy2VJDIdl9fRff4RTWDDMDPiIFakA8aVwH27LvQazdQ89dJ02KVk50U
ToI0KncCgYBAnyHuKbw26zeDpsb2m3AjsPUfkaPjSEtPVNPOJsTEm757v1+vU8MM
zNAaQ+oOi/CGFVg2tXI5FJfpsj1hbnZ3AuzV5zmbauWCD8o/0rfC2XBcMGAoAkQ/
JJg9G+gQYUEzvRppE335YO7ytYI/omVMF4UzMyT2ThgW5XbKOvLXlQ==
-----END RSA PRIVATE KEY-----
18 changes: 18 additions & 0 deletions spec/fixtures/katello-certs-check/certs/foreman.example.com.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC+TCCAeGgAwIBAgIUetO+zvwJ4nLNrxe9lcrT4h0noCMwDQYJKoZIhvcNAQEL
BQAwHjEcMBoGA1UEAwwTVGVzdCBTZWxmLVNpZ25lZCBDQTAeFw0yMDExMTgwMjMw
NDNaFw0zMDExMTYwMjMwNDNaMB4xHDAaBgNVBAMME2ZvcmVtYW4uZXhhbXBsZS5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcEtPd1uKX0hct7+qe
gOEy72VB93cBGuEJis6yD7uJfdjnbBtiFwkxUqmQlsDmUsqcuh6106yDkaW6tyzT
I6R0Xx8OJkT4bxOsgkr3xqZSrAQJvn/NmV4j6egckJlgYnSbkrOFvy5iO1A/Dc/m
OrC6TJVGe/YvMCU6IYPU1f/acNucRZGopa7yfhyTd8nzArq1BCSrjqtCl8m9NPJZ
IP8+06wQ6MCjyd+kjnm+Tq/P+mKEsXVDBQCQAyWFpZdUcu4zbL+UV2+O7QUtndEh
k2nf4w3Rx70XvMwagfo3hE5cJ8rNXEynphhDzdJqzRDpPYItZauMDxmK+4oHOn0g
90t5AgMBAAGjLzAtMAsGA1UdDwQEAwIFIDAeBgNVHREEFzAVghNmb3JlbWFuLmV4
YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBlIEA2CfZIa8LtUYlDwa5v+5Wf
1ktmYTRtgEI+922T/eTB8uH1//VxpfK5ynljao7SNVcX+74Q+YH/4Ci4OfZvE5vA
1IJXog5bfE4mVc1qXhH7TokBQx1L6vtUh9OaTGpBAVnS3J5jLw6+Tdi9FOeZdKHZ
FvMnyZ7MQ6VjbLZsTy49o87Nstqkle48ivwSFrDU1cDN+6S/DUdHQnh8XtPB1PMh
7WCxGGtzmw5s5SxBkyY/buGDr+kx52yULl6ZrnJD6PfR30X+8G3ltvmaCQllYadX
eprUs5H2WDnTUUE78+cf1JK29Zs9it/l4t2uLc5Z94oXosFLkTKw6ZSB3X9J
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions spec/fixtures/katello-certs-check/certs/foreman.example.com.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA3BLT3dbil9IXLe/qnoDhMu9lQfd3ARrhCYrOsg+7iX3Y52wb
YhcJMVKpkJbA5lLKnLoetdOsg5Glurcs0yOkdF8fDiZE+G8TrIJK98amUqwECb5/
zZleI+noHJCZYGJ0m5Kzhb8uYjtQPw3P5jqwukyVRnv2LzAlOiGD1NX/2nDbnEWR
qKWu8n4ck3fJ8wK6tQQkq46rQpfJvTTyWSD/PtOsEOjAo8nfpI55vk6vz/pihLF1
QwUAkAMlhaWXVHLuM2y/lFdvju0FLZ3RIZNp3+MN0ce9F7zMGoH6N4ROXCfKzVxM
p6YYQ83Sas0Q6T2CLWWrjA8ZivuKBzp9IPdLeQIDAQABAoIBAQCSoJS6vJ5yiw7Y
k34dpz7kIe60Of33JYKEShCXQLYx0ECBSF0iSLjePPYvGNJjYwwNylAF04egjZz/
P2ZFMv0yb+IQGl1frRpNmO38EkXk1SlHmL4sLSA1C3aT+Z/HQTHyKZck6JEt79jy
efBns/jl13qp4JPRMuHKzmO4nfB/B/BsLstYso+SNvw+IOLXjHDv5SxlGk03WSmU
Yg8/dooy17hzI0/qW9YsmM1NcDKOHfh7+MQTPQR8VdCJtK0K4ZGGhLs4ins3uRrR
eq6+7nyiLDlXQeXvExcfL6gS4lD6+Go/SwDyoPV6lBemtvOvazUpfzVBLAebj3dQ
FbE8r6GBAoGBAO+N0dhh4kwJvwK62VJZKPDUREXIZZ/4N53KaGWuO6EleGR4a10v
arkXG/29wbcTOALHGZjV8tR2LS0ryVSefUTY5E4QV7W9u/gLiKumFQWJ1ETFBxLO
7oN7tHaIILOVzxxIuXIqr3aqu86NPCnIIdMcLKpOGpzOeehTfIomel+xAoGBAOsu
oz0g2tMH8fVO9BIE6/diFqgA/fxWJt/wjMCgbRyFa6cekWjirpy0ENP3a1kwywkk
J+kE9WAvI7k8FnZXY4XEDO1Utg+ZyTw1SUh8VitwgvpA7idWp1R3q3Ysi9eHjaUo
KpIJnmyrzfnJ1wgTgcyNmaemaUUhQixZRFW0xKJJAoGAAzd0SeOGll7LIc5AfMqV
siYnhIhcVPmQRZ4iKLteMZu/Mhor1uR8GmAlEBMsNrkbV240+chlqlSr5p9f5LL8
G6CN8D5n7xjNHVeKTkO8pIZlQ0ciAS6mJT3T/oN1bPPmBAs18kKAeKdyPiPHWwhE
7ADE2MSTtudO27/DPFen7QECgYA79CizFaQTNixNb/IygcSxzPSfoZkd8cx5PDZ1
iLAoHC8kbFt/VIJU+mZr0uAv3Yt06h2ufpAbFAlUWGgVhROe7yqoefbrpTWyvpbO
/rts2YLaTyEnMCT6GIPCXXrM2AaY+tNXZVJYu7eHnRfPPEHTpqlsHrUpZWAcNCmC
e9HA2QKBgDLXP7Tl7+wi+ne4Y6FR6fi+cv5d/XC2Vd1qvaorCvYZjzSAkn2TpZMN
nuz6zOYT8X6lrdMBblp1AdVH/UqubyHgPggdjO7f0Veuux+7MeJAG1Owe6sOccxQ
stAxk9MsWZI++GT5NaXAnlxPn45MfDdigFIvzW71/dOu5BzqGIbE
-----END RSA PRIVATE KEY-----
26 changes: 19 additions & 7 deletions spec/fixtures/katello-certs-check/create_cert.sh
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,22 @@
#!/bin/bash

echo "Generate CA"
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out cacert.crt -subj "/CN=Test Self-Signed CA"
CERTS_DIR=certs

echo "Generate server certificate"
openssl genrsa -out foreman.example.com.key 2048
openssl req -new -key foreman.example.com.key -out foreman.example.com.csr -subj "/CN=foreman.example.com"
openssl x509 -req -in foreman.example.com.csr -CA cacert.crt -CAkey ca.key -CAcreateserial -out foreman.example.com.crt -days 3650 -sha256 -extfile extensions.txt -extensions extensions
CA_CERT_NAME=ca
if [[ ! -f "$CERTS_DIR/$CA_CERT_NAME.key" || ! -f "$CERTS_DIR/$CA_CERT_NAME.crt" ]]; then
echo "Generate CA"
openssl genrsa -out $CERTS_DIR/$CA_CERT_NAME.key 2048
openssl req -x509 -new -nodes -key $CERTS_DIR/$CA_CERT_NAME.key -sha256 -days 3650 -out $CERTS_DIR/$CA_CERT_NAME.crt -subj "/CN=Test Self-Signed CA"
else
echo "CA certificate exists. Skipping."
fi

CERT_NAME=foreman.example.com
if [[ ! -f "$CERTS_DIR/$CERT_NAME.key" || ! -f "$CERTS_DIR/$CERT_NAME.crt" ]]; then
echo "Generate server certificate"
openssl genrsa -out $CERTS_DIR/$CERT_NAME.key 2048
openssl req -new -key $CERTS_DIR/$CERT_NAME.key -out $CERTS_DIR/$CERT_NAME.csr -subj "/CN=foreman.example.com"
openssl x509 -req -in $CERTS_DIR/$CERT_NAME.csr -CA $CERTS_DIR/$CA_CERT_NAME.crt -CAkey $CERTS_DIR/$CA_CERT_NAME.key -CAcreateserial -out $CERTS_DIR/$CERT_NAME.crt -days 3650 -sha256 -extfile extensions.txt -extensions extensions
else
echo "Server certificate exists. Skipping."
fi
18 changes: 0 additions & 18 deletions spec/fixtures/katello-certs-check/foreman.example.com.crt
View file

This file was deleted.

27 changes: 0 additions & 27 deletions spec/fixtures/katello-certs-check/foreman.example.com.key
View file

This file was deleted.

52 changes: 28 additions & 24 deletions spec/katello_certs_check_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,35 +5,39 @@
# badkey passphrase is 'foreman'

describe 'katello-certs-check' do
let(:command) { File.join(__dir__, '..', 'bin', 'katello-certs-check') }
let(:directory) { File.join(FIXTURE_DIR, 'katello-certs-check') }
let(:ca) { File.join(directory, 'cacert.crt') }
let(:key) { File.join(directory, 'foreman.example.com.key') }
let(:cert) { File.join(directory, 'foreman.example.com.crt') }
let(:badkey) { File.join(directory, 'key_pass.key') }

def fixture(filename)
File.read(File.join(directory, filename)).gsub('|COMMAND|', command)
end

it 'without parameters' do
stdout, stderr, status = Open3.capture3(command)
expect(stderr).to eq fixture('missing-parameter.txt')
expect(stdout).to eq ''
expect(status.exitstatus).to eq 1
end
let(:command) { File.join(__dir__, '..', 'bin', 'katello-certs-check') }
let(:directory) { File.join(FIXTURE_DIR, 'katello-certs-check') }
let(:certs_directory) { File.join(directory, 'certs') }
let(:ca) { File.join(certs_directory, 'ca.crt') }

it 'completes correctly' do
command_with_certs = "#{command} -b #{ca} -k #{key} -c #{cert}"
_stdout, stderr, status = Open3.capture3(command_with_certs)
expect(stderr).to eq ''
expect(status.exitstatus).to eq 0
end
context 'with valid certificates' do
let(:key) { File.join(certs_directory, 'foreman.example.com.key') }
let(:cert) { File.join(certs_directory, 'foreman.example.com.crt') }
let(:badkey) { File.join(directory, 'key_pass.key') }

it 'without parameters' do
stdout, stderr, status = Open3.capture3(command)
expect(stderr).to eq fixture('missing-parameter.txt')
expect(stdout).to eq ''
expect(status.exitstatus).to eq 1
end

it 'completes correctly' do
command_with_certs = "#{command} -b #{ca} -k #{key} -c #{cert}"
_stdout, stderr, status = Open3.capture3(command_with_certs)
expect(stderr).to eq ''
expect(status.exitstatus).to eq 0
end

it 'with password on key' do
command_with_certs = "#{command} -b #{ca} -k #{badkey} -c #{cert}"
_stdout, stderr, status = Open3.capture3(command_with_certs)
expect(stderr).to eq "The #{badkey} contains a passphrase, remove the key's passphrase by doing: \nmv #{badkey} #{badkey}.old \nopenssl rsa -in #{badkey}.old -out #{badkey}\n"
expect(status.exitstatus).to eq 1
it 'with password on key' do
command_with_certs = "#{command} -b #{ca} -k #{badkey} -c #{cert}"
_stdout, stderr, status = Open3.capture3(command_with_certs)
expect(stderr).to eq "The #{badkey} contains a passphrase, remove the key's passphrase by doing: \nmv #{badkey} #{badkey}.old \nopenssl rsa -in #{badkey}.old -out #{badkey}\n"
expect(status.exitstatus).to eq 1
end
end
end

0 comments on commit 31b8240

Please sign in to comment.