diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-08 11:34:21 +0100 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-08 15:00:21 +0100 |
| commit | 4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294 (patch) | |
| tree | 041410fdacae5d09a5d232db836f256c8e5ec608 /test | |
| parent | update TODO (diff) | |
| download | systemd-4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294.tar.xz systemd-4b1ad0398e7b0524eac87e1b6c4fdcb8c2c40294.zip | |
Introduce systemd-keyutil to do various key/certificate operations
Let's gather generic key/certificate operations in a new tool
systemd-keyutil instead of spreading them across various special
purpose tools.
Fixes #35087
Diffstat (limited to 'test')
| -rwxr-xr-x | test/units/TEST-74-AUX-UTILS.keyutil.sh | 50 | ||||
| -rwxr-xr-x | test/units/TEST-74-AUX-UTILS.sbsign.sh | 4 |
2 files changed, 50 insertions, 4 deletions
diff --git a/test/units/TEST-74-AUX-UTILS.keyutil.sh b/test/units/TEST-74-AUX-UTILS.keyutil.sh new file mode 100755 index 0000000000..bbbbf9fd67 --- /dev/null +++ b/test/units/TEST-74-AUX-UTILS.keyutil.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# shellcheck disable=SC2016 +set -eux +set -o pipefail + +# shellcheck source=test/units/test-control.sh +. "$(dirname "$0")"/test-control.sh +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +if ! command -v /usr/lib/systemd/systemd-keyutil >/dev/null; then + echo "systemd-keyutil not found, skipping." + exit 0 +fi + +cat >/tmp/openssl.conf <<EOF +[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = DE +ST = Test State +L = Test Locality +O = Org Name +OU = Org Unit Name +CN = Common Name +emailAddress = test@email.com +EOF + +openssl req -config /tmp/openssl.conf -subj="/CN=waldo" \ + -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \ + -keyout /tmp/test.key -out /tmp/test.crt + +testcase_validate() { + /usr/lib/systemd/systemd-keyutil validate --certificate /tmp/test.crt --private-key /tmp/test.key +} + +testcase_public() { + PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --certificate /tmp/test.crt)" + assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)" + + PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --private-key /tmp/test.key)" + assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)" + + (! /usr/lib/systemd/systemd-keyutil public) +} + +run_testcases diff --git a/test/units/TEST-74-AUX-UTILS.sbsign.sh b/test/units/TEST-74-AUX-UTILS.sbsign.sh index 891a2ae8af..fc186517d1 100755 --- a/test/units/TEST-74-AUX-UTILS.sbsign.sh +++ b/test/units/TEST-74-AUX-UTILS.sbsign.sh @@ -53,8 +53,4 @@ testcase_sign_systemd_boot() { sbverify --cert /tmp/sb.crt /tmp/sdboot } -testcase_validate_key() { - /usr/lib/systemd/systemd-sbsign validate-key --certificate /tmp/sb.crt --private-key /tmp/sb.key -} - run_testcases |