diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-11-11 16:09:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-11 16:09:07 +0100 |
| commit | 67e003d7dd2b595a7acd602635d9e56acaa45b6b (patch) | |
| tree | 84fba86008dca88faf16b472a5c1b888fdd5ed4f /test | |
| parent | network: further rework for reconfiguring interfaces (#35059) (diff) | |
| parent | Introduce systemd-keyutil to do various key/certificate operations (diff) | |
| download | systemd-67e003d7dd2b595a7acd602635d9e56acaa45b6b.tar.xz systemd-67e003d7dd2b595a7acd602635d9e56acaa45b6b.zip | |
Introduce systemd-keyutil to do various key/certificate operations (#35095)
Let's gather generic key/certificate operations in a new tool
systemd-keyutil instead of spreading them across various special purpose
tools.
Fixes #35087
Diffstat (limited to 'test')
| -rwxr-xr-x | test/units/TEST-74-AUX-UTILS.keyutil.sh | 50 | ||||
| -rwxr-xr-x | test/units/TEST-74-AUX-UTILS.sbsign.sh | 4 |
2 files changed, 50 insertions, 4 deletions
diff --git a/test/units/TEST-74-AUX-UTILS.keyutil.sh b/test/units/TEST-74-AUX-UTILS.keyutil.sh new file mode 100755 index 0000000000..bbbbf9fd67 --- /dev/null +++ b/test/units/TEST-74-AUX-UTILS.keyutil.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: LGPL-2.1-or-later +# shellcheck disable=SC2016 +set -eux +set -o pipefail + +# shellcheck source=test/units/test-control.sh +. "$(dirname "$0")"/test-control.sh +# shellcheck source=test/units/util.sh +. "$(dirname "$0")"/util.sh + +if ! command -v /usr/lib/systemd/systemd-keyutil >/dev/null; then + echo "systemd-keyutil not found, skipping." + exit 0 +fi + +cat >/tmp/openssl.conf <<EOF +[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = DE +ST = Test State +L = Test Locality +O = Org Name +OU = Org Unit Name +CN = Common Name +emailAddress = test@email.com +EOF + +openssl req -config /tmp/openssl.conf -subj="/CN=waldo" \ + -x509 -sha256 -nodes -days 365 -newkey rsa:4096 \ + -keyout /tmp/test.key -out /tmp/test.crt + +testcase_validate() { + /usr/lib/systemd/systemd-keyutil validate --certificate /tmp/test.crt --private-key /tmp/test.key +} + +testcase_public() { + PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --certificate /tmp/test.crt)" + assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)" + + PUBLIC="$(/usr/lib/systemd/systemd-keyutil public --private-key /tmp/test.key)" + assert_eq "$PUBLIC" "$(openssl x509 -in /tmp/test.crt -pubkey -noout)" + + (! /usr/lib/systemd/systemd-keyutil public) +} + +run_testcases diff --git a/test/units/TEST-74-AUX-UTILS.sbsign.sh b/test/units/TEST-74-AUX-UTILS.sbsign.sh index 891a2ae8af..fc186517d1 100755 --- a/test/units/TEST-74-AUX-UTILS.sbsign.sh +++ b/test/units/TEST-74-AUX-UTILS.sbsign.sh @@ -53,8 +53,4 @@ testcase_sign_systemd_boot() { sbverify --cert /tmp/sb.crt /tmp/sdboot } -testcase_validate_key() { - /usr/lib/systemd/systemd-sbsign validate-key --certificate /tmp/sb.crt --private-key /tmp/sb.key -} - run_testcases |