From b8b71d7c1b70ff1a6e835314936b814c52f39c97 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Jun 10 2014 00:51:15 +0000
Subject: Add a bit of testing for the local signer


---

diff --git a/tests/026-local/expected.out b/tests/026-local/expected.out
new file mode 100644
index 0000000..4120018
--- /dev/null
+++ b/tests/026-local/expected.out
@@ -0,0 +1,101 @@
+[key]
+OK.
+[csr]
+Certificate Request:
+    Data:
+        Version: 0 (0x0)
+        Subject: CN=Babs Jensen's Signer
+        Attributes:
+            friendlyName             :unable to print attribute
+        Requested Extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:root@localhost, email:root@localhost.localdomain
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:(160 bits)
+
+            X509v3 Subject Key Identifier: 
+                (160 bits)
+            Authority Information Access: 
+                OCSP - URI:http://ocsp-1.example.com:12345
+                OCSP - URI:http://ocsp-2.example.com:12345
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl-1.example.com:12345/get
+
+                Full Name:
+                  URI:http://crl-2.example.com:12345/get
+
+            X509v3 Freshest CRL: 
+
+                Full Name:
+                  URI:http://dcrl-1.example.com:12345/get
+
+                Full Name:
+                  URI:http://dcrl-2.example.com:12345/get
+
+[issue]
+[issuer]
+Certificate:
+    Data:
+        Version: 3 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Local Signing Authority, CN=$UUID
+        Subject: CN=Local Signing Authority, CN=$UUID
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                (160 bits)
+            X509v3 Authority Key Identifier: 
+                keyid:(160 bits)
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+[subject]
+Certificate:
+    Data:
+        Version: 3 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Local Signing Authority, CN=$UUID
+        Subject: CN=Babs Jensen's Signer
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:root@localhost, email:root@localhost.localdomain
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:(160 bits)
+
+            X509v3 Subject Key Identifier: 
+                (160 bits)
+            Authority Information Access: 
+                OCSP - URI:http://ocsp-1.example.com:12345
+                OCSP - URI:http://ocsp-2.example.com:12345
+
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:http://crl-1.example.com:12345/get
+
+                Full Name:
+                  URI:http://crl-2.example.com:12345/get
+
+            X509v3 Freshest CRL: 
+
+                Full Name:
+                  URI:http://dcrl-1.example.com:12345/get
+
+                Full Name:
+                  URI:http://dcrl-2.example.com:12345/get
+
+[verify]
+cert: OK
+OK.
diff --git a/tests/026-local/run.sh b/tests/026-local/run.sh
new file mode 100755
index 0000000..8f1cf7f
--- /dev/null
+++ b/tests/026-local/run.sh
@@ -0,0 +1,44 @@
+#!/bin/bash -e
+
+cd $tmpdir
+
+cat > request <<- EOF
+key_storage_type=FILE
+key_storage_location=$tmpdir/key
+cert_storage_type=FILE
+cert_storage_location=$tmpdir/cert
+template_subject=CN=Babs Jensen's Signer
+template_email=root@localhost,root@localhost.localdomain
+template_ku=1000011
+template_is_ca=1
+template_certfname=Babs Jensen's Signer
+template_crldp=http://crl-1.example.com:12345/get,http://crl-2.example.com:12345/get
+template_ocsp=http://ocsp-1.example.com:12345,http://ocsp-2.example.com:12345
+template_nscomment=certmonger generated this request
+template_freshest_crl=http://dcrl-1.example.com:12345/get,http://dcrl-2.example.com:12345/get
+EOF
+filter() {
+	sed -re 's,CN=[[:xdigit:]]{8}-[[:xdigit:]]{8}-[[:xdigit:]]{8}-[[:xdigit:]]{8},CN=$UUID,g' |\
+	sed -re 's,[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2},(160 bits),g'
+}
+dumpreq() {
+	openssl req -in "$@" -text -noout -reqopt no_serial,no_pubkey,no_sigdump,no_validity | filter
+}
+dumpcert() {
+	openssl x509 -in "$@" -text -noout -certopt no_serial,no_pubkey,no_sigdump,no_validity | filter
+}
+echo "[key]"
+$toolsdir/keygen request
+echo "[csr]"
+$toolsdir/csrgen request > csr
+dumpreq csr
+echo "[issue]"
+$builddir/../src/local-submit -d $tmpdir csr > cert
+echo "[issuer]"
+openssl pkcs12 -in creds -passin pass: -nodes | openssl x509 > ca-cert
+dumpcert ca-cert
+echo "[subject]"
+dumpcert cert
+echo "[verify]"
+openssl verify -CAfile $tmpdir/ca-cert cert
+echo OK.
diff --git a/tests/Makefile.am b/tests/Makefile.am
index bc84e01..d92b1f6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -105,7 +105,9 @@ EXTRA_DIST = \
 	024-citerate/expected.out \
 	024-citerate/run.sh \
 	025-casave/expected.out \
-	025-casave/run.sh
+	025-casave/run.sh \
+	026-local/expected.out \
+	026-local/run.sh
 
 subdirs = \
 	001-keyiread \
@@ -135,7 +137,8 @@ subdirs = \
 	022-base64 \
 	023-cadata \
 	024-citerate \
-	025-casave
+	025-casave \
+	026-local
 
 if HAVE_DBM_NSSDB
 subdirs += \