]>
Commit | Line | Data |
---|---|---|
a4e7c43a LS |
1 | #!/bin/bash |
2 | ||
3 | # Fail early | |
4 | set -eu -o pipefail | |
5 | ||
6 | # Check if running in CI environment | |
7 | if [[ ! "${CI:-false}" == "true" ]]; then | |
8 | echo "ERROR: Not running in CI environment!" | |
9 | exit 1 | |
10 | fi | |
11 | ||
12 | _TEST() { | |
13 | echo -n "${1} " | |
14 | } | |
15 | _PASS() { | |
16 | if [[ -z "$(cat errorlog)" ]]; then | |
17 | echo -e "[\u001B[32mPASS\u001B[0m]" | |
18 | else | |
19 | _FAIL "Non-empty errorlog" | |
20 | fi | |
21 | } | |
22 | _FAIL() { | |
23 | echo -e "[\u001B[31mFAIL\u001B[0m]" | |
24 | echo | |
25 | echo "Problem: ${@}" | |
26 | echo | |
27 | echo "STDOUT:" | |
28 | cat tmplog | |
29 | echo | |
30 | echo "STDERR:" | |
31 | cat errorlog | |
32 | exit 1 | |
33 | } | |
34 | _CHECK_FILE() { | |
35 | [[ -e "${1}" ]] || _FAIL "Missing file: ${1}" | |
36 | } | |
37 | _CHECK_LOG() { | |
38 | grep "${1}" tmplog > /dev/null || _FAIL "Missing in log: ${1}" | |
39 | } | |
40 | ||
41 | # If not found (should be cached in travis) download ngrok | |
42 | if [[ ! -e "ngrok/ngrok" ]]; then | |
43 | ( | |
44 | mkdir -p ngrok | |
45 | cd ngrog | |
46 | wget https://dl.ngrok.com/ngrok_2.0.19_linux_amd64.zip -O ngrok.zip | |
47 | unzip ngrok.zip ngrok | |
48 | chmod +x ngrok | |
49 | ) | |
50 | fi | |
51 | ||
52 | # Run ngrok and grab temporary url from logfile | |
53 | ngrok/ngrok http 8080 --log stdout --log-format logfmt --log-level debug > tmp.log & | |
54 | sleep 2 | |
55 | TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' -f2)" | |
56 | if [[ -z "${TMP_URL}" ]]; then | |
57 | echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue." | |
58 | exit 1 | |
59 | fi | |
60 | ||
61 | # Run python webserver in .acme-challenges directory to serve challenge responses | |
62 | mkdir -p .acme-challenges/.well-known/acme-challenge | |
63 | ( | |
64 | cd .acme-challenges | |
65 | python -m SimpleHTTPServer 8080 > /dev/null 2> /dev/null | |
66 | ) & | |
67 | ||
68 | # Generate config and create empty domains.txt | |
69 | echo 'CA="https://acme-staging.api.letsencrypt.org/directory"' > config.sh | |
70 | echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh | |
71 | touch domains.txt | |
72 | ||
73 | # Check if help command is working | |
74 | _TEST "Checking if help command is working..." | |
75 | ./letsencrypt.sh --help > tmplog 2> errorlog | |
76 | _CHECK_LOG "Default command: help" | |
77 | _CHECK_LOG "\--help (-h)" | |
78 | _CHECK_LOG "\--domain (-d) domain.tld" | |
79 | _PASS | |
80 | ||
81 | # Run in cron mode with empty domains.txt (should only generate private key and exit) | |
82 | _TEST "First run in cron mode, checking if private key is generated and registered" | |
83 | ./letsencrypt.sh --cron > tmplog 2> errorlog | |
84 | _CHECK_LOG "Registering account key" | |
85 | _CHECK_FILE "private_key.pem" | |
86 | _PASS | |
87 | ||
88 | # Temporarily move config out of the way and try signing certificate by using temporary config location | |
89 | _TEST "Try signing using temporary config location and with domain as command line parameter" | |
90 | mv config.sh tmp_config.sh | |
91 | ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh > tmplog 2> errorlog | |
92 | _CHECK_LOG "Generating private key" | |
93 | _CHECK_LOG "Requesting challenge for ${TMP_URL}" | |
94 | _CHECK_LOG "Challenge is valid!" | |
95 | _CHECK_LOG "Creating fullchain.pem" | |
96 | _CHECK_LOG "Done!" | |
97 | _PASS | |
98 | mv tmp_config.sh config.sh | |
99 | ||
100 | # Move private key and add new location to config | |
101 | mv private_key.pem account_key.pem | |
102 | echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh | |
103 | ||
104 | # Add domain to domains.txt and run in cron mode again (should find a non-expiring certificate and do nothing) | |
105 | _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate" | |
106 | echo "${TMP_URL}" >> domains.txt | |
107 | ./letsencrypt.sh --cron > tmplog 2> errorlog | |
108 | _CHECK_LOG "Skipping!" | |
109 | _PASS | |
110 | ||
111 | # Delete account key (not needed anymore) | |
112 | rm account_key.pem | |
113 | ||
114 | # Check if certificate is valid in various ways | |
115 | _TEST "Verifying certificate..." | |
116 | openssl x509 -in "certs/${TMP_URL}/cert.pem" -noout -text > tmplog 2> errorlog | |
117 | _CHECK_LOG "CN=${TMP_URL}" | |
118 | openssl x509 -in "certs/${TMP_URL}/fullchain.pem" -noout -text > /dev/null 2>> errorlog | |
119 | (openssl verify -verbose -CAfile "certs/${TMP_URL}/fullchain.pem" -purpose sslserver "certs/${TMP_URL}/fullchain.pem" 2>&1 || true) | (grep -v ': OK$' || true) >> errorlog 2>> errorlog | |
120 | _PASS | |
121 | ||
122 | # Revoke certificate using certificate key | |
123 | _TEST "Revoking certificate..." | |
124 | ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog | |
125 | _CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem" | |
126 | _CHECK_LOG "SUCCESS" | |
127 | _CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked" | |
128 | _PASS | |
129 | ||
130 | # All done | |
131 | exit 0 |