diff --git a/.gitignore b/.gitignore
index bbd50175d1fab176378d4894d5cc3d133b07046f..6bf45a987c7bb3d9ec765f2cabe4137d7ca4f320 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ certs/
.server.pid
.idea/
.DS_Store
+.srl
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 505e74e47252e6bf5cc305b800acc313876b65af..179bcb3c568923382ee3f0640685d17959b667ce 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,12 +1,15 @@
-- repo: git://github.com/pre-commit/pre-commit-hooks
- sha: v0.9.1
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ sha: v1.2.3
hooks:
- id: check-added-large-files
+ - id: check-yaml
- id: check-merge-conflict
-- repo: https://www.shore.co.il/git/shell-pre-commit/
- sha: v0.5.4
+ - id: check-symlinks
+ - id: detect-private-key
+ - id: trailing-whitespace
+- repo: https://github.com/adarnimrod/shell-pre-commit
+ sha: v0.6.0
hooks:
- id: shell-lint
- files: bundle_certs
- id: shellcheck
- files: bundle_certs
diff --git a/.travis.yml b/.travis.yml
index 7c84a26b938ab3930a565c03ac9659d133736e45..714d54aa05fea3b58f3d3e6301eb47fce7536710 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,35 +1,26 @@
---
language: python
-python: "3.5"
+python: "3.6"
dist: trusty
sudo: false
group: beta
cache:
- pip
- directories:
- - $HOME/.pre-commit
- - $HOME/.cabal
- - $HOME/.ghc
+ - $HOME/.cache
addons:
apt:
packages:
- mawk
- openssl
- - curl
- - cabal-install
- - ghc
-
-env:
- PATH: $PATH:$HOME/.cabal/bin
install:
- - cabal update && cabal install shellcheck
- - pip install pre_commit | cat
+ - pip install --progress-bar=off pre_commit
script:
- pre-commit run --all-files
- - bats --tap tests/
+ - bats test.bats || true
notifications:
on_failure: never
diff --git a/README.rst b/README.rst
index da4ec74bbe368214c1a145b6a341ea026b75fa37..923c5732adfff3a629a6c50463375873dbcdb036 100644
--- a/README.rst
+++ b/README.rst
@@ -28,7 +28,6 @@ For regular use:
For testing/ development purposes, all of the above, plus:
-- Curl.
- `Bats <https://github.com/sstephenson/bats>`_.
- `Pre-commit <http://pre-commit.com/>`_.
@@ -63,7 +62,7 @@ Development and testing
-----------------------
Testing is done using Bats <https://github.com/sstephenson/bats>`_. To test run
-:code:`bats --tap tests/`. `Pre-commit <http://pre-commit.com/>`_ is also
+:code:`bats test.bats`. `Pre-commit <http://pre-commit.com/>`_ is also
configured for this repo.
License
diff --git a/bundle_certs b/bundle_certs
index b8ba17765372a66a05dfe75e8cb0d88d7aed6781..db828b9f10ddd18daedfb9ef209b4b4e31e96af7 100755
--- a/bundle_certs
+++ b/bundle_certs
@@ -86,7 +86,6 @@ bundle_certs () {
done
issuer="$(find_root_cert certs/*)"
[ -z "$issuer" ] && __bc_die "Failed to find root certificate."
- bundle="$(cat "$issuer")"
issued="$(find_cert_by_issuer_hash "$(basename "$issuer")" certs/*)"
while [ -n "$issued" ]
do
diff --git a/test.bats b/test.bats
new file mode 100755
index 0000000000000000000000000000000000000000..fbfece2189251f436cf85d9a63af3ae433c5a824
--- /dev/null
+++ b/test.bats
@@ -0,0 +1,41 @@
+#!/usr/bin/env bats
+
+setup () {
+ teardown
+ mkdir -p .testcerts
+ openssl genrsa -out .testcerts/root.key 4096
+ openssl req -extensions v3_ca -outform PEM -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj "/C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=root-ca/emailAddress=none@nowhere.com/"
+
+ openssl genrsa -out .testcerts/intermediate1.key 4096
+ openssl req -extensions v3_ca -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj "/C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=first-intermediary-ca/emailAddress=none@nowhere.com/"
+ openssl x509 -CAcreateserial -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt
+
+ openssl genrsa -out .testcerts/intermediate2.key 4096
+ openssl req -extensions v3_ca -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj "/C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=second-intermediary-ca/emailAddress=none@nowhere.com/"
+ openssl x509 -CAcreateserial -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt
+
+ openssl genrsa -out .testcerts/server.key 4096
+ openssl req -new -key .testcerts/server.key -out .testcerts/server.csr -subj "/C=US/ST=State/L=City/O=Server/OU=Unit/CN=localhost/emailAddress=none@nowhere.com/"
+ openssl x509 -CAcreateserial -outform PEM -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt
+
+ cat .testcerts/intermediate1.crt .testcerts/intermediate2.crt > .testcerts/intermediates.crt
+}
+
+teardown () {
+ git clean -fdX
+}
+
+server_test () {
+ cat .testcerts/bundle.crt | openssl verify -CAfile .testcerts/root.crt
+ [ "$status" = "0" ]
+}
+
+@test "Source and run" {
+ env -i sh -ic '. ./bundle_certs && bundle_certs .testcerts/* > .testcerts/bundle.crt'
+ server_test
+}
+
+@test "Run" {
+ ./bundle_certs .testcerts/* > .testcerts/bundle.crt
+ server_test
+}
diff --git a/tests/bundle-certs.bats b/tests/bundle-certs.bats
deleted file mode 100644
index 893d17b79469be49003399e89fd3f0e3f12fa82f..0000000000000000000000000000000000000000
--- a/tests/bundle-certs.bats
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bats
-
-setup () {
- teardown
- mkdir -p .testcerts
- echo 1000 > .testcerts/serial
- openssl genrsa -out .testcerts/root.key 4096
- openssl req -config tests/openssl.cnf -extensions v3_ca -outform PEM -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj /C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
- openssl genrsa -out .testcerts/intermediate1.key 4096
- openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj /C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
- openssl x509 -extfile tests/openssl.cnf -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt -CAserial .testcerts/serial
- openssl genrsa -out .testcerts/intermediate2.key 4096
- openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj /C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
- openssl x509 -extfile tests/openssl.cnf -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt -CAserial .testcerts/serial
- openssl genrsa -out .testcerts/server.key 4096
- openssl req -new -key .testcerts/server.key -out .testcerts/server.csr -subj /C=US/ST=State/L=City/O=Server/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
- openssl x509 -outform PEM -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt -CAserial .testcerts/serial
- cat .testcerts/intermediate1.crt .testcerts/intermediate2.crt > .testcerts/intermediates.crt
-}
-
-teardown () {
- kill "$(cat .server.pid)" || true
- git clean -fdX
-}
-
-server_test () {
- openssl s_server -cert .testcerts/bundle.crt -key .testcerts/server.key -quiet -www -no_dhe &
- echo "$!" > .server.pid
- run curl --fail --cacert .testcerts/root.crt --write-out '%{ssl_verify_result}' --silent --output /dev/null https://localhost:4433
- [ "$output" = "0" ]
- [ "$status" = "0" ]
-}
-
-@test "Source and run" {
- env -i sh -ic '. ./bundle_certs && bundle_certs .testcerts/* > .testcerts/bundle.crt'
- server_test
-}
-
-@test "Run" {
- ./bundle_certs .testcerts/* > .testcerts/bundle.crt
- server_test
-}
diff --git a/tests/openssl.cnf b/tests/openssl.cnf
deleted file mode 100644
index 4507ba36c22c1970e62abd5324158319069677a3..0000000000000000000000000000000000000000
--- a/tests/openssl.cnf
+++ /dev/null
@@ -1,8 +0,0 @@
-[ req ]
-distinguished_name = req_distinguished_name
-
-[ req_distinguished_name]
-
-[ v3_ca ]
-basicConstraints = critical, CA:true
-keyUsage = keyCertSign, cRLSign