Skip to content

Commit

Permalink
bump
Browse files Browse the repository at this point in the history
  • Loading branch information
@grindsa
grindsa committed Dec 20, 2024
1 parent a7f625e commit 4d664d6
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 1,793 deletions.
101 changes: 38 additions & 63 deletions .github/workflows/ca_handler_tests_cmp.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ jobs:
sudo echo "cmp_key: volume/ra_key.pem" >> examples/Docker/data/acme_srv.cfg
sudo echo "cmp_trusted: volume/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> examples/Docker/data/acme_srv.cfg
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> examples/Docker/data/acme_srv.cfg
cd examples/Docker/
docker-compose restart
env:
Expand All @@ -87,23 +88,18 @@ jobs:
CMP_RA_CERT: ${{ secrets.CMP_RA_CERT }}
CMP_TRUSTED: ${{ secrets.CMP_TRUSTED }}

- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
- name: "Test enrollment"
uses: ./.github/actions/acme_clients
with:
time: 10s

- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
REVOCATION: "false"
VERIFY_CERT: "false"
USE_CERTBOT: "false"
TEST_ADL: "true"

- name: "Enroll acme.sh"
- name: "Verify allowed_domainlist error"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
sudo rm -rf acme-sh/*
cd examples/Docker
docker-compose logs | grep "allowed_domainlist" | grep -i "either CN or SANs are not allowed by configuration"
- name: "Setup a2c with cmp_ca_handler with PSK refnum authentication"
run: |
Expand All @@ -127,6 +123,7 @@ jobs:
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> examples/Docker/data/acme_srv.cfg
sudo echo "cmp_ref: $CMP_REF" >> examples/Docker/data/acme_srv.cfg
sudo echo "cmp_secret: $CMP_SECRET" >> examples/Docker/data/acme_srv.cfg
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> examples/Docker/data/acme_srv.cfg
cd examples/Docker/
docker-compose restart
env:
Expand All @@ -137,32 +134,18 @@ jobs:
CMP_REF: ${{ secrets.CMP_REF }}
CMP_SECRET: ${{ secrets.CMP_SECRET }}

- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s

- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
- name: "Test enrollment"
uses: ./.github/actions/acme_clients
with:
time: 10s

- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
REVOCATION: "false"
VERIFY_CERT: "false"
USE_CERTBOT: "false"
TEST_ADL: "true"

- name: "Enroll acme.sh"
- name: "Verify allowed_domainlist error"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
- name: "Check container configuration"
uses: ./.github/actions/container_check
with:
DB_HANDLER: ${{ matrix.dbhandler }}
WEB_SRV: ${{ matrix.websrv }}
cd examples/Docker
docker-compose logs | grep "allowed_domainlist" | grep -i "either CN or SANs are not allowed by configuration"
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
Expand Down Expand Up @@ -254,6 +237,7 @@ jobs:
sudo echo "cmp_key: /opt/acme2certifier/volume/acme_ca/ra_key.pem" >> data/acme_srv.cfg
sudo echo "cmp_trusted: /opt/acme2certifier/volume/acme_ca/ca_bundle.pem" >> data/acme_srv.cfg
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> data/acme_srv.cfg
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> data/acme_srv.cfg
env:
RUNNER_IP: ${{ env.RUNNER_IP }}
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }}
Expand All @@ -265,22 +249,17 @@ jobs:
run: |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
- name: "Test enrollment"
uses: ./.github/actions/acme_clients
with:
time: 10s
REVOCATION: "false"
VERIFY_CERT: "false"
USE_CERTBOT: "false"
TEST_ADL: "true"

- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory

- name: "Enroll acme.sh"
- name: "Verify allowed_domainlist error"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
docker exec acme-srv grep -i "either CN or SANs are not allowed by configuration" /var/log/messages
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
Expand Down Expand Up @@ -370,6 +349,7 @@ jobs:
sudo echo "cmp_recipient: $CMP_RECIPIENT" >> data/acme_srv.cfg
sudo echo "cmp_ref: $CMP_REF" >> data/acme_srv.cfg
sudo echo "cmp_secret: $CMP_SECRET" >> data/acme_srv.cfg
sudo echo "allowed_domainlist: [\"bar.local\", \"*.acme\"]" >> data/acme_srv.cfg
env:
RUNNER_IP: ${{ env.RUNNER_IP }}
CMP_RECIPIENT: ${{ secrets.CMP_RECIPIENT }}
Expand All @@ -382,22 +362,17 @@ jobs:
run: |
docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
- name: "Test enrollment"
uses: ./.github/actions/acme_clients
with:
time: 10s

- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory

- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
REVOCATION: "false"
VERIFY_CERT: "false"
USE_CERTBOT: "false"
TEST_ADL: "true"

- name: "Enroll acme.sh"
- name: "Verify allowed_domainlist error"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
docker exec acme-srv grep -i "either CN or SANs are not allowed by configuration" /var/log/messages
- name: "[ * ] collecting test logs"
if: ${{ failure() }}
Expand Down
Loading

0 comments on commit 4d664d6

Please sign in to comment.