CA handler tests - PKCS#7-SOAP handler #875
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CA handler tests - PKCS#7-SOAP handler | |
on: | |
push: | |
pull_request: | |
branches: [ devel ] | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '0 2 * * 6' | |
jobs: | |
pkcs7_soap_handler_signint_tests: | |
name: "pkcs7_soap_handler_tests internal signer" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare SOAP server" | |
run: | | |
sudo mkdir -p examples/Docker/data | |
docker network create acme | |
sudo mkdir -p examples/Docker/data/xca | |
sudo chmod -R 777 examples/Docker/data/xca | |
sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
sudo touch examples/Docker/data/soap_srv.cfg | |
sudo chmod 777 examples/Docker/data/soap_srv.cfg | |
sudo echo "[CAhandler]" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "xdb_file: /etc/soap-srv/xca/$XCA_DB_NAME" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "issuing_ca_key: $XCA_ISSUING_CA" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/soap_srv.cfg | |
env: | |
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
- name: "Build and start SOAP server" | |
working-directory: examples/Docker/ | |
run: | | |
sudo apt-get install -y docker-compose | |
sudo mv ../../.dockerignore ../../.dockerignore.acme | |
docker-compose -f soap_srv.yml up -d | |
docker-compose -f soap_srv.yml logs | |
- name: "Build docker-compose (apache2_wsgi)" | |
working-directory: examples/Docker/ | |
run: | | |
sudo mv ../../.dockerignore.acme ../../.dockerignore | |
docker-compose up -d | |
- name: "Setup a2c with pkcs7_ca_handler" | |
run: | | |
sudo mkdir -p examples/Docker/data/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo cp test/ca/sub-ca-key.pem examples/Docker/data/key.pem | |
sudo cp test/ca/sub-ca-cert.pem examples/Docker/data/cert.pem | |
sudo cp test/ca/certs.pem examples/Docker/data/ca_bundle.pem | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/pkcs7_soap_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "soap_srv: http://soap-srv.acme:8888" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_cert: /var/www/acme2certifier/volume/cert.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_key: /var/www/acme2certifier/volume/key.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "password: Test1234" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: /var/www/acme2certifier/volume/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "profilename: foo" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "email: [email protected]" >> examples/Docker/data/acme_srv.cfg | |
cat examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
cd examples/Docker | |
docker-compose -f soap_srv.yml logs > ${{ github.workspace }}/artifact/soap-srv.log | |
docker-compose logs > ${{ github.workspace }}/artifact/a2c.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz a2c.log data soap-srv.log acme-sh certbot lego | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: pkcs7soap-int.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ | |
pkcs7_soap_handler_signext_tests: | |
name: "pkcs7_soap_handler_tests external signer" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "checkout GIT" | |
uses: actions/checkout@v4 | |
- name: "Prepare SOAP server" | |
run: | | |
sudo mkdir -p examples/Docker/data | |
docker network create acme | |
sudo mkdir -p examples/Docker/data/xca | |
sudo chmod -R 777 examples/Docker/data/xca | |
sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
sudo touch examples/Docker/data/soap_srv.cfg | |
sudo chmod 777 examples/Docker/data/soap_srv.cfg | |
sudo echo "[CAhandler]" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "xdb_file: /etc/soap-srv/xca/$XCA_DB_NAME" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "issuing_ca_key: $XCA_ISSUING_CA" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/soap_srv.cfg | |
sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/soap_srv.cfg | |
env: | |
XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
- name: "Build and start SOAP server" | |
working-directory: examples/Docker/ | |
run: | | |
sudo apt-get install -y docker-compose | |
sudo mv ../../.dockerignore ../../.dockerignore.acme | |
docker-compose -f soap_srv.yml up -d | |
docker-compose -f soap_srv.yml logs | |
- name: "Build docker-compose (apache2_wsgi)" | |
working-directory: examples/Docker/ | |
run: | | |
sudo mv ../../.dockerignore.acme ../../.dockerignore | |
docker-compose up -d | |
docker-compose logs | |
- name: "Test http://acme-srv/directory is accessible" | |
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory | |
- name: "Setup a2c with pkcs7_ca_handler" | |
run: | | |
sudo mkdir -p examples/Docker/data/acme_ca/certs | |
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
sudo touch examples/Docker/data/acme_srv.cfg | |
sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
sudo cp examples/soap/mock_signer.py examples/Docker/data/ | |
sudo chmod 755 examples/Docker/data/mock_signer.py | |
sudo cp test/ca/sub-ca-key.pem examples/Docker/data/key.pem | |
sudo cp test/ca/sub-ca-cert.pem examples/Docker/data/cert.pem | |
sudo cp test/ca/certs.pem examples/Docker/data/ca_bundle.pem | |
sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/pkcs7_soap_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "soap_srv: http://soap-srv.acme:8888" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_script: /var/www/acme2certifier/volume/mock_signer.py" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_alias: /var/www/acme2certifier/volume/cert.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_config_variant: /var/www/acme2certifier/volume/key.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "signing_csr_path: /var/www/acme2certifier/volume" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "ca_bundle: /var/www/acme2certifier/volume/ca_bundle.pem" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "profilename: foo" >> examples/Docker/data/acme_srv.cfg | |
sudo echo "email: [email protected]" >> examples/Docker/data/acme_srv.cfg | |
cat examples/Docker/data/acme_srv.cfg | |
cd examples/Docker/ | |
docker-compose restart | |
- name: "Test enrollment" | |
uses: ./.github/actions/acme_clients | |
with: | |
REVOCATION: "false" | |
- name: "[ * ] collecting test logs" | |
if: ${{ failure() }} | |
run: | | |
mkdir -p ${{ github.workspace }}/artifact/upload | |
sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
sudo cp -rp certbot/ ${{ github.workspace }}/artifact/certbot/ | |
sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
cd examples/Docker | |
docker-compose -f soap_srv.yml logs > ${{ github.workspace }}/artifact/soap-srv.log | |
docker-compose logs > ${{ github.workspace }}/artifact/a2c.log | |
sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz a2c.log data soap-srv.log acme-sh certbot lego | |
- name: "[ * ] uploading artificates" | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: pkcs7soap-ext.tar.gz | |
path: ${{ github.workspace }}/artifact/upload/ |