[feat] log enrollment config in various ca_handlers #1220
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CA handler tests - XCA | |
| on: | |
| push: | |
| pull_request: | |
| branches: [ devel ] | |
| schedule: | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '0 2 * * 6' | |
| jobs: | |
| xca_handler_tests: | |
| name: "xca_handler_tests" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| websrv: ['apache2', 'nginx'] | |
| dbhandler: ['wsgi', 'django'] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Build container" | |
| uses: ./.github/actions/container_prep | |
| with: | |
| DB_HANDLER: ${{ matrix.dbhandler }} | |
| WEB_SRV: ${{ matrix.websrv }} | |
| - name: "No template - Setup a2c with xca_ca_handler" | |
| run: | | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
| sudo mkdir -p examples/Docker/data/xca | |
| sudo chmod -R 777 examples/Docker/data/xca | |
| sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/xca/$XCA_DB_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/acme_srv.cfg | |
| # sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "No Template - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_no_template | |
| - name: "Template - Setup a2c with xca_ca_handler" | |
| run: | | |
| sudo mkdir -p examples/Docker/data/xca | |
| sudo chmod -R 777 examples/Docker/data/xca | |
| sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/xca/$XCA_DB_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Template - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_template | |
| - name: "Header-info - Setup a2c with xca_ca_handler" | |
| run: | | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
| sudo mkdir -p examples/Docker/data/xca | |
| sudo chmod -R 777 examples/Docker/data/xca | |
| sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/xca/$XCA_DB_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" examples/Docker/data/acme_srv.cfg | |
| cd examples/Docker/ | |
| docker-compose restart | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Header-info - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_headerinfo | |
| - name: "EAB - Setup a2c with xca_ca_handler - profiling" | |
| run: | | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
| sudo mkdir -p examples/Docker/data/xca | |
| sudo chmod -R 777 examples/Docker/data/xca | |
| sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/xca/$XCA_DB_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "eab_profiling: True" >> examples/Docker/data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" examples/Docker/data/acme_srv.cfg | |
| sudo echo -e "\n\n[EABhandler]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "eab_handler_file: /var/www/acme2certifier/examples/eab_handler/kid_profile_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "key_file: volume/kid_profiles.json" >> examples/Docker/data/acme_srv.cfg | |
| sudo cp examples/eab_handler/kid_profiles.json examples/Docker/data/kid_profiles.json | |
| sudo chmod 777 examples/eab_handler/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \[\"profile_1\", \"profile_2\", \"profile_3\"\]/\"template_name\"\: \[\"template\", \"acme\"\]/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \"profile_2\"/\"template_name\"\: \"template\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca_2\",/\"issuing_ca_name\": \"root-ca\",\n \"issuing_ca_key\": \"root-ca\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca\",/\"unknown_key\": \"unknown_value\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/example.net/acme/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i '19,20d' examples/Docker/data/kid_profiles.json | |
| sudo sed -i '8,9d' examples/Docker/data/kid_profiles.json | |
| cd examples/Docker/ | |
| docker-compose restart | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "EAB - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_eab | |
| - name: "EAB subject profiling - Setup a2c with xca_ca_handler " | |
| run: | | |
| sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem | |
| sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem | |
| sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem | |
| sudo cp .github/django_settings.py examples/Docker/data/settings.py | |
| sudo mkdir -p examples/Docker/data/xca | |
| sudo chmod -R 777 examples/Docker/data/xca | |
| sudo cp test/ca/acme2certifier-clean.xdb examples/Docker/data/xca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem examples/Docker/data/acme_ca/ | |
| sudo touch examples/Docker/data/acme_srv.cfg | |
| sudo chmod 777 examples/Docker/data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg > examples/Docker/data/acme_srv.cfg | |
| sudo echo "handler_file: /var/www/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/xca/$XCA_DB_NAME" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "eab_profiling: True" >> examples/Docker/data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" examples/Docker/data/acme_srv.cfg | |
| sudo echo -e "\n\n[EABhandler]" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "eab_handler_file: /var/www/acme2certifier/examples/eab_handler/kid_profile_handler.py" >> examples/Docker/data/acme_srv.cfg | |
| sudo echo "key_file: volume/kid_profiles.json" >> examples/Docker/data/acme_srv.cfg | |
| sudo cp examples/eab_handler/kid_profiles.json examples/Docker/data/kid_profiles.json | |
| sudo chmod 777 examples/eab_handler/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \[\"profile_1\", \"profile_2\", \"profile_3\"\]/\"template_name\"\: \"acme\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \"profile_2\"/\"template_name\"\: \"template\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca_2\",/\"issuing_ca_name\": \"root-ca\",\n \"issuing_ca_key\": \"root-ca\"/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca\",/\"unknown_key\": \"unknown_value\",/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/example.net/acme/g" examples/Docker/data/kid_profiles.json | |
| sudo sed -i '19,20d' examples/Docker/data/kid_profiles.json | |
| sudo sed -i '9d' examples/Docker/data/kid_profiles.json | |
| sudo sed -i "s/\"api_user\"\: \"api_user\",/\"subject\"\: \{\n \"serialNumber\"\: \"*\",\n \"organizationName\"\: \"acme corp\",\n \"organizationalUnitName\"\: \[\"acme1\", \"acme2\"\],\n \"countryName\"\: \"AC\"\n \}/g" examples/Docker/data/kid_profiles.json | |
| cd examples/Docker/ | |
| docker-compose restart | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "EAB subject profiling - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_eab_sp | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| sudo cp -rp examples/Docker/data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo cp -rp lego/ ${{ github.workspace }}/artifact/lego/ | |
| cd examples/Docker | |
| docker-compose logs > ${{ github.workspace }}/artifact/docker-compose.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz docker-compose.log data acme-sh lego | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: xca_handler-${{ matrix.websrv }}-${{ matrix.dbhandler }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ | |
| xca_handler_tests_rpm: | |
| name: "xca_handler_tests_rpm" | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rhversion: [8, 9] | |
| steps: | |
| - name: "checkout GIT" | |
| uses: actions/checkout@v4 | |
| - name: "Prepare Alma environment" | |
| uses: ./.github/actions/rpm_prep | |
| with: | |
| GH_SBOM_USER: ${{ secrets.GH_SBOM_USER }} | |
| GH_SBOM_TOKEN: ${{ secrets.GH_SBOM_TOKEN }} | |
| RH_VERSION: ${{ matrix.rhversion }} | |
| - name: "No template - Setup a2c with xca_ca_handler" | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/acme2certifier-clean.xdb data/acme_ca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| # sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "No template - Execute install scipt" | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
| - name: "No template - Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "No Template - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_no_template | |
| - name: "Template - Setup a2c with xca_ca_handler" | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/acme2certifier-clean.xdb data/acme_ca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Template - Reconfigure a2c " | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
| - name: "Template - Test enrollment" | |
| uses: ./.github/actions/acme_clients | |
| - name: "Template - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_template | |
| - name: "Header-info - Setup a2c with xca_ca_handler" | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/acme2certifier-clean.xdb data/acme_ca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" data/acme_srv.cfg | |
| sudo echo "eab_handler_file: /opt/acme2certifier/examples/eab_handler/kid_profile_handler.py" >> data/acme_srv.cfg | |
| sudo echo "key_file: /opt/acme2certifier/volume/acme_ca/kid_profiles.json" >> data/acme_srv.cfg | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "Header-info - Reconfigure a2c " | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
| - name: "Header-info - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_headerinfo | |
| - name: "EAB - Setup a2c with xca_ca_handler" | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/acme2certifier-clean.xdb data/acme_ca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| sudo echo "eab_profiling: True" >> data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" data/acme_srv.cfg | |
| sudo echo -e "\n\n[EABhandler]" >> data/acme_srv.cfg | |
| sudo echo "eab_handler_file: /opt/acme2certifier/examples/eab_handler/kid_profile_handler.py" >> data/acme_srv.cfg | |
| sudo echo "key_file: /opt/acme2certifier/volume/acme_ca/kid_profiles.json" >> data/acme_srv.cfg | |
| sudo cp examples/eab_handler/kid_profiles.json data/acme_ca/kid_profiles.json | |
| sudo chmod 777 data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \[\"profile_1\", \"profile_2\", \"profile_3\"\]/\"template_name\"\: \[\"template\", \"acme\"\]/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \"profile_2\"/\"template_name\"\: \"template\"/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca_2\",/\"issuing_ca_name\": \"root-ca\",\n \"issuing_ca_key\": \"root-ca\"/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca\",/\"unknown_key\": \"unknown_value\"/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/example.net/acme/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i '19,20d' data/acme_ca/kid_profiles.json | |
| sudo sed -i '8,9d' data/acme_ca/kid_profiles.json | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "EAB - Reconfigure a2c " | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
| - name: "EAB - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_eab | |
| - name: "EAB subject profiling - Setup a2c with xca_ca_handler" | |
| run: | | |
| mkdir -p data/acme_ca | |
| sudo cp test/ca/acme2certifier-clean.xdb data/acme_ca/$XCA_DB_NAME | |
| sudo mkdir -p examples/Docker/data/acme_ca/certs | |
| sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem data/acme_ca/ | |
| sudo touch data/acme_srv.cfg | |
| sudo chmod 777 data/acme_srv.cfg | |
| sudo head -n -8 .github/openssl_ca_handler.py_acme_srv_default_handler.cfg > data/acme_srv.cfg | |
| sudo echo "handler_file: /opt/acme2certifier/examples/ca_handler/xca_ca_handler.py" >> data/acme_srv.cfg | |
| sudo echo "xdb_file: volume/acme_ca/$XCA_DB_NAME" >> data/acme_srv.cfg | |
| sudo echo "issuing_ca_name: $XCA_ISSUING_CA" >> data/acme_srv.cfg | |
| sudo echo "passphrase: $XCA_PASSPHRASE" >> data/acme_srv.cfg | |
| sudo echo "ca_cert_chain_list: [\"root-ca\"]" >> data/acme_srv.cfg | |
| sudo echo "template_name: $XCA_TEMPLATE" >> data/acme_srv.cfg | |
| sudo echo "eab_profiling: True" >> data/acme_srv.cfg | |
| sudo sed -i "s/tnauthlist_support: False/tnauthlist_support: False\nheader_info_list: [\"HTTP_USER_AGENT\"]/g" data/acme_srv.cfg | |
| sudo echo -e "\n\n[EABhandler]" >> data/acme_srv.cfg | |
| sudo echo "eab_handler_file: /opt/acme2certifier/examples/eab_handler/kid_profile_handler.py" >> data/acme_srv.cfg | |
| sudo echo "key_file: /opt/acme2certifier/volume/acme_ca/kid_profiles.json" >> data/acme_srv.cfg | |
| sudo cp examples/eab_handler/kid_profiles.json data/acme_ca/kid_profiles.json | |
| sudo chmod 777 data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \[\"profile_1\", \"profile_2\", \"profile_3\"\]/\"template_name\"\: \[\"template\", \"acme\"\]/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"profile_id\"\: \"profile_2\"/\"template_name\"\: \"template\"/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca_2\",/\"issuing_ca_name\": \"root-ca\",\n \"issuing_ca_key\": \"root-ca\"/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"ca_name\": \"example_ca\",/\"unknown_key\": \"unknown_value\",/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/example.net/acme/g" data/acme_ca/kid_profiles.json | |
| sudo sed -i '19,20d' data/acme_ca/kid_profiles.json | |
| sudo sed -i '9d' data/acme_ca/kid_profiles.json | |
| sudo sed -i "s/\"api_user\"\: \"api_user\",/\"subject\"\: \{\n \"serialNumber\"\: \"*\",\n \"organizationName\"\: \"acme corp\",\n \"organizationalUnitName\"\: \[\"acme1\", \"acme2\"\],\n \"countryName\"\: \"AC\"\n \}/g" data/acme_ca/kid_profiles.json | |
| env: | |
| XCA_PASSPHRASE: ${{ secrets.XCA_PASSPHRASE }} | |
| XCA_ISSUING_CA: ${{ secrets.XCA_ISSUING_CA }} | |
| XCA_TEMPLATE: ${{ secrets.XCA_TEMPLATE }} | |
| XCA_DB_NAME: ${{ secrets.XCA_DB_NAME }} | |
| - name: "EAB subject profiling - Reconfigure a2c " | |
| run: | | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh | |
| docker exec acme-srv sh /tmp/acme2certifier/rpm_tester.sh restart | |
| - name: "EAB subject profiling - enrollment" | |
| uses: ./.github/actions/wf_specific/xca_ca_handler/enroll_eab_sp | |
| with: | |
| DEPLOYMENT_TYPE: "rpm" | |
| - name: "[ * ] collecting test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| mkdir -p ${{ github.workspace }}/artifact/upload | |
| docker exec acme-srv tar cvfz /tmp/acme2certifier/a2c.tgz /opt/acme2certifier | |
| sudo cp -rp data/ ${{ github.workspace }}/artifact/data/ | |
| sudo cp -rp acme-sh/ ${{ github.workspace }}/artifact/acme-sh/ | |
| sudo rm ${{ github.workspace }}/artifact/data/*.rpm | |
| docker exec acme-srv cat /etc/nginx/nginx.conf.orig > ${{ github.workspace }}/artifact/data/nginx.conf.orig | |
| docker exec acme-srv cat /etc/nginx/nginx.conf > ${{ github.workspace }}/artifact/data/nginx.conf | |
| docker exec acme-srv cat /var/log/messages > ${{ github.workspace }}/artifact/acme-srv.log | |
| sudo tar -C ${{ github.workspace }}/artifact/ -cvzf ${{ github.workspace }}/artifact/upload/artifact.tar.gz data acme-srv.log acme-sh | |
| - name: "[ * ] uploading artificates" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: xca_handler_tests_rpm-rh${{ matrix.rhversion }}.tar.gz | |
| path: ${{ github.workspace }}/artifact/upload/ |