File: run.sh

package info (click to toggle)
certmonger 0.75.14-3
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 8,540 kB
  • ctags: 2,176
  • sloc: ansic: 41,340; sh: 9,551; makefile: 528; python: 207; xml: 190; sed: 16
file content (721 lines) | stat: -rwxr-xr-x 20,653 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
#!/bin/bash -e

cd "$tmpdir"

source "$srcdir"/functions

cert="-----BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIOAQAAAAABPWT1Paf0wU4wDQYJKoZIhvcNAQEFBQAwRjEX
MBUGA1UEChMOQ3liZXJ0cnVzdCBJbmMxKzApBgNVBAMTIkN5YmVydHJ1c3QgUHVi
bGljIFN1cmVTZXJ2ZXIgU1YgQ0EwHhcNMTMwMzEzMTc0ODQ3WhcNMTQwMzEzMTc0
ODQ3WjBuMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTk9SVEggQ0FST0xJTkExEDAO
BgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB1JlZCBIYXQxCzAJBgNVBAsTAklUMRUw
EwYDVQQDFAwqLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC8NmWLQuAdaMTQ2Ae8AVPUKDEdCNtGBE4It5hb4xL9cHSzQeBaMDm9UR5X
w5DLR93TQFL+Rc9mLbrBhIz9eacrs5qpUp4i5XhgnvEN7vBsUyFjZqQ+W5Zqs5Cv
yMVv+rkRRa22hYPqFNM0R0lBPLltZO6+58VA53ttr87JOdPZsdomJtzruXz9ceLg
ZnDULmIfZFhw7bz0Y9qAURSsULpIjLwWsGjOlNpPSTisCNwNWrmT4KerD8RnCXy+
keWZPSw9RgMBbyYD6am0nj2/JPmkv390F6HYi6f/0OyefKqZEaPgwDmhEiW6K2Ps
qodUKMcfBFJNgPs6ZuqOLnGILVyrAgMBAAGjgdEwgc4wHwYDVR0jBBgwFoAUBJhg
34AblkldZVYtpSwJJArs3LkwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NybC5v
bW5pcm9vdC5jb20vUHVibGljU3VyZVNlcnZlclNWLmNybDAdBgNVHQ4EFgQUC5p5
rlungiFqeTNw0HOISTrudr8wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIBAQQEAwIGwDAN
BgkqhkiG9w0BAQUFAAOCAQEAJC1PfXXjM3Y2ifPlzauQgLHiizx3XeIB86AXJHL2
N77UMfkSYmUJraWZX3Ye7icDbRwNHLIDJMfpjgcwnC+ZB+byyvmtjGjcTuqVZpXS
2JU8kgGxNlEjCd4NsumpzollG1W1iDorBCt9bHp8b4isLD+jSnqbWKnvuEUle0ad
Pi7xjf9BidMvYUEBpJsd9rA1LQtp/ZfxxA6RtgCeXjQPexjsvf6SLKyrmacHZcMJ
b6JbhXMTzB7QZjR3IooqzXS8T/2zBxDUSH4fJ4o0KSkY8cjNCCxdnkXL96PC9KQ5
kV1Ad3iHw/TnJjzrJJs3o92pRR/JtF0Jw6dszNP1Sn68uA==
-----END CERTIFICATE-----"

cat > ca-issued << EOF
#!/bin/sh
echo "$cert"
exit 0
EOF
chmod u+x ca-issued
cat > ca-issued-with-no-newline << EOF
#!/bin/sh
echo -n "$cert"
exit 0
EOF
chmod u+x ca-issued-with-no-newline
cat > ca-issued-with-noise-before << EOF
#!/bin/sh
echo iLoveCookies
echo "$cert"
exit 0
EOF
chmod u+x ca-issued-with-noise-before
cat > ca-issued-with-noise-after << EOF
#!/bin/sh
echo "$cert"
echo iLoveCookies
exit 0
EOF
chmod u+x ca-issued-with-noise-after
cat > ca-issued-with-noise-both << EOF
#!/bin/sh
echo iLoveCookies
echo "$cert"
echo Also Monkeys
exit 0
EOF
chmod u+x ca-issued-with-noise-both
cat > ca-ask-again << EOF
#!/bin/sh
echo iLoveCookiesSome
exit 1
EOF
chmod u+x ca-ask-again
cat > ca-reject << EOF
#!/bin/sh
echo CA rejected us, must have been having a bad day.
exit 2
EOF
chmod u+x ca-reject
cat > ca-unreachable << EOF
#!/bin/sh
echo Could not contact CA.
exit 3
EOF
chmod u+x ca-unreachable
cat > ca-unconfigured << EOF
#!/bin/sh
echo Something is wrong with my brain.
exit 4
EOF
chmod u+x ca-unconfigured
cat > ca-ask-again-5 << EOF
#!/bin/sh
echo 13
echo iLoveCookiesMore
exit 5
EOF
chmod u+x ca-ask-again-5
cat > ca-ask-again-broken-5 << EOF
#!/bin/sh
echo "?1034h13"
echo iLoveCookiesMore
exit 5
EOF
chmod u+x ca-ask-again-broken-5
cat > ca-what-what-6 << EOF
#!/bin/sh
echo What do you want?
exit 6
EOF
chmod u+x ca-what-what-6

cat > ca << EOF
id=SelfSign
ca_type=INTERNAL:SELF
EOF

cat > entry << EOF
id=Test
ca_name=SelfSign
state=NEED_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile
notification_method=STDOUT
EOF
# These cover parts of the process, forcing it to stop if any phase needs
# to be tried again, so that we don't hit infinite loops.
echo '[Generating key pair.]'
$toolsdir/iterate ca entry GENERATING_KEY_PAIR,HAVE_KEY_PAIR
if test "`grep ^state entry`" != state=NEED_KEYINFO ; then
	echo Key generation failed or did not move to key info reading.
	grep ^state entry
	exit 1
fi

echo
echo '[Reading back key info.]'
$toolsdir/iterate ca entry NEED_KEYINFO,START_READING_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
if test "`grep ^state entry`" != state=NEED_CSR ; then
	echo Key info read failed or did not move to CSR generation.
	grep ^state entry
	exit 1
fi
grep ^key_size entry

echo
echo '[Generating CSR.]'
$toolsdir/iterate ca entry HAVE_KEYINFO,NEED_CSR,GENERATING_CSR
if test "`grep ^state entry`" != state=HAVE_CSR ; then
	echo CSR generation failed or did not move to submission.
	grep ^state entry
	exit 1
fi

echo
echo '[Getting CSR signed.]'
$toolsdir/iterate ca entry HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING
if test "`grep ^state entry`" != state=NEED_TO_SAVE_CERT ; then
	echo Signing failed or did not move to saving.
	grep ^state entry
	exit 1
fi

echo
echo '[Saving certificate.]'
$toolsdir/iterate ca entry START_SAVING_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g'
if test "`grep ^state entry`" != state=MONITORING ; then
	echo Saving failed or did not move to monitoring.
	grep ^state entry
	exit 1
fi

echo
echo '[From-scratch enrollment scenario OK.]'

echo
echo '[Picking up mid-life without a key or a certificate.]'
cat > entry << EOF
id=Test
state=NEWLY_ADDED
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile2
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile2
notification_method=STDOUT
EOF
$toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING
if test "`grep ^state entry`" != state=NEED_KEY_PAIR ; then
	echo Figuring stuff out failed or did not move to generating a key.
	grep ^state entry
	exit 1
fi


echo
echo '[Picking up mid-life without a certificate.]'
cat > entry << EOF
id=Test
state=NEWLY_ADDED
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile2
notification_method=STDOUT
EOF
$toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING
if test "`grep ^state entry`" != state=NEED_CSR; then
	echo Figuring stuff out failed or did not move to generating a CSR.
	grep ^state entry
	exit 1
fi

echo
echo '[Picking up mid-life.]'
cat > entry << EOF
id=Test
state=NEWLY_ADDED
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile
notification_method=STDOUT
EOF
$toolsdir/iterate ca entry NEWLY_ADDED,NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING
if test "`grep ^state entry`" != state=MONITORING ; then
	echo Figuring stuff out failed or did not move to monitoring.
	grep ^state entry
	exit 1
fi


echo
echo '[Retroactive issuing.]'
cat > entry2 << EOF
id=Test
ca_name=SelfSign
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile2
monitor=1
notification_method=STDOUT
EOF
cat > ca2 << EOF
id=SelfSign
ca_type=INTERNAL:SELF
ca_internal_issue_time=0
EOF
$toolsdir/iterate ca2 entry2 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca2 entry2 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca2 entry2 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca2 entry2 START_SAVING_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g'
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2
echo
echo '[Noticing expiration.]'
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2
$toolsdir/iterate ca  entry2 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g'

echo
echo '[Kicking off autorenew.]'
cat > entry2 << EOF
id=Test
ca_name=SelfSign
state=MONITORING
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile2
monitor=1
autorenew=1
notification_method=STDOUT
EOF
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile2
$toolsdir/iterate ca  entry2 MONITORING,NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g'

echo
echo '[Enroll.]'
cat > entry3 << EOF
id=Test
ca_name=Friendly
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile4
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Friendly
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-issued
EOF
: > $tmpdir/certfile4
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT

echo
echo '[Enroll, helper produces noise before.]'
cat > entry3 << EOF
id=Test
ca_name=Friendly
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile4
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Friendly
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-issued-with-noise-before
EOF
: > $tmpdir/certfile4
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT

echo
echo '[Enroll, helper produces noise after]'
cat > entry3 << EOF
id=Test
ca_name=Friendly
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile4
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Friendly
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-issued-with-noise-after
EOF
: > $tmpdir/certfile4
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT

echo
echo '[Enroll, helper produces noise before and after.]'
cat > entry3 << EOF
id=Test
ca_name=Friendly
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile4
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Friendly
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-issued-with-noise-both
EOF
: > $tmpdir/certfile4
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT

echo
echo '[Enroll, helper omits newline at end of certificate.]'
cat > entry3 << EOF
id=Test
ca_name=Friendly
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile4
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Friendly
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-issued-with-no-newline
EOF
: > $tmpdir/certfile4
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca3 entry3 NEED_TO_SAVE_CERT,SAVING_CERT,START_SAVING_CERT

echo
echo '[Enroll until we notice we have no specified CA.]'
cat > entry3 << EOF
id=Test
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca3 << EOF
id=Meanie
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-reject
EOF
$toolsdir/iterate ca3 entry3 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca3 entry3 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca3 entry3 NEED_TO_SUBMIT,SUBMITTING

echo
echo '[Enroll until the CA tells us to come back later.]'
cat > entry4 << EOF
id=Test
ca_name=Busy
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca4 << EOF
id=Busy
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-ask-again
EOF
$toolsdir/iterate ca4 entry4 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca4 entry4 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca4 entry4 NEED_TO_SUBMIT,SUBMITTING
grep ca_cookie entry4
$toolsdir/iterate ca4 entry4 ""

echo
echo '[Enroll until the CA rejects us.]'
cat > entry5 << EOF
id=Test
ca_name=Meanie
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile3
notification_method=STDOUT
EOF
cat > ca5 << EOF
id=Meanie
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-reject
EOF
$toolsdir/iterate ca5 entry5 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca5 entry5 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca5 entry5 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca5 entry5 NEED_TO_NOTIFY_REJECTION,NOTIFYING_REJECTION | sed 's@'"$tmpdir"'@$tmpdir@g'
$toolsdir/iterate ca5 entry5 "" | sed 's@'"$tmpdir"'@$tmpdir@g'

echo
echo '[Enroll until the CA turns out to be unreachable.]'
cat > entry6 << EOF
id=Test
ca_name=Lostie
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca6 << EOF
id=Lostie
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-unreachable
EOF
$toolsdir/iterate ca6 entry6 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca6 entry6 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca6 entry6 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca6 entry6 ""

echo
echo '[Enroll until the CA client turns out to be unconfigured.]'
cat > entry7 << EOF
id=Test
ca_name=Lostie
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca7 << EOF
id=Lostie
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-unconfigured
EOF
$toolsdir/iterate ca7 entry7 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca7 entry7 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca7 entry7 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca7 entry7 ""

echo
echo '[Enroll until the CA tells us to come back later.]'
cat > entry8 << EOF
id=Test
ca_name=Busy
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca8 << EOF
id=Busy
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-ask-again-5
EOF
$toolsdir/iterate ca8 entry8 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca8 entry8 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca8 entry8 NEED_TO_SUBMIT,SUBMITTING
grep ca_cookie entry8
$toolsdir/iterate ca8 entry8 ""

echo
echo '[Enroll until the CA tells us to come back later, but with a broken date.]'
cat > entry8 << EOF
id=Test
ca_name=Busy
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca8 << EOF
id=Busy
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-ask-again-broken-5
EOF
$toolsdir/iterate ca8 entry8 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca8 entry8 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca8 entry8 NEED_TO_SUBMIT,SUBMITTING
grep ca_cookie entry8 || echo NO COOKIE FOR YOU
$toolsdir/iterate ca8 entry8 ""

echo
echo "[Enroll until we realize our enrollment helper doesn't support enrollment.]"
cat > entry9 << EOF
id=Test
ca_name=Confused
state=HAVE_KEY_PAIR
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile
notification_method=STDOUT
EOF
cat > ca9 << EOF
id=Confused
ca_type=EXTERNAL
ca_external_helper=$tmpdir/ca-what-what-6
EOF
$toolsdir/iterate ca9 entry9 NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca9 entry9 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca9 entry9 NEED_TO_SUBMIT,SUBMITTING

# Note! The "iterate" harness rounds delay times up to the next multiple of 50.
for interval in 0 30 1800 3600 7200 86000 86500 604800 1000000 2000000; do
	now=`date +%s`
	CM_FORCE_TIME=$now ; export CM_FORCE_TIME
	when=`expr $now + $interval`
	later=`env TZ=UTC date -d @$when +%Y%m%d%H%M%S`
	for ca in ca-unreachable ca-ask-again ca-unconfigured ; do
		echo
		echo '[CA poll timeout remaining='$interval'.]'
		cat > entry9 <<- EOF
		id=Test
		ca_name=Lostie
		state=HAVE_CSR
		cert_not_after=$later
		csr=AAAA
		notification_method=STDOUT
		EOF
		cat > ca9 <<- EOF
		id=Lostie
		ca_type=EXTERNAL
		ca_external_helper=$tmpdir/$ca
		EOF
		$toolsdir/iterate ca9 entry9 NEED_TO_SUBMIT,SUBMITTING
	done
	echo
	echo '[Monitor poll timeout remaining='$interval'.]'
	cat > entry9 <<- EOF
	id=Test
	ca_name=Lostie
	state=MONITORING
	cert_not_after=$later
	csr=AAAA
	notification_method=STDOUT
	EOF
	cat > ca9 <<- EOF
	id=Lostie
	ca_type=EXTERNAL
	ca_external_helper=$tmpdir/$ca
	EOF
	$toolsdir/iterate ca9 entry9 ""
done

SAVED_CONFIG_DIR="$CERTMONGER_CONFIG_DIR"
CERTMONGER_CONFIG_DIR=`pwd`
echo
echo '[Kicking off split monitor/enroll TTL tests.]'
cat > entry10 << EOF
id=Test
ca_name=SelfSign
state=NEWLY_ADDED
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile10
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile10
monitor=1
autorenew=1
notification_method=STDOUT
EOF
cat > ca10 << EOF
id=SelfSign
ca_type=INTERNAL:SELF
ca_internal_issue_time=0
EOF
$toolsdir/iterate ca10 entry10 NEWLY_ADDED_START_READING_KEYINFO,NEWLY_ADDED_READING_KEYINFO,NEWLY_ADDED_START_READING_CERT,NEWLY_ADDED_READING_CERT,NEWLY_ADDED_DECIDING
$toolsdir/iterate ca10 entry10 NEED_KEY_PAIR,GENERATING_KEY_PAIR,HAVE_KEY_PAIR,NEED_KEYINFO,READING_KEYINFO,HAVE_KEYINFO
$toolsdir/iterate ca10 entry10 NEED_CSR,GENERATING_CSR
$toolsdir/iterate ca10 entry10 NEED_TO_SUBMIT,SUBMITTING
$toolsdir/iterate ca10 entry10 START_SAVING_CERT,SAVING_CERT,NEED_TO_READ_CERT,READING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT | sed 's@'"$tmpdir"'@$tmpdir@g'
cp $tmpdir/certfile10 $tmpdir/certfile10.bak

echo
echo '[Kicking off enroll only.]'
cp $tmpdir/certfile10.bak $tmpdir/certfile10
cat > entry10 << EOF
id=Test
ca_name=SelfSign
state=MONITORING
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile10
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile10
monitor=1
autorenew=1
notification_method=STDOUT
EOF
cat > ca10 << EOF
id=SelfSign
ca_type=INTERNAL:SELF
ca_internal_issue_time=0
EOF
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10
cat > certmonger.conf << EOF
[defaults]
enroll_ttls = 30s
notify_ttls = N
EOF
$toolsdir/iterate ca10 entry10 NEED_CSR,GENERATING_CSR,HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING,NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT,NEED_TO_READ_CERT,READING_CERT | sed 's@'"$tmpdir"'@$tmpdir@g'

echo
echo '[Kicking off notify only.]'
cp $tmpdir/certfile10.bak $tmpdir/certfile10
cat > entry10 << EOF
id=Test
ca_name=SelfSign
state=MONITORING
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile10
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile10
monitor=1
autorenew=1
notification_method=STDOUT
EOF
cat > ca10 << EOF
id=SelfSign
ca_type=INTERNAL:SELF
ca_internal_issue_time=0
EOF
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10
cat > certmonger.conf << EOF
[defaults]
notify_ttls = 30s
enroll_ttls = N
EOF
$toolsdir/iterate ca10 entry10 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY | sed 's@'"$tmpdir"'@$tmpdir@g'

echo
echo '[Kicking off notify-then-submit.]'
: > $tmpdir/notification.txt
cat > $tmpdir/notify.sh << EOF
#!/bin/sh
touch $tmpdir/notification.txt
echo The sky is falling: \$CERTMONGER_NOTIFICATION >> $tmpdir/notification.txt
EOF
chmod u+x $tmpdir/notify.sh
cp $tmpdir/certfile10.bak $tmpdir/certfile10
cat > entry10 << EOF
id=Test
ca_name=SelfSign
state=MONITORING
key_storage_type=FILE
key_storage_location=$tmpdir/keyfile10
cert_storage_type=FILE
cert_storage_location=$tmpdir/certfile10
monitor=1
autorenew=1
notification_method=STDOUT
EOF
cat > ca10 << EOF
id=SelfSign
ca_type=INTERNAL:SELF
ca_internal_issue_time=0
EOF
openssl x509 -noout -startdate -enddate -in $tmpdir/certfile10
cat > certmonger.conf << EOF
[defaults]
notify_ttls = 30s
enroll_ttls = 30s
notification_method=command
notification_destination=$tmpdir/notify.sh
EOF
$toolsdir/iterate ca10 entry10 NEED_TO_NOTIFY_VALIDITY,NOTIFYING_VALIDITY,NEED_CSR,GENERATING_CSR,HAVE_CSR,NEED_TO_SUBMIT,SUBMITTING,NEED_TO_SAVE_CERT,START_SAVING_CERT,SAVING_CERT,NEED_TO_SAVE_CA_CERTS,START_SAVING_CA_CERTS,SAVING_CA_CERTS,NEED_TO_NOTIFY_ISSUED_SAVED,NOTIFYING_ISSUED_SAVED,SAVED_CERT,NEED_TO_READ_CERT,READING_CERT | sed 's@'"$tmpdir"'@$tmpdir@g'
cat $tmpdir/notification.txt | sed 's@'"$tmpdir"'@$tmpdir@g'
CERTMONGER_CONFIG_DIR="$SAVED_CONFIG_DIR"

echo
echo Test complete.