-
Notifications
You must be signed in to change notification settings - Fork 141
98 lines (79 loc) · 3.2 KB
/
pki-nss-exts-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: PKI NSS CLI with Extensions
on: workflow_call
env:
DS_IMAGE: ${{ vars.DS_IMAGE || 'quay.io/389ds/dirsrv' }}
jobs:
# https://github.com/dogtagpki/pki/wiki/PKI-NSS-CLI
test:
name: Test
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/pki
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Retrieve PKI images
uses: actions/cache@v4
with:
key: pki-images-${{ github.sha }}
path: pki-images.tar
- name: Load PKI images
run: docker load --input pki-images.tar
- name: Set up runner container
run: |
tests/bin/runner-init.sh pki
env:
HOSTNAME: pki.example.com
- name: Create CA signing cert request
run: |
docker exec pki pki nss-cert-request \
--subject "CN=Certificate Authority" \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--csr ca_signing.csr
docker exec pki /usr/share/pki/tests/ca/bin/test-ca-signing-csr-ext.sh
- name: Issue self-signed CA signing cert
run: |
docker exec pki pki nss-cert-issue \
--csr ca_signing.csr \
--ext /usr/share/pki/server/certs/ca_signing.conf \
--cert ca_signing.crt
docker exec pki /usr/share/pki/tests/ca/bin/test-ca-signing-cert-ext.sh
- name: Import CA signing cert
run: |
docker exec pki pki nss-cert-import \
--cert ca_signing.crt \
--trust CT,C,C \
ca_signing
docker exec pki certutil -L -d /root/.dogtag/nssdb -n ca_signing
- name: Create subordinate CA signing cert request
run: |
docker exec pki pki nss-cert-request \
--subject "CN=Subordinate CA" \
--ext /usr/share/pki/server/certs/subca_signing.conf \
--csr subca_signing.csr
docker exec pki /usr/share/pki/tests/ca/bin/test-subca-signing-csr-ext.sh
- name: Issue subordinate CA signing cert
run: |
docker exec pki pki nss-cert-issue \
--issuer ca_signing \
--csr subca_signing.csr \
--ext /usr/share/pki/server/certs/subca_signing.conf \
--cert subca_signing.crt
# check MS sub CA signing cert extensions
docker exec pki /usr/share/pki/tests/ca/bin/test-ms-subca-signing-cert-ext.sh
- name: Create SSL server cert request
run: |
docker exec pki pki nss-cert-request \
--ext /usr/share/pki/server/certs/sslserver.conf \
--subjectAltName "critical, DNS:www.example.com, DNS:pki.example.com" \
--csr sslserver.csr
docker exec pki /usr/share/pki/tests/bin/test-sslserver-csr-ext.sh
- name: Issue SSL server cert
run: |
docker exec pki pki nss-cert-issue \
--issuer ca_signing \
--csr sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--subjectAltName "critical, DNS:www.example.com, DNS:pki.example.com" \
--cert sslserver.crt
docker exec pki /usr/share/pki/tests/bin/test-sslserver-cert-ext.sh