view release on metacpan or  search on metacpan

lib/App/CamelPKI/Model/CA.pm  view on Meta::CPAN

=head2 _root_ca_cert_path

As its name indicates it, return the path under I<db_dir>
(see L</CONFIGURATION>) where the AC certificate is stored.

=cut

sub _root_ca_cert_path {
    my ($self) = @_;
    return catfile($self->db_dir, "rootca.crt");
}

require My::Tests::Below unless caller;

1;

__END__

=head1 TEST SUITE

=cut

use Fatal qw(mkdir);
use File::Spec::Functions qw(catfile catdir);
use Test::More qw(no_plan);
use Test::Group;
use App::CamelPKI::Error;
use App::CamelPKI::Test;
use App::CamelPKI::SysV::Apache;
use App::CamelPKI::PrivateKey;
use App::CamelPKI::Certificate;

test "do_ceremony" => sub {
    mkdir(my $ceremonydir = catdir(My::Tests::Below->tempdir, "ceremony0"));
    mkdir(my $cadir = catdir($ceremonydir, "ca"));
    mkdir(my $privdir = catdir($ceremonydir, "priv"));
    mkdir(my $webdir = catdir($ceremonydir, "webserver"));

    my $model_ca = bless { db_dir => $cadir, keysize => 512 },
        "App::CamelPKI::Model::CA";
    try {
        $model_ca->instance;
        fail("->instance should not succeed as the CA is "
             . "not yet operational");
    } catch App::CamelPKI::Error::State with {
        pass;
    };

    my $webserver = App::CamelPKI::SysV::Apache->load($webdir);
    ok(! $webserver->is_operational);

    $model_ca->do_ceremony($privdir, $webserver);
    ok($model_ca->instance->is_operational);
    ok($webserver->is_operational);

    my $ca0key = App::CamelPKI::PrivateKey->load(catfile($privdir, "ca0.key"));
    my $ca0cert = App::CamelPKI::Certificate->load(catfile($privdir, "ca0.crt"));
    ok($ca0key->isa("App::CamelPKI::PrivateKey"));
    ok($ca0cert->isa("App::CamelPKI::Certificate"));
    ok($ca0key->get_public_key->equals($ca0cert->get_public_key));
    $ca0cert->as_crypt_openssl_ca_x509->verify
        ($ca0cert->as_crypt_openssl_ca_x509->get_public_key);
    certificate_chain_ok($model_ca->instance->certificate->serialize,
                         [$ca0cert->serialize]);

    my $adminkey = App::CamelPKI::PrivateKey->load
        (catfile($privdir, "admin.key"));
    my $admincert = App::CamelPKI::Certificate->load
        (catfile($privdir, "admin.pem"));
    ok($adminkey->isa("App::CamelPKI::PrivateKey"));
    ok($admincert->isa("App::CamelPKI::Certificate"));
    ok($adminkey->get_public_key->equals($admincert->get_public_key));
    my @certchain = ($model_ca->instance->certificate->serialize,
                     $ca0cert->serialize);
    certificate_chain_ok($admincert->serialize, \@certchain);

    certificate_chain_ok($webserver->certificate->serialize, \@certchain);
};

test "->make_admin_credentials" => sub {
    mkdir(my $dir = catdir(My::Tests::Below->tempdir, "ceremony1"));
    my $model_ca = bless { db_dir => $dir, keysize => 512 },
        "App::CamelPKI::Model::CA";
    $model_ca->do_ceremony($dir, App::CamelPKI::SysV::Apache->load($dir));
    my $admincert = App::CamelPKI::Certificate->load
        (catfile($dir, "admin.pem"));
    ok(! $model_ca->instance->issue_crl->is_member($admincert));

    my ($anotheradmincert, $anotheradminkey) =
        $model_ca->make_admin_credentials();
    ok($anotheradminkey->get_public_key
       ->equals($anotheradmincert->get_public_key));
    ok(! $anotheradmincert->get_public_key
       ->equals($admincert->get_public_key));
    ok(! $model_ca->instance->issue_crl->is_member($anotheradmincert));
    ok($model_ca->instance->issue_crl->is_member($admincert),
       "implicit revocation of previous admin certificates");
};

=end internals

=cut

1;