credentials results from the CPAN

credentials
App-CamelPKI
view release on metacpan or search on metacpan
t/acceptance-revoke-certificatesJSON.t view on Meta::CPAN
#!perl -w

use strict;

=head1 NAME

acceptance-revoke-certificatesJSON.t - Revoke certificates using a
client certificate authenticated JSON-RPC call

=head1 DESCRIPTION

In Camel-PKI, revocation occurs in batches across several templates at
once in an ad-hoc fashion: e.g. the revoke operation in the "BB"
template class only stipulates a hostname, and all certificates with
this hostname in all three templates BB1, BB2 and BB3 get revoked at
once.

=cut

use Test::More;

use App::CamelPKI::Certificate;
use App::CamelPKI::PrivateKey;
use App::CamelPKI::CRL;
use App::CamelPKI;
use App::CamelPKI::Test qw(jsoncall_remote plaintextcall_remote);
use App::CamelPKI::Error;

my $webserver = App::CamelPKI->model("WebServer")->apache;
if ($webserver->is_installed_and_has_perl_support && $webserver->is_operational) {
	plan tests => 16;
} else {
	plan skip_all => "Apache is not insalled or Key Ceremnoy has not been done !";
}
$webserver->start(); END { $webserver->stop(); }
$webserver->tail_error_logfile();

my $port = $webserver->https_port();



our ($cert, $key) = App::CamelPKI->model("CA")->make_admin_credentials;

=head1 TEST OVERVIEW

First, make the certificates for the tests.

=cut

our @certs;

my $testhost1 = "foo.example.com";
my $testhost2 = "bar.example.com";

certify("VPN",
        # $certs[0]
        { template => "VPN1", dns      => $testhost1 },
        # $certs[1]
        { template => "VPN1", dns      => $testhost2 },
        );

foreach my $i (0..$#certs) {
    ok($certs[$i]->isa("App::CamelPKI::Certificate"),
       "certificate $i isa App::CamelPKI::Certificate");
    ok(! cert_is_revoked($certs[$i]), "certificate $i is valid");
}

revoke("VPN", { dns => $testhost1 });

ok(! cert_is_revoked($certs[1]), "Cert 1 was not revoked");
ok(cert_is_revoked($certs[0]), "Cert 0 was revoked");


=pod

The SSL template is special, as there is no C<dns> field in SSLClient
certificates.  Therefore it is possible to revoke by C<role>, for this
template group only.

=cut

@certs = ();

certify("SSL",
        { template => "SSLServer", dns => $testhost1 },
        { template => "SSLClient", role => "play" });

is(scalar(@certs), 2, "2 Certificates issued");
grep { ok(! cert_is_revoked($_), "no certs revoked yet") } @certs;

revoke("SSL", { dns => $testhost1 });
ok(cert_is_revoked($certs[0]), "revoked by hostname");
ok(! cert_is_revoked($certs[1]), "not revoked yet");

certify("SSL",
        { template => "SSLServer", dns => $testhost1 });
ok(! cert_is_revoked($certs[2]), "new cert to take the place "
   . "of the one just revoked");

revoke("SSL", { role => "play" });
ok(cert_is_revoked($certs[0]), "still revoked");
ok(cert_is_revoked($certs[1]), "just revoked");
( run in 2.442 seconds using v1.01-cache-2.11-cpan-5837b0d9d2c )