view release on metacpan or  search on metacpan

t/acceptance-revoke-certificatesJSON.t  view on Meta::CPAN

ok(cert_is_revoked($certs[1]), "just revoked");
ok(! cert_is_revoked($certs[2]), "still valid");

=pod

It shall not be possible to revoke all certificates in a template
group at once.

=cut

try {
    revoke("VPN", {});
    fail;
} catch Error with {
    pass "Can't revoke whole group (VPN)";
};


exit; ############################################


=head1 TEST LIBRARY

=head2 certify($shortname, $req1, $req2, ...)

Requests the certificates over JSON-RPC in template $shortname
(e.g. "BB") and appends them to global variable @certs.

=cut

sub certify {
    my ($shortname, @reqs) = @_;
    $shortname = lc($shortname);
    push(@certs, map { App::CamelPKI::Certificate->parse($_->[0]) }
         (@{jsoncall_remote
                ("https://localhost:$port/ca/template/$shortname/certifyJSON",
                 { requests => [ @reqs ]},
             -certificate => $cert, -key => $key)->{keys}}));
}

=head2 cert_is_revoked($certobj)

Returns true if $certobj is currently in the CRL.

=cut

our $crl;

sub cert_is_revoked {
    $crl = App::CamelPKI::CRL->parse
        (plaintextcall_remote("https://localhost:$port/ca/current_crl"))
            unless defined $crl;

    return $crl->is_member(shift);
}

=head2 revoke($shortname, $revokereq)

Sends revocation $revokereq (e.g. C<< { dns => "foo.example.com" } >>)
to the revocation controller named $shortname (e.g. C<BB>).
Invalidates the CRL cache of L</cert_is_revoked>.

=cut

sub revoke {
    my ($shortname, $revokereq) = @_;
    $shortname = lc($shortname);
    jsoncall_remote
        ("https://localhost:$port/ca/template/$shortname/revokeJSON", $revokereq,
         -certificate => $cert, -key => $key);
    undef $crl;
}