#!/bin/bash # Test spécifique pour le stockage des clés privées # Vérifie que les clés privées sont stockées pour tous les certificats API_URL="http://localhost:8080/api/v1" echo "=== PKI Private Key Storage Test ===" echo "" # 1. Login TOKEN=$(curl -s -X POST "$API_URL/login" \ -H "Content-Type: application/json" \ -d '{"username":"admin","password":"admin"}' | jq -r '.token') echo "[1] Login successful" echo "" # 2. Create standard certificate (non-CA) echo "[2] Creating standard certificate..." CERT=$(curl -s -X POST "$API_URL/certificates" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"subject":"CN=test-standard.example.com,O=Test,C=FR","validity_days":365}') CERT_ID=$(echo $CERT | jq -r '.certificate.id') echo "✓ Certificate created: $CERT_ID" echo "" # 3. Create Root CA echo "[3] Creating Root CA..." CA=$(curl -s -X POST "$API_URL/ca" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"subject":"CN=Test Root CA,O=Test,C=FR","validity_days":3650}') CA_ID=$(echo $CA | jq -r '.ca.id') echo "✓ Root CA created: $CA_ID" echo "" # 4. Test export with private key for standard cert echo "[4] Testing private key export for standard certificate..." curl -s -H "Authorization: Bearer $TOKEN" \ "$API_URL/certificates/$CERT_ID/export/pem-with-key" \ -o /tmp/cert_test.pem KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" /tmp/cert_test.pem 2>/dev/null || echo "0") CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" /tmp/cert_test.pem 2>/dev/null || echo "0") if [ "$KEY_COUNT" -gt 0 ]; then SIZE=$(stat -c%s /tmp/cert_test.pem) echo "✓ SUCCESS: Standard certificate has private key" echo " - Export size: $SIZE bytes" echo " - Certificates: $CERT_COUNT" echo " - Private keys: $KEY_COUNT" else echo "❌ FAILED: Standard certificate has no private key" fi echo "" # 5. Test export with private key for CA echo "[5] Testing private key export for CA..." curl -s -H "Authorization: Bearer $TOKEN" \ "$API_URL/certificates/$CA_ID/export/pem-with-key" \ -o /tmp/ca_test.pem KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" /tmp/ca_test.pem 2>/dev/null || echo "0") CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" /tmp/ca_test.pem 2>/dev/null || echo "0") if [ "$KEY_COUNT" -gt 0 ]; then SIZE=$(stat -c%s /tmp/ca_test.pem) echo "✓ SUCCESS: CA has private key" echo " - Export size: $SIZE bytes" echo " - Certificates: $CERT_COUNT" echo " - Private keys: $KEY_COUNT" else echo "❌ FAILED: CA has no private key" fi echo "" # 6. Verify MongoDB storage echo "[6] Verifying MongoDB storage..." MONGO_STANDARD=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CERT_ID'}).private_key ? 'YES' : 'NO'" 2>/dev/null | tail -1) MONGO_CA=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CA_ID'}).private_key ? 'YES' : 'NO'" 2>/dev/null | tail -1) if [ "$MONGO_STANDARD" = "YES" ]; then echo "✓ Standard certificate private key stored in MongoDB" else echo "❌ Standard certificate private key NOT in MongoDB" fi if [ "$MONGO_CA" = "YES" ]; then echo "✓ CA private key stored in MongoDB" else echo "❌ CA private key NOT in MongoDB" fi echo "" TOTAL=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.count({private_key: {\$exists: true, \$ne: ''}})" 2>/dev/null | tail -1) echo "Total certificates with private keys in MongoDB: $TOTAL"