138 lines
4.5 KiB
Bash
138 lines
4.5 KiB
Bash
#!/bin/bash
|
|
|
|
# Script de test pour la fonctionnalité d'export de certificats
|
|
|
|
API_URL="http://localhost:8080/api/v1"
|
|
EXPORT_DIR="/tmp/pki_exports"
|
|
|
|
echo "=== PKI Certificate Export Test ==="
|
|
echo ""
|
|
|
|
# Créer le répertoire d'export
|
|
mkdir -p "$EXPORT_DIR"
|
|
echo "[*] Répertoire d'export: $EXPORT_DIR"
|
|
|
|
# 1. Obtenir un token
|
|
echo "[1] Obtention du token..."
|
|
TOKEN_RESP=$(curl -s -X POST "$API_URL/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"username":"admin","password":"admin"}')
|
|
|
|
TOKEN=$(echo $TOKEN_RESP | jq -r '.token')
|
|
if [ "$TOKEN" = "null" ] || [ -z "$TOKEN" ]; then
|
|
echo "❌ Erreur: impossible d'obtenir le token"
|
|
exit 1
|
|
fi
|
|
echo "✓ Token reçu: ${TOKEN:0:50}..."
|
|
echo ""
|
|
|
|
# 2. Créer un certificat
|
|
echo "[2] Création d'un certificat..."
|
|
CERT_RESP=$(curl -s -X POST "$API_URL/certificates" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"subject":"CN=test.example.com,O=Test,C=FR",
|
|
"validity_days":365
|
|
}')
|
|
|
|
CERT_ID=$(echo $CERT_RESP | jq -r '.certificate.id')
|
|
if [ "$CERT_ID" = "null" ] || [ -z "$CERT_ID" ]; then
|
|
echo "❌ Erreur: impossible de créer le certificat"
|
|
echo "Réponse: $CERT_RESP"
|
|
exit 1
|
|
fi
|
|
echo "✓ Certificat créé: $CERT_ID"
|
|
echo ""
|
|
|
|
# 3. Exporter en PEM
|
|
echo "[3] Export PEM..."
|
|
curl -s -H "Authorization: Bearer $TOKEN" \
|
|
"$API_URL/certificates/$CERT_ID/export/pem" \
|
|
-o "$EXPORT_DIR/cert.pem"
|
|
if [ -f "$EXPORT_DIR/cert.pem" ] && [ -s "$EXPORT_DIR/cert.pem" ]; then
|
|
echo "✓ Export PEM réussi: $(stat -f%z "$EXPORT_DIR/cert.pem" 2>/dev/null || stat -c%s "$EXPORT_DIR/cert.pem") bytes"
|
|
head -2 "$EXPORT_DIR/cert.pem"
|
|
else
|
|
echo "❌ Erreur: export PEM échoué"
|
|
fi
|
|
echo ""
|
|
|
|
# 4. Exporter en DER
|
|
echo "[4] Export DER..."
|
|
curl -s -H "Authorization: Bearer $TOKEN" \
|
|
"$API_URL/certificates/$CERT_ID/export/der" \
|
|
-o "$EXPORT_DIR/cert.der"
|
|
if [ -f "$EXPORT_DIR/cert.der" ] && [ -s "$EXPORT_DIR/cert.der" ]; then
|
|
echo "✓ Export DER réussi: $(stat -f%z "$EXPORT_DIR/cert.der" 2>/dev/null || stat -c%s "$EXPORT_DIR/cert.der") bytes"
|
|
else
|
|
echo "❌ Erreur: export DER échoué"
|
|
fi
|
|
echo ""
|
|
|
|
# 5. Exporter avec clé privée
|
|
echo "[5] Export PEM avec clé privée..."
|
|
curl -s -H "Authorization: Bearer $TOKEN" \
|
|
"$API_URL/certificates/$CERT_ID/export/pem-with-key" \
|
|
-o "$EXPORT_DIR/cert_with_key.pem"
|
|
if [ -f "$EXPORT_DIR/cert_with_key.pem" ] && [ -s "$EXPORT_DIR/cert_with_key.pem" ]; then
|
|
FILE_SIZE=$(stat -c%s "$EXPORT_DIR/cert_with_key.pem" 2>/dev/null)
|
|
echo "✓ Export PEM+clé réussi: $FILE_SIZE bytes"
|
|
CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" "$EXPORT_DIR/cert_with_key.pem")
|
|
KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" "$EXPORT_DIR/cert_with_key.pem")
|
|
echo " - Certificats trouvés: $CERT_COUNT"
|
|
echo " - Clés privées trouvées: $KEY_COUNT"
|
|
else
|
|
echo "❌ Erreur: export PEM+clé échoué"
|
|
fi
|
|
echo ""
|
|
|
|
# 6. Créer une CA et exporter la chaîne
|
|
echo "[6] Création d'une CA et chaîne de certificats..."
|
|
CA_RESP=$(curl -s -X POST "$API_URL/ca" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"subject":"CN=Test Root CA,O=Test,C=FR",
|
|
"validity_days":3650
|
|
}')
|
|
|
|
CA_ID=$(echo $CA_RESP | jq -r '.ca.id')
|
|
if [ "$CA_ID" != "null" ] && [ -n "$CA_ID" ]; then
|
|
echo "✓ CA créée: $CA_ID"
|
|
|
|
# Créer un certificat signé par la CA
|
|
SIGNED_RESP=$(curl -s -X POST "$API_URL/certificates/sign" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"ca_id\":\"$CA_ID\",
|
|
\"subject\":\"CN=signed.example.com,O=Test,C=FR\",
|
|
\"validity_days\":365
|
|
}")
|
|
|
|
SIGNED_ID=$(echo $SIGNED_RESP | jq -r '.certificate.id')
|
|
if [ "$SIGNED_ID" != "null" ] && [ -n "$SIGNED_ID" ]; then
|
|
echo "✓ Certificat signé créé: $SIGNED_ID"
|
|
|
|
# Exporter la chaîne
|
|
echo "[7] Export chaîne de certificats..."
|
|
curl -s -H "Authorization: Bearer $TOKEN" \
|
|
"$API_URL/certificates/$SIGNED_ID/export/chain" \
|
|
-o "$EXPORT_DIR/cert_chain.pem"
|
|
if [ -f "$EXPORT_DIR/cert_chain.pem" ] && [ -s "$EXPORT_DIR/cert_chain.pem" ]; then
|
|
CHAIN_COUNT=$(grep -c "BEGIN CERTIFICATE" "$EXPORT_DIR/cert_chain.pem")
|
|
echo "✓ Export chaîne réussi: $(stat -f%z "$EXPORT_DIR/cert_chain.pem" 2>/dev/null || stat -c%s "$EXPORT_DIR/cert_chain.pem") bytes ($CHAIN_COUNT certificats)"
|
|
else
|
|
echo "❌ Erreur: export chaîne échoué"
|
|
fi
|
|
fi
|
|
fi
|
|
echo ""
|
|
|
|
# Résumé des fichiers
|
|
echo "=== Résumé des exports ==="
|
|
ls -lh "$EXPORT_DIR" | tail -n +2
|
|
echo ""
|
|
echo "✓ Test d'export complété. Fichiers disponibles dans: $EXPORT_DIR"
|