88 lines
3.0 KiB
Bash
88 lines
3.0 KiB
Bash
#!/bin/bash
|
|
|
|
API_URL="http://localhost:8080/api/v1"
|
|
EXPORT_DIR="/tmp/pki_privkey_test"
|
|
mkdir -p "$EXPORT_DIR"
|
|
|
|
echo "=== Test: Private Key Storage for All Certificates ==="
|
|
echo ""
|
|
|
|
# 1. Login
|
|
TOKEN=$(curl -s -X POST "$API_URL/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"username":"admin","password":"admin"}' | jq -r '.token')
|
|
echo "[1] Token obtenu"
|
|
echo ""
|
|
|
|
# 2. Créer un certificat standard (non-CA)
|
|
CERT_RESP=$(curl -s -X POST "$API_URL/certificates" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"subject":"CN=test-standard.example.com,O=Test,C=FR",
|
|
"validity_days":365
|
|
}')
|
|
|
|
CERT_ID=$(echo $CERT_RESP | jq -r '.certificate.id')
|
|
echo "[2] Certificat standard créé: $CERT_ID"
|
|
echo ""
|
|
|
|
# 3. Exporter avec clé privée
|
|
echo "[3] Test export PEM+clé pour certificat standard..."
|
|
curl -s -H "Authorization: Bearer $TOKEN" \
|
|
"$API_URL/certificates/$CERT_ID/export/pem-with-key" \
|
|
-o "$EXPORT_DIR/standard_cert_with_key.pem"
|
|
|
|
if [ -f "$EXPORT_DIR/standard_cert_with_key.pem" ]; then
|
|
FILE_SIZE=$(stat -c%s "$EXPORT_DIR/standard_cert_with_key.pem")
|
|
CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" "$EXPORT_DIR/standard_cert_with_key.pem" 2>/dev/null || echo "0")
|
|
KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" "$EXPORT_DIR/standard_cert_with_key.pem" 2>/dev/null || echo "0")
|
|
|
|
if [ "$FILE_SIZE" -gt 100 ] && [ "$KEY_COUNT" -gt 0 ]; then
|
|
echo "✓ SUCCESS: Clé privée présente dans l'export!"
|
|
echo " - Taille du fichier: $FILE_SIZE bytes"
|
|
echo " - Certificats trouvés: $CERT_COUNT"
|
|
echo " - Clés privées trouvées: $KEY_COUNT"
|
|
echo ""
|
|
echo " Aperçu:"
|
|
head -3 "$EXPORT_DIR/standard_cert_with_key.pem"
|
|
echo " ..."
|
|
else
|
|
echo "❌ FAILED: Pas de clé privée trouvée"
|
|
cat "$EXPORT_DIR/standard_cert_with_key.pem"
|
|
fi
|
|
else
|
|
echo "❌ FAILED: Fichier non créé"
|
|
fi
|
|
echo ""
|
|
|
|
# 4. Vérifier directement dans MongoDB
|
|
echo "[4] Vérification directe dans MongoDB..."
|
|
MONGO_COUNT=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CERT_ID'}).private_key ? 'HAS_KEY' : 'NO_KEY'" 2>/dev/null | tail -1)
|
|
|
|
if [ "$MONGO_COUNT" = "HAS_KEY" ]; then
|
|
echo "✓ Clé privée présente dans MongoDB pour le certificat standard"
|
|
else
|
|
echo "❌ Clé privée absente dans MongoDB"
|
|
fi
|
|
echo ""
|
|
|
|
# 5. Créer une CA et vérifier aussi
|
|
CA_RESP=$(curl -s -X POST "$API_URL/ca" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"subject":"CN=Test Root CA,O=Test,C=FR","validity_days":3650}')
|
|
|
|
CA_ID=$(echo $CA_RESP | jq -r '.ca.id')
|
|
echo "[5] CA créée: $CA_ID"
|
|
|
|
MONGO_CA_COUNT=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CA_ID'}).private_key ? 'HAS_KEY' : 'NO_KEY'" 2>/dev/null | tail -1)
|
|
|
|
if [ "$MONGO_CA_COUNT" = "HAS_KEY" ]; then
|
|
echo "✓ Clé privée présente dans MongoDB pour la CA"
|
|
else
|
|
echo "❌ Clé privée absente pour la CA"
|
|
fi
|
|
echo ""
|
|
|
|
echo "=== Test complété ===" |