stef
/
pkiapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pkiapi/tests/test_private_keys.sh

98 lines
3.5 KiB
Bash
Raw Blame History

#!/bin/bash
# Test spécifique pour le stockage des clés privées
# Vérifie que les clés privées sont stockées pour tous les certificats
API_URL="http://localhost:8080/api/v1"
echo "=== PKI Private Key Storage Test ==="
echo ""
# 1. Login
TOKEN=$(curl -s -X POST "$API_URL/login" \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin"}' | jq -r '.token')
echo "[1] Login successful"
echo ""
# 2. Create standard certificate (non-CA)
echo "[2] Creating standard certificate..."
CERT=$(curl -s -X POST "$API_URL/certificates" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"subject":"CN=test-standard.example.com,O=Test,C=FR","validity_days":365}')
CERT_ID=$(echo $CERT | jq -r '.certificate.id')
echo "✓ Certificate created: $CERT_ID"
echo ""
# 3. Create Root CA
echo "[3] Creating Root CA..."
CA=$(curl -s -X POST "$API_URL/ca" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"subject":"CN=Test Root CA,O=Test,C=FR","validity_days":3650}')
CA_ID=$(echo $CA | jq -r '.ca.id')
echo "✓ Root CA created: $CA_ID"
echo ""
# 4. Test export with private key for standard cert
echo "[4] Testing private key export for standard certificate..."
curl -s -H "Authorization: Bearer $TOKEN" \
"$API_URL/certificates/$CERT_ID/export/pem-with-key" \
-o /tmp/cert_test.pem
KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" /tmp/cert_test.pem 2>/dev/null || echo "0")
CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" /tmp/cert_test.pem 2>/dev/null || echo "0")
if [ "$KEY_COUNT" -gt 0 ]; then
SIZE=$(stat -c%s /tmp/cert_test.pem)
echo "✓ SUCCESS: Standard certificate has private key"
echo " - Export size: $SIZE bytes"
echo " - Certificates: $CERT_COUNT"
echo " - Private keys: $KEY_COUNT"
else
echo "❌ FAILED: Standard certificate has no private key"
fi
echo ""
# 5. Test export with private key for CA
echo "[5] Testing private key export for CA..."
curl -s -H "Authorization: Bearer $TOKEN" \
"$API_URL/certificates/$CA_ID/export/pem-with-key" \
-o /tmp/ca_test.pem
KEY_COUNT=$(grep -c "BEGIN PRIVATE KEY" /tmp/ca_test.pem 2>/dev/null || echo "0")
CERT_COUNT=$(grep -c "BEGIN CERTIFICATE" /tmp/ca_test.pem 2>/dev/null || echo "0")
if [ "$KEY_COUNT" -gt 0 ]; then
SIZE=$(stat -c%s /tmp/ca_test.pem)
echo "✓ SUCCESS: CA has private key"
echo " - Export size: $SIZE bytes"
echo " - Certificates: $CERT_COUNT"
echo " - Private keys: $KEY_COUNT"
else
echo "❌ FAILED: CA has no private key"
fi
echo ""
# 6. Verify MongoDB storage
echo "[6] Verifying MongoDB storage..."
MONGO_STANDARD=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CERT_ID'}).private_key ? 'YES' : 'NO'" 2>/dev/null | tail -1)
MONGO_CA=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.findOne({_id: '$CA_ID'}).private_key ? 'YES' : 'NO'" 2>/dev/null | tail -1)
if [ "$MONGO_STANDARD" = "YES" ]; then
echo "✓ Standard certificate private key stored in MongoDB"
else
echo "❌ Standard certificate private key NOT in MongoDB"
fi
if [ "$MONGO_CA" = "YES" ]; then
echo "✓ CA private key stored in MongoDB"
else
echo "❌ CA private key NOT in MongoDB"
fi
echo ""
TOTAL=$(docker exec pkiapi-mongo mongosh -u admin -p password --authenticationDatabase admin pkiapi --eval "db.certificates.count({private_key: {\$exists: true, \$ne: ''}})" 2>/dev/null | tail -1)
echo "Total certificates with private keys in MongoDB: $TOTAL"
Reference in New Issue View Git Blame Copy Permalink