Add scripts for integration test setup and docs generation

* Add an OpenPGP test keypair. * Move script parts of documentation into script, so they can be used on a fresh Ubuntu 20.04 system for within a github action to setup a csaf_provider and upload documents to it for an integration test. * Use dineshsonachalam/markdown-autodocs in github action to automatically insert lines from the scripts into the docs. Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
2025-12-22 05:40:11 +01:00 · 2022-04-08 10:04:34 +02:00 · 2022-04-08 10:04:34 +02:00 · 9bbe3e1eb8
commit 9bbe3e1eb8
parent f0359d982d
19 changed files with 637 additions and 69 deletions
--- a/docs/development-client-certs.md
+++ b/docs/development-client-certs.md
@ -10,13 +10,15 @@ would used for server and for client certificates.)
 The following lines directly create the client certificate.
 (As opposed to first creating a certificate signing request and
 then signing it.)
+<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/createCCForITest.sh&lines=15-35) -->
+<!-- The below code snippet is automatically added from ../docs/scripts/createCCForITest.sh -->
+```sh
+cd ~/${FOLDERNAME}

-```bash
-# being in devca1/
 certtool --generate-privkey --outfile testclient1-key.pem

 echo '
-organization = "CSAF Tools Development (internal)"
+organization = "'${ORGANAME}'"
 country = DE
 cn = "TLS Test Client 1"

@ -28,18 +30,23 @@ serial = 020
 expiration_days = 50
 ' > gnutls-certtool.testclient1.template

-certtool --generate-certificate --load-privkey testclient1-key.pem --outfile testclient1.crt --load-ca-certificate rootca-cert.pem --load-ca-privkey rootca-key.pem --template gnutls-certtool.testclient1.template
+certtool --generate-certificate --load-privkey testclient1-key.pem --outfile testclient1.crt --load-ca-certificate rootca-cert.pem --load-ca-privkey rootca-key.pem --template gnutls-certtool.testclient1.template --stdout | head -1

 certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient1.crt --load-privkey testclient1-key.pem --to-p12 --p12-name "Test Client 1" --null-password --outder --outfile testclient1.p12
 ```
+<!-- MARKDOWN-AUTO-DOCS:END -->

 and we do a second one with shorter expiration day:

-```bash
+<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/createCCForITest.sh&lines=34-53) -->
+<!-- The below code snippet is automatically added from ../docs/scripts/createCCForITest.sh -->
+```sh
+certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient1.crt --load-privkey testclient1-key.pem --to-p12 --p12-name "Test Client 1" --null-password --outder --outfile testclient1.p12
+
 certtool --generate-privkey --outfile testclient2-key.pem

 echo '
-organization = "CSAF Tools Development (internal)"
+organization = "'${ORGANAME}'"
 country = DE
 cn = "TLS Test Client 2"

@ -51,13 +58,12 @@ serial = 021
 expiration_days = 1
 ' > gnutls-certtool.testclient2.template

-certtool --generate-certificate --load-privkey testclient2-key.pem --outfile testclient2.crt --load-ca-certificate rootca-cert.pem --load-ca-privkey rootca-key.pem --template gnutls-certtool.testclient2.template
+certtool --generate-certificate --load-privkey testclient2-key.pem --outfile testclient2.crt --load-ca-certificate rootca-cert.pem --load-ca-privkey rootca-key.pem --template gnutls-certtool.testclient2.template --stdout | head -1

 certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient2.crt --load-privkey testclient2-key.pem --to-p12 --p12-name "Test Client 2" --null-password --outder --outfile testclient2.p12
 ```
+<!-- MARKDOWN-AUTO-DOCS:END -->

 In case of many CAs are used to verify the client certificates these should be included in the list of the allowed CA certificates in the `ssl_client_certificate` bundle of nginx.

 E.g. `cat rootca-cert-1.pem rootca-cert-2.pem >> allowedCAs.pem`. Nginx config: `ssl_client_certificate allowedCAs.pem;`
-
-