Tests: Add intermediate certificate tests to the sign-verify cases

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2020-06-05 18:34:55 -07:00 · 2020-06-05 18:34:55 -07:00 · 6c2b07fa1c
commit 6c2b07fa1c
parent df27a417b9
5 changed files with 70 additions and 13 deletions
--- a/tests/sign-attach-verify.sh
+++ b/tests/sign-attach-verify.sh
@ -3,7 +3,19 @@
 sig="test.sig"
 signed="test.signed"

-"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image"
-cp "$image" "$signed"
-"$sbattach" --attach "$sig" "$signed"
-"$sbverify" --cert "$cert" "$signed"
+"$sbsign" --cert "$cert" --key "$key" --detached --output "$sig" "$image" || exit 1
+cp "$image" "$signed" || exit 1
+"$sbattach" --attach "$sig" "$signed" || exit 1
+"$sbverify" --cert "$cert" "$signed" || exit 1
+"$sbverify" --cert "$intcert" "$signed" || exit 1
+# there's no intermediate cert in the image so it can't chain to the ca which
+# is why this should fail
+"$sbverify" --cert "$cacert" "$signed" && exit 1
+
+# now add intermediates
+"$sbsign" --cert "$cert" --key "$key" --addcert "$intcert" --detached --output "$sig" "$image" || exit 1
+cp "$image" "$signed" || exit 1
+"$sbattach" --attach "$sig" "$signed" || exit 1
+"$sbverify" --cert "$cert" "$signed" || exit 1
+"$sbverify" --cert "$intcert" "$signed" || exit 1
+"$sbverify" --cert "$cacert" "$signed" || exit 1