Merge pull request #727 from buchdag/ci-fix

Fix LETSENCRYPT_KEYSIZE feature and tests

app/cleanup_test_artifacts

@@ -31,10 +31,16 @@ done
 for domain in le1.wtf le2.wtf le3.wtf le4.wtf lim.it; do
     folder="/etc/nginx/certs/$domain"
     [[ -d "$folder" ]] && rm -rf "$folder"
+    folder="/etc/acme.sh/default/$domain"
+    [[ -d "$folder" ]] && rm -rf "$folder"
+    folder="/etc/acme.sh/default/${domain}_ecc"
+    [[ -d "$folder" ]] && rm -rf "$folder"
     location_file="/etc/nginx/vhost.d/$domain"
     [[ -f "$location_file" ]] && rm -rf "$location_file" 2> /dev/null
     for extension in key crt chain.pem dhparam.pem; do
         symlink="/etc/nginx/certs/${domain}.${extension}"
         [[ -L "$symlink" ]] && rm -rf "$symlink"
     done
 done
+
+exit 0

app/letsencrypt_service

@@ -143,7 +143,7 @@ function update_cert {
 
     local -n cert_keysize="LETSENCRYPT_${cid}_KEYSIZE"
     if [[ -z "$cert_keysize" || "$cert_keysize" == "<no value>" ]] || \
-        [[ ! "$cert_keysize" =~ ^(2048|3072|4096|8192|ec-256|ec-384|ec-512)$ ]]; then
+        [[ ! "$cert_keysize" =~ ^(2048|3072|4096|ec-256|ec-384)$ ]]; then
         cert_keysize=$DEFAULT_KEY_SIZE
     fi
     params_issue_arr+=(--keylength "$cert_keysize")
@@ -281,7 +281,9 @@ function update_cert {
         # Using amce.sh --preferred-chain to select alternate chain.
         params_issue_arr+=(--preferred-chain "$acme_preferred_chain")
     fi
-    [[ "$RENEW_PRIVATE_KEYS" == false || "$REUSE_PRIVATE_KEYS" == true ]] && params_issue_arr+=(--always-force-new-domain-key)
+    if [[ "$RENEW_PRIVATE_KEYS" != 'false' && "$REUSE_PRIVATE_KEYS" != 'true' ]]; then
+        params_issue_arr+=(--always-force-new-domain-key)      
+    fi
     [[ "${2:-}" == "--force-renew" ]] && params_issue_arr+=(--force)
 
     # Create directory for the first domain

docs/Let's-Encrypt-and-ACME.md

@@ -50,7 +50,7 @@ The `LETSENCRYPT_EMAIL` environment variable must be a valid email and will be u
 
 #### Private key size
 
-The `LETSENCRYPT_KEYSIZE` environment variable determines the type and size of the requested key. Supported values are `2048`, `3072`, `4096` and `8192` for RSA keys, and `ec-256`, `ec-384` or `ec-512` for elliptic curve keys. The default is RSA 4096.
+The `LETSENCRYPT_KEYSIZE` environment variable determines the type and size of the requested key. Supported values are `2048`, `3072` and `4096` for RSA keys, and `ec-256` or `ec-384` for elliptic curve keys. The default is RSA 4096.
 
 #### Test certificates
 

test/config.sh

@@ -1,12 +1,7 @@
 #!/bin/bash
 set -e
 
-testAlias+=(
-	[jrcs/letsencrypt-nginx-proxy-companion]='le-companion'
-)
-
-imageTests+=(
-	[le-companion]='
+globalTests+=(
 	docker_api
 	location_config
 	default_cert
@@ -21,5 +16,4 @@ imageTests+=(
 	permissions_default
 	permissions_custom
 	symlinks
-	'
 )

test/tests/acme_accounts/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/certs_san/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/certs_single/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/certs_single_domain/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/certs_standalone/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/default_cert/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/force_renew/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/permissions_custom/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/permissions_default/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/private_keys/expected-std-out.txt

@@ -0,0 +1 @@
+

test/tests/private_keys/run.sh

@@ -27,12 +27,11 @@ trap cleanup EXIT
 
 declare -A key_types
 key_types=( \
-  ['1024']='RSA Public-Key: (1024 bit)' \
   ['2048']='RSA Public-Key: (2048 bit)' \
+  ['3072']='RSA Public-Key: (3072 bit)' \
   ['4096']='RSA Public-Key: (4096 bit)' \
-  ['ec256']='secp256r1' \
-  ['ec384']='secp384r1' \
-  ['ec512']='secp512r1' \
+  ['ec-256']='prime256v1' \
+  ['ec-384']='secp384r1' \
 )
 
 for key in "${!key_types[@]}"; do
@@ -42,7 +41,7 @@ for key in "${!key_types[@]}"; do
     --name "${key}" \
     -e "VIRTUAL_HOST=${domains[0]}" \
     -e "LETSENCRYPT_HOST=${domains[0]}" \
-    -e "LETSENCRYPT_PRIVATE_KEY=${key}" \
+    -e "LETSENCRYPT_KEYSIZE=${key}" \
     --network boulder_bluenet \
     nginx:alpine > /dev/null;
   then
@@ -54,14 +53,15 @@ for key in "${!key_types[@]}"; do
   # Grep the expected string from the public key in text form.
   if wait_for_symlink "${domains[0]}" "$le_container_name"; then
     public_key=$(docker exec "$le_container_name" openssl pkey -in "/etc/nginx/certs/${domains[0]}.key" -noout -text_pub)
-    if ! grep "${key_types[$key]}" <<< "$public_key"; then
+    if ! grep -q "${key_types[$key]}" <<< "$public_key"; then
       echo "Keys for test $key were not of the correct type, expected ${key_types[$key]} and got the following:"
       echo "$public_key"
     fi
+  else
+    echo "${key_types[$key]} key test timed out"
   fi
 
   docker stop "${key}" &> /dev/null
-  docker exec "$le_container_name" rm -rf /etc/nginx/certs/le?.wtf*
-  docker exec "$le_container_name" rm -rf /etc/acme.sh/default/le?.wtf*
+  docker exec "$le_container_name" /app/cleanup_test_artifacts
 
 done

test/tests/unit_tests/expected-std-out.txt

@@ -0,0 +1 @@
+