-
Notifications
You must be signed in to change notification settings - Fork 139
125 lines (105 loc) · 3.61 KB
/
server-https-nss-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: HTTPS connector with NSS database
on: workflow_call
env:
DB_IMAGE: ${{ vars.DB_IMAGE || 'quay.io/389ds/dirsrv' }}
jobs:
# docs/admin/server/Configuring-HTTPS-Connector-with-NSS-Database.adoc
test:
name: Test
runs-on: ubuntu-latest
env:
SHARED: /tmp/workdir/pki
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Retrieve PKI images
uses: actions/cache@v3
with:
key: pki-images-${{ github.sha }}
path: pki-images.tar
- name: Load PKI images
run: docker load --input pki-images.tar
- name: Create network
run: docker network create example
- name: Set up server container
run: |
tests/bin/runner-init.sh pki
env:
HOSTNAME: pki.example.com
- name: Connect server container to network
run: docker network connect example pki --alias pki.example.com
- name: Create PKI server
run: |
docker exec pki pki-server create -v
- name: Create NSS database in PKI server
run: |
docker exec pki pki-server nss-create --no-password
- name: Create SSL server cert
run: |
docker exec pki pki -d /var/lib/pki/pki-tomcat/alias \
nss-cert-request \
--subject "CN=$HOSTNAME" \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr sslserver.csr
docker exec pki pki -d /var/lib/pki/pki-tomcat/alias \
nss-cert-issue \
--csr sslserver.csr \
--ext /usr/share/pki/server/certs/sslserver.conf \
--cert sslserver.crt
docker exec pki pki -d /var/lib/pki/pki-tomcat/alias \
nss-cert-import \
--cert sslserver.crt \
sslserver
- name: Create HTTPS connector with NSS database
run: |
docker exec pki pki-server jss-enable
docker exec pki pki-server http-connector-add \
--port 8443 \
--scheme https \
--secure true \
--sslEnabled true \
--sslProtocol SSL \
--sslImpl org.dogtagpki.jss.tomcat.JSSImplementation \
Secure
docker exec pki pki-server http-connector-cert-add \
--keyAlias sslserver \
--keystoreType pkcs11 \
--keystoreProvider Mozilla-JSS
- name: Start PKI server
run: |
docker exec pki pki-server start
- name: Set up client container
run: |
tests/bin/runner-init.sh client
env:
HOSTNAME: client.example.com
- name: Connect client container to network
run: docker network connect example client --alias client.example.com
- name: Wait for PKI server to start
run: |
docker exec client curl \
--retry 60 \
--retry-delay 0 \
--retry-connrefused \
-s \
-k \
-o /dev/null \
https://pki.example.com:8443
- name: Stop PKI server
run: |
docker exec pki pki-server stop --wait -v
- name: Remove PKI server
run: |
docker exec pki pki-server remove -v
- name: Gather artifacts from server container
if: always()
run: |
tests/bin/pki-artifacts-save.sh pki
continue-on-error: true
- name: Upload artifacts from server container
if: always()
uses: actions/upload-artifact@v3
with:
name: server-https-nss-test
path: |
/tmp/artifacts/pki