.github/workflows/server-https-pkcs12-test.yml

name: "HTTPS connector with PKCS #12 file"

on: workflow_call

env:
  DB_IMAGE: ${{ vars.DB_IMAGE || 'quay.io/389ds/dirsrv' }}

jobs:
  # docs/admin/server/Configuring-HTTPS-Connector-with-PKCS12-File.adoc
  test:
    name: Test
    runs-on: ubuntu-latest
    env:
      SHARED: /tmp/workdir/pki
    steps:
      - name: Clone repository
        uses: actions/checkout@v3

      - name: Retrieve PKI images
        uses: actions/cache@v3
        with:
          key: pki-images-${{ github.sha }}
          path: pki-images.tar

      - name: Load PKI images
        run: docker load --input pki-images.tar

      - name: Create network
        run: docker network create example

      - name: Set up server container
        run: |
          tests/bin/runner-init.sh pki
        env:
          HOSTNAME: pki.example.com

      - name: Connect server container to network
        run: docker network connect example pki --alias pki.example.com

      - name: Create PKI server
        run: |
          docker exec pki pki-server create -v

      - name: Create SSL server cert
        run: |
          docker exec pki keytool -genkeypair \
              -keystore /var/lib/pki/pki-tomcat/conf/keystore.p12 \
              -storetype pkcs12 \
              -storepass Secret.123 \
              -alias "sslserver" \
              -dname "CN=$HOSTNAME" \
              -keyalg RSA \
              -keypass Secret.123
          docker exec pki chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/keystore.p12
          docker exec pki chmod 660 /var/lib/pki/pki-tomcat/conf/keystore.p12

      - name: "Create HTTPS connector with PKCS #12 file"
        run: |
          docker exec pki pki-server http-connector-add \
              --port 8443 \
              --scheme https \
              --secure true \
              --sslEnabled true \
              --sslProtocol SSL \
              Secure
          docker exec pki pki-server http-connector-cert-add \
              --keyAlias sslserver \
              --keystoreType pkcs12 \
              --keystoreFile /var/lib/pki/pki-tomcat/conf/keystore.p12 \
              --keystorePassword Secret.123

      - name: Start PKI server
        run: |
          docker exec pki pki-server start

      - name: Set up client container
        run: |
          tests/bin/runner-init.sh client
        env:
          HOSTNAME: client.example.com

      - name: Connect client container to network
        run: docker network connect example client --alias client.example.com

      - name: Wait for PKI server to start
        run: |
          docker exec client curl \
              --retry 60 \
              --retry-delay 0 \
              --retry-connrefused \
              -s \
              -k \
              -o /dev/null \
              https://pki.example.com:8443

      - name: Stop PKI server
        run: |
          docker exec pki pki-server stop --wait -v

      - name: Remove PKI server
        run: |
          docker exec pki pki-server remove -v

      - name: Gather artifacts from server container
        if: always()
        run: |
          tests/bin/pki-artifacts-save.sh pki
        continue-on-error: true

      - name: Upload artifacts from server container
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: server-https-pkcs12-test
          path: |
            /tmp/artifacts/pki