Some basic tests of generated BPKI certs

svn path=/myrpki/Makefile; revision=2570

2 files changed, 20 insertions, 0 deletions

diff --git a/myrpki/Makefile b/myrpki/Makefile
index d36a5906..4aaeb0b5 100644
--- a/myrpki/Makefile
+++ b/myrpki/Makefile
@@ -35,3 +35,6 @@ format: myrpki.xml
 
 graph:
 	for b in  bpki.myrpki bpki.rpkid bpki.pubd bpki.rootd; do python ../scripts/x509-dot.py $$b | dot -T ps2 | ps2pdf - $$b/graph.pdf; done
+
+verify:
+	sh verify-bpki.sh
diff --git a/myrpki/verify-bpki.sh b/myrpki/verify-bpki.sh
new file mode 100644
index 00000000..655807cb
--- /dev/null
+++ b/myrpki/verify-bpki.sh
@@ -0,0 +1,17 @@
+#!/bin/sh -
+# $Id$
+#
+# Tests of generated BPKI certificates.
+
+find bpki.* -name '*.crl' | sed 's=^\(.*\)/\(.*\)$=echo -n "&: "; openssl crl -CAfile \1/ca.cer -noout -in &=' | sh
+
+find bpki.* -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer' | sed 's=^\(.*\)/.*$=openssl verify -CAfile \1/ca.cer &=' | sh
+
+# This won't work once there are more certs in the picture, but will
+# suffice as an initial test of the pathlen-restricted
+# cross-certification.
+
+for bpki in bpki.pubd bpki.rpkid
+do
+  openssl verify -verbose -CAfile $bpki/ca.cer -untrusted $bpki/xcert.*.cer bpki.myrpki/bsc.*.cer
+done