Clean up tests for CA with ECC and RSA/PSS

dogtagpki · Aug 1, 2023 · 9e15dad · 9e15dad
1 parent 01cbe5d
commit 9e15dad
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 54 deletions.
diff --git a/.github/workflows/ca-ecc-test.yml b/.github/workflows/ca-ecc-test.yml
@@ -61,6 +61,27 @@ jobs:
               -D pki_enable_access_log=False \
               -v
 
+      - name: Check system cert keys
+        run: |
+          echo Secret.123 > password.txt
+          docker exec pki certutil -K -d /etc/pki/pki-tomcat/alias -f ${SHARED}/password.txt | tee output
+          echo "ec" > expected
+
+          grep ca_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep ca_ocsp_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep ca_audit_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep subsystem output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep sslserver output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
       - name: Check CA signing cert
         run: |
           docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
@@ -86,31 +107,6 @@ jobs:
           docker exec pki pki-server cert-export sslserver --cert-file sslserver.crt
           docker exec pki openssl x509 -text -noout -in sslserver.crt
 
-      - name: Check CA admin cert
-        run: |
-          docker exec pki openssl x509 -text -noout -in /root/.dogtag/pki-tomcat/ca_admin.cert
-
-      - name: Verify that system certs have ECC keys
-        run: |
-          docker exec pki bash -c "echo Secret.123 > password.txt"
-          docker exec pki certutil -K -d /etc/pki/pki-tomcat/alias -f password.txt | tee output
-          echo "ec" > expected
-
-          grep ca_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep ca_ocsp_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep ca_audit_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep subsystem output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep sslserver output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
       - name: Run PKI healthcheck
         run: docker exec pki pki-healthcheck --failures-only
 
@@ -123,6 +119,10 @@ jobs:
               --pkcs12-password Secret.123
           docker exec pki pki -n caadmin ca-user-show caadmin
 
+      - name: Check CA admin cert
+        run: |
+          docker exec pki openssl x509 -text -noout -in /root/.dogtag/pki-tomcat/ca_admin.cert
+
       - name: Check cert requests in CA
         run: |
           docker exec pki pki -n caadmin ca-cert-request-find

diff --git a/.github/workflows/ca-rsa-pss-test.yml b/.github/workflows/ca-rsa-pss-test.yml
@@ -72,6 +72,27 @@ jobs:
               -D pki_request_id_generator=random \
               -v
 
+      - name: Check system cert keys
+        run: |
+          echo Secret.123 > password.txt
+          docker exec pki certutil -K -d /etc/pki/pki-tomcat/alias -f ${SHARED}/password.txt | tee output
+          echo "rsa" > expected
+
+          grep ca_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep ca_ocsp_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep ca_audit_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep subsystem output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
+          grep sslserver output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
+          diff expected actual
+
       - name: Check CA signing cert
         run: |
           docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
@@ -117,35 +138,6 @@ jobs:
           sed -n "/^\s*Signature Algorithm:/ {s/^.*:\s*\(\S*\)\s*$/\1/p;q}" output > actual
           diff expected actual
 
-      - name: Check CA admin cert
-        run: |
-          docker exec pki openssl x509 -text -noout -in /root/.dogtag/pki-tomcat/ca_admin.cert | tee output
-
-          echo "rsassaPss" > expected
-          sed -n "/^\s*Signature Algorithm:/ {s/^.*:\s*\(\S*\)\s*$/\1/p;q}" output > actual
-          diff expected actual
-
-      - name: Verify that system certs have RSA keys
-        run: |
-          echo Secret.123 > password.txt
-          docker exec pki certutil -K -d /etc/pki/pki-tomcat/alias -f ${SHARED}/password.txt | tee output
-          echo "rsa" > expected
-
-          grep ca_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep ca_ocsp_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep ca_audit_signing output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep subsystem output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
-          grep sslserver output | sed -n 's/<.*>\s\(\S\+\)\s.*/\1/p' > actual
-          diff expected actual
-
       - name: Run PKI healthcheck
         run: docker exec pki pki-healthcheck --failures-only
 
@@ -158,6 +150,14 @@ jobs:
               --pkcs12-password Secret.123
           docker exec pki pki -n caadmin ca-user-show caadmin
 
+      - name: Check CA admin cert
+        run: |
+          docker exec pki openssl x509 -text -noout -in /root/.dogtag/pki-tomcat/ca_admin.cert | tee output
+
+          echo "rsassaPss" > expected
+          sed -n "/^\s*Signature Algorithm:/ {s/^.*:\s*\(\S*\)\s*$/\1/p;q}" output > actual
+          diff expected actual
+
       - name: Check cert requests in CA
         run: |
           docker exec pki pki -n caadmin ca-cert-request-find