tests/email-dns: Init

This test is somewhat involved, but tries to exercise our full mail
handling capabilities.
It effectively only tests that alice can send a message to bob, but it
checks nearly all security mechanisms (DNSSEC is currently still missing).

1 files changed, 44 insertions, 0 deletions

diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client
new file mode 100755
index 0000000..5930298
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client
@@ -0,0 +1,44 @@
+#! /usr/bin/env sh
+
+# Take the correct binary to create the certificates
+CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
+if [ -z "$CERTTOOL" ]; then
+    echo "ERROR: No certtool found" >&2
+    exit 1
+fi
+
+NAME=client
+if [ $# -gt 0 ]; then
+    NAME="$1"
+fi
+
+# Create a client key.
+$CERTTOOL \
+    --generate-privkey \
+    --sec-param "$SEC_PARAM" \
+    --key-type "$KEY_TYPE" \
+    --outfile "$NAME".key.pem
+
+chmod 600 "$NAME".key.pem
+
+# Sign a client cert with the key.
+cat <<EOF >"$NAME".template
+dns_name = "$NAME"
+dns_name = "$SAN"
+expiration_days = $EXPIRATION_DAYS
+organization = $ORGANIZATION
+encryption_key
+signing_key
+EOF
+
+$CERTTOOL \
+    --generate-certificate \
+    --load-privkey "$NAME".key.pem \
+    --load-ca-certificate ca.cert.pem \
+    --load-ca-privkey ca.key.pem \
+    --template "$NAME".template \
+    --outfile "$NAME".cert.pem
+
+chmod 600 "$NAME".cert.pem
+
+# vim: ft=sh