From 3e7f64dfe85352dece3c5a2019f68cc59cbf8a41 Mon Sep 17 00:00:00 2001
From: Peter Eckersley <pde@eff.org>
Date: Wed, 4 Jan 2017 17:53:41 -0800
Subject: [PATCH] Pre-release variant of OCSP testing

---
 .../scripts/test_ocsp_experimental.sh         | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100755 tests/letstest/scripts/test_ocsp_experimental.sh

diff --git a/tests/letstest/scripts/test_ocsp_experimental.sh b/tests/letstest/scripts/test_ocsp_experimental.sh
new file mode 100755
index 000000000..686d4c2e4
--- /dev/null
+++ b/tests/letstest/scripts/test_ocsp_experimental.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -x
+
+# $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL are dynamically set at execution
+
+# with curl, instance metadata available from EC2 metadata service:
+#public_host=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-hostname)
+#public_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/public-ipv4)
+#private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4)
+
+cd letsencrypt
+export PATH="$PWD/letsencrypt-auto-source:$PATH"
+letsencrypt-auto-source/letsencrypt-auto --os-packages-only --debug --version
+tools/venv.sh
+sudo ../../../venv/bin/certbot certonly --no-self-upgrade -v --standalone --debug \
+                   --text --agree-dev-preview --agree-tos \
+                   --renew-by-default --redirect \
+                   --register-unsafely-without-email \
+                   --domain $PUBLIC_HOSTNAME --server $BOULDER_URL
+
+# we have to jump through some hoops to cope with relative paths in renewal
+# conf files ...
+# 1. be in the right directory
+cd tests/letstest/testdata/
+
+# 2. refer to the config with the same level of relativitity that it itself
+# contains :/
+sudo ../../../venv/bin/certbot certificates  -v --config-dir sample-config
+TEST_CERTS=`sudo ../../../venv/bin/certbot certificates --config-dir sample-config | grep TEST_CERT | wc -l`
+REVOKED=`sudo ../../../venv/bin/certbot certificates --config-dir sample-config | grep REVOKED | wc -l`
+
+if [ "$TEST_CERTS" != 2 ] ; then
+    echo Did not find two test certs as expected ("$TEST_CERTS")
+    exit 1
+fi
+
+if [ "$REVOKED" != 1 ] ; then
+    echo Did not find one revoked cert as expected ("$REVOKED")
+    exit 1
+fi