From 0063de0d888463c369b77d5d77fdf9911b33db7f Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sun, 11 Dec 2022 22:37:40 +0000
Subject: [PATCH] Allow default CA generation method to be unit-tested

If 'easyrsa' is being run by the unit-test then allow the default method
for 'build-ca' to be exercised.

The default 'easyrsa' method is to use temp-files, generated by EasyRSA,
to pass the CA passphrase, provided by the user, to the SSL command.

The normal 'unit-test' method to use a passphrase is to configure EasyRSA
ommand line options '--passin' and '--passout'.

The change made here is to simulate user-interaction and to supply a
default passphrase, as a user, to the SSL command.
To NOT use EasyRSA command line options to set any passphrase.
ONLY when being run by the unit-test.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 53e691c..55f2576 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1370,23 +1370,34 @@ Please update openssl-easyrsa.cnf to the latest official release."
 		: # passphrase defined
 	else
 		# Assign passphrase vars and temp file
-		p=""
-		q=""
 		in_key_pass_tmp="$(easyrsa_mktemp)" || \
 			die "Failed to create temporary file"
 		out_key_pass_tmp="$(easyrsa_mktemp)" || \
 			die "Failed to create temporary file"
 
-		# Get passphrase
-		prompt="Enter New CA Key Passphrase: "
-		get_passphrase p
+		# Dirty way to unit-test default behavior
+		if [ "$ERSA_UTEST_VERSION" ]; then
+		# Prove this works by changing passwords
+		# use: ERSA_UTEST_VERSION=9 easyrsa build-ca
+			p="EasyRSA"
+			q="EasyRSA"
+			unset -v EASYRSA_PASSIN EASYRSA_PASSOUT
+			warn "SPECIAL unit-test CA password!"
 
-		# Confirm passphrase
-		prompt="Confirm New CA Key Passphrase: "
-		get_passphrase q
+		else
+			p=""
+			q=""
+			# Get passphrase p
+			prompt="Enter New CA Key Passphrase: "
+			get_passphrase p
+
+			# Confirm passphrase q
+			prompt="Confirm New CA Key Passphrase: "
+			get_passphrase q
+		fi
 
 		# Validate passphrase
-		if [ "$p" = "$q" ]; then
+		if [ "$p" ] && [ "$p" = "$q" ]; then
 			printf "%s" "$p" > "$in_key_pass_tmp"
 			printf "%s" "$p" > "$out_key_pass_tmp"
 			unset -v p q