]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Converted the PKCS #11 test suite to use softhsm
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 5 Apr 2014 08:04:29 +0000 (10:04 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 5 Apr 2014 08:04:29 +0000 (10:04 +0200)
That allows us running it in the normal test suite.

tests/suite/Makefile.am
tests/suite/pkcs11-chainverify.c
tests/suite/testpkcs11 [changed mode: 0644->0755]

index fd199531aeb0160f1fdb77a766c10d6069b328ae..c989e8e4fe66fe24dde4f79777bc5c629218ab7a 100644 (file)
@@ -83,9 +83,11 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c                      \
 
 
 
-nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom
+nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \
+       testpkcs11
 
-TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert
+TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \
+       testpkcs11
 
 if ENABLE_PKCS11
 check_PROGRAMS += pkcs11-chainverify
index 845cfefc5628f771af10c05c6f2e8ba6fc29667d..d990315f0843071884919c972b25ea2a25448fc0 100644 (file)
@@ -36,6 +36,7 @@
 #include "../test-chains.h"
 
 #define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
+#define CONFIG "softhsm.config"
 
 /* GnuTLS internally calls time() to find out the current time when
    verifying certificates.  To avoid a time bomb, we hard code the
@@ -113,7 +114,7 @@ void doit(void)
                gnutls_global_set_log_level(4711);
 
        /* write softhsm.config */
-       fp = fopen("softhsm.config", "w");
+       fp = fopen(CONFIG, "w");
        if (fp == NULL) {
                fprintf(stderr, "error writing softhsm.config\n");
                exit(1);
@@ -121,7 +122,7 @@ void doit(void)
        fputs("0:./softhsm.db\n", fp);
        fclose(fp);
 
-       setenv("SOFTHSM_CONF", "softhsm.config", 0);
+       setenv("SOFTHSM_CONF", CONFIG, 0);
 
        system("softhsm --init-token --slot 0 --label test --so-pin 1234 --pin 1234");
 
@@ -292,6 +293,7 @@ void doit(void)
 
        if (debug)
                printf("Exit status...%d\n", exit_val);
+       remove(CONFIG);
 
        exit(exit_val);
 }
old mode 100644 (file)
new mode 100755 (executable)
index af7e862..6f3ffd2
@@ -36,26 +36,45 @@ fi
 echo "Testing PKCS11 support"
 
 # erase SC
-echo -n "* Erasing smart card... "
-pkcs15-init -E >/dev/null 2>&1
-if test $? = 0;then
-  echo ok
-else
-  echo failed
-  exit 1
-fi
 
-echo -n "* Initializing smart card... "
-pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin 1234 --pin 1234 --puk 111111 --label "GnuTLS-Test" >/dev/null 2>&1
-if test $? = 0;then
-  echo ok
+if test "$1" = "pkcs15";then
+  echo -n "* Erasing smart card... "
+  pkcs15-init -E >/dev/null 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit 1
+  fi
+
+  echo -n "* Initializing smart card... "
+  pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin 1234 --pin 1234 --puk 111111 --label "GnuTLS-Test" >/dev/null 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit 1
+  fi
 else
-  echo failed
-  exit 1
+  export SOFTHSM_CONF="softhsm.config"
+  if test -f /usr/lib/softhsm/libsofthsm.so;then
+    ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+  else
+    ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
+  fi
+
+  echo -n "* Initializing smart card... "
+  softhsm --init-token --slot 0 --label "GnuTLS-Test" --so-pin 1234 --pin 1234 >/dev/null 2>&1
+  if test $? = 0;then
+    echo ok
+  else
+    echo failed
+    exit 1
+  fi
 fi
 
 # find token name
-TOKEN=`$P11TOOL --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
+TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
 
 echo "* Token: $TOKEN"
 if test x"$TOKEN" = x;then
@@ -66,7 +85,7 @@ fi
 export GNUTLS_PIN=1234
 
 echo -n "* Writing a client private key... "
-$P11TOOL --login --write --label gnutls-client2 --load-privkey $srcdir/pkcs11-certs/client.key "$TOKEN" >/dev/null 2>&1
+$P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey $srcdir/pkcs11-certs/client.key "$TOKEN" >/dev/null 2>&1
 if test $? = 0;then
   echo ok
 else
@@ -75,7 +94,7 @@ else
 fi
 
 echo -n "* Generating client private key... "
-$P11TOOL --login --label gnutls-client --generate-rsa --bits 1024 "$TOKEN" >tmp-client.pub 2>&1
+$P11TOOL $ADDITIONAL_PARAM --login --label gnutls-client --generate-rsa --bits 1024 "$TOKEN" >tmp-client.pub 2>&1
 if test $? = 0;then
   echo ok
 else
@@ -84,7 +103,7 @@ else
 fi
 
 echo -n "* Generating client certificate... "
-$CERTTOOL --generate-certificate --load-ca-privkey $srcdir/pkcs11-certs/ca.key --load-ca-certificate $srcdir/pkcs11-certs/ca.crt \
+$CERTTOOL $ADDITIONAL_PARAM  --generate-certificate --load-ca-privkey $srcdir/pkcs11-certs/ca.key --load-ca-certificate $srcdir/pkcs11-certs/ca.crt \
        --template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$TOKEN;object=gnutls-client;object-type=private" \
        --load-pubkey tmp-client.pub > tmp-client.crt 2>/dev/null
 if test $? = 0;then
@@ -95,7 +114,7 @@ else
 fi
 
 echo -n "* Writing client certificate... "
-$P11TOOL --login --write --label gnutls-client --load-certificate tmp-client.crt "$TOKEN" >/dev/null 2>&1
+$P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client --load-certificate tmp-client.crt "$TOKEN" >/dev/null 2>&1
 if test $? = 0;then
   echo ok
 else
@@ -104,7 +123,7 @@ else
 fi
 
 echo -n "* Writing certificate of client's CA... "
-$P11TOOL --login --write --label gnutls-ca --load-certificate $srcdir/pkcs11-certs/ca.crt "$TOKEN" >/dev/null 2>&1
+$P11TOOL $ADDITIONAL_PARAM --so-login --write --trusted --label gnutls-ca --load-certificate $srcdir/pkcs11-certs/ca.crt "$TOKEN" >/dev/null 2>&1
 if test $? = 0;then
   echo ok
 else
@@ -113,7 +132,7 @@ else
 fi
 
 echo -n "* Trying to obtain back the cert... "
-$P11TOOL --export "$TOKEN;object=gnutls-ca;object-type=cert" >crt1.tmp 2>/dev/null
+$P11TOOL $ADDITIONAL_PARAM --export "$TOKEN;object=gnutls-ca;object-type=cert" >crt1.tmp 2>/dev/null
 $DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt
 if test $? != 0;then
        echo "failed. Exported certificate differs!"
@@ -128,7 +147,7 @@ else
 fi
 
 echo -n "* Trying to obtain the full chain... "
-$P11TOOL --export-chain "$TOKEN;object=gnutls-client;object-type=cert"|$CERTTOOL -i >crt1.tmp 2>/dev/null
+$P11TOOL $ADDITIONAL_PARAM --login --export-chain "$TOKEN;object=gnutls-client;object-type=cert"|$CERTTOOL -i >crt1.tmp 2>/dev/null
 
 cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL -i >crt2.tmp
 $DIFF crt1.tmp crt2.tmp
@@ -153,14 +172,14 @@ PID=$!
 wait_server $PID
 
 # connect to server using SC
-$CLI -p $PORT localhost --priority NORMAL --x509cafile=$srcdir/pkcs11-certs/ca.crt </dev/null >/dev/null 2>&1 && \
+$CLI $ADDITIONAL_PARAM  -p $PORT localhost --priority NORMAL --x509cafile=$srcdir/pkcs11-certs/ca.crt </dev/null >/dev/null 2>&1 && \
   fail $PID "Connection should have failed!"
 
-$CLI -p $PORT localhost --priority NORMAL --x509certfile=$srcdir/pkcs11-certs/client.crt \
+$CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile=$srcdir/pkcs11-certs/client.crt \
        --x509keyfile=$srcdir/pkcs11-certs/client.key --x509cafile=$srcdir/pkcs11-certs/ca.crt </dev/null >/dev/null 2>&1 || \
   fail $PID "Connection (with files) should have succeeded!"
 
-$CLI -p $PORT localhost --priority NORMAL --x509certfile="$TOKEN;object=gnutls-client;object-type=cert" \
+$CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$TOKEN;object=gnutls-client;object-type=cert" \
        --x509keyfile="$TOKEN;object=gnutls-client;object-type=private" \
        --x509cafile=$srcdir/pkcs11-certs/ca.crt </dev/null >/dev/null 2>&1 || \
   fail $PID "Connection (with SC) should have succeeded!"