PKCS #11 tests: ported to softhsmv2

The C programs still rely on softhsmv1 since there
are issues with softhsmv2 and CKA_TRUSTED.
https://bugzilla.redhat.com/show_bug.cgi?id=1177086

diff --git a/tests/suite/pkcs11-chainverify.c b/tests/suite/pkcs11-chainverify.c
index 1e5e065957e9f4a93d797119c6fdc95d3c352c66..7b5d4ce7556ba9d55cd924ff10a90e95f3f1532c 100644 (file)
--- a/tests/suite/pkcs11-chainverify.c
+++ b/tests/suite/pkcs11-chainverify.c
@@ -36,8 +36,7 @@
 #include "softhsm.h"
 #include "../test-chains.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
-#define CONFIG "softhsm.config"
+#define CONFIG "softhsm-chainverify.config"
 
 #define DEFAULT_THEN 1256803113
 static time_t then = DEFAULT_THEN;
@@ -75,12 +74,10 @@ void doit(void)
        int exit_val = 0;
        size_t i;
        int ret;
-       FILE *fp;
        const char *lib, *bin;
        gnutls_typed_vdata_st vdata[2];
        char buf[128];
 
-       unsetenv("SOFTHSM_CONF");
        /* The overloading of time() seems to work in linux (ELF?)
         * systems only. Disable it on windows.
         */
@@ -104,17 +101,7 @@ void doit(void)
        if (debug)
                gnutls_global_set_log_level(4711);
 
-       /* write softhsm.config */
-       fp = fopen(CONFIG, "w");
-       if (fp == NULL) {
-               fprintf(stderr, "error writing softhsm.config\n");
-               exit(1);
-       }
-       fputs("0:./softhsm.db\n", fp);
-       fclose(fp);
-
-       setenv("SOFTHSM_CONF", CONFIG, 0);
-
+       set_softhsm_conf(CONFIG);
        snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin 1234 --pin 1234", bin);
        system(buf);
 
@@ -215,14 +202,14 @@ void doit(void)
                        printf("\tVerifying...");
 
                /* initialize softhsm token */
-               ret = gnutls_pkcs11_token_init(URL, "1234", "test");
+               ret = gnutls_pkcs11_token_init(SOFTHSM_URL, "1234", "test");
                if (ret < 0) {
                        fail("gnutls_pkcs11_token_init\n");
                        exit(1);
                }
 
                /* write CA certificate to softhsm */
-               ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|
+               ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|
                        GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|
                        GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
                if (ret < 0) {
@@ -232,7 +219,7 @@ void doit(void)
 
                gnutls_x509_trust_list_init(&tl, 0);
 
-               ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+               ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
                if (ret < 0) {
                        fail("gnutls_x509_trust_list_add_trust_file: %s\n", gnutls_strerror(ret));
                        exit(1);

diff --git a/tests/suite/pkcs11-combo.c b/tests/suite/pkcs11-combo.c
index afe59e566d217dd2199d2f62292bc11beae09dc9..f2effbd3889a31ccbaa01582e74b363f1cdada13 100644 (file)
--- a/tests/suite/pkcs11-combo.c
+++ b/tests/suite/pkcs11-combo.c
@@ -41,7 +41,6 @@
 #include "../test-chains.h"
 #include "softhsm.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define NAME "softhsm-combo"
 #define CONFIG NAME".config"
 
@@ -260,7 +259,6 @@ void doit(void)
        int exit_val = 0;
        int ret;
        unsigned j;
-       FILE *fp;
        const char *lib, *bin;
        gnutls_x509_crt_t issuer = NULL;
        gnutls_x509_trust_list_t tl;
@@ -269,7 +267,6 @@ void doit(void)
        unsigned verify_status = 0;
        gnutls_datum_t tmp;
 
-       unsetenv("SOFTHSM_CONF");
        /* The overloading of time() seems to work in linux (ELF?)
         * systems only. Disable it on windows.
         */
@@ -292,18 +289,7 @@ void doit(void)
        if (debug)
                gnutls_global_set_log_level(4711);
 
-       /* write softhsm.config */
-       fp = fopen(CONFIG, "w");
-       if (fp == NULL) {
-               fprintf(stderr, "error writing %s\n", CONFIG);
-               exit(1);
-       }
-       remove("./"NAME".db");
-       fputs("0:./"NAME".db\n", fp);
-       fclose(fp);
-
-       setenv("SOFTHSM_CONF", CONFIG, 0);
-
+       set_softhsm_conf(CONFIG);
        snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
        system(buf);
 
@@ -412,7 +398,7 @@ void doit(void)
                printf("\tChecking presence and verification...");
 
        /* initialize softhsm token */
-       ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+       ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
        if (ret < 0) {
                fail("gnutls_pkcs11_token_init\n");
                exit(1);
@@ -422,7 +408,7 @@ void doit(void)
        for (j = 0; ca_list[j]; j++) {
                char name[64];
                snprintf(name, sizeof(name), "test-ca%d", j);
-               ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+               ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
                if (ret < 0) {
                        fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
                        exit(1);
@@ -431,7 +417,7 @@ void doit(void)
 
        gnutls_x509_trust_list_init(&tl, 0);
 
-       ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+       ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
        if (ret < 0) {
                fail("gnutls_x509_trust_list_add_trust_file\n");
                exit(1);
@@ -451,7 +437,7 @@ void doit(void)
        }
        gnutls_x509_crt_deinit(issuer);
 
-       ret = gnutls_pkcs11_crt_is_known(URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+       ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
        if (ret != 0) {
                fail("gnutls_pkcs11_crt_is_known should have failed!\n");
                exit(1);

diff --git a/tests/suite/pkcs11-get-issuer.c b/tests/suite/pkcs11-get-issuer.c
index 1614aa406dd84147f163bb2fbfa7e9ba34172688..542fdafd38c6b40f0a6b5cd7f45b55642a285f6e 100644 (file)
--- a/tests/suite/pkcs11-get-issuer.c
+++ b/tests/suite/pkcs11-get-issuer.c
@@ -37,7 +37,6 @@
 #include "../test-chains.h"
 #include "softhsm.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define CONFIG "softhsm-issuer.config"
 
 /* GnuTLS internally calls time() to find out the current time when
@@ -78,7 +77,6 @@ void doit(void)
        int exit_val = 0;
        int ret;
        unsigned j;
-       FILE *fp;
        const char *lib, *bin;
        gnutls_x509_crt_t issuer = NULL;
        gnutls_x509_trust_list_t tl;
@@ -87,7 +85,6 @@ void doit(void)
        gnutls_datum_t tmp;
        int idx = -1;
 
-       unsetenv("SOFTHSM_CONF");
        /* The overloading of time() seems to work in linux (ELF?)
         * systems only. Disable it on windows.
         */
@@ -125,17 +122,8 @@ void doit(void)
                gnutls_global_set_log_level(4711);
 
        /* write softhsm.config */
-       fp = fopen(CONFIG, "w");
-       if (fp == NULL) {
-               fprintf(stderr, "error writing %s\n", CONFIG);
-               exit(1);
-       }
-       remove("./softhsm-issuer.db");
-       fputs("0:./softhsm-issuer.db\n", fp);
-       fclose(fp);
-
-       setenv("SOFTHSM_CONF", CONFIG, 0);
 
+       set_softhsm_conf(CONFIG);
        snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
        system(buf);
 
@@ -219,14 +207,14 @@ void doit(void)
                printf("\tVerifying...");
 
        /* initialize softhsm token */
-       ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+       ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
        if (ret < 0) {
                fail("gnutls_pkcs11_token_init\n");
                exit(1);
        }
 
        /* write CA certificate to softhsm */
-       ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+       ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
        if (ret < 0) {
                fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
                exit(1);
@@ -234,7 +222,7 @@ void doit(void)
 
        gnutls_x509_trust_list_init(&tl, 0);
 
-       ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+       ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
        if (ret < 0) {
                fail("gnutls_x509_trust_list_add_trust_file\n");
                exit(1);

diff --git a/tests/suite/pkcs11-is-known.c b/tests/suite/pkcs11-is-known.c
index aac8e2ad28989305ccaeef3c9ff732835fa2076e..55fa26cd39ac8db1823490031e540da16fbc17e2 100644 (file)
--- a/tests/suite/pkcs11-is-known.c
+++ b/tests/suite/pkcs11-is-known.c
@@ -38,8 +38,7 @@
 
 #define MAX_CHAIN 16
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
-#define OBJ_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test;object=test-ca0;object-type=cert"
+#define OBJ_URL SOFTHSM_URL";object=test-ca0;object-type=cert"
 #define CONFIG "softhsm-issuer2.config"
 
 /* These CAs have the same DN */
@@ -257,7 +256,6 @@ void doit(void)
        int exit_val = 0;
        int ret;
        unsigned j;
-       FILE *fp;
        const char *lib, *bin;
        gnutls_x509_crt_t issuer = NULL;
        gnutls_x509_trust_list_t tl;
@@ -265,7 +263,6 @@ void doit(void)
        gnutls_x509_crt_t intermediate;
        gnutls_datum_t tmp;
 
-       unsetenv("SOFTHSM_CONF");
        /* The overloading of time() seems to work in linux (ELF?)
         * systems only. Disable it on windows.
         */
@@ -288,18 +285,7 @@ void doit(void)
        if (debug)
                gnutls_global_set_log_level(4711);
 
-       /* write softhsm.config */
-       fp = fopen(CONFIG, "w");
-       if (fp == NULL) {
-               fprintf(stderr, "error writing %s\n", CONFIG);
-               exit(1);
-       }
-       remove("./softhsm-issuer2.db");
-       fputs("0:./softhsm-issuer2.db\n", fp);
-       fclose(fp);
-
-       setenv("SOFTHSM_CONF", CONFIG, 0);
-
+       set_softhsm_conf(CONFIG);
        snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
        system(buf);
 
@@ -383,7 +369,7 @@ void doit(void)
                printf("\tVerifying...");
 
        /* initialize softhsm token */
-       ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+       ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
        if (ret < 0) {
                fail("gnutls_pkcs11_token_init\n");
                exit(1);
@@ -393,7 +379,7 @@ void doit(void)
        for (j = 0; ca_list[j]; j++) {
                char name[64];
                snprintf(name, sizeof(name), "test-ca%d", j);
-               ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+               ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
                if (ret < 0) {
                        fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
                        exit(1);
@@ -427,7 +413,7 @@ void doit(void)
         */
        gnutls_x509_trust_list_init(&tl, 0);
 
-       ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+       ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
        if (ret < 0) {
                fail("gnutls_x509_trust_list_add_trust_file\n");
                exit(1);
@@ -441,19 +427,19 @@ void doit(void)
        }
        gnutls_x509_crt_deinit(issuer);
 
-       ret = gnutls_pkcs11_crt_is_known(URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+       ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
        if (ret == 0) {
                fail("error in gnutls_pkcs11_crt_is_known - 0\n");
                exit(1);
        }
 
-       ret = gnutls_pkcs11_crt_is_known(URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+       ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
        if (ret == 0) {
                fail("error in gnutls_pkcs11_crt_is_known - 0\n");
                exit(1);
        }
 
-       ret = gnutls_pkcs11_crt_is_known(URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+       ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
        if (ret == 0) {
                fail("error in gnutls_pkcs11_crt_is_known - 0\n");
                exit(1);

diff --git a/tests/suite/pkcs11-privkey.c b/tests/suite/pkcs11-privkey.c
index 8e7567f4eab24a114d4b22b0fddea2d7e8a75db3..714614d9976123637c5f580aa3cbfe0802db3f2c 100644 (file)
--- a/tests/suite/pkcs11-privkey.c
+++ b/tests/suite/pkcs11-privkey.c
@@ -39,7 +39,6 @@
 /* Tests whether gnutls_certificate_set_x509_key_file2() will utilize
  * the provided password as PIN when PKCS #11 keys are imported */
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define CONFIG_NAME "softhsm-privkey"
 #define CONFIG CONFIG_NAME".config"
 
@@ -124,14 +123,12 @@ void doit(void)
        char buf[128];
        int exit_val = 0;
        int ret;
-       FILE *fp;
        const char *lib, *bin;
        gnutls_x509_crt_t crt;
        gnutls_x509_privkey_t key;
        gnutls_certificate_credentials_t cred;
        gnutls_datum_t tmp;
 
-       unsetenv("SOFTHSM_CONF");
        /* The overloading of time() seems to work in linux (ELF?)
         * systems only. Disable it on windows.
         */
@@ -154,18 +151,7 @@ void doit(void)
        if (debug)
                gnutls_global_set_log_level(4711);
 
-       /* write softhsm.config */
-       fp = fopen(CONFIG, "w");
-       if (fp == NULL) {
-               fprintf(stderr, "error writing %s\n", CONFIG);
-               exit(1);
-       }
-       remove(CONFIG_NAME".db");
-       fputs("0:"CONFIG_NAME".db\n", fp);
-       fclose(fp);
-
-       setenv("SOFTHSM_CONF", CONFIG, 0);
-
+       set_softhsm_conf(CONFIG);
        snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
        system(buf);
 
@@ -223,26 +209,26 @@ void doit(void)
        }
 
        /* initialize softhsm token */
-       ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+       ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
        if (ret < 0) {
                fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret));
                exit(1);
        }
 
-       ret = gnutls_pkcs11_token_set_pin(URL, NULL, PIN, GNUTLS_PIN_USER);
+       ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER);
        if (ret < 0) {
                fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret));
                exit(1);
        }
 
-       ret = gnutls_pkcs11_copy_x509_crt(URL, crt, "cert",
+       ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert",
                                          GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
        if (ret < 0) {
                fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
                exit(1);
        }
 
-       ret = gnutls_pkcs11_copy_x509_privkey(URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT,
+       ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT,
                                              GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
        if (ret < 0) {
                fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret));
@@ -262,7 +248,7 @@ void doit(void)
                exit(1);
        }
 
-       ret = gnutls_certificate_set_x509_key_file2(cred, URL";object=cert;object-type=cert", URL";object=cert;object-type=private", 0, PIN, 0);
+       ret = gnutls_certificate_set_x509_key_file2(cred, SOFTHSM_URL";object=cert;object-type=cert", SOFTHSM_URL";object=cert;object-type=private", 0, PIN, 0);
        if (ret < 0) {
                fail("gnutls_certificate_set_x509_key_file2: %s\n", gnutls_strerror(ret));
                exit(1);

diff --git a/tests/suite/softhsm.h b/tests/suite/softhsm.h
index bb46736cff3bda1ce9656c49814f059029abc7be..f51231cf44296a19b865c1bdbf1dff9bb9f58669 100644 (file)
--- a/tests/suite/softhsm.h
+++ b/tests/suite/softhsm.h
@@ -21,9 +21,28 @@
 #ifndef SOFTHSM_H
 # define SOFTHSM_H
 
-#define LIB1 "/usr/lib64/softhsm/libsofthsm.so"
-#define LIB2 "/usr/lib/softhsm/libsofthsm.so"
-#define LIB3 "/usr/local/lib/softhsm/libsofthsm.so"
+#include <sys/stat.h>
+
+#define SOFTHSM_V1
+
+#ifdef SOFTHSM_V1
+# define SOFTHSM_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
+# define LIB1 "/usr/lib64/pkcs11/libsofthsm.so"
+# define LIB2 "/usr/lib/pkcs11/libsofthsm.so"
+# define LIB3 "/usr/local/lib/softhsm/libsofthsm.so"
+# define SOFTHSM_BIN1 "/usr/bin/softhsm"
+# define SOFTHSM_BIN2 "/usr/local/bin/softhsm"
+# define SOFTHSM_ENV "SOFTHSM_CONF"
+#else
+# define SOFTHSM_URL "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=test"
+# define LIB1 "/usr/lib64/pkcs11/libsofthsm2.so"
+# define LIB2 "/usr/lib/pkcs11/libsofthsm2.so"
+# define LIB3 "/usr/lib/softhsm/libsofthsm.so"
+# define SOFTHSM_BIN1 "/usr/bin/softhsm2-util"
+# define SOFTHSM_BIN2 "/usr/local/bin/softhsm2-util"
+# define SOFTHSM_ENV "SOFTHSM2_CONF"
+#endif
+
 
 inline static const char *softhsm_lib(void) 
 {
@@ -47,10 +66,10 @@ inline static const char *softhsm_bin(void)
 {
        const char *bin;
 
-       if (access("/usr/bin/softhsm", X_OK) == 0) {
-               bin = "/usr/bin/softhsm";
-       } else if (access("/usr/local/bin/softhsm", X_OK) == 0) {
-               bin = "/usr/local/bin/softhsm";
+       if (access(SOFTHSM_BIN1, X_OK) == 0) {
+               bin = SOFTHSM_BIN1;
+       } else if (access(SOFTHSM_BIN2, X_OK) == 0) {
+               bin = SOFTHSM_BIN2;
        } else {
                fprintf(stderr, "cannot find softhsm module\n");
                exit(77);
@@ -59,4 +78,45 @@ inline static const char *softhsm_bin(void)
        return bin;
 }
 
+static
+void set_softhsm_conf(const char *config)
+{
+       char buf[128];
+       char db_dir[128];
+       FILE *fp;
+
+       snprintf(db_dir, sizeof(db_dir), "%s.db", config);
+
+       unsetenv(SOFTHSM_ENV);
+       remove(config);
+       fp = fopen(config, "w");
+       if (fp == NULL) {
+               fprintf(stderr, "error writing %s\n", config);
+               exit(1);
+       }
+
+#ifdef SOFTHSM_V1
+       remove(db_dir);
+       snprintf(buf, sizeof(buf), "0:./%s\n", db_dir);
+       fputs(buf, fp);
+#else
+       fputs("directories.tokendir = ", fp);
+       fputs(db_dir, fp);
+       fputs("\n", fp);
+       fputs("objectstore.backend = file\n", fp);
+       fclose(fp);
+
+       if (strlen(db_dir) < 6) {
+               fprintf(stderr, "too short name for db: %s\n", db_dir);
+               exit(1);
+       }
+       snprintf(buf, sizeof(buf), "rm -rf %s\n", db_dir);
+       system(buf);
+       mkdir(db_dir, 0755);
+#endif
+       fclose(fp);
+
+       setenv(SOFTHSM_ENV, config, 0);
+}
+
 #endif

diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm
index 63950a77f171332f53df6fe29a7915b45a8dd2ad..b1c783d44f6331290bce516f800133aa60d74115 100755 (executable)
--- a/tests/suite/testpkcs11.softhsm
+++ b/tests/suite/testpkcs11.softhsm
@@ -18,10 +18,10 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-export SOFTHSM_CONF="softhsm-testpkcs11.config"
+export SOFTHSM2_CONF="softhsm-testpkcs11.config"
 
-if test -f /usr/local/lib/softhsm/libsofthsm.so;then
-       ADDITIONAL_PARAM="--provider /usr/local/lib/softhsm/libsofthsm.so"
+if test -f /usr/lib64/pkcs11/libsofthsm2.so;then
+       ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so"
 else
        if test -f /usr/lib/softhsm/libsofthsm.so;then
                ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so"
@@ -34,16 +34,18 @@ init_card () {
        PIN=$1
        PUK=$2
 
-       if ! test -x "/usr/bin/softhsm";then
-               echo "Could not find /usr/bin/softhsm"
+       if ! test -x "/usr/bin/softhsm2-util";then
+               echo "Could not find /usr/bin/softhsm2-util"
                exit 77
        fi
 
-       rm -f ./softhsm-testpkcs11.db
-       echo "0:./softhsm-testpkcs11.db" > $SOFTHSM_CONF
+       rm -rf ./softhsm-testpkcs11.db
+       mkdir -p ./softhsm-testpkcs11.db
+       echo "objectstore.backend = file" > $SOFTHSM2_CONF
+       echo "directories.tokendir = ./softhsm-testpkcs11.db" >> $SOFTHSM2_CONF
 
        echo -n "* Initializing smart card... "
-       softhsm --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1
+       softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1
        if test $? = 0;then
                echo ok
        else