From: Nikos Mavrogiannopoulos Date: Wed, 24 Dec 2014 06:54:19 +0000 (+0200) Subject: PKCS #11 tests: ported to softhsmv2 X-Git-Tag: gnutls_3_4_0~436 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3c77e9c3402635bdc7ebb178786ef3dcc379f9b2;p=thirdparty%2Fgnutls.git PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with softhsmv2 and CKA_TRUSTED. https://bugzilla.redhat.com/show_bug.cgi?id=1177086 --- diff --git a/tests/suite/pkcs11-chainverify.c b/tests/suite/pkcs11-chainverify.c index 1e5e065957..7b5d4ce755 100644 --- a/tests/suite/pkcs11-chainverify.c +++ b/tests/suite/pkcs11-chainverify.c @@ -36,8 +36,7 @@ #include "softhsm.h" #include "../test-chains.h" -#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" -#define CONFIG "softhsm.config" +#define CONFIG "softhsm-chainverify.config" #define DEFAULT_THEN 1256803113 static time_t then = DEFAULT_THEN; @@ -75,12 +74,10 @@ void doit(void) int exit_val = 0; size_t i; int ret; - FILE *fp; const char *lib, *bin; gnutls_typed_vdata_st vdata[2]; char buf[128]; - unsetenv("SOFTHSM_CONF"); /* The overloading of time() seems to work in linux (ELF?) * systems only. Disable it on windows. */ @@ -104,17 +101,7 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); - /* write softhsm.config */ - fp = fopen(CONFIG, "w"); - if (fp == NULL) { - fprintf(stderr, "error writing softhsm.config\n"); - exit(1); - } - fputs("0:./softhsm.db\n", fp); - fclose(fp); - - setenv("SOFTHSM_CONF", CONFIG, 0); - + set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin 1234 --pin 1234", bin); system(buf); @@ -215,14 +202,14 @@ void doit(void) printf("\tVerifying..."); /* initialize softhsm token */ - ret = gnutls_pkcs11_token_init(URL, "1234", "test"); + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, "1234", "test"); if (ret < 0) { fail("gnutls_pkcs11_token_init\n"); exit(1); } /* write CA certificate to softhsm */ - ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED| + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED| GNUTLS_PKCS11_OBJ_FLAG_MARK_CA| GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); if (ret < 0) { @@ -232,7 +219,7 @@ void doit(void) gnutls_x509_trust_list_init(&tl, 0); - ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0); + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); if (ret < 0) { fail("gnutls_x509_trust_list_add_trust_file: %s\n", gnutls_strerror(ret)); exit(1); diff --git a/tests/suite/pkcs11-combo.c b/tests/suite/pkcs11-combo.c index afe59e566d..f2effbd388 100644 --- a/tests/suite/pkcs11-combo.c +++ b/tests/suite/pkcs11-combo.c @@ -41,7 +41,6 @@ #include "../test-chains.h" #include "softhsm.h" -#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" #define NAME "softhsm-combo" #define CONFIG NAME".config" @@ -260,7 +259,6 @@ void doit(void) int exit_val = 0; int ret; unsigned j; - FILE *fp; const char *lib, *bin; gnutls_x509_crt_t issuer = NULL; gnutls_x509_trust_list_t tl; @@ -269,7 +267,6 @@ void doit(void) unsigned verify_status = 0; gnutls_datum_t tmp; - unsetenv("SOFTHSM_CONF"); /* The overloading of time() seems to work in linux (ELF?) * systems only. Disable it on windows. */ @@ -292,18 +289,7 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); - /* write softhsm.config */ - fp = fopen(CONFIG, "w"); - if (fp == NULL) { - fprintf(stderr, "error writing %s\n", CONFIG); - exit(1); - } - remove("./"NAME".db"); - fputs("0:./"NAME".db\n", fp); - fclose(fp); - - setenv("SOFTHSM_CONF", CONFIG, 0); - + set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); system(buf); @@ -412,7 +398,7 @@ void doit(void) printf("\tChecking presence and verification..."); /* initialize softhsm token */ - ret = gnutls_pkcs11_token_init(URL, PIN, "test"); + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); if (ret < 0) { fail("gnutls_pkcs11_token_init\n"); exit(1); @@ -422,7 +408,7 @@ void doit(void) for (j = 0; ca_list[j]; j++) { char name[64]; snprintf(name, sizeof(name), "test-ca%d", j); - ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); exit(1); @@ -431,7 +417,7 @@ void doit(void) gnutls_x509_trust_list_init(&tl, 0); - ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0); + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); if (ret < 0) { fail("gnutls_x509_trust_list_add_trust_file\n"); exit(1); @@ -451,7 +437,7 @@ void doit(void) } gnutls_x509_crt_deinit(issuer); - ret = gnutls_pkcs11_crt_is_known(URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); if (ret != 0) { fail("gnutls_pkcs11_crt_is_known should have failed!\n"); exit(1); diff --git a/tests/suite/pkcs11-get-issuer.c b/tests/suite/pkcs11-get-issuer.c index 1614aa406d..542fdafd38 100644 --- a/tests/suite/pkcs11-get-issuer.c +++ b/tests/suite/pkcs11-get-issuer.c @@ -37,7 +37,6 @@ #include "../test-chains.h" #include "softhsm.h" -#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" #define CONFIG "softhsm-issuer.config" /* GnuTLS internally calls time() to find out the current time when @@ -78,7 +77,6 @@ void doit(void) int exit_val = 0; int ret; unsigned j; - FILE *fp; const char *lib, *bin; gnutls_x509_crt_t issuer = NULL; gnutls_x509_trust_list_t tl; @@ -87,7 +85,6 @@ void doit(void) gnutls_datum_t tmp; int idx = -1; - unsetenv("SOFTHSM_CONF"); /* The overloading of time() seems to work in linux (ELF?) * systems only. Disable it on windows. */ @@ -125,17 +122,8 @@ void doit(void) gnutls_global_set_log_level(4711); /* write softhsm.config */ - fp = fopen(CONFIG, "w"); - if (fp == NULL) { - fprintf(stderr, "error writing %s\n", CONFIG); - exit(1); - } - remove("./softhsm-issuer.db"); - fputs("0:./softhsm-issuer.db\n", fp); - fclose(fp); - - setenv("SOFTHSM_CONF", CONFIG, 0); + set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); system(buf); @@ -219,14 +207,14 @@ void doit(void) printf("\tVerifying..."); /* initialize softhsm token */ - ret = gnutls_pkcs11_token_init(URL, PIN, "test"); + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); if (ret < 0) { fail("gnutls_pkcs11_token_init\n"); exit(1); } /* write CA certificate to softhsm */ - ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); exit(1); @@ -234,7 +222,7 @@ void doit(void) gnutls_x509_trust_list_init(&tl, 0); - ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0); + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); if (ret < 0) { fail("gnutls_x509_trust_list_add_trust_file\n"); exit(1); diff --git a/tests/suite/pkcs11-is-known.c b/tests/suite/pkcs11-is-known.c index aac8e2ad28..55fa26cd39 100644 --- a/tests/suite/pkcs11-is-known.c +++ b/tests/suite/pkcs11-is-known.c @@ -38,8 +38,7 @@ #define MAX_CHAIN 16 -#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" -#define OBJ_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test;object=test-ca0;object-type=cert" +#define OBJ_URL SOFTHSM_URL";object=test-ca0;object-type=cert" #define CONFIG "softhsm-issuer2.config" /* These CAs have the same DN */ @@ -257,7 +256,6 @@ void doit(void) int exit_val = 0; int ret; unsigned j; - FILE *fp; const char *lib, *bin; gnutls_x509_crt_t issuer = NULL; gnutls_x509_trust_list_t tl; @@ -265,7 +263,6 @@ void doit(void) gnutls_x509_crt_t intermediate; gnutls_datum_t tmp; - unsetenv("SOFTHSM_CONF"); /* The overloading of time() seems to work in linux (ELF?) * systems only. Disable it on windows. */ @@ -288,18 +285,7 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); - /* write softhsm.config */ - fp = fopen(CONFIG, "w"); - if (fp == NULL) { - fprintf(stderr, "error writing %s\n", CONFIG); - exit(1); - } - remove("./softhsm-issuer2.db"); - fputs("0:./softhsm-issuer2.db\n", fp); - fclose(fp); - - setenv("SOFTHSM_CONF", CONFIG, 0); - + set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); system(buf); @@ -383,7 +369,7 @@ void doit(void) printf("\tVerifying..."); /* initialize softhsm token */ - ret = gnutls_pkcs11_token_init(URL, PIN, "test"); + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); if (ret < 0) { fail("gnutls_pkcs11_token_init\n"); exit(1); @@ -393,7 +379,7 @@ void doit(void) for (j = 0; ca_list[j]; j++) { char name[64]; snprintf(name, sizeof(name), "test-ca%d", j); - ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); exit(1); @@ -427,7 +413,7 @@ void doit(void) */ gnutls_x509_trust_list_init(&tl, 0); - ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0); + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); if (ret < 0) { fail("gnutls_x509_trust_list_add_trust_file\n"); exit(1); @@ -441,19 +427,19 @@ void doit(void) } gnutls_x509_crt_deinit(issuer); - ret = gnutls_pkcs11_crt_is_known(URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); if (ret == 0) { fail("error in gnutls_pkcs11_crt_is_known - 0\n"); exit(1); } - ret = gnutls_pkcs11_crt_is_known(URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); if (ret == 0) { fail("error in gnutls_pkcs11_crt_is_known - 0\n"); exit(1); } - ret = gnutls_pkcs11_crt_is_known(URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); if (ret == 0) { fail("error in gnutls_pkcs11_crt_is_known - 0\n"); exit(1); diff --git a/tests/suite/pkcs11-privkey.c b/tests/suite/pkcs11-privkey.c index 8e7567f4ea..714614d997 100644 --- a/tests/suite/pkcs11-privkey.c +++ b/tests/suite/pkcs11-privkey.c @@ -39,7 +39,6 @@ /* Tests whether gnutls_certificate_set_x509_key_file2() will utilize * the provided password as PIN when PKCS #11 keys are imported */ -#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" #define CONFIG_NAME "softhsm-privkey" #define CONFIG CONFIG_NAME".config" @@ -124,14 +123,12 @@ void doit(void) char buf[128]; int exit_val = 0; int ret; - FILE *fp; const char *lib, *bin; gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; gnutls_certificate_credentials_t cred; gnutls_datum_t tmp; - unsetenv("SOFTHSM_CONF"); /* The overloading of time() seems to work in linux (ELF?) * systems only. Disable it on windows. */ @@ -154,18 +151,7 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); - /* write softhsm.config */ - fp = fopen(CONFIG, "w"); - if (fp == NULL) { - fprintf(stderr, "error writing %s\n", CONFIG); - exit(1); - } - remove(CONFIG_NAME".db"); - fputs("0:"CONFIG_NAME".db\n", fp); - fclose(fp); - - setenv("SOFTHSM_CONF", CONFIG, 0); - + set_softhsm_conf(CONFIG); snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); system(buf); @@ -223,26 +209,26 @@ void doit(void) } /* initialize softhsm token */ - ret = gnutls_pkcs11_token_init(URL, PIN, "test"); + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); if (ret < 0) { fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); exit(1); } - ret = gnutls_pkcs11_token_set_pin(URL, NULL, PIN, GNUTLS_PIN_USER); + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); if (ret < 0) { fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); exit(1); } - ret = gnutls_pkcs11_copy_x509_crt(URL, crt, "cert", + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); exit(1); } - ret = gnutls_pkcs11_copy_x509_privkey(URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); @@ -262,7 +248,7 @@ void doit(void) exit(1); } - ret = gnutls_certificate_set_x509_key_file2(cred, URL";object=cert;object-type=cert", URL";object=cert;object-type=private", 0, PIN, 0); + ret = gnutls_certificate_set_x509_key_file2(cred, SOFTHSM_URL";object=cert;object-type=cert", SOFTHSM_URL";object=cert;object-type=private", 0, PIN, 0); if (ret < 0) { fail("gnutls_certificate_set_x509_key_file2: %s\n", gnutls_strerror(ret)); exit(1); diff --git a/tests/suite/softhsm.h b/tests/suite/softhsm.h index bb46736cff..f51231cf44 100644 --- a/tests/suite/softhsm.h +++ b/tests/suite/softhsm.h @@ -21,9 +21,28 @@ #ifndef SOFTHSM_H # define SOFTHSM_H -#define LIB1 "/usr/lib64/softhsm/libsofthsm.so" -#define LIB2 "/usr/lib/softhsm/libsofthsm.so" -#define LIB3 "/usr/local/lib/softhsm/libsofthsm.so" +#include + +#define SOFTHSM_V1 + +#ifdef SOFTHSM_V1 +# define SOFTHSM_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" +# define LIB1 "/usr/lib64/pkcs11/libsofthsm.so" +# define LIB2 "/usr/lib/pkcs11/libsofthsm.so" +# define LIB3 "/usr/local/lib/softhsm/libsofthsm.so" +# define SOFTHSM_BIN1 "/usr/bin/softhsm" +# define SOFTHSM_BIN2 "/usr/local/bin/softhsm" +# define SOFTHSM_ENV "SOFTHSM_CONF" +#else +# define SOFTHSM_URL "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=test" +# define LIB1 "/usr/lib64/pkcs11/libsofthsm2.so" +# define LIB2 "/usr/lib/pkcs11/libsofthsm2.so" +# define LIB3 "/usr/lib/softhsm/libsofthsm.so" +# define SOFTHSM_BIN1 "/usr/bin/softhsm2-util" +# define SOFTHSM_BIN2 "/usr/local/bin/softhsm2-util" +# define SOFTHSM_ENV "SOFTHSM2_CONF" +#endif + inline static const char *softhsm_lib(void) { @@ -47,10 +66,10 @@ inline static const char *softhsm_bin(void) { const char *bin; - if (access("/usr/bin/softhsm", X_OK) == 0) { - bin = "/usr/bin/softhsm"; - } else if (access("/usr/local/bin/softhsm", X_OK) == 0) { - bin = "/usr/local/bin/softhsm"; + if (access(SOFTHSM_BIN1, X_OK) == 0) { + bin = SOFTHSM_BIN1; + } else if (access(SOFTHSM_BIN2, X_OK) == 0) { + bin = SOFTHSM_BIN2; } else { fprintf(stderr, "cannot find softhsm module\n"); exit(77); @@ -59,4 +78,45 @@ inline static const char *softhsm_bin(void) return bin; } +static +void set_softhsm_conf(const char *config) +{ + char buf[128]; + char db_dir[128]; + FILE *fp; + + snprintf(db_dir, sizeof(db_dir), "%s.db", config); + + unsetenv(SOFTHSM_ENV); + remove(config); + fp = fopen(config, "w"); + if (fp == NULL) { + fprintf(stderr, "error writing %s\n", config); + exit(1); + } + +#ifdef SOFTHSM_V1 + remove(db_dir); + snprintf(buf, sizeof(buf), "0:./%s\n", db_dir); + fputs(buf, fp); +#else + fputs("directories.tokendir = ", fp); + fputs(db_dir, fp); + fputs("\n", fp); + fputs("objectstore.backend = file\n", fp); + fclose(fp); + + if (strlen(db_dir) < 6) { + fprintf(stderr, "too short name for db: %s\n", db_dir); + exit(1); + } + snprintf(buf, sizeof(buf), "rm -rf %s\n", db_dir); + system(buf); + mkdir(db_dir, 0755); +#endif + fclose(fp); + + setenv(SOFTHSM_ENV, config, 0); +} + #endif diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm index 63950a77f1..b1c783d44f 100755 --- a/tests/suite/testpkcs11.softhsm +++ b/tests/suite/testpkcs11.softhsm @@ -18,10 +18,10 @@ # along with GnuTLS; if not, write to the Free Software Foundation, # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -export SOFTHSM_CONF="softhsm-testpkcs11.config" +export SOFTHSM2_CONF="softhsm-testpkcs11.config" -if test -f /usr/local/lib/softhsm/libsofthsm.so;then - ADDITIONAL_PARAM="--provider /usr/local/lib/softhsm/libsofthsm.so" +if test -f /usr/lib64/pkcs11/libsofthsm2.so;then + ADDITIONAL_PARAM="--provider /usr/lib64/pkcs11/libsofthsm2.so" else if test -f /usr/lib/softhsm/libsofthsm.so;then ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" @@ -34,16 +34,18 @@ init_card () { PIN=$1 PUK=$2 - if ! test -x "/usr/bin/softhsm";then - echo "Could not find /usr/bin/softhsm" + if ! test -x "/usr/bin/softhsm2-util";then + echo "Could not find /usr/bin/softhsm2-util" exit 77 fi - rm -f ./softhsm-testpkcs11.db - echo "0:./softhsm-testpkcs11.db" > $SOFTHSM_CONF + rm -rf ./softhsm-testpkcs11.db + mkdir -p ./softhsm-testpkcs11.db + echo "objectstore.backend = file" > $SOFTHSM2_CONF + echo "directories.tokendir = ./softhsm-testpkcs11.db" >> $SOFTHSM2_CONF echo -n "* Initializing smart card... " - softhsm --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1 + softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin $PUK --pin $PIN >/dev/null #2>&1 if test $? = 0;then echo ok else