Parse openssl-related vars in pytest

The openssl config needs to be parsed for some tests that use SoftHSM2.
Rewrite the parsing to python and ensure the required variables are
properly set test-wide.

diff --git a/bin/tests/system/conf.sh b/bin/tests/system/conf.sh
index 545919a5d91d8609a57bd32c2745b24ba9398585..e3e9a08fb938d84afa69ede5fbf8b86c8bb1d2f3 100644 (file)
--- a/bin/tests/system/conf.sh
+++ b/bin/tests/system/conf.sh
@@ -572,28 +572,4 @@ copy_setports() {
     $1 >$2
 }
 
-# parse_openssl_config - Parse OpenSSL configuration for HSM settings
-#
-# Will set SOFTHSM2_MODULE, OPENSSL_ENGINE and ENGINE_ARG based on openssl configuration.
-parse_openssl_config() {
-  ENGINE_ARG=""
-  [ -f "$OPENSSL_CONF" ] || return 0
-  while IFS="=" read key val; do
-    # trim variables
-    key="${key## }"
-    key="${key%% }"
-    val="${val## }"
-    val="${val%% }"
-    case "$key" in
-      "engine_id")
-        OPENSSL_ENGINE="$val"
-        ENGINE_ARG="-E $OPENSSL_ENGINE"
-        ;;
-      "MODULE_PATH" | "pkcs11-module-path")
-        SOFTHSM2_MODULE="$val"
-        ;;
-    esac
-  done <"$OPENSSL_CONF"
-}
-
 grep_v() { grep -v "$@" || test $? = 1; }

diff --git a/bin/tests/system/enginepkcs11/prereq.sh b/bin/tests/system/enginepkcs11/prereq.sh
index 4eb2788a6216643fc34b9f8230a483d20d9491bb..335b348a63ddad4526c9e8d8be95459f8e5ed141 100644 (file)
--- a/bin/tests/system/enginepkcs11/prereq.sh
+++ b/bin/tests/system/enginepkcs11/prereq.sh
@@ -23,7 +23,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1

diff --git a/bin/tests/system/enginepkcs11/setup.sh b/bin/tests/system/enginepkcs11/setup.sh
index bf140f18955369a8ab6078e771bf598f66058dfb..51d59dd854bc9b47cdc356c1b9c3a54b28dc507e 100644 (file)
--- a/bin/tests/system/enginepkcs11/setup.sh
+++ b/bin/tests/system/enginepkcs11/setup.sh
@@ -20,7 +20,6 @@ $SHELL clean.sh
 
 OPENSSL_CONF= softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
 
-parse_openssl_config
 printf '%s' "${HSMPIN:-1234}" >ns1/pin
 PWD=$(pwd)
 

diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh
index 9db388f22b680a28a189e1f50299f766968c488f..7b0c1072bfc141e3d9f5d9c3f01abfa3a0f642a3 100644 (file)
--- a/bin/tests/system/enginepkcs11/tests.sh
+++ b/bin/tests/system/enginepkcs11/tests.sh
@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 status=0

diff --git a/bin/tests/system/isctest/vars/all.py b/bin/tests/system/isctest/vars/all.py
index 58e1689af2b99440e44423ea70fbd7b84637ac74..2126c1c220433afd6c5b91a5b0cb8ce7c4a7cc64 100644 (file)
--- a/bin/tests/system/isctest/vars/all.py
+++ b/bin/tests/system/isctest/vars/all.py
@@ -16,6 +16,7 @@ from .autoconf import AC_VARS  # type: ignore
 
 # pylint: enable=import-error
 from .basic import BASIC_VARS
+from .openssl import OPENSSL_VARS
 
 
 class VarLookup(ChainMap):
@@ -48,4 +49,4 @@ class VarLookup(ChainMap):
         return iter(self.keys())
 
 
-ALL = VarLookup(AC_VARS, BASIC_VARS)
+ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS)

diff --git a/bin/tests/system/isctest/vars/openssl.py b/bin/tests/system/isctest/vars/openssl.py
new file mode 100644 (file)
index 0000000..1dcef67
--- /dev/null
+++ b/bin/tests/system/isctest/vars/openssl.py
@@ -0,0 +1,49 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import re
+
+from .. import log
+
+
+OPENSSL_VARS = {
+    "OPENSSL_CONF": os.getenv("OPENSSL_CONF", ""),
+    "SOFTHSM2_CONF": os.getenv("SOFTHSM2_CONF", ""),
+    "SOFTHSM2_MODULE": "",
+    "ENGINE_ARG": "",
+}
+
+
+def parse_openssl_config(path: str):
+    if not os.path.isfile(path):
+        return
+    regex = re.compile(r"([^=]+)=(.*)")
+    log.debug(f"parsing openssl config: {path}")
+    with open(path, "r", encoding="utf-8") as conf:
+        for line in conf:
+            res = regex.match(line)
+            if res:
+                key = res.group(1).strip()
+                val = res.group(2).strip()
+                if key == "engine_id":
+                    OPENSSL_VARS["ENGINE_ARG"] = f"-E {val}"
+                    os.environ["ENGINE_ARG"] = f"-E {val}"
+                    log.debug("ENGINE_ARG set to {OPENSSL_VARS['ENGINE_ARG']}")
+                elif key in ["MODULE_PATH", "pkcs11-module-path"]:
+                    OPENSSL_VARS["SOFTHSM2_MODULE"] = val
+                    os.environ["SOFTHSM2_MODULE"] = val
+                    log.debug(
+                        "SOFTHSM2_MODULE set to {OPENSSL_VARS['SOFTHSM2_MODULE']}"
+                    )
+
+
+parse_openssl_config(OPENSSL_VARS["OPENSSL_CONF"])

diff --git a/bin/tests/system/keyfromlabel/prereq.sh b/bin/tests/system/keyfromlabel/prereq.sh
index c6caa0dc88b81d49493907ff4e5007836103c0dc..be1850a1fadb7af311f68dea6583be26425c66c9 100644 (file)
--- a/bin/tests/system/keyfromlabel/prereq.sh
+++ b/bin/tests/system/keyfromlabel/prereq.sh
@@ -18,7 +18,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1

diff --git a/bin/tests/system/keyfromlabel/tests.sh b/bin/tests/system/keyfromlabel/tests.sh
index 2f818c5d77b0a59360b3ccd27b982dde4cac7522..f29f3270985177cc1e8e6f15b71d26f8e24e133f 100644 (file)
--- a/bin/tests/system/keyfromlabel/tests.sh
+++ b/bin/tests/system/keyfromlabel/tests.sh
@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 keygen() {