From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Wed, 25 Mar 2026 18:42:19 +0000 (+0100)
Subject: tests/pkcs11-provider: check for lingering token objects
X-Git-Tag: 3.8.13^2~20
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=e3a2cd8565087290261d2fc79f8545904345238e;p=thirdparty%2Fgnutls.git

tests/pkcs11-provider: check for lingering token objects

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
---

diff --git a/tests/pkcs11-provider/test-pkcs11-provider.sh b/tests/pkcs11-provider/test-pkcs11-provider.sh
index 0ce9e51c3d..381e2b9300 100755
--- a/tests/pkcs11-provider/test-pkcs11-provider.sh
+++ b/tests/pkcs11-provider/test-pkcs11-provider.sh
@@ -22,6 +22,7 @@
 : ${srcdir=.}
 : ${builddir=.}
 : ${P11TOOL=../src/p11tool${EXEEXT}}
+: ${DIFF=diff}
 
 if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then
 	exit 77
@@ -37,8 +38,11 @@ fi
 testdir=`create_testdir pkcs11-provider`
 
 LABEL="Kryoptic Token"
+URL="pkcs11:model=v1;manufacturer=Kryoptic%20Project;token=Kryoptic%20Token"
 PIN="12345"
 KRYOPTIC_DB="${testdir}/kryoptic.sql"
+TOKEN_OBJECTS="${testdir}/token-objects.log"
+TOKEN_OBJECTS_REFERENCE="${testdir}/token-objects.reference.log"
 export KRYOPTIC_CONF="${testdir}/kryoptic.conf"
 export GNUTLS_DEBUG_LEVEL=6
 
@@ -74,13 +78,36 @@ cat >"${PRIORITY_FILE}" <<_EOF_
 allow-rsa-pkcs1-encrypt = true
 
 [provider]
-url = pkcs11:model=v1;manufacturer=Kryoptic%20Project;token=Kryoptic%20Token
+url = ${URL}
 pin = ${PIN}
 _EOF_
 
 export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1
 export GNUTLS_SYSTEM_PRIORITY_FILE="${PRIORITY_FILE}"
 
+list_token() {
+	"$P11TOOL" --list-all --provider "${MODULE}" --login \
+		--set-pin "${PIN}" "${URL}" >"${TOKEN_OBJECTS}" 2>&1
+	rc=$?
+	if test "${rc}" != "0"; then
+		cat "${TOKEN_OBJECTS}"
+		echo 'test failed: listing token objects failed'
+		exit "${rc}"
+	fi
+}
+
+compare_token_to_reference() {
+	$DIFF "${TOKEN_OBJECTS_REFERENCE}" "${TOKEN_OBJECTS}"
+	rc=$?
+	if test "${rc}" != "0"; then
+		echo 'test failed: token object list has changed'
+		exit "${rc}"
+	fi
+}
+
+list_token
+cat "${TOKEN_OBJECTS}" > "${TOKEN_OBJECTS_REFERENCE}"
+
 echo "Testing public key algorithms"
 "${builddir}/pkcs11-provider/pkcs11-provider-pk"
 rc=$?
@@ -121,6 +148,7 @@ else
 	exit ${rc}
 fi
 
-rm -rf "$testdir"
+list_token
+compare_token_to_reference
 
-exit ${rc}
+rm -rf "$testdir"