tests: backported the softhsmv2 pkcs11 checks from 3.4.0

5 files changed, 91 insertions, 71 deletions

diff --git a/tests/suite/pkcs11-chainverify.c b/tests/suite/pkcs11-chainverify.c
index 99403d6b84..741bf7494f 100644
--- a/tests/suite/pkcs11-chainverify.c
+++ b/tests/suite/pkcs11-chainverify.c
@@ -36,7 +36,6 @@
 #include "softhsm.h"
 #include "../test-chains.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define CONFIG "softhsm.config"
 
 #define DEFAULT_THEN 1256803113
@@ -75,7 +74,6 @@ void doit(void)
 	int exit_val = 0;
 	size_t i;
 	int ret;
-	FILE *fp;
 	char buf[128];
 	const char *lib, *bin;
 
@@ -104,15 +102,7 @@ void doit(void)
 		gnutls_global_set_log_level(4711);
 
 	/* write softhsm.config */
-	fp = fopen(CONFIG, "w");
-	if (fp == NULL) {
-		fprintf(stderr, "error writing softhsm.config\n");
-		exit(1);
-	}
-	fputs("0:./softhsm.db\n", fp);
-	fclose(fp);
-
-	setenv("SOFTHSM_CONF", CONFIG, 0);
+	set_softhsm_conf(CONFIG);
 
 	snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin 1234 --pin 1234", bin);
 	system(buf);
@@ -209,14 +199,14 @@ void doit(void)
 			printf("\tVerifying...");
 
 		/* initialize softhsm token */
-		ret = gnutls_pkcs11_token_init(URL, "1234", "test");
+		ret = gnutls_pkcs11_token_init(SOFTHSM_URL, "1234", "test");
 		if (ret < 0) {
 			fail("gnutls_pkcs11_token_init\n");
 			exit(1);
 		}
 
 		/* write CA certificate to softhsm */
-		ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|
+		ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|
 			GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|
 			GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
 		if (ret < 0) {
@@ -226,7 +216,7 @@ void doit(void)
 
 		gnutls_x509_trust_list_init(&tl, 0);
 
-		ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+		ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
 		if (ret < 0) {
 			fail("gnutls_x509_trust_list_add_trust_file: %s\n", gnutls_strerror(ret));
 			exit(1);
diff --git a/tests/suite/pkcs11-combo.c b/tests/suite/pkcs11-combo.c
index afe59e566d..bdd4059223 100644
--- a/tests/suite/pkcs11-combo.c
+++ b/tests/suite/pkcs11-combo.c
@@ -41,7 +41,6 @@
 #include "../test-chains.h"
 #include "softhsm.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define NAME "softhsm-combo"
 #define CONFIG NAME".config"
 
@@ -260,7 +259,6 @@ void doit(void)
 	int exit_val = 0;
 	int ret;
 	unsigned j;
-	FILE *fp;
 	const char *lib, *bin;
 	gnutls_x509_crt_t issuer = NULL;
 	gnutls_x509_trust_list_t tl;
@@ -293,16 +291,7 @@ void doit(void)
 		gnutls_global_set_log_level(4711);
 
 	/* write softhsm.config */
-	fp = fopen(CONFIG, "w");
-	if (fp == NULL) {
-		fprintf(stderr, "error writing %s\n", CONFIG);
-		exit(1);
-	}
-	remove("./"NAME".db");
-	fputs("0:./"NAME".db\n", fp);
-	fclose(fp);
-
-	setenv("SOFTHSM_CONF", CONFIG, 0);
+	set_softhsm_conf(CONFIG);
 
 	snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
 	system(buf);
@@ -412,7 +401,7 @@ void doit(void)
 		printf("\tChecking presence and verification...");
 
 	/* initialize softhsm token */
-	ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+	ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
 	if (ret < 0) {
 		fail("gnutls_pkcs11_token_init\n");
 		exit(1);
@@ -422,7 +411,7 @@ void doit(void)
 	for (j = 0; ca_list[j]; j++) {
 		char name[64];
 		snprintf(name, sizeof(name), "test-ca%d", j);
-		ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+		ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
 		if (ret < 0) {
 			fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
 			exit(1);
@@ -431,7 +420,7 @@ void doit(void)
 
 	gnutls_x509_trust_list_init(&tl, 0);
 
-	ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+	ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
 	if (ret < 0) {
 		fail("gnutls_x509_trust_list_add_trust_file\n");
 		exit(1);
@@ -451,7 +440,7 @@ void doit(void)
 	}
 	gnutls_x509_crt_deinit(issuer);
 
-	ret = gnutls_pkcs11_crt_is_known(URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+	ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
 	if (ret != 0) {
 		fail("gnutls_pkcs11_crt_is_known should have failed!\n");
 		exit(1);
diff --git a/tests/suite/pkcs11-get-issuer.c b/tests/suite/pkcs11-get-issuer.c
index 1614aa406d..8f947a835b 100644
--- a/tests/suite/pkcs11-get-issuer.c
+++ b/tests/suite/pkcs11-get-issuer.c
@@ -37,7 +37,6 @@
 #include "../test-chains.h"
 #include "softhsm.h"
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define CONFIG "softhsm-issuer.config"
 
 /* GnuTLS internally calls time() to find out the current time when
@@ -78,7 +77,6 @@ void doit(void)
 	int exit_val = 0;
 	int ret;
 	unsigned j;
-	FILE *fp;
 	const char *lib, *bin;
 	gnutls_x509_crt_t issuer = NULL;
 	gnutls_x509_trust_list_t tl;
@@ -125,16 +123,7 @@ void doit(void)
 		gnutls_global_set_log_level(4711);
 
 	/* write softhsm.config */
-	fp = fopen(CONFIG, "w");
-	if (fp == NULL) {
-		fprintf(stderr, "error writing %s\n", CONFIG);
-		exit(1);
-	}
-	remove("./softhsm-issuer.db");
-	fputs("0:./softhsm-issuer.db\n", fp);
-	fclose(fp);
-
-	setenv("SOFTHSM_CONF", CONFIG, 0);
+	set_softhsm_conf(CONFIG);
 
 	snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
 	system(buf);
@@ -219,14 +208,14 @@ void doit(void)
 		printf("\tVerifying...");
 
 	/* initialize softhsm token */
-	ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+	ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
 	if (ret < 0) {
 		fail("gnutls_pkcs11_token_init\n");
 		exit(1);
 	}
 
 	/* write CA certificate to softhsm */
-	ret = gnutls_pkcs11_copy_x509_crt(URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+	ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
 	if (ret < 0) {
 		fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -234,7 +223,7 @@ void doit(void)
 
 	gnutls_x509_trust_list_init(&tl, 0);
 
-	ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+	ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
 	if (ret < 0) {
 		fail("gnutls_x509_trust_list_add_trust_file\n");
 		exit(1);
diff --git a/tests/suite/pkcs11-is-known.c b/tests/suite/pkcs11-is-known.c
index 86226884ac..a82848277f 100644
--- a/tests/suite/pkcs11-is-known.c
+++ b/tests/suite/pkcs11-is-known.c
@@ -38,7 +38,6 @@
 
 #define MAX_CHAIN 16
 
-#define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
 #define CONFIG "softhsm-issuer2.config"
 
 /* These CAs have the same DN */
@@ -256,7 +255,6 @@ void doit(void)
 	int exit_val = 0;
 	int ret;
 	unsigned j;
-	FILE *fp;
 	const char *lib, *bin;
 	gnutls_x509_crt_t issuer = NULL;
 	gnutls_x509_trust_list_t tl;
@@ -288,16 +286,7 @@ void doit(void)
 		gnutls_global_set_log_level(4711);
 
 	/* write softhsm.config */
-	fp = fopen(CONFIG, "w");
-	if (fp == NULL) {
-		fprintf(stderr, "error writing %s\n", CONFIG);
-		exit(1);
-	}
-	remove("./softhsm-issuer2.db");
-	fputs("0:./softhsm-issuer2.db\n", fp);
-	fclose(fp);
-
-	setenv("SOFTHSM_CONF", CONFIG, 0);
+	set_softhsm_conf(CONFIG);
 
 	snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin);
 	system(buf);
@@ -382,7 +371,7 @@ void doit(void)
 		printf("\tVerifying...");
 
 	/* initialize softhsm token */
-	ret = gnutls_pkcs11_token_init(URL, PIN, "test");
+	ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
 	if (ret < 0) {
 		fail("gnutls_pkcs11_token_init\n");
 		exit(1);
@@ -392,7 +381,7 @@ void doit(void)
 	for (j = 0; ca_list[j]; j++) {
 		char name[64];
 		snprintf(name, sizeof(name), "test-ca%d", j);
-		ret = gnutls_pkcs11_copy_x509_crt(URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
+		ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO);
 		if (ret < 0) {
 			fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret));
 			exit(1);
@@ -401,7 +390,7 @@ void doit(void)
 
 	gnutls_x509_trust_list_init(&tl, 0);
 
-	ret = gnutls_x509_trust_list_add_trust_file(tl, URL, NULL, 0, 0, 0);
+	ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0);
 	if (ret < 0) {
 		fail("gnutls_x509_trust_list_add_trust_file\n");
 		exit(1);
@@ -415,19 +404,19 @@ void doit(void)
 	}
 	gnutls_x509_crt_deinit(issuer);
 
-	ret = gnutls_pkcs11_crt_is_known(URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+	ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
 	if (ret == 0) {
 		fail("error in gnutls_pkcs11_crt_is_known - 0\n");
 		exit(1);
 	}
 
-	ret = gnutls_pkcs11_crt_is_known(URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+	ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
 	if (ret == 0) {
 		fail("error in gnutls_pkcs11_crt_is_known - 0\n");
 		exit(1);
 	}
 
-	ret = gnutls_pkcs11_crt_is_known(URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
+	ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED);
 	if (ret == 0) {
 		fail("error in gnutls_pkcs11_crt_is_known - 0\n");
 		exit(1);
diff --git a/tests/suite/softhsm.h b/tests/suite/softhsm.h
index bb46736cff..3ac8167d74 100644
--- a/tests/suite/softhsm.h
+++ b/tests/suite/softhsm.h
@@ -21,9 +21,30 @@
 #ifndef SOFTHSM_H
 # define SOFTHSM_H
 
-#define LIB1 "/usr/lib64/softhsm/libsofthsm.so"
-#define LIB2 "/usr/lib/softhsm/libsofthsm.so"
-#define LIB3 "/usr/local/lib/softhsm/libsofthsm.so"
+#include <sys/stat.h>
+
+#define SOFTHSM_V2
+
+#ifdef SOFTHSM_V1
+# define SOFTHSM_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test"
+# define LIB1 "/usr/lib64/pkcs11/libsofthsm.so"
+# define LIB2 "/usr/lib/pkcs11/libsofthsm.so"
+# define LIB3 "/usr/lib/softhsm/libsofthsm.so"
+# define LIB4 "/usr/local/lib/softhsm/libsofthsm.so"
+# define SOFTHSM_BIN1 "/usr/bin/softhsm"
+# define SOFTHSM_BIN2 "/usr/local/bin/softhsm"
+# define SOFTHSM_ENV "SOFTHSM_CONF"
+#else
+# define SOFTHSM_URL "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=test"
+# define LIB1 "/usr/lib64/pkcs11/libsofthsm2.so"
+# define LIB2 "/usr/lib/pkcs11/libsofthsm2.so"
+# define LIB3 "/usr/lib/softhsm/libsofthsm2.so"
+# define LIB4 "/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so"
+# define SOFTHSM_BIN1 "/usr/bin/softhsm2-util"
+# define SOFTHSM_BIN2 "/usr/local/bin/softhsm2-util"
+# define SOFTHSM_ENV "SOFTHSM2_CONF"
+#endif
+
 
 inline static const char *softhsm_lib(void) 
 {
@@ -35,6 +56,8 @@ inline static const char *softhsm_lib(void)
 		lib = LIB2;
 	} else if (access(LIB3, R_OK) == 0) {
 		lib = LIB3;
+	} else if (access(LIB4, R_OK) == 0) {
+		lib = LIB4;
 	} else {
 		fprintf(stderr, "cannot find softhsm module\n");
 		exit(77);
@@ -47,16 +70,56 @@ inline static const char *softhsm_bin(void)
 {
 	const char *bin;
 
-	if (access("/usr/bin/softhsm", X_OK) == 0) {
-		bin = "/usr/bin/softhsm";
-	} else if (access("/usr/local/bin/softhsm", X_OK) == 0) {
-		bin = "/usr/local/bin/softhsm";
+	if (access(SOFTHSM_BIN1, X_OK) == 0) {
+		bin = SOFTHSM_BIN1;
+	} else if (access(SOFTHSM_BIN2, X_OK) == 0) {
+		bin = SOFTHSM_BIN2;
 	} else {
-		fprintf(stderr, "cannot find softhsm module\n");
+		fprintf(stderr, "cannot find softhsm bin\n");
 		exit(77);
 	}
 
 	return bin;
 }
 
+static
+void set_softhsm_conf(const char *config)
+{
+	char buf[128];
+	char db_dir[128];
+	FILE *fp;
+
+	snprintf(db_dir, sizeof(db_dir), "%s.db", config);
+
+	unsetenv(SOFTHSM_ENV);
+	remove(config);
+	fp = fopen(config, "w");
+	if (fp == NULL) {
+		fprintf(stderr, "error writing %s\n", config);
+		exit(1);
+	}
+
+#ifdef SOFTHSM_V1
+	remove(db_dir);
+	snprintf(buf, sizeof(buf), "0:./%s\n", db_dir);
+	fputs(buf, fp);
+#else
+	fputs("directories.tokendir = ", fp);
+	fputs(db_dir, fp);
+	fputs("\n", fp);
+	fputs("objectstore.backend = file\n", fp);
+
+	if (strlen(db_dir) < 6) {
+		fprintf(stderr, "too short name for db: %s\n", db_dir);
+		exit(1);
+	}
+	snprintf(buf, sizeof(buf), "rm -rf %s\n", db_dir);
+	system(buf);
+	mkdir(db_dir, 0755);
+#endif
+	fclose(fp);
+
+	setenv(SOFTHSM_ENV, config, 0);
+}
+
 #endif