summaryrefslogtreecommitdiff
path: root/tests/suite/testpkcs11
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2015-10-16 15:05:09 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2015-10-17 09:59:37 +0200
commita31ec6cb457418890cc6940f16795c24589f4555 (patch)
tree55de0aae19359fa7a2eacb1e6560e5907fc01900 /tests/suite/testpkcs11
parent5638851977b6711e9701c4858d7ec7d39d90b4a4 (diff)
downloadgnutls-a31ec6cb457418890cc6940f16795c24589f4555.tar.gz
tests: verify that public keys are properly written
Also disable parts of the suite that softhsm2 cannot properly work with, to allow running parts of the suite even with broken softhsm.
Diffstat (limited to 'tests/suite/testpkcs11')
-rwxr-xr-xtests/suite/testpkcs1156
1 files changed, 55 insertions, 1 deletions
diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11
index 53ae752041..6abacf336e 100755
--- a/tests/suite/testpkcs11
+++ b/tests/suite/testpkcs11
@@ -95,6 +95,32 @@ write_serv_privkey () {
# $1: token
# $2: PIN
# $3: filename
+write_serv_pubkey () {
+ export GNUTLS_PIN="$2"
+ filename="$3"
+ token="$1"
+
+ echo -n "* Writing the server public key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-pubkey --load-pubkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
+ if test $? = 0; then
+ echo ok
+ else
+ echo failed
+ exit_error
+ fi
+
+ #verify it being written
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=serv-pubkey;type=public" >>"${TMPFILE}" 2>&1
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=serv-pubkey;type=public"|grep "Public key" >/dev/null 2>&1
+ if test $? != 0;then
+ echo "Cannot verify the existence of the written pubkey"
+ exit_error
+ fi
+}
+
+# $1: token
+# $2: PIN
+# $3: filename
write_serv_cert () {
export GNUTLS_PIN="$2"
filename="$3"
@@ -323,10 +349,15 @@ write_certificate_test () {
fi
echo ok
+ if test -n "${BROKEN_SOFTHSM2}";then
+ return
+ fi
+
echo -n "* Writing certificate of client's CA... "
${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
ret=$?
if test ${ret} != 0; then
+ echo "Failed with PIN, trying to write with so PIN" >>"${TMPFILE}"
${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${TMPFILE}" 2>&1
ret=$?
fi
@@ -393,6 +424,27 @@ write_certificate_test () {
fi
}
+test_sign () {
+ export GNUTLS_PIN="$2"
+ token="$1"
+
+ echo -n "* Testing signatures using the private key... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};object=serv-key" >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "failed. Cannot test signatures."
+ exit_error
+ fi
+ echo ok
+
+ echo -n "* Testing signatures using the private key (with ID)... "
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};id=%ac%1d%7a%39%cb%72%17%94%66%6c%74%44%73%40%91%44%c0%a0%43%7d" >>"${TMPFILE}" 2>&1
+ ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};id=%ac%1d%7a%39%cb%72%17%94%66%6c%74%44%73%40%91%44%c0%a0%43%7d" 2>&1|grep "Verifying against public key in the token..."|grep ok >>"${TMPFILE}" 2>&1
+ if test $? != 0; then
+ echo "failed. Cannot test signatures with ID."
+ exit_error
+ fi
+ echo ok
+}
# $1: token
# $2: PIN
@@ -491,10 +543,12 @@ export_pubkey_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
change_label_of_privkey "${TOKEN}" "${GNUTLS_PIN}"
write_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/ca.key" "${srcdir}/pkcs11-certs/ca.crt" tmp-client.pub
-
write_serv_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.key"
write_serv_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.crt"
+write_serv_pubkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/pkcs11-certs/server.crt"
+test_sign "${TOKEN}" "${GNUTLS_PIN}"
+
use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert;object-type=cert" "${TOKEN};object=serv-key;object-type=private" "${srcdir}/pkcs11-certs/ca.crt" "full URLs"
use_certificate_test "${TOKEN}" "${GNUTLS_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/pkcs11-certs/ca.crt" "abbrv URLs"