diff options
Diffstat (limited to 'tests/destructive/p11-kit-load.sh')
-rwxr-xr-x | tests/destructive/p11-kit-load.sh | 68 |
1 files changed, 47 insertions, 21 deletions
diff --git a/tests/destructive/p11-kit-load.sh b/tests/destructive/p11-kit-load.sh index 86e8eb3600..92e9045c2c 100755 --- a/tests/destructive/p11-kit-load.sh +++ b/tests/destructive/p11-kit-load.sh @@ -25,6 +25,10 @@ P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}" CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" DIFF="${DIFF:-diff}" PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}" +TMPDIR="backup.$$.tmp" +TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp" +PIN=1234 +PUK=1234 for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do if test -f "${lib}/p11-kit-trust.so"; then @@ -62,6 +66,9 @@ fi # Create pkcs11.conf with two modules, a trusted (p11-kit-trust) # and softhsm (not trusted) DIR=$(${PKGCONFIG} --var=p11_system_config_modules p11-kit-1) + +mkdir -p ${TMPDIR} +cp ${DIR}/* ${TMPDIR} rm -f ${DIR}/* cat <<_EOF_ >${DIR}/p11-kit-trust.module @@ -73,80 +80,99 @@ cat <<_EOF_ >${DIR}/softhsm.module module: libsofthsm2.so _EOF_ +# Setup softhsm +rm -rf ${TMP_SOFTHSM_DIR} +mkdir -p ${TMP_SOFTHSM_DIR} +SOFTHSM2_CONF=${TMP_SOFTHSM_DIR}/conf +export SOFTHSM2_CONF +echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" +echo "directories.tokendir = ${TMP_SOFTHSM_DIR}" >> "${SOFTHSM2_CONF}" + +softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 +if test $? != 0; then + echo "failed to initialize softhsm" + exit 1 +fi + + # Check whether p11tool would list them both -nr=$(${P11TOOL} --list-tokens|grep -c ^Token) +nr=$(${P11TOOL} --list-tokens|grep 'Module:'|sort -u|wc -l) if test "$nr" != 2;then - echo "Error: did not find 2 modules" - ${P11TOOL} --list-tokens + echo "Error: did not find 2 modules ($nr)" + ${P11TOOL} --list-tokens|grep 'Module:'|sort|uniq + exit 1 fi # Check whether p11tool with a specific provider would list only that +# That is, check whether p11tool will list the trust module +# if we only load softhsm (it should as trust modules +# are always loaded).ould list them both nr=$(${P11TOOL} --provider "${SOFTHSM_MODULE}" --list-tokens|grep -c ^Token) if test "$nr" != 1;then echo "Error: did not find softhsm modules" ${P11TOOL} --list-tokens --provider "${SOFTHSM_MODULE}" + exit 1 fi - -# Check whether p11tool will list the trust module -# if we only load softhsm (it should as trust modules -# are always loaded).ould list them both - -nr=$(${P11TOOL} --list-tokens|grep -c ^Token) -if test "$nr" != 2;then - echo "Error: did not find 2 modules" - ${P11TOOL} --list-tokens -fi - - +FILTERTOKEN="sed s/token=.*//g" # Check whether both modules are found when gnutls_pkcs11_init # is not called but a pkcs11 operation is called. -${builddir}/pkcs11/list-tokens -d|wc -l +nr=$(${builddir}/pkcs11/list-tokens -d|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 2;then echo "Error in test 1: did not find 2 modules" ${builddir}/pkcs11/list-tokens -d + exit 1 fi # Check whether both modules are found when gnutls_pkcs11_init # is called with the auto flag -${builddir}/pkcs11/list-tokens -a|wc -l +nr=$(${builddir}/pkcs11/list-tokens -a|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 2;then echo "Error in test 2: did not find 2 modules" ${builddir}/pkcs11/list-tokens -a + exit 1 fi # Check whether only trusted modules are listed when the # trusted flag is given to gnutls_pkcs11_init(). -${builddir}/pkcs11/list-tokens -t|wc -l +nr=$(${builddir}/pkcs11/list-tokens -t|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 1;then echo "Error in test 3: did not find the trusted module" ${builddir}/pkcs11/list-tokens -t + exit 1 fi # Check whether only trusted is listed after certificate verification # is performed. -${builddir}/pkcs11/list-tokens -v|wc -l +nr=$(${builddir}/pkcs11/list-tokens -v|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 1;then echo "Error in test 4: did not find 1 module" ${builddir}/pkcs11/list-tokens -v + exit 1 fi # Check whether only trusted is listed when gnutls_pkcs11_init # is called with manual flag and a certificate verification is performed. -${builddir}/pkcs11/list-tokens -m -v|wc -l +nr=$(${builddir}/pkcs11/list-tokens -m -v|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 1;then echo "Error in test 5: did not find 1 module" ${builddir}/pkcs11/list-tokens -m -v + exit 1 fi # Check whether all modules are listed after certificate verification # is performed then a PKCS#11 function is called. -${builddir}/pkcs11/list-tokens -v -d|wc -l +nr=$(${builddir}/pkcs11/list-tokens -v -d|${FILTERTOKEN}|sort -u|wc -l) if test "$nr" != 2;then echo "Error in test 6: did not find all modules" ${builddir}/pkcs11/list-tokens -v + exit 1 fi +rm -f ${DIR}/* +rm -rf ${TMP_SOFTHSM_DIR} +cp ${TMPDIR}/* ${DIR}/ + exit 0 |