From a630d5a5d0ba58766092ba3489e17d73a53b96cd Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 3 Nov 2017 14:33:24 +0100
Subject: tests: enhanced PKCS#11 loading test

Test whether implicit initialization in trusted module (e.g.,
via verification), would result to proper initialization of additional
modules once a PCKS#11 function is called.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/destructive/p11-kit-load.sh | 8 ++++++++
 tests/pkcs11/list-tokens.c        | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/tests/destructive/p11-kit-load.sh b/tests/destructive/p11-kit-load.sh
index 2fe6394fe2..86e8eb3600 100755
--- a/tests/destructive/p11-kit-load.sh
+++ b/tests/destructive/p11-kit-load.sh
@@ -141,4 +141,12 @@ if test "$nr" != 1;then
 	${builddir}/pkcs11/list-tokens -m -v
 fi
 
+# Check whether all modules are listed after certificate verification
+# is performed then a PKCS#11 function is called.
+${builddir}/pkcs11/list-tokens -v -d|wc -l
+if test "$nr" != 2;then
+	echo "Error in test 6: did not find all modules"
+	${builddir}/pkcs11/list-tokens -v
+fi
+
 exit 0
diff --git a/tests/pkcs11/list-tokens.c b/tests/pkcs11/list-tokens.c
index a835ef9c60..42092b45f9 100644
--- a/tests/pkcs11/list-tokens.c
+++ b/tests/pkcs11/list-tokens.c
@@ -70,6 +70,7 @@ int main(int argc, char **argv)
 	while((opt = getopt(argc, argv, "mvatd")) != -1) {
 		switch(opt) {
 			case 'm':
+				/* initialize manually - i.e., do no module loading */
 				ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
 				if (ret != 0) {
 					fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
@@ -77,9 +78,12 @@ int main(int argc, char **argv)
 				}
 				break;
 			case 'd':
+				/* when call _gnutls_pkcs11_token_get_url() do proper initialization
+				 * if none done */
 				flag = 0;
 				break;
 			case 'a':
+				/* initialize auto - i.e., do module loading */
 				ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL);
 				if (ret != 0) {
 					fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
@@ -87,6 +91,7 @@ int main(int argc, char **argv)
 				}
 				break;
 			case 't':
+				/* do trusted module loading */
 				ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO_TRUSTED, NULL);
 				if (ret != 0) {
 					fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret));
@@ -94,6 +99,7 @@ int main(int argc, char **argv)
 				}
 				break;
 			case 'v':
+				/* do verification which should trigger trusted module loading */
 				assert(gnutls_certificate_allocate_credentials(&cred) >= 0);
 				assert(gnutls_certificate_set_x509_system_trust(cred) >= 0);
 				gnutls_certificate_free_credentials(cred);
-- 
cgit v1.2.1