diff options
Diffstat (limited to '')
-rwxr-xr-x | tests/p11-kit-load.sh | 204 |
1 files changed, 204 insertions, 0 deletions
diff --git a/tests/p11-kit-load.sh b/tests/p11-kit-load.sh new file mode 100755 index 0000000..3662924 --- /dev/null +++ b/tests/p11-kit-load.sh @@ -0,0 +1,204 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of p11-kit. +# +# p11-kit is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# p11-kit is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/> + +#set -e + +: ${srcdir=.} +: ${builddir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${DIFF=diff} +: ${PKG_CONFIG=pkg-config} +TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp" +P11DIR="p11-kit-conf.$$.tmp" +PIN=1234 +PUK=1234 + +for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do + if test -f "${lib}/p11-kit-trust.so"; then + TRUST_MODULE="${lib}/p11-kit-trust.so" + echo "located ${MODULE}" + break + fi +done + +for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/ /usr/lib/softhsm/;do + if test -f "${lib}/libsofthsm2.so"; then + SOFTHSM_MODULE="${lib}/libsofthsm2.so" + echo "located ${MODULE}" + break + fi +done + +${PKG_CONFIG} --version >/dev/null || exit 77 + +${PKG_CONFIG} --atleast-version=0.23.10 p11-kit-1 +if test $? != 0;then + echo p11-kit 0.23.10 is required + exit 77 +fi + +if ! test -f "${TRUST_MODULE}"; then + echo "p11-kit trust module was not found" + exit 77 +fi + +if ! test -f "${SOFTHSM_MODULE}"; then + echo "softhsm module was not found" + exit 77 +fi + +# Create pkcs11.conf with two modules, a trusted (p11-kit-trust) +# and softhsm (not trusted) +mkdir -p ${P11DIR} + +cat <<_EOF_ >${P11DIR}/p11-kit-trust.module +module: p11-kit-trust.so +trust-policy: yes +_EOF_ + +cat <<_EOF_ >${P11DIR}/softhsm.module +module: libsofthsm2.so +_EOF_ + +# Setup softhsm +rm -rf ${TMP_SOFTHSM_DIR} +mkdir -p ${TMP_SOFTHSM_DIR} +SOFTHSM2_CONF=${TMP_SOFTHSM_DIR}/conf +export SOFTHSM2_CONF +echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" +echo "directories.tokendir = ${TMP_SOFTHSM_DIR}" >> "${SOFTHSM2_CONF}" + +softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 +if test $? != 0; then + echo "failed to initialize softhsm" + exit 1 +fi + +GNUTLS_PIN="${PIN}" ${P11TOOL} --login --label GnuTLS-Test-RSA --generate-privkey rsa --provider "${SOFTHSM_MODULE}" pkcs11: --outfile /dev/null +if test $? != 0; then + echo "failed to generate privkey" + exit 1 +fi + +FILTERTOKEN="sed s/token=.*//g" + +# Check whether both are listed + +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l) +#nr=$(${P11TOOL} --list-tokens|grep 'Module:'|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error: did not find 2 modules ($nr)" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} + exit 1 +fi + +# Check whether whether list-tokens will list the trust module +# if we only load softhsm. It shouldn't as we only load the +# trust module when needed (e.g., verification). + +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error: did not find softhsm module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}" + exit 1 +fi + +# Check whether both modules are found when gnutls_pkcs11_init +# is not called but a pkcs11 operation is called. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -d|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 1: did not find 2 modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -d + exit 1 +fi + +# Check whether both modules are found when gnutls_pkcs11_init +# is called with the auto flag +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 2: did not find 2 modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -a + exit 1 +fi + +# Check whether only trusted modules are listed when the +# trusted flag is given to gnutls_pkcs11_init(). +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -t|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 3: did not find the trusted module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -t + exit 1 +fi + +# Check whether only trusted is listed after certificate verification +# is performed. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 4: did not find 1 module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v + exit 1 +fi + +# Check whether only trusted is listed when gnutls_pkcs11_init +# is called with manual flag and a certificate verification is performed. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 5: did not find 1 module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v + exit 1 +fi + +# Check whether all modules are listed after certificate verification +# is performed then a PKCS#11 function is called. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 6: did not find all modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d + exit 1 +fi + +# Check whether all modules are listed after a private key operation. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -p|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 7: did not find all modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -p + exit 1 +fi + +# Check whether public key and privkey are listed. +nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 8: did not find all objects" + ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test + exit 1 +fi + +# Check whether all privkeys are listed even if trust module is registered. +nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 9: did not find privkey objects" + ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11: + exit 1 +fi + +rm -f ${P11DIR}/* +rm -rf ${TMP_SOFTHSM_DIR} + +exit 0 |