source-git / gnutls

Clone
Source Code
GIT

Blame tests/certtool-pkcs11.sh

c8 c8s master
  1.   b97e568fddb0c347c225fc68303960b41a24f19f
  2.   tests
  3.   certtool-pkcs11.sh
Blob History Raw
Packit Service 4684c1 
#!/bin/sh
Packit Service 4684c1
Packit Service 4684c1 
# Copyright (C) 2016 Nikos Mavrogiannopoulos
Packit Service 4684c1 
#
Packit Service 4684c1 
# This file is part of GnuTLS.
Packit Service 4684c1 
#
Packit Service 4684c1 
# GnuTLS is free software; you can redistribute it and/or modify it
Packit Service 4684c1 
# under the terms of the GNU General Public License as published by the
Packit Service 4684c1 
# Free Software Foundation; either version 3 of the License, or (at
Packit Service 4684c1 
# your option) any later version.
Packit Service 4684c1 
#
Packit Service 4684c1 
# GnuTLS is distributed in the hope that it will be useful, but
Packit Service 4684c1 
# WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
# General Public License for more details.
Packit Service 4684c1 
#
Packit Service 4684c1 
# You should have received a copy of the GNU General Public License
Packit Service 4684c1 
# along with GnuTLS; if not, write to the Free Software Foundation,
Packit Service 4684c1 
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Packit Service 4684c1
Packit Service 4684c1 
srcdir="${srcdir:-.}"
Packit Service 4684c1 
P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
Packit Service 4684c1 
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
Packit Service 4684c1 
DIFF="${DIFF:-diff -b -B}"
Packit Service 4684c1 
SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
Packit Service 4684c1 
CLI="${CLI:-../src/gnutls-cli${EXEEXT}}"
Packit Service 4684c1 
RETCODE=0
Packit Service 4684c1
Packit Service 4684c1 
if ! test -x "${P11TOOL}"; then
Packit Service 4684c1 
	exit 77
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
if ! test -x "${CERTTOOL}"; then
Packit Service 4684c1 
	exit 77
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
if ! test -x "${SERV}"; then
Packit Service 4684c1 
	exit 77
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
if ! test -x "${CLI}"; then
Packit Service 4684c1 
	exit 77
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
if ! test -z "${VALGRIND}"; then
Packit Service 4684c1 
	VALGRIND="${LIBTOOL:-libtool} --mode=execute valgrind --leak-check=full"
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
TMPFILE="verify-pkcs11.debug"
Packit Service 4684c1 
CERTTOOL_PARAM="--stdout-info"
Packit Service 4684c1
Packit Service 4684c1 
if test "${WINDIR}" != ""; then
Packit Service 4684c1 
	exit 77
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
Packit Service 4684c1 
SERV="${SERV} -q"
Packit Service 4684c1
Packit Service 4684c1 
. ${srcdir}/scripts/common.sh
Packit Service 4684c1
Packit Service 4684c1 
rm -f "${TMPFILE}"
Packit Service 4684c1
Packit Service 4684c1 
exit_error () {
Packit Service 4684c1 
	echo "check ${TMPFILE} for additional debugging information"
Packit Service 4684c1 
	echo ""
Packit Service 4684c1 
	echo ""
Packit Service 4684c1 
	tail "${TMPFILE}"
Packit Service 4684c1 
	exit 1
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
check_for_datefudge
Packit Service 4684c1
Packit Service 4684c1 
# $1: token
Packit Service 4684c1 
# $2: PIN
Packit Service 4684c1 
# $3: filename
Packit Service 4684c1 
# $4: label
Packit Service 4684c1 
write_ca_cert () {
Packit Service 4684c1 
	export GNUTLS_PIN="$2"
Packit Service 4684c1 
	filename="$3"
Packit Service 4684c1 
	token="$1"
Packit Service 4684c1 
	label="$4"
Packit Service 4684c1
Packit Service 4684c1 
	echo -n "* Writing the CA certificate... "
Packit Service 4684c1 
	${P11TOOL} ${ADDITIONAL_PARAM} --mark-ca --mark-trusted --no-mark-private --so-login --write --label "$label" --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
Packit Service 4684c1 
	if test $? = 0; then
Packit Service 4684c1 
		echo ok
Packit Service 4684c1 
	else
Packit Service 4684c1 
		echo failed
Packit Service 4684c1 
		exit_error
Packit Service 4684c1 
	fi
Packit Service 4684c1
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
# $1: token
Packit Service 4684c1 
# $2: PIN
Packit Service 4684c1 
# $3: filename
Packit Service 4684c1 
write_ca_privkey () {
Packit Service 4684c1 
	export GNUTLS_PIN="$2"
Packit Service 4684c1 
	filename="$3"
Packit Service 4684c1 
	token="$1"
Packit Service 4684c1
Packit Service 4684c1 
	echo -n "* Writing the CA private key... "
Packit Service 4684c1 
	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label CA-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
Packit Service 4684c1 
	if test $? = 0; then
Packit Service 4684c1 
		echo ok
Packit Service 4684c1 
	else
Packit Service 4684c1 
		echo failed
Packit Service 4684c1 
		exit_error
Packit Service 4684c1 
	fi
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
# $1: URL
Packit Service 4684c1 
# $2: cert file to verify
Packit Service 4684c1 
verify_certificate_test() {
Packit Service 4684c1 
	url=$1
Packit Service 4684c1 
	file=$2
Packit Service 4684c1
Packit Service 4684c1 
	echo -n "* Verifying a certificate... "
Packit Service 4684c1 
	datefudge -s "2015-10-10" \
Packit Service 4684c1 
	$CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1
Packit Service 4684c1 
	if test $? = 0; then
Packit Service 4684c1 
		echo ok
Packit Service 4684c1 
	else
Packit Service 4684c1 
		echo "failed $file with $url"
Packit Service 4684c1 
		exit_error
Packit Service 4684c1 
	fi
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
generate_cert() {
Packit Service 4684c1 
	url=$1
Packit Service 4684c1
Packit Service 4684c1 
	echo -n "* Generating a certificate... "
Packit Service 4684c1 
	$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "$url" --load-ca-privkey "${srcdir}/testpkcs11-certs/ca.key" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
Packit Service 4684c1 
	if test $? = 0; then
Packit Service 4684c1 
		echo ok
Packit Service 4684c1 
	else
Packit Service 4684c1 
		echo "failed generation with $url"
Packit Service 4684c1 
		exit_error
Packit Service 4684c1 
	fi
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
generate_cert_with_key() {
Packit Service 4684c1 
	ca_url=$1
Packit Service 4684c1 
	ca_key_url=$2
Packit Service 4684c1
Packit Service 4684c1 
	echo -n "* Generating a certificate (privkey in pkcs11)... "
Packit Service 4684c1 
	$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "${ca_url}" --load-ca-privkey "${ca_key_url}" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
Packit Service 4684c1 
	if test $? = 0; then
Packit Service 4684c1 
		echo ok
Packit Service 4684c1 
	else
Packit Service 4684c1 
		echo "failed generation with $url"
Packit Service 4684c1 
		exit_error
Packit Service 4684c1 
	fi
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
echo "Testing PKCS11 verification"
Packit Service 4684c1
Packit Service 4684c1 
# erase SC
Packit Service 4684c1
Packit Service 4684c1 
type="softhsm"
Packit Service 4684c1
Packit Service 4684c1 
. "${srcdir}/testpkcs11.${type}"
Packit Service 4684c1
Packit Service 4684c1 
export GNUTLS_PIN=12345678
Packit Service 4684c1 
export GNUTLS_SO_PIN=00000000
Packit Service 4684c1
Packit Service 4684c1 
init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
Packit Service 4684c1
Packit Service 4684c1 
# find token name
Packit Service 4684c1 
TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
Packit Service 4684c1
Packit Service 4684c1 
echo "* Token: ${TOKEN}"
Packit Service 4684c1 
if test "x${TOKEN}" = x; then
Packit Service 4684c1 
	echo "Could not find generated token"
Packit Service 4684c1 
	exit_error
Packit Service 4684c1 
fi
Packit Service 4684c1
Packit Service 4684c1 
write_ca_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.crt" "CA"
Packit Service 4684c1
Packit Service 4684c1 
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/server.crt"
Packit Service 4684c1 
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/client.crt"
Packit Service 4684c1 
generate_cert "${TOKEN};object=CA;object-type=cert"
Packit Service 4684c1
Packit Service 4684c1 
write_ca_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.key"
Packit Service 4684c1
Packit Service 4684c1 
generate_cert_with_key "${TOKEN};object=CA;object-type=cert" "${TOKEN};object=CA-key;object-type=private"
Packit Service 4684c1
Packit Service 4684c1 
if test ${RETCODE} = 0; then
Packit Service 4684c1 
	echo "* All tests succeeded"
Packit Service 4684c1 
fi
Packit Service 4684c1 
rm -f "${TMPFILE}"
Packit Service 4684c1
Packit Service 4684c1 
exit 0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation