|
Packit Service |
4684c1 |
#!/bin/sh
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Copyright (C) 2016 Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit Service |
4684c1 |
# under the terms of the GNU General Public License as published by the
|
|
Packit Service |
4684c1 |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit Service |
4684c1 |
# your option) any later version.
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
# General Public License for more details.
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
4684c1 |
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit Service |
4684c1 |
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
srcdir="${srcdir:-.}"
|
|
Packit Service |
4684c1 |
P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
|
|
Packit Service |
4684c1 |
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
|
|
Packit Service |
4684c1 |
DIFF="${DIFF:-diff -b -B}"
|
|
Packit Service |
4684c1 |
SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
|
|
Packit Service |
4684c1 |
CLI="${CLI:-../src/gnutls-cli${EXEEXT}}"
|
|
Packit Service |
4684c1 |
RETCODE=0
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ! test -x "${P11TOOL}"; then
|
|
Packit Service |
4684c1 |
exit 77
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ! test -x "${CERTTOOL}"; then
|
|
Packit Service |
4684c1 |
exit 77
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ! test -x "${SERV}"; then
|
|
Packit Service |
4684c1 |
exit 77
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ! test -x "${CLI}"; then
|
|
Packit Service |
4684c1 |
exit 77
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ! test -z "${VALGRIND}"; then
|
|
Packit Service |
4684c1 |
VALGRIND="${LIBTOOL:-libtool} --mode=execute valgrind --leak-check=full"
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TMPFILE="verify-pkcs11.debug"
|
|
Packit Service |
4684c1 |
CERTTOOL_PARAM="--stdout-info"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if test "${WINDIR}" != ""; then
|
|
Packit Service |
4684c1 |
exit 77
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
|
|
Packit Service |
4684c1 |
SERV="${SERV} -q"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
. ${srcdir}/scripts/common.sh
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
rm -f "${TMPFILE}"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
exit_error () {
|
|
Packit Service |
4684c1 |
echo "check ${TMPFILE} for additional debugging information"
|
|
Packit Service |
4684c1 |
echo ""
|
|
Packit Service |
4684c1 |
echo ""
|
|
Packit Service |
4684c1 |
tail "${TMPFILE}"
|
|
Packit Service |
4684c1 |
exit 1
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
check_for_datefudge
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# $1: token
|
|
Packit Service |
4684c1 |
# $2: PIN
|
|
Packit Service |
4684c1 |
# $3: filename
|
|
Packit Service |
4684c1 |
# $4: label
|
|
Packit Service |
4684c1 |
write_ca_cert () {
|
|
Packit Service |
4684c1 |
export GNUTLS_PIN="$2"
|
|
Packit Service |
4684c1 |
filename="$3"
|
|
Packit Service |
4684c1 |
token="$1"
|
|
Packit Service |
4684c1 |
label="$4"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo -n "* Writing the CA certificate... "
|
|
Packit Service |
4684c1 |
${P11TOOL} ${ADDITIONAL_PARAM} --mark-ca --mark-trusted --no-mark-private --so-login --write --label "$label" --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
|
|
Packit Service |
4684c1 |
if test $? = 0; then
|
|
Packit Service |
4684c1 |
echo ok
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
echo failed
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# $1: token
|
|
Packit Service |
4684c1 |
# $2: PIN
|
|
Packit Service |
4684c1 |
# $3: filename
|
|
Packit Service |
4684c1 |
write_ca_privkey () {
|
|
Packit Service |
4684c1 |
export GNUTLS_PIN="$2"
|
|
Packit Service |
4684c1 |
filename="$3"
|
|
Packit Service |
4684c1 |
token="$1"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo -n "* Writing the CA private key... "
|
|
Packit Service |
4684c1 |
${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label CA-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
|
|
Packit Service |
4684c1 |
if test $? = 0; then
|
|
Packit Service |
4684c1 |
echo ok
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
echo failed
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# $1: URL
|
|
Packit Service |
4684c1 |
# $2: cert file to verify
|
|
Packit Service |
4684c1 |
verify_certificate_test() {
|
|
Packit Service |
4684c1 |
url=$1
|
|
Packit Service |
4684c1 |
file=$2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo -n "* Verifying a certificate... "
|
|
Packit Service |
4684c1 |
datefudge -s "2015-10-10" \
|
|
Packit Service |
4684c1 |
$CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1
|
|
Packit Service |
4684c1 |
if test $? = 0; then
|
|
Packit Service |
4684c1 |
echo ok
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
echo "failed $file with $url"
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
generate_cert() {
|
|
Packit Service |
4684c1 |
url=$1
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo -n "* Generating a certificate... "
|
|
Packit Service |
4684c1 |
$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "$url" --load-ca-privkey "${srcdir}/testpkcs11-certs/ca.key" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
|
|
Packit Service |
4684c1 |
if test $? = 0; then
|
|
Packit Service |
4684c1 |
echo ok
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
echo "failed generation with $url"
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
generate_cert_with_key() {
|
|
Packit Service |
4684c1 |
ca_url=$1
|
|
Packit Service |
4684c1 |
ca_key_url=$2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo -n "* Generating a certificate (privkey in pkcs11)... "
|
|
Packit Service |
4684c1 |
$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "${ca_url}" --load-ca-privkey "${ca_key_url}" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
|
|
Packit Service |
4684c1 |
if test $? = 0; then
|
|
Packit Service |
4684c1 |
echo ok
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
echo "failed generation with $url"
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo "Testing PKCS11 verification"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# erase SC
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
type="softhsm"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
. "${srcdir}/testpkcs11.${type}"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
export GNUTLS_PIN=12345678
|
|
Packit Service |
4684c1 |
export GNUTLS_SO_PIN=00000000
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# find token name
|
|
Packit Service |
4684c1 |
TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
echo "* Token: ${TOKEN}"
|
|
Packit Service |
4684c1 |
if test "x${TOKEN}" = x; then
|
|
Packit Service |
4684c1 |
echo "Could not find generated token"
|
|
Packit Service |
4684c1 |
exit_error
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
write_ca_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.crt" "CA"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/server.crt"
|
|
Packit Service |
4684c1 |
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/client.crt"
|
|
Packit Service |
4684c1 |
generate_cert "${TOKEN};object=CA;object-type=cert"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
write_ca_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.key"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
generate_cert_with_key "${TOKEN};object=CA;object-type=cert" "${TOKEN};object=CA-key;object-type=private"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if test ${RETCODE} = 0; then
|
|
Packit Service |
4684c1 |
echo "* All tests succeeded"
|
|
Packit Service |
4684c1 |
fi
|
|
Packit Service |
4684c1 |
rm -f "${TMPFILE}"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
exit 0
|