source-git / gnutls

Clone
Source Code
GIT

Blame tests/certtool-pkcs11.sh

c8 c8s master
  1.   c8
  2.   tests
  3.   certtool-pkcs11.sh
Blob History Raw
Packit aea12f 
#!/bin/sh
Packit aea12f
Packit aea12f 
# Copyright (C) 2016 Nikos Mavrogiannopoulos
Packit aea12f 
#
Packit aea12f 
# This file is part of GnuTLS.
Packit aea12f 
#
Packit aea12f 
# GnuTLS is free software; you can redistribute it and/or modify it
Packit aea12f 
# under the terms of the GNU General Public License as published by the
Packit aea12f 
# Free Software Foundation; either version 3 of the License, or (at
Packit aea12f 
# your option) any later version.
Packit aea12f 
#
Packit aea12f 
# GnuTLS is distributed in the hope that it will be useful, but
Packit aea12f 
# WITHOUT ANY WARRANTY; without even the implied warranty of
Packit aea12f 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit aea12f 
# General Public License for more details.
Packit aea12f 
#
Packit aea12f 
# You should have received a copy of the GNU General Public License
Packit aea12f 
# along with GnuTLS; if not, write to the Free Software Foundation,
Packit aea12f 
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Packit aea12f
Packit aea12f 
srcdir="${srcdir:-.}"
Packit aea12f 
P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
Packit aea12f 
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
Packit aea12f 
DIFF="${DIFF:-diff -b -B}"
Packit aea12f 
SERV="${SERV:-../src/gnutls-serv${EXEEXT}}"
Packit aea12f 
CLI="${CLI:-../src/gnutls-cli${EXEEXT}}"
Packit aea12f 
RETCODE=0
Packit aea12f
Packit aea12f 
if ! test -x "${P11TOOL}"; then
Packit aea12f 
	exit 77
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
if ! test -x "${CERTTOOL}"; then
Packit aea12f 
	exit 77
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
if ! test -x "${SERV}"; then
Packit aea12f 
	exit 77
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
if ! test -x "${CLI}"; then
Packit aea12f 
	exit 77
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
if ! test -z "${VALGRIND}"; then
Packit aea12f 
	VALGRIND="${LIBTOOL:-libtool} --mode=execute valgrind --leak-check=full"
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
TMPFILE="verify-pkcs11.debug"
Packit aea12f 
CERTTOOL_PARAM="--stdout-info"
Packit aea12f
Packit aea12f 
if test "${WINDIR}" != ""; then
Packit aea12f 
	exit 77
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
Packit aea12f 
SERV="${SERV} -q"
Packit aea12f
Packit aea12f 
. ${srcdir}/scripts/common.sh
Packit aea12f
Packit aea12f 
rm -f "${TMPFILE}"
Packit aea12f
Packit aea12f 
exit_error () {
Packit aea12f 
	echo "check ${TMPFILE} for additional debugging information"
Packit aea12f 
	echo ""
Packit aea12f 
	echo ""
Packit aea12f 
	tail "${TMPFILE}"
Packit aea12f 
	exit 1
Packit aea12f 
}
Packit aea12f
Packit aea12f 
check_for_datefudge
Packit aea12f
Packit aea12f 
# $1: token
Packit aea12f 
# $2: PIN
Packit aea12f 
# $3: filename
Packit aea12f 
# $4: label
Packit aea12f 
write_ca_cert () {
Packit aea12f 
	export GNUTLS_PIN="$2"
Packit aea12f 
	filename="$3"
Packit aea12f 
	token="$1"
Packit aea12f 
	label="$4"
Packit aea12f
Packit aea12f 
	echo -n "* Writing the CA certificate... "
Packit aea12f 
	${P11TOOL} ${ADDITIONAL_PARAM} --mark-ca --mark-trusted --no-mark-private --so-login --write --label "$label" --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1
Packit aea12f 
	if test $? = 0; then
Packit aea12f 
		echo ok
Packit aea12f 
	else
Packit aea12f 
		echo failed
Packit aea12f 
		exit_error
Packit aea12f 
	fi
Packit aea12f
Packit aea12f 
}
Packit aea12f
Packit aea12f 
# $1: token
Packit aea12f 
# $2: PIN
Packit aea12f 
# $3: filename
Packit aea12f 
write_ca_privkey () {
Packit aea12f 
	export GNUTLS_PIN="$2"
Packit aea12f 
	filename="$3"
Packit aea12f 
	token="$1"
Packit aea12f
Packit aea12f 
	echo -n "* Writing the CA private key... "
Packit aea12f 
	${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label CA-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1
Packit aea12f 
	if test $? = 0; then
Packit aea12f 
		echo ok
Packit aea12f 
	else
Packit aea12f 
		echo failed
Packit aea12f 
		exit_error
Packit aea12f 
	fi
Packit aea12f 
}
Packit aea12f
Packit aea12f 
# $1: URL
Packit aea12f 
# $2: cert file to verify
Packit aea12f 
verify_certificate_test() {
Packit aea12f 
	url=$1
Packit aea12f 
	file=$2
Packit aea12f
Packit aea12f 
	echo -n "* Verifying a certificate... "
Packit aea12f 
	datefudge -s "2015-10-10" \
Packit aea12f 
	$CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1
Packit aea12f 
	if test $? = 0; then
Packit aea12f 
		echo ok
Packit aea12f 
	else
Packit aea12f 
		echo "failed $file with $url"
Packit aea12f 
		exit_error
Packit aea12f 
	fi
Packit aea12f 
}
Packit aea12f
Packit aea12f 
generate_cert() {
Packit aea12f 
	url=$1
Packit aea12f
Packit aea12f 
	echo -n "* Generating a certificate... "
Packit aea12f 
	$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "$url" --load-ca-privkey "${srcdir}/testpkcs11-certs/ca.key" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
Packit aea12f 
	if test $? = 0; then
Packit aea12f 
		echo ok
Packit aea12f 
	else
Packit aea12f 
		echo "failed generation with $url"
Packit aea12f 
		exit_error
Packit aea12f 
	fi
Packit aea12f 
}
Packit aea12f
Packit aea12f 
generate_cert_with_key() {
Packit aea12f 
	ca_url=$1
Packit aea12f 
	ca_key_url=$2
Packit aea12f
Packit aea12f 
	echo -n "* Generating a certificate (privkey in pkcs11)... "
Packit aea12f 
	$CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "${ca_url}" --load-ca-privkey "${ca_key_url}" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1
Packit aea12f 
	if test $? = 0; then
Packit aea12f 
		echo ok
Packit aea12f 
	else
Packit aea12f 
		echo "failed generation with $url"
Packit aea12f 
		exit_error
Packit aea12f 
	fi
Packit aea12f 
}
Packit aea12f
Packit aea12f 
echo "Testing PKCS11 verification"
Packit aea12f
Packit aea12f 
# erase SC
Packit aea12f
Packit aea12f 
type="softhsm"
Packit aea12f
Packit aea12f 
. "${srcdir}/testpkcs11.${type}"
Packit aea12f
Packit aea12f 
export GNUTLS_PIN=12345678
Packit aea12f 
export GNUTLS_SO_PIN=00000000
Packit aea12f
Packit aea12f 
init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}"
Packit aea12f
Packit aea12f 
# find token name
Packit aea12f 
TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'`
Packit aea12f
Packit aea12f 
echo "* Token: ${TOKEN}"
Packit aea12f 
if test "x${TOKEN}" = x; then
Packit aea12f 
	echo "Could not find generated token"
Packit aea12f 
	exit_error
Packit aea12f 
fi
Packit aea12f
Packit aea12f 
write_ca_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.crt" "CA"
Packit aea12f
Packit aea12f 
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/server.crt"
Packit aea12f 
verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/client.crt"
Packit aea12f 
generate_cert "${TOKEN};object=CA;object-type=cert"
Packit aea12f
Packit aea12f 
write_ca_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.key"
Packit aea12f
Packit aea12f 
generate_cert_with_key "${TOKEN};object=CA;object-type=cert" "${TOKEN};object=CA-key;object-type=private"
Packit aea12f
Packit aea12f 
if test ${RETCODE} = 0; then
Packit aea12f 
	echo "* All tests succeeded"
Packit aea12f 
fi
Packit aea12f 
rm -f "${TMPFILE}"
Packit aea12f
Packit aea12f 
exit 0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation