|
Packit Service |
8aa27d |
#!/bin/bash
|
|
Packit Service |
8aa27d |
#
|
|
Packit Service |
8aa27d |
# COPYRIGHT (c) International Business Machines Corp. 2020
|
|
Packit Service |
8aa27d |
#
|
|
Packit Service |
8aa27d |
# This program is provided under the terms of the Common Public License,
|
|
Packit Service |
8aa27d |
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
|
|
Packit Service |
8aa27d |
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
|
|
Packit Service |
8aa27d |
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# - Requires p11tool (gnutls) and pkcs11-tool (opensc).
|
|
Packit Service |
8aa27d |
# - The PKCSLIB environment must point to your system's libopencryptoki.so.
|
|
Packit Service |
8aa27d |
# - The PKCS11_SO_PIN environment variable must hold the SO pin.
|
|
Packit Service |
8aa27d |
# - The PKCS11_USER_PIN environment variable must hold the user pin.
|
|
Packit Service |
8aa27d |
# - The OCK_CONFDIR environment variable must point to your system's openCryptoki configuration directory.
|
|
Packit Service |
8aa27d |
# - The OCK_DATASTORE environment variable must point to the token's datastore directory.
|
|
Packit Service |
8aa27d |
# - The SLOT environment variable must hold the slot id of the token under test.
|
|
Packit Service |
8aa27d |
# - The PKCS11_TOKEN_URL environment variable must hold the the token url of the token under test.
|
|
Packit Service |
8aa27d |
#
|
|
Packit Service |
8aa27d |
# sodo -E ./migrate.sh
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
set -x
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# tmp files
|
|
Packit Service |
8aa27d |
PKCSCONF_PRE=pkcsconf-pre.out
|
|
Packit Service |
8aa27d |
PKCSCONF_POST=pkcsconf-post.out
|
|
Packit Service |
8aa27d |
P11TOOL_PRE=p11tool-pre.out
|
|
Packit Service |
8aa27d |
P11TOOL_POST=p11tool-post.out
|
|
Packit Service |
8aa27d |
PKCS11_TOOL_PRE=pkcs11-tool-pre.out
|
|
Packit Service |
8aa27d |
PKCS11_TOOL_POST=pkcs11-tool-post.out
|
|
Packit Service |
8aa27d |
P11SAK_PRE=p11sak-pre.out
|
|
Packit Service |
8aa27d |
P11SAK_POST=p11sak-post.out
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# set p11tool env vars
|
|
Packit Service |
8aa27d |
export GNUTLS_SO_PIN=$PKCS11_SO_PIN
|
|
Packit Service |
8aa27d |
export GNUTLS_PIN=$PKCS11_USER_PIN
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# generate objects
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --login --generate-rsa --bits 2048 --label p11tool-rsa "$PKCS11_TOKEN_URL"
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --keypairgen --key-type rsa:2048 --label pkcs11-tool-rsa
|
|
Packit Service |
8aa27d |
p11sak generate-key rsa 2048 --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-rsa
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# list slots/tokens
|
|
Packit Service |
8aa27d |
pkcsconf -i &>> $PKCSCONF_PRE
|
|
Packit Service |
8aa27d |
pkcsconf -s &>> $PKCSCONF_PRE
|
|
Packit Service |
8aa27d |
pkcsconf -t &>> $PKCSCONF_PRE
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-tokens &>> $P11TOOL_PRE
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --list-slots &>> $PKCS11_TOOL_PRE
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# list objects
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-all "$PKCS11_TOKEN_URL" &>> $P11TOOL_PRE
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-all --login "$PKCS11_TOKEN_URL" &>> $P11TOOL_PRE
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --slot $SLOT -list-objects &>> $PKCS11_TOOL_PRE
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --list-objects &>> $PKCS11_TOOL_PRE
|
|
Packit Service |
8aa27d |
p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &>> $P11SAK_PRE
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# migrate
|
|
Packit Service |
8aa27d |
killall pkcsslotd
|
|
Packit Service |
8aa27d |
echo -e "y\n" | pkcstok_migrate --verbose debug --slot $SLOT --sopin $PKCS11_SO_PIN --userpin $PKCS11_USER_PIN --confdir $OCK_CONFDIR --datastore $OCK_DATASTORE
|
|
Packit Service |
8aa27d |
pkcsslotd
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# list slots/tokens
|
|
Packit Service |
8aa27d |
pkcsconf -i &>> $PKCSCONF_POST
|
|
Packit Service |
8aa27d |
pkcsconf -s &>> $PKCSCONF_POST
|
|
Packit Service |
8aa27d |
pkcsconf -t &>> $PKCSCONF_POST
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-tokens &>> p11tool-post.out
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --list-slots &>> pkcs11-tool-post.out
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# list objects
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-all "$PKCS11_TOKEN_URL" &>> $P11TOOL_POST
|
|
Packit Service |
8aa27d |
p11tool --provider=$PKCSLIB --list-all --login "$PKCS11_TOKEN_URL" &>> $P11TOOL_POST
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --slot $SLOT -list-objects &>> $PKCS11_TOOL_POST
|
|
Packit Service |
8aa27d |
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --list-objects &>> $PKCS11_TOOL_POST
|
|
Packit Service |
8aa27d |
p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &>> $P11SAK_POST
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
# compare
|
|
Packit Service |
8aa27d |
cmp $PKCSCONF_PRE $PKCSCONF_POST
|
|
Packit Service |
8aa27d |
cmp $P11TOOL_PRE $P11TOOL_POST
|
|
Packit Service |
8aa27d |
cmp $PKCS11_TOOL_PRE $PKCS11_TOOL_POST
|
|
Packit Service |
8aa27d |
cmp $P11SAK_PRE $P11SAK_POST
|