source-git / opencryptoki

Clone
Source Code
GIT

Blame testcases/misc_tests/migration.sh

c8 c8s master
  1.   8aa27dc2edbd225ad179b0db77a7f01cbfdeff9a
  2.   testcases
  3.   misc_tests
  4.   migration.sh
Blob History Raw
Packit Service 8aa27d 
#!/bin/bash
Packit Service 8aa27d 
#
Packit Service 8aa27d 
# COPYRIGHT (c) International Business Machines Corp. 2020
Packit Service 8aa27d 
#
Packit Service 8aa27d 
# This program is provided under the terms of the Common Public License,
Packit Service 8aa27d 
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
Packit Service 8aa27d 
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
Packit Service 8aa27d 
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
Packit Service 8aa27d
Packit Service 8aa27d 
# - Requires p11tool (gnutls) and pkcs11-tool (opensc).
Packit Service 8aa27d 
# - The PKCSLIB environment must point to your system's libopencryptoki.so.
Packit Service 8aa27d 
# - The PKCS11_SO_PIN environment variable must hold the SO pin.
Packit Service 8aa27d 
# - The PKCS11_USER_PIN environment variable must hold the user pin.
Packit Service 8aa27d 
# - The OCK_CONFDIR environment variable must point to your system's openCryptoki configuration directory.
Packit Service 8aa27d 
# - The OCK_DATASTORE environment variable must point to the token's datastore directory.
Packit Service 8aa27d 
# - The SLOT environment variable must hold the slot id of the token under test.
Packit Service 8aa27d 
# - The PKCS11_TOKEN_URL environment variable must hold the the token url of the token under test.
Packit Service 8aa27d 
#
Packit Service 8aa27d 
# sodo -E ./migrate.sh
Packit Service 8aa27d
Packit Service 8aa27d 
set -x
Packit Service 8aa27d
Packit Service 8aa27d 
# tmp files
Packit Service 8aa27d 
PKCSCONF_PRE=pkcsconf-pre.out
Packit Service 8aa27d 
PKCSCONF_POST=pkcsconf-post.out
Packit Service 8aa27d 
P11TOOL_PRE=p11tool-pre.out
Packit Service 8aa27d 
P11TOOL_POST=p11tool-post.out
Packit Service 8aa27d 
PKCS11_TOOL_PRE=pkcs11-tool-pre.out
Packit Service 8aa27d 
PKCS11_TOOL_POST=pkcs11-tool-post.out
Packit Service 8aa27d 
P11SAK_PRE=p11sak-pre.out
Packit Service 8aa27d 
P11SAK_POST=p11sak-post.out
Packit Service 8aa27d
Packit Service 8aa27d 
# set p11tool env vars
Packit Service 8aa27d 
export GNUTLS_SO_PIN=$PKCS11_SO_PIN
Packit Service 8aa27d 
export GNUTLS_PIN=$PKCS11_USER_PIN
Packit Service 8aa27d
Packit Service 8aa27d 
# generate objects
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB --login --generate-rsa --bits 2048 --label p11tool-rsa "$PKCS11_TOKEN_URL"
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --keypairgen --key-type rsa:2048 --label pkcs11-tool-rsa
Packit Service 8aa27d 
p11sak generate-key rsa 2048 --slot $SLOT --pin $PKCS11_USER_PIN --label p11sak-rsa
Packit Service 8aa27d
Packit Service 8aa27d 
# list slots/tokens
Packit Service 8aa27d 
pkcsconf -i &>> $PKCSCONF_PRE
Packit Service 8aa27d 
pkcsconf -s &>> $PKCSCONF_PRE
Packit Service 8aa27d 
pkcsconf -t &>> $PKCSCONF_PRE
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB --list-tokens &>> $P11TOOL_PRE
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --list-slots &>> $PKCS11_TOOL_PRE
Packit Service 8aa27d
Packit Service 8aa27d 
# list objects
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB  --list-all "$PKCS11_TOKEN_URL" &>> $P11TOOL_PRE
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB  --list-all --login "$PKCS11_TOKEN_URL" &>> $P11TOOL_PRE
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --slot $SLOT -list-objects &>> $PKCS11_TOOL_PRE
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --list-objects &>> $PKCS11_TOOL_PRE
Packit Service 8aa27d 
p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &>> $P11SAK_PRE
Packit Service 8aa27d
Packit Service 8aa27d 
# migrate
Packit Service 8aa27d 
killall pkcsslotd
Packit Service 8aa27d 
echo -e "y\n" | pkcstok_migrate --verbose debug --slot $SLOT --sopin $PKCS11_SO_PIN --userpin $PKCS11_USER_PIN --confdir $OCK_CONFDIR --datastore $OCK_DATASTORE
Packit Service 8aa27d 
pkcsslotd
Packit Service 8aa27d
Packit Service 8aa27d 
# list slots/tokens
Packit Service 8aa27d 
pkcsconf -i &>> $PKCSCONF_POST
Packit Service 8aa27d 
pkcsconf -s &>> $PKCSCONF_POST
Packit Service 8aa27d 
pkcsconf -t &>> $PKCSCONF_POST
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB --list-tokens &>> p11tool-post.out
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --list-slots &>> pkcs11-tool-post.out
Packit Service 8aa27d
Packit Service 8aa27d 
# list objects
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB --list-all "$PKCS11_TOKEN_URL" &>> $P11TOOL_POST
Packit Service 8aa27d 
p11tool --provider=$PKCSLIB --list-all --login "$PKCS11_TOKEN_URL" &>> $P11TOOL_POST
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --slot $SLOT -list-objects &>> $PKCS11_TOOL_POST
Packit Service 8aa27d 
pkcs11-tool --module=$PKCSLIB --slot $SLOT --login --pin $PKCS11_USER_PIN --list-objects &>> $PKCS11_TOOL_POST
Packit Service 8aa27d 
p11sak list-key rsa --slot $SLOT --pin $PKCS11_USER_PIN &>> $P11SAK_POST
Packit Service 8aa27d
Packit Service 8aa27d 
# compare
Packit Service 8aa27d 
cmp $PKCSCONF_PRE $PKCSCONF_POST
Packit Service 8aa27d 
cmp $P11TOOL_PRE $P11TOOL_POST
Packit Service 8aa27d 
cmp $PKCS11_TOOL_PRE $PKCS11_TOOL_POST
Packit Service 8aa27d 
cmp $P11SAK_PRE $P11SAK_POST

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation