source: mod_gnutls/test/softhsm.bash @ 278381d

proxy-ticket
Last change on this file since 278381d was 278381d, checked in by Fiona Klute <fiona.klute@…>, 7 months ago

Remove code for SoftHSM 1 support

SoftHSM 1 has been unsupported for years, so there's no point in
supporting tests with it.

  • Property mode set to 100755
File size: 3.4 KB
Line 
1#!/bin/bash
2
3# Initialize the SoftHSM token with the given label
4function init_token
5{
6    local token_label="${1}"
7
8    ${softhsm} --init-token --slot 0 --label "${token_label}" \
9        --so-pin "${so_pin}" --pin "${GNUTLS_PIN}"
10}
11
12# Put a private key into the token with the given label
13function store_privkey
14{
15    local token="${1}"
16    local keyfile="${2}"
17    local label="${3}"
18
19    p11tool --provider=${SOFTHSM_LIB} --login --write --label "${label}" \
20            --load-privkey "${keyfile}" "${token}"
21}
22
23# Put a certificate into the token with the given label
24function store_cert
25{
26    local token="${1}"
27    local certfile="${2}"
28    local label="${3}"
29
30    p11tool --provider=${SOFTHSM_LIB} --login --write --no-mark-private \
31            --label "${label}" --load-certificate "${certfile}" "${token}"
32}
33
34# Get the URL of the SoftHSM token
35function get_token_url
36{
37    local label="${1}"
38    p11tool --provider=${SOFTHSM_LIB} --list-tokens | \
39        grep -o -P "(?<=URL:\s)(.*token=${label}.*)$"
40}
41
42# Get the PKCS #11 URL for the object with the given name
43# Usage: get_object_url TOKEN OBJECTNAME
44function get_object_url
45{
46    p11tool --provider=${SOFTHSM_LIB} --list-all --login "${1}" | \
47        grep -o -P "(?<=URL:\s)(.*object=${2}.*)$"
48}
49
50# Initialize the token and store the given key and certificate
51# Usage: prepare_token TOKEN_LABEL PRIVKEY CERTIFICATE
52function prepare_token
53{
54    local token_label="${1}"
55    local privkey="${2}"
56    local certificate="${3}"
57
58    init_token "${token_label}"
59    token=$(get_token_url ${token_label})
60    store_privkey "${token}" "${privkey}" "${key_label}"
61    store_cert "${token}" "${certificate}" "${cert_label}"
62}
63
64
65
66# try to find SoftHSM
67softhsm="$(basename ${SOFTHSM})"
68
69if [ "${softhsm}" = "softhsm2-util" ]; then
70    softhsm_libname="libsofthsm2.so"
71    # fail if SOFTHSM2_CONF is not set
72    if [ -z "${SOFTHSM2_CONF}" ]; then
73        echo "ERROR: SOFTHSM2_CONF not set!" 1>&2
74        exit 1
75    else
76        export SOFTHSM2_CONF
77    fi
78else
79    # no SoftHSM
80    echo "No SoftHSM!" >&2
81    exit 77
82fi
83
84if [ -z "${SOFTHSM_LIB}" ]; then
85    # Try to find the libsofthsm2 module in some common locations.
86    softhsm_searchpath=(/usr/lib64/pkcs11 /usr/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm)
87    for i in ${softhsm_searchpath[@]} ""; do
88        SOFTHSM_LIB="${i}/${softhsm_libname}"
89        echo "checking ${SOFTHSM_LIB} ..."
90        if [ -f "${SOFTHSM_LIB}" ]; then
91            echo "found!"
92            export SOFTHSM_LIB
93            break;
94        fi
95    done
96else
97    echo "using ${SOFTHSM_LIB} (set by user)"
98fi
99
100if [ ! -f "${SOFTHSM_LIB}" ]; then
101    echo "${softhsm_libname} not found!" >&2
102    exit 77
103fi
104
105case "${1}" in
106    (init)
107        init="true"
108        # If SoftHSM is not available, there's nothing to init. Just
109        # exit.
110        if [ -z "${softhsm}" ]; then
111            echo "SoftHSM not found, PKCS #11 test(s) will be skipped."
112            exit 0
113        fi
114        ;;
115    (*)
116        # Skip the test case if SoftHSM is not available.
117        if [ -z "${softhsm}" ]; then
118            echo "SoftHSM not found, skipping test."
119            exit 77
120        fi
121        ;;
122esac
123
124set -e
125
126# variables for token configuration
127token_label="mod_gnutls-test"
128so_pin="123456"
129export GNUTLS_PIN="1234"
130key_label="privkey"
131cert_label="certificate"
132
133if [ "${init}" = "true" ]; then
134    prepare_token "${token_label}" "${2}" "${3}"
135    exit 0
136fi
137
138token=$(get_token_url ${token_label})
139
140# environment variables for the Apache configuration
141export P11_KEY_URL="$(get_object_url ${token} ${key_label})"
142export P11_CERT_URL="$(get_object_url ${token} ${cert_label})"
143export P11_PIN="${GNUTLS_PIN}"
Note: See TracBrowser for help on using the repository browser.