source: mod_gnutls/test/softhsm.bash @ 5eb4544

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 5eb4544 was 5eb4544, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Test suite: Search SoftHSM during ./configure, detect module for v1 or v2

Preparations for SoftHSM 2 support. The PKCS #11 module name and
location will be different, so GnuTLSP11Module must be set from the
environment instead of using a fixed value.

  • Property mode set to 100755
File size: 3.6 KB
Line 
1#!/bin/bash
2
3# Initialize the SoftHSM token with the given label
4function init_token
5{
6    local token_label="${1}"
7
8    ${softhsm} --init-token --slot 0 --label "${token_label}" \
9        --so-pin "${so_pin}" --pin "${GNUTLS_PIN}"
10}
11
12# Put a private key into the token with the given label
13function store_privkey
14{
15    local token="${1}"
16    local keyfile="${2}"
17    local label="${3}"
18
19    p11tool --provider=${SOFTHSM_LIB} --login --write --label "${label}" \
20            --load-privkey "${keyfile}" "${token}"
21}
22
23# Put a certificate into the token with the given label
24function store_cert
25{
26    local token="${1}"
27    local certfile="${2}"
28    local label="${3}"
29
30    p11tool --provider=${SOFTHSM_LIB} --login --write --no-mark-private \
31            --label "${label}" --load-certificate "${certfile}" "${token}"
32}
33
34# Get the URL of the SoftHSM token
35function get_token_url
36{
37    local label="${1}"
38    p11tool --provider=${SOFTHSM_LIB} --list-tokens | \
39        grep -o -P "(?<=URL:\s)(.*token=${label}.*)$"
40}
41
42# Get the PKCS #11 URL for the object with the given name
43# Usage: get_object_url TOKEN OBJECTNAME
44function get_object_url
45{
46    p11tool --provider=${SOFTHSM_LIB} --list-all --login "${1}" | \
47        grep -o -P "(?<=URL:\s)(.*object=${2}.*)$"
48}
49
50# Initialize the token and store the given key and certificate
51# Usage: prepare_token TOKEN_LABEL PRIVKEY CERTIFICATE
52function prepare_token
53{
54    local token_label="${1}"
55    local privkey="${2}"
56    local certificate="${3}"
57
58    init_token "${token_label}"
59    token=$(get_token_url ${token_label})
60    store_privkey "${token}" "${privkey}" "${key_label}"
61    store_cert "${token}" "${certificate}" "${cert_label}"
62}
63
64
65
66# try to find SoftHSM
67softhsm="$(basename ${SOFTHSM})"
68
69if [ "${softhsm}" = "softhsm" ]; then
70    softhsm_libname="libsofthsm.so"
71    # fail if SOFTHSM_CONF is not set
72    if [ -z "${SOFTHSM_CONF}" ]; then
73        echo "ERROR: SOFTHSM_CONF not set!" 1>&2
74        exit 1
75    else
76        export SOFTHSM_CONF
77    fi
78    echo "using SOFTHSM_CONF=\"${SOFTHSM_CONF}\""
79elif [ "${softhsm}" = "softhsm2-util" ]; then
80    softhsm_libname="libsofthsm2.so"
81    # fail if SOFTHSM2_CONF is not set
82    if [ -z "${SOFTHSM2_CONF}" ]; then
83        echo "ERROR: SOFTHSM2_CONF not set!" 1>&2
84        exit 1
85    else
86        export SOFTHSM2_CONF
87    fi
88else
89    # no SoftHSM
90    echo "No SoftHSM!" >&2
91    exit 77
92fi
93
94# Try to find the libsofthsm[2] module in some common locations.
95softhsm_searchpath=(/usr/lib64/pkcs11 /usr/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm)
96for i in ${softhsm_searchpath[@]} ""; do
97    SOFTHSM_LIB="${i}/${softhsm_libname}"
98    echo "checking ${SOFTHSM_LIB} ..."
99    if [ -f "${SOFTHSM_LIB}" ]; then
100        echo "found!"
101        export SOFTHSM_LIB
102        break;
103    fi
104done
105
106if [ ! -f "${SOFTHSM_LIB}" ]; then
107    echo "${softhsm_libname} not found!" >&2
108    exit 77
109fi
110
111case "${1}" in
112    (init)
113        init="true"
114        # If SoftHSM is not available, there's nothing to init. Just
115        # exit.
116        if [ -z "${softhsm}" ]; then
117            echo "SoftHSM not found, PKCS #11 test(s) will be skipped."
118            exit 0
119        fi
120        ;;
121    (*)
122        # Skip the test case if SoftHSM is not available.
123        if [ -z "${softhsm}" ]; then
124            echo "SoftHSM not found, skipping test."
125            exit 77
126        fi
127        ;;
128esac
129
130set -e
131
132# variables for token configuration
133token_label="mod_gnutls-test"
134so_pin="123456"
135export GNUTLS_PIN="1234"
136key_label="privkey"
137cert_label="certificate"
138
139if [ "${init}" = "true" ]; then
140    prepare_token "${token_label}" "${2}" "${3}"
141    exit 0
142fi
143
144token=$(get_token_url ${token_label})
145
146# environment variables for the Apache configuration
147export P11_KEY_URL="$(get_object_url ${token} ${key_label})"
148export P11_CERT_URL="$(get_object_url ${token} ${cert_label})"
149export P11_PIN="${GNUTLS_PIN}"
Note: See TracBrowser for help on using the repository browser.