Fix "pkcs11" system test
- Define the SLOT environment variable before starting the test. This
variable defaults to 0 and that does not work with SoftHSM 2.
- The system test expects the PIN environment variable to be set to
"1234" while bin/tests/prepare-softhsm2.sh sets it to "0000".
Update bin/tests/prepare-softhsm2.sh so that it sets the PIN to
"1234".
- Move contents of bin/tests/system/pkcs11/prereq.sh to
bin/tests/system/pkcs11/setup.sh as the former was creating a file
called "supported" that was getting removed by the latter before
bin/tests/system/pkcs11/tests.sh could access it.
- Fix typo in "have_ecx".
(cherry picked from commit 100a230e80f01a777b917b135b4bae9a4ac0e8ae)
This commit is contained in:
Michal Nowak
@@ -9,24 +9,29 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
set -e
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
# shellcheck source=conf.sh
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
|
||||
dig_with_opts() {
|
||||
$DIG +tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300 "$@"
|
||||
}
|
||||
|
||||
status=0
|
||||
ret=0
|
||||
|
||||
algs=""
|
||||
have_rsa=`grep rsa supported`
|
||||
have_rsa=$(grep rsa supported || true)
|
||||
if [ "x$have_rsa" != "x" ]; then
|
||||
algs="rsa "
|
||||
fi
|
||||
have_ecc=`grep ecc supported`
|
||||
have_ecc=$(grep ecc supported || true)
|
||||
if [ "x$have_ecc" != "x" ]; then
|
||||
algs=$algs"ecc "
|
||||
fi
|
||||
have_ecx=`grep ecc supported`
|
||||
have_ecx=$(grep ecx supported || true)
|
||||
if [ "x$have_ecx" != "x" ]; then
|
||||
algs=$algs"ecx "
|
||||
fi
|
||||
@@ -34,54 +39,54 @@ fi
|
||||
for alg in $algs; do
|
||||
zonefile=ns1/$alg.example.db
|
||||
echo "I:testing PKCS#11 key generation ($alg)"
|
||||
count=`$PK11LIST | grep robie-$alg-ksk | wc -l`
|
||||
if [ $count != 2 ]; then echo "I:failed"; status=1; fi
|
||||
count=$($PK11LIST | grep -c "robie-$alg-ksk" || true)
|
||||
if [ "$count" -ne 2 ]; then echo "I:failed"; status=1; fi
|
||||
|
||||
echo "I:testing offline signing with PKCS#11 keys ($alg)"
|
||||
|
||||
count=`grep RRSIG $zonefile.signed | wc -l`
|
||||
if [ $count != 12 ]; then echo "I:failed"; status=1; fi
|
||||
count=$(grep -c RRSIG "$zonefile.signed" || true)
|
||||
if [ "$count" -ne 12 ]; then echo "I:failed"; status=1; fi
|
||||
|
||||
echo "I:testing inline signing with PKCS#11 keys ($alg)"
|
||||
|
||||
$DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg.0 || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
count0=`grep RRSIG dig.out.$alg.0 | wc -l`
|
||||
dig_with_opts "ns.$alg.example." @10.53.0.1 a > "dig.out.$alg.0" || ret=1
|
||||
if [ $ret -ne 0 ]; then echo "I:failed"; fi
|
||||
status=$((status + ret))
|
||||
count0=$(grep -c RRSIG "dig.out.$alg.0" || true)
|
||||
|
||||
$NSUPDATE -v > upd.log.$alg <<END || status=1
|
||||
$NSUPDATE -v > "upd.log.$alg" <<END || status=1
|
||||
server 10.53.0.1 5300
|
||||
ttl 300
|
||||
zone $alg.example.
|
||||
update add `grep -v ';' ns1/${alg}.key`
|
||||
update add $(grep -v ';' "ns1/${alg}.key" || true)
|
||||
send
|
||||
END
|
||||
|
||||
echo "I:waiting 20 seconds for key changes to take effect"
|
||||
sleep 20
|
||||
|
||||
$DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
count=`grep RRSIG dig.out.$alg | wc -l`
|
||||
if [ $count -le $count0 ]; then echo "I:failed"; status=1; fi
|
||||
dig_with_opts "ns.$alg.example." @10.53.0.1 a > "dig.out.$alg" || ret=1
|
||||
if [ $ret -ne 0 ]; then echo "I:failed"; fi
|
||||
status=$((status + ret))
|
||||
count=$(grep -c RRSIG "dig.out.$alg" || true)
|
||||
if [ "$count" -le "$count0" ]; then echo "I:failed"; status=1; fi
|
||||
|
||||
echo "I:testing PKCS#11 key destroy ($alg)"
|
||||
ret=0
|
||||
$PK11DEL -l robie-$alg-ksk -w0 > /dev/null 2>&1 || ret=1
|
||||
$PK11DEL -l robie-$alg-zsk1 -w0 > /dev/null 2>&1 || ret=1
|
||||
$PK11DEL -l "robie-$alg-ksk" -w0 > /dev/null 2>&1 || ret=1
|
||||
$PK11DEL -l "robie-$alg-zsk1" -w0 > /dev/null 2>&1 || ret=1
|
||||
case $alg in
|
||||
rsa) id=02 ;;
|
||||
ecc) id=04 ;;
|
||||
ecx) id=06 ;;
|
||||
esac
|
||||
$PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
count=`$PK11LIST | grep robie-$alg | wc -l`
|
||||
if [ $count != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $count`
|
||||
if [ $ret -ne 0 ]; then echo "I:failed"; fi
|
||||
status=$((status + ret))
|
||||
count=$($PK11LIST | grep -c "robie-$alg" || true)
|
||||
if [ "$count" -ne 0 ]; then echo "I:failed"; fi
|
||||
status=$((status + count))
|
||||
done
|
||||
|
||||
echo "I:exit status: $status"
|
||||
[ $status -eq 0 ] || exit 1
|
||||
[ "$status" -eq 0 ] || exit 1
|
||||
|
||||
Reference in New Issue
Block a user