diff options
author | Linus Nordberg <linus@sunet.se> | 2019-06-12 00:13:18 +0200 |
---|---|---|
committer | Linus Nordberg <linus@sunet.se> | 2019-06-12 00:13:18 +0200 |
commit | 1292f337f3b4ede00c7ad3b327e953ae256f44bd (patch) | |
tree | 36339d85f062f9a43025b8d046efd720b0e836f4 | |
parent | fea7446cd21c4546da81bf4ed508bac310c53cdf (diff) |
restructure things a bit bc nice
-rw-r--r-- | src/tests/Makefile | 20 | ||||
-rwxr-xr-x | src/tests/do-sign.sh | 23 | ||||
-rwxr-xr-x | src/tests/do-verify.sh | 24 |
3 files changed, 38 insertions, 29 deletions
diff --git a/src/tests/Makefile b/src/tests/Makefile index 94b8790..9d83a7e 100644 --- a/src/tests/Makefile +++ b/src/tests/Makefile @@ -11,15 +11,10 @@ SOFTHSM_PROVIDER = /usr/lib/softhsm/libsofthsm2.so P11P_PROVIDER = /home/linus/usr/lib/pkcs11/p11-kit-client.so p11p-softhsm: testsig.hsm.p11p.pem - ( \ - P11_ENV=$$(p11-kit server $(SOFTHSM_PROVIDER)); \ - eval "$$P11_ENV"; \ - ./do-verify.sh ./openssl.p11p.cnf $(P11P_PROVIDER) $< "$(TEXT)"; \ - p11-kit server --kill > /dev/null; \ - ) + echo "$(TEXT)" |./do-verify.sh $< $(P11P_PROVIDER) ./openssl.p11p.cnf $(SOFTHSM_PROVIDER) direct-softhsm: testsig.hsm.pem - ./do-verify.sh ./openssl.direct.cnf $(SOFTHSM_PROVIDER) $< "$(TEXT)" + echo "$(TEXT)" | ./do-verify.sh $< $(SOFTHSM_PROVIDER) ./openssl.direct.cnf softhsm-token-setup: softhsm-token-setup.stamp softhsm-token-setup.stamp: softhsm/tokens testkey.pkcs8 @@ -43,18 +38,13 @@ testkey.pem: openssl genrsa -out $@ 2048 testsig.local.pem: testkey.pem - echo $(TEXT) | openssl dgst -sha256 -sign testkey.pem -out $@ + echo "$(TEXT)" | openssl dgst -sha256 -sign testkey.pem -out $@ testsig.hsm.pem: softhsm-token-setup - ./do-sign.sh ./openssl.direct.cnf $(SOFTHSM_PROVIDER) $@ "$(TEXT)" + echo "$(TEXT)" | ./do-sign.sh $@ $(SOFTHSM_PROVIDER) ./openssl.direct.cnf testsig.hsm.p11p.pem: softhsm-token-setup - ( \ - P11_ENV=$$(p11-kit server $(SOFTHSM_PROVIDER)); \ - eval "$$P11_ENV"; \ - ./do-sign.sh ./openssl.p11p.cnf $(P11P_PROVIDER) $@ "$(TEXT)"; \ - p11-kit server --kill > /dev/null; \ - ) + echo "$(TEXT)" | ./do-sign.sh $@ $(P11P_PROVIDER) ./openssl.p11p.cnf $(SOFTHSM_PROVIDER) server-running: # FIXME: use env printed to do 'p11-kit server --kill', at some point diff --git a/src/tests/do-sign.sh b/src/tests/do-sign.sh index 3e78560..9552a5a 100755 --- a/src/tests/do-sign.sh +++ b/src/tests/do-sign.sh @@ -2,12 +2,21 @@ set -eu -OPENSSL_CONF="$1"; shift -P11_PROVIDER="$1"; shift SIGFILE="$1"; shift -TEXT="$1"; shift +P11_PROVIDER="$1"; shift +OPENSSL_CONF="$1"; shift +SERVER_PROVIDER= +[ $# -ge 1 ] && { SERVER_PROVIDER="$1"; shift; } + +if [ -n "$SERVER_PROVIDER" ]; then + P11_KIT_ENV=$(p11-kit server $SERVER_PROVIDER) + eval "$P11_KIT_ENV" +fi + +openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -sign "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ + -out $SIGFILE -tokenurl="$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" -echo $TEXT | \ - openssl dgst -sha256 -engine pkcs11 -keyform ENGINE -sign "$tokenurl" \ - -out $SIGFILE +if [ -n "$SERVER_PROVIDER" ]; then + p11-kit server --kill > /dev/null +fi diff --git a/src/tests/do-verify.sh b/src/tests/do-verify.sh index a67a982..a18a762 100755 --- a/src/tests/do-verify.sh +++ b/src/tests/do-verify.sh @@ -2,12 +2,22 @@ set -eu -OPENSSL_CONF="$1"; shift -P11_PROVIDER="$1"; shift SIGFILE="$1"; shift -TEXT="$1"; shift +P11_PROVIDER="$1"; shift +OPENSSL_CONF="$1"; shift +SERVER_PROVIDER= +[ $# -ge 1 ] && { SERVER_PROVIDER="$1"; shift; } + + +if [ -n "$SERVER_PROVIDER" ]; then + P11_KIT_ENV=$(p11-kit server $SERVER_PROVIDER) + eval "$P11_KIT_ENV" +fi + +openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -prverify "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ + -signature $SIGFILE | egrep "^Verified OK$" -tokenurl="$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" -echo $TEXT | \ - openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ - -prverify "$tokenurl" -signature $SIGFILE | egrep "^Verified OK$" +if [ -n "$SERVER_PROVIDER" ]; then + p11-kit server --kill > /dev/null +fi |