diff options
author | Linus Nordberg <linus@sunet.se> | 2019-10-22 16:11:11 +0200 |
---|---|---|
committer | Linus Nordberg <linus@sunet.se> | 2019-10-22 16:11:11 +0200 |
commit | c4ce1528f1954e4afdca98c50056a1fafd11b3dc (patch) | |
tree | a00afe579c28c7a58b64e0a431683044fcbacdeb | |
parent | 620dd393c9cea1168a18ba86fb86a0333bcfbae7 (diff) |
sign and verify once per found token
If more than one token is found, all of them should have the same
key. This is a somewhat lame way of verifying they all work. Lame
because the resulting signature will be made from the last key only.
Also pass PIN in URI.
-rwxr-xr-x | tests/do-sign.sh | 7 | ||||
-rwxr-xr-x | tests/do-verify.sh | 9 |
2 files changed, 11 insertions, 5 deletions
diff --git a/tests/do-sign.sh b/tests/do-sign.sh index 9552a5a..512687d 100755 --- a/tests/do-sign.sh +++ b/tests/do-sign.sh @@ -13,9 +13,12 @@ if [ -n "$SERVER_PROVIDER" ]; then eval "$P11_KIT_ENV" fi -openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ - -sign "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ +token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)" +for url in $token_urls; do + openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -sign "${url};pin-value=ffff" \ -out $SIGFILE +done if [ -n "$SERVER_PROVIDER" ]; then p11-kit server --kill > /dev/null diff --git a/tests/do-verify.sh b/tests/do-verify.sh index a18a762..fded962 100755 --- a/tests/do-verify.sh +++ b/tests/do-verify.sh @@ -14,9 +14,12 @@ if [ -n "$SERVER_PROVIDER" ]; then eval "$P11_KIT_ENV" fi -openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ - -prverify "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ - -signature $SIGFILE | egrep "^Verified OK$" +token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)" +for url in $token_urls; do + openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -prverify "${url};pin-value=ffff" \ + -signature $SIGFILE | egrep "^Verified OK$" +done if [ -n "$SERVER_PROVIDER" ]; then p11-kit server --kill > /dev/null |