From c4ce1528f1954e4afdca98c50056a1fafd11b3dc Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@sunet.se>
Date: Tue, 22 Oct 2019 16:11:11 +0200
Subject: sign and verify once per found token

If more than one token is found, all of them should have the same
key. This is a somewhat lame way of verifying they all work. Lame
because the resulting signature will be made from the last key only.

Also pass PIN in URI.
---
 tests/do-sign.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'tests/do-sign.sh')

diff --git a/tests/do-sign.sh b/tests/do-sign.sh
index 9552a5a..512687d 100755
--- a/tests/do-sign.sh
+++ b/tests/do-sign.sh
@@ -13,9 +13,12 @@ if [ -n "$SERVER_PROVIDER" ]; then
 	eval "$P11_KIT_ENV"
 fi    
 
-openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
-	-sign "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \
+token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)"
+for url in $token_urls; do
+    openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
+	-sign "${url};pin-value=ffff" \
 	-out $SIGFILE
+done
 
 if [ -n "$SERVER_PROVIDER" ]; then
 	p11-kit server --kill > /dev/null
-- 
cgit v1.1