tests/do-verify.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

#! /bin/sh

set -eu

SIGFILE="$1"; shift
P11_PROVIDER="$1"; shift
OPENSSL_CONF="$1"; shift
SERVER_PROVIDER=
[ $# -ge 1 ] && { SERVER_PROVIDER="$1"; shift; }


if [ -n "$SERVER_PROVIDER" ]; then
	P11_KIT_ENV=$(p11-kit server $SERVER_PROVIDER)
	eval "$P11_KIT_ENV"
fi    

token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)"
export OPENSSL_CONF
for url in $token_urls; do
    openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
	    -prverify "${url};pin-value=ffff" \
	    -signature $SIGFILE | egrep "^Verified OK$"
done

if [ -n "$SERVER_PROVIDER" ]; then
	p11-kit server --kill > /dev/null
fi