diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-03 20:52:37 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-03-03 21:22:10 -0800 |
commit | c083305397da354f234383a3c300c2114684d432 (patch) | |
tree | 95beeaf87ed0a393acaa4a133c4a0a2abe8875fe | |
parent | 68837c9c819e281591d398327b6eb8226d234bdc (diff) | |
download | openssl-pkcs11-export-c083305397da354f234383a3c300c2114684d432.tar.gz |
Add certificate tests
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rwxr-xr-x | tests/certificate.sh | 11 | ||||
-rwxr-xr-x | tests/init.sh | 8 | ||||
-rw-r--r-- | tests/openssl.cnf | 4 | ||||
-rwxr-xr-x | tests/p11tool_test_sign.sh | 5 |
6 files changed, 31 insertions, 1 deletions
@@ -21,4 +21,5 @@ test-driver tmp.* *.pub *.key -op.conf
\ No newline at end of file +*.crt +op.conf diff --git a/tests/Makefile.am b/tests/Makefile.am index bbc367a..0d57e70 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -2,6 +2,7 @@ TESTS = init.sh \ encryption.sh \ signature.sh \ engine.sh \ + certificate.sh \ p11tool_checks.sh if TEST_SIGN TESTS += p11tool_test_sign.sh diff --git a/tests/certificate.sh b/tests/certificate.sh new file mode 100755 index 0000000..8e3aab6 --- /dev/null +++ b/tests/certificate.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -x + +P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so" + +## +# export the certificate and verify with openssl +## +rm -f tmp.crt +${P11TOOL} --export 'pkcs11:manufacturer=openssl-pkcs11-export;token=cert;object=cert;type=cert' > tmp.crt || exit 1 +openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1 diff --git a/tests/init.sh b/tests/init.sh index 9c873cc..79cb0ec 100755 --- a/tests/init.sh +++ b/tests/init.sh @@ -25,6 +25,10 @@ openssl pkey -in key-p256.key -passin pass:Passw0rd -pubout -out key-p256.pub || openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -pkeyopt ec_param_enc:explicit -aes-256-cfb -pass pass:Passw0rd -out key-bp.key || exit 1 openssl pkey -in key-bp.key -passin pass:Passw0rd -pubout -out key-bp.pub || exit 1 ## +# Certificate (self signed) +## +openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Test Key/" -keyout key-cert.key -out key-cert.crt -days 3650 -nodes -sha256 || exit 1 +## # now create a config file naming the keys ## cat >> ${OPENSSL_PKCS11_CONF} <<EOF @@ -54,4 +58,8 @@ id = key-bp public key = ${srcdir}/key-bp.pub private key = ${srcdir}/key-bp.key +[cert] +certificate = ${srcdir}/key-cert.crt +private key = ${srcdir}/key-cert.key + EOF diff --git a/tests/openssl.cnf b/tests/openssl.cnf index ab3beda..ed626ca 100644 --- a/tests/openssl.cnf +++ b/tests/openssl.cnf @@ -2,6 +2,10 @@ HOME = . openssl_conf = openssl_init [req] +distinguished_name = dn + +[dn] + [openssl_init] engines = engines_section diff --git a/tests/p11tool_test_sign.sh b/tests/p11tool_test_sign.sh index 0ddc914..07a8fd6 100755 --- a/tests/p11tool_test_sign.sh +++ b/tests/p11tool_test_sign.sh @@ -7,6 +7,11 @@ GNUTLS_PIN=Passw0rd export GNUTLS_PIN for f in "" "--sign-params=RSA-PSS"; do ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' || exit 1 + ## + # test signing to verify the public key we picked up from the + # certificate is correct + ## + ${P11TOOL} --test-sign ${f} 'pkcs11:manufacturer=openssl-pkcs11-export;token=cert;object=cert' || exit 1 done ## # Elliptic curve checks |