3 # Copyright (C) 2017 Red Hat, Inc.
5 # This file is part of p11-kit.
7 # p11-kit is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 3 of the License, or (at
10 # your option) any later version.
12 # p11-kit is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 # General Public License for more details.
17 # You should have received a copy of the GNU Lesser General Public License
18 # along with this program. If not, see <https://www.gnu.org/licenses/>
23 builddir="${builddir:-.}"
24 P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
25 CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
27 PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}"
28 TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp"
29 P11DIR="p11-kit-conf.$$.tmp"
33 for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do
34 if test -f "${lib}/p11-kit-trust.so"; then
35 TRUST_MODULE="${lib}/p11-kit-trust.so"
36 echo "located ${MODULE}"
41 for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/ /usr/lib/softhsm/;do
42 if test -f "${lib}/libsofthsm2.so"; then
43 SOFTHSM_MODULE="${lib}/libsofthsm2.so"
44 echo "located ${MODULE}"
49 ${PKGCONFIG} --version >/dev/null || exit 77
51 if ! test -x "${P11TOOL}"; then
52 echo "p11tool was not found"
56 if ! test -f "${TRUST_MODULE}"; then
57 echo "p11-kit trust module was not found"
61 if ! test -f "${SOFTHSM_MODULE}"; then
62 echo "softhsm module was not found"
66 # Create pkcs11.conf with two modules, a trusted (p11-kit-trust)
67 # and softhsm (not trusted)
70 cat <<_EOF_ >${P11DIR}/p11-kit-trust.module
71 module: p11-kit-trust.so
75 cat <<_EOF_ >${P11DIR}/softhsm.module
76 module: libsofthsm2.so
80 rm -rf ${TMP_SOFTHSM_DIR}
81 mkdir -p ${TMP_SOFTHSM_DIR}
82 SOFTHSM2_CONF=${TMP_SOFTHSM_DIR}/conf
84 echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
85 echo "directories.tokendir = ${TMP_SOFTHSM_DIR}" >> "${SOFTHSM2_CONF}"
87 softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
89 echo "failed to initialize softhsm"
93 FILTERTOKEN="sed s/token=.*//g"
95 # Check whether both are listed
97 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l)
98 #nr=$(${P11TOOL} --list-tokens|grep 'Module:'|sort -u|wc -l)
99 if test "$nr" != 2;then
100 echo "Error: did not find 2 modules ($nr)"
101 ${builddir}/pkcs11/list-tokens -o ${P11DIR}
105 ## Check whether p11tool with a specific provider would list only that
106 ## That is, check whether p11tool will list the trust module
107 ## if we only load softhsm (it should as trust modules
108 ## are always loaded).ould list them both
111 #nr=$(${P11TOOL} --provider "${SOFTHSM_MODULE}" --list-tokens|grep -c ^Token)
112 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"|${FILTERTOKEN}|sort -u|wc -l)
113 if test "$nr" != 1;then
114 echo "Error: did not find softhsm modules"
115 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"
119 # Check whether both modules are found when gnutls_pkcs11_init
120 # is not called but a pkcs11 operation is called.
121 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -d|${FILTERTOKEN}|sort -u|wc -l)
122 if test "$nr" != 2;then
123 echo "Error in test 1: did not find 2 modules"
124 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -d
128 # Check whether both modules are found when gnutls_pkcs11_init
129 # is called with the auto flag
130 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l)
131 if test "$nr" != 2;then
132 echo "Error in test 2: did not find 2 modules"
133 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -a
137 # Check whether only trusted modules are listed when the
138 # trusted flag is given to gnutls_pkcs11_init().
139 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -t|${FILTERTOKEN}|sort -u|wc -l)
140 if test "$nr" != 1;then
141 echo "Error in test 3: did not find the trusted module"
142 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -t
146 # Check whether only trusted is listed after certificate verification
148 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v|${FILTERTOKEN}|sort -u|wc -l)
149 if test "$nr" != 1;then
150 echo "Error in test 4: did not find 1 module"
152 GNUTLS_DEBUG_LEVEL=4 P11_KIT_DEBUG=all ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v
156 # Check whether only trusted is listed when gnutls_pkcs11_init
157 # is called with manual flag and a certificate verification is performed.
158 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v|${FILTERTOKEN}|sort -u|wc -l)
159 if test "$nr" != 1;then
160 echo "Error in test 5: did not find 1 module"
161 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v
165 # Check whether all modules are listed after certificate verification
166 # is performed then a PKCS#11 function is called.
167 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d|${FILTERTOKEN}|sort -u|wc -l)
168 if test "$nr" != 2;then
169 echo "Error in test 6: did not find all modules"
170 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d
174 # Check whether all modules are listed after a private key operation.
175 nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -p|${FILTERTOKEN}|sort -u|wc -l)
176 if test "$nr" != 2;then
177 echo "Error in test 7: did not find all modules"
178 ${builddir}/pkcs11/list-tokens -o ${P11DIR} -p
183 rm -rf ${TMP_SOFTHSM_DIR}