From de91921561092689369b56c54950474e0a86e66f Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Mon, 15 Oct 2018 21:08:04 +0300 Subject: Add implementation --- tests/.gitignore | 2 ++ tests/agent-pkcs11.testscript | 71 +++++++++++++++++++++++++++++++++++++++++++ tests/build/.gitignore | 3 ++ tests/build/bootstrap.build | 9 ++++++ tests/build/root.build | 8 +++++ tests/buildfile | 8 +++++ tests/client.testscript | 65 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 166 insertions(+) create mode 100644 tests/.gitignore create mode 100644 tests/agent-pkcs11.testscript create mode 100644 tests/build/.gitignore create mode 100644 tests/build/bootstrap.build create mode 100644 tests/build/root.build create mode 100644 tests/buildfile create mode 100644 tests/client.testscript (limited to 'tests') diff --git a/tests/.gitignore b/tests/.gitignore new file mode 100644 index 0000000..35ec43f --- /dev/null +++ b/tests/.gitignore @@ -0,0 +1,2 @@ +test/ +test-*/ diff --git a/tests/agent-pkcs11.testscript b/tests/agent-pkcs11.testscript new file mode 100644 index 0000000..de7ecf2 --- /dev/null +++ b/tests/agent-pkcs11.testscript @@ -0,0 +1,71 @@ +# file : tests/agent-pkcs11.testscript +# copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +# license : MIT; see accompanying LICENSE file + +: args +: +{ + : none + : + $* 2>'error: private key URL argument expected' != 0 + + : invalid-url + : + $* 'http://key' 2>'error: invalid PKCS#11 URL: invalid scheme' != 0 +} + +: existent-module +: +{ + url = 'pkcs11:?pin-value=123123' + + : failure + : + $* --simulate failure "$url" 2>>EOE != 0 + error: no matching private key found + EOE + + : success + : + { + $* --simulate success "$url" | set script; + + sed -n -e 's/^OPENSSL_AGENT_PKCS11_PID=(.+);.+;$/\1/p' <"$script" | \ + set pid; + + echo "$script" >>~"%EOO%"; + %OPENSSL_AGENT_PKCS11_SOCK=.+; export OPENSSL_AGENT_PKCS11_SOCK;% + OPENSSL_AGENT_PKCS11_PID=$pid; export OPENSSL_AGENT_PKCS11_PID; + echo Agent pid $pid + EOO + + kill -0 "$pid"; # Make sure the agent is running. + kill "$pid"; # Signal the agent to terminate. + sleep 2; # Wait a bit while the agent is terminating. + kill -0 "$pid" 2>! != 0 # Make sure the agent is not running. + } +} + +: non-existent-module +: +{ + url = 'pkcs11:?pin-value=123123&module-name=non-existing-pkcs11-module' + + : failure + : + $* --simulate failure "$url" 2>>EOE != 0 + error: no matching private key found + EOE + + : success + : + { + $* --simulate success "$url" | set script; + + sed -n -e 's/^OPENSSL_AGENT_PKCS11_PID=(.+);.+;$/\1/p' <"$script" | \ + set pid; + + kill -0 "$pid"; # Make sure the agent is running. + kill "$pid" # Signal the agent to terminate. + } +} diff --git a/tests/build/.gitignore b/tests/build/.gitignore new file mode 100644 index 0000000..4a730a3 --- /dev/null +++ b/tests/build/.gitignore @@ -0,0 +1,3 @@ +config.build +root/ +bootstrap/ diff --git a/tests/build/bootstrap.build b/tests/build/bootstrap.build new file mode 100644 index 0000000..91bc3e9 --- /dev/null +++ b/tests/build/bootstrap.build @@ -0,0 +1,9 @@ +# file : tests/build/bootstrap.build +# copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +# license : MIT; see accompanying LICENSE file + +project = # Unnamed subproject. + +using config +using dist +using test diff --git a/tests/build/root.build b/tests/build/root.build new file mode 100644 index 0000000..494ad82 --- /dev/null +++ b/tests/build/root.build @@ -0,0 +1,8 @@ +# file : tests/build/root.build +# copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +# license : MIT; see accompanying LICENSE file + +# Setup the client and agents that we are testing. +# +import openssl_client = openssl-agent%exe{openssl-client} +import openssl_agent_pkcs11 = openssl-agent%exe{openssl-agent-pkcs11} diff --git a/tests/buildfile b/tests/buildfile new file mode 100644 index 0000000..f76786c --- /dev/null +++ b/tests/buildfile @@ -0,0 +1,8 @@ +# file : tests/buildfile +# copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +# license : MIT; see accompanying LICENSE file + +./: testscript{*} $openssl_client $openssl_agent_pkcs11 + +testscript{client}@./: test = $openssl_client +testscript{agent-pkcs11}@./: test = $openssl_agent_pkcs11 diff --git a/tests/client.testscript b/tests/client.testscript new file mode 100644 index 0000000..dd950cd --- /dev/null +++ b/tests/client.testscript @@ -0,0 +1,65 @@ +# file : tests/client.testscript +# copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +# license : MIT; see accompanying LICENSE file + +test.arguments += rsautl -sign -keyform engine -engine pkcs11 + +: args +: +{ + : none + : + $* 2>'error: -inkey option is required' != 0 + + : no-sock + : + env --unset=OPENSSL_AGENT_PKCS11_SOCK - $* -inkey 'pkcs11:' 2>>EOE != 0 + error: OPENSSL_AGENT_PKCS11_SOCK environment variable is not set + EOE +} + +: pkcs11 +: +{ + +sed -e 's/-client$/-agent-pkcs11/' <"$0" | set agent + + : communication + : + { + # Start the agent. + # + +$agent --simulate success 'pkcs11:?pin-value=123123' | set script + + +sed -n -e 's/^OPENSSL_AGENT_PKCS11_PID=(.+);.+$/\1/p' <"$script" | set pid + +sed -n -e 's/^OPENSSL_AGENT_PKCS11_SOCK=(.+);.+;$/\1/p' <"$script" | set sock + + sign = env - OPENSSL_AGENT_PKCS11_SOCK="$sock" $* + + : sign + : + { + $sign --simulate success -inkey 'pkcs11:' >'signature' : simulate-opt + $sign -inkey 'pkcs11:' >'signature' : no-simulate-opt + } + + : failure + : + { + $sign --simulate failure -inkey 'pkcs11:' 2>>EOE != 0 + error: unable to sign using simulated private key + EOE + } + + : wrong-key + : + { + $sign --simulate success -inkey 'pkcs11:object=key' 2>>EOE != 0 + error: private key doesn't match + EOE + } + + # Stop the agent. + # + -kill "$pid" + } +} -- cgit v1.1