-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.sh
executable file
·74 lines (59 loc) · 1.67 KB
/
test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
set -euxo pipefail
rm -rf tmp
mkdir -p tmp
pushd tmp
# set the environemnt variables used by the tests.
export TEST_PKCS11_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
export TEST_PKCS11_SO_PIN=4321
export TEST_PKCS11_USER_PIN=1234
export TEST_PKCS11_TOKEN_LABEL=test-token
export TEST_PKCS11_KEY_LABEL=test-rsa-2048
# configure softhsm to read the configuration from the current directory.
export SOFTHSM2_CONF=$PWD/softhsm2.conf
cat >softhsm2.conf <<EOF
directories.tokendir = $PWD/softhsm2-tokens
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = ERROR
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
EOF
install -d -m 700 softhsm2-tokens
# initialize a test token.
# NB so-pin is the Security Office PIN (used to re-initialize the token).
softhsm2-util \
--init-token \
--free \
--label $TEST_PKCS11_TOKEN_LABEL \
--so-pin $TEST_PKCS11_SO_PIN \
--pin $TEST_PKCS11_USER_PIN
# generate a key in the normal PKCS#1 format.
openssl genrsa \
-out test-key.pem \
2048 \
2>/dev/null
# convert the key to the PKCS#8 format.
openssl pkcs8 \
-topk8 \
-inform pem \
-in test-key.pem \
-outform pem \
-out test-key.pkcs8.pem \
-nocrypt
# # show the key.
# openssl rsa \
# -in test-key.pkcs8.pem \
# -text \
# -noout
# import it into the hsm (key must be in the PKCS#8 format).
softhsm2-util \
--import test-key.pkcs8.pem \
--token $TEST_PKCS11_TOKEN_LABEL \
--label $TEST_PKCS11_KEY_LABEL \
--id FFFF \
--pin $TEST_PKCS11_USER_PIN
# show the objects.
pkcs11-tool --module $TEST_PKCS11_LIBRARY_PATH --list-slots --list-objects
popd
go test -v