Refactor setup

Move only the token specific initialization into custom setup files, and the use pkcs11-tool and a single script to set up all the keys and certificates. Signed-off-by: Simo Sorce <[email protected]>
latchset · Aug 27, 2024 · 63bb46e · 63bb46e
1 parent 7d8b369
commit 63bb46e
Show file tree

Hide file tree

Showing 10 changed files with 264 additions and 862 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -37,23 +37,22 @@ jobs:
               dnf -y install $dnf_opts \
                 git ${{ matrix.compiler }} meson \
                 pkgconf-pkg-config openssl-devel openssl \
-                diffutils expect valgrind
+                diffutils expect valgrind opensc gnutls-utils
               if [ "${{ matrix.token }}" = "softokn" ]; then
                 dnf -y install nss-softokn nss-tools nss-softokn-devel
               elif [ "${{ matrix.token }}" = "softhsm" ]; then
-                dnf -y install softhsm opensc p11-kit-devel p11-kit-server \
-                  gnutls-utils
+                dnf -y install softhsm p11-kit-devel p11-kit-server
               fi
             elif [ -f /etc/debian_version ]; then
               apt-get -q update
               apt-get -yq install git ${{ matrix.compiler }} meson \
                 pkg-config libssl-dev openssl expect \
-                valgrind procps
+                valgrind procps opensc gnutls-bin
               if [ "${{ matrix.token }}" = "softokn" ]; then
                 apt-get -yq install libnss3 libnss3-tools libnss3-dev
               elif [ "${{ matrix.token }}" = "softhsm" ]; then
-                apt-get -yq install softhsm2 opensc p11-kit libp11-kit-dev \
-                  p11-kit-modules gnutls-bin
+                apt-get -yq install softhsm2 p11-kit libp11-kit-dev \
+                  p11-kit-modules
               fi
             fi
       - name: Checkout Repository
@@ -103,13 +102,13 @@ jobs:
           brew install \
             meson \
             openssl@3 \
-            pkg-config
+            pkg-config \
+            opensc \
+            p11-kit
           if [ "${{ matrix.token }}" = "softokn" ]; then
             brew install nss
           elif [ "${{ matrix.token }}" = "softhsm" ]; then
             brew install \
-              opensc \
-              p11-kit \
               softhsm
           fi
       - name: Checkout Repository

diff --git a/tests/kryoptic-init.sh b/tests/kryoptic-init.sh
@@ -0,0 +1,42 @@
+#!/bin/bash -e
+# Copyright (C) 2024 Simo Sorce <[email protected]>
+# SPDX-License-Identifier: Apache-2.0
+
+title SECTION "Searching for Kryoptic module"
+
+find_kryoptic() {
+    for _lib in "$@" ; do
+        if test -f "$_lib" ; then
+            echo "Using kryoptic path $_lib"
+            P11LIB="$_lib"
+            return
+        fi
+    done
+    echo "skipped: Unable to find kryoptic PKCS#11 library"
+    exit 0
+}
+
+find_kryoptic \
+    "${KRYOPTIC}/target/debug/libkryoptic_pkcs11.so" \
+    "${KRYOPTIC}/target/release/libkryoptic_pkcs11.so" \
+    /usr/local/lib/kryoptic/libkryoptic_pkcs11so \
+    /usr/lib64/pkcs11/libkryoptic_pkcs11.so \
+    /usr/lib/pkcs11/libkryoptic_pkcs11.so \
+    /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
+
+title LINE "Creating Kyroptic database"
+
+# Kryoptic configuration
+export KRYOPTIC_CONF="$TOKDIR/kryoptic.sql"
+
+export TOKENLABEL="Kryoptic Token"
+export TOKENLABELURI="Kryoptic%20Token"
+
+# init token
+pkcs11-tool --module "${P11LIB}" --init-token \
+    --label "${TOKENLABEL}" --so-pin "${PINVALUE}" 2>&1
+# set user pin
+pkcs11-tool --module "${P11LIB}" --so-pin "${PINVALUE}" \
+    --login --login-type so --init-pin --pin "${PINVALUE}" 2>&1
+
+export TOKENCONFIGVARS="export KRYOPTIC_CONF=$TOKDIR/kryoptic.sql"
diff --git a/tests/meson.build b/tests/meson.build
@@ -30,17 +30,13 @@ if nss_softokn.found()
   endif
 endif
 
-test_setup = {
-  'setup_softokn': {'suite': 'softokn', 'exe': find_program('setup-softokn.sh')},
-  'setup_softhsm': {'suite': 'softhsm', 'exe': find_program('setup-softhsm.sh')},
-  'setup_kryoptic': {'suite': 'kryoptic', 'exe': find_program('setup-kryoptic.sh')},
-}
-
-foreach name, targs : test_setup
+setup_script=find_program('setup.sh')
+foreach suite : ['softokn', 'softhsm', 'kryoptic']
   test(
-    name,
-    targs.get('exe'),
-    suite: targs.get('suite'),
+    'setup',
+    setup_script,
+    args: suite,
+    suite: suite,
     env: conf_env,
     is_parallel: false,
   )

diff --git a/tests/openssl.cnf.in b/tests/openssl.cnf.in
@@ -22,13 +22,12 @@ activate = 1
 
 [pkcs11_sect]
 module = @libtoollibs@/pkcs11@SHARED_EXT@
-pkcs11-module-init-args = configDir=@testsblddir@/tmp.softokn/tokens
 pkcs11-module-token-pin = file:@PINFILE@
+##TOKENOPTIONS
 #pkcs11-module-encode-provider-uri-to-pem
 #pkcs11-module-allow-export
 #pkcs11-module-load-behavior
 #pkcs11-module-block-operations
-##QUIRKS
 activate = 1
 
 ####################################################################