From eb463c9b9c55895547247107ebad3a29c9ac1452 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 16 Nov 2023 15:32:28 +0100 Subject: [PATCH] tests: Verify ALWAYS AUTHENTICATE invokes interactive prompts Signed-off-by: Jakub Jelen --- tests/tbasic | 57 ++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 51 insertions(+), 6 deletions(-) diff --git a/tests/tbasic b/tests/tbasic index 5e211946..c5ca5744 100755 --- a/tests/tbasic +++ b/tests/tbasic @@ -211,15 +211,60 @@ sed "s/^pkcs11-module-token-pin.*$/pkcs11-module-cache-pins = cache/" \ "${OPENSSL_CONF}" > "${OPENSSL_CONF}.pincaching" OPENSSL_CONF=${OPENSSL_CONF}.pincaching $CHECKER "${TESTBLDDIR}/pincache" +$CHECKER "${TESTBLDDIR}/pincache" "$ECPRIURI" +OPENSSL_CONF=${ORIG_OPENSSL_CONF} + +OPENSSL_CONF=${OPENSSL_CONF}.nopin -if [[ -n $ECPRI3URI ]]; then - echo "ECPRI3URI is $ECPRI3URI" - title PARA "Test the Login is repeated when ALWAYS AUTHENTICATE is set" - $CHECKER "${TESTBLDDIR}/pincache" "$EC3PRIURI" - # TODO no way to check from logs that this really happen +title PARA "Test interactive Login on key without ALWAYS AUTHENTICATE" +output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$BASEURI\"; + expect \"Enter PIN for PKCS#11 Token (Slot *:\" { + send \"${PINVALUE}\r\"; exp_continue; } + expect \"ALL A-OK\";") +FAIL=0 +echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1 +prompts=$(echo "$output" | grep -c "Enter PIN for PKCS#11 Token (Slot .*):" 2>&1) +# 1 login to read key only +if [ "$prompts" -ne "1" ]; then + echo "Failed receive expected amount of prompts (got $prompts, expected 1)" + FAIL=2 +fi +if [ $FAIL -eq 1 ]; then + echo "Failed to obtain expected prompt" +fi +if [ $FAIL -ne 0 ]; then + echo + echo "Original command output:" + echo "$output" + echo + exit 1 fi +if [[ -n $ECBASE3URI ]]; then + title PARA "Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE" + output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$ECBASE3URI\"; + expect \"Enter PIN for PKCS#11 Token (Slot *:\" { + send \"${PINVALUE}\r\"; exp_continue; } + expect \"ALL A-OK\";") + FAIL=0 + echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1 + prompts=$(echo "$output" | grep -c "Enter PIN for PKCS#11 Token (Slot .*):" 2>&1) + # 1 login to read key + 16 signatures from 2 processes + if [ "$prompts" -ne "33" ]; then + echo "Failed receive expected amount of prompts (got $prompts, expected 33)" + FAIL=2 + fi + if [ $FAIL -eq 1 ]; then + echo "Failed to obtain expected prompt" + fi + if [ $FAIL -ne 0 ]; then + echo + echo "Original command output:" + echo "$output" + echo + exit 1 + fi +fi OPENSSL_CONF=${ORIG_OPENSSL_CONF} - exit 0