Skip to content

Commit

Permalink
test/integration: shellcheck fixes
Browse files Browse the repository at this point in the history 
Signed-off-by: Ondrej Moris <[email protected]>
  • Loading branch information
@The-Mule
The-Mule committed Mar 12, 2024
1 parent 8167489 commit ef4bb48
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 61 deletions.
44 changes: 23 additions & 21 deletions tests/integration/bind.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# Copyright (C) 2024 Ondrej Moris <[email protected]>
# SPDX-License-Identifier: Apache-2.0

# shellcheck disable=SC1091
source "../helpers.sh"

BASEDIR=$PWD
Expand All @@ -20,7 +21,7 @@ install_dependencies()
elif [ "$FEDORA_VERSION" -eq 39 ]; then
releasever="--releasever=40"
fi
dnf install -y $releasever --skip-broken \
dnf install -y "$releasever" --skip-broken \
autoconf automake autoconf-archive libtool \
p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \
p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \
Expand All @@ -43,7 +44,7 @@ softhsm_token_setup()

title SECTION "List token content"
TOKENURL=$(p11tool --list-token-urls | grep "softhsm")
p11tool --login --set-pin $PIN --list-all $TOKENURL
p11tool --login --set-pin "$PIN" --list-all "$TOKENURL"
title ENDSECTION
}

Expand All @@ -58,26 +59,27 @@ pkcs11_provider_setup()
fi
echo "Skipped (running in Github Actions)"
else
git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \
${WORKDIR}/pkcs11-provider
pushd $WORKDIR/pkcs11-provider
git checkout ${GIT_REF:-"main"}
git clone \
"${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \
"${WORKDIR}"/pkcs11-provider
pushd "${WORKDIR}"/pkcs11-provider
git checkout "${GIT_REF:-"main"}"
autoreconf -fiv
./configure --libdir=/usr/lib64
make
make install
popd
export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so
fi
test -e $PKCS11_MODULE
test -e "$PKCS11_MODULE"
}

p11kit_server_setup()
{
title PARA "Proxy module driver through p11-kit server"

export XDG_RUNTIME_DIR=$PWD
eval $(p11-kit server --provider $PKCS11_PROVIDER_MODULE "pkcs11:")
eval "$(p11-kit server --provider "$PKCS11_PROVIDER_MODULE" "pkcs11:")"
test -n "$P11_KIT_SERVER_PID"
export PKCS11_PROVIDER_MODULE="/usr/lib64/pkcs11/p11-kit-client.so"
}
Expand All @@ -92,35 +94,35 @@ openssl_setup()
-e "s|\(\[default_sect\]\)|module = $PKCS11_MODULE\n\1|" \
-e "s|\(\[default_sect\]\)|pkcs11-module-load-behavior = early\n\1|" \
-e "s|\(\[default_sect\]\)|activate = 1\n\n\1|" \
/etc/pki/tls/openssl.cnf >${WORKDIR}/openssl.cnf
/etc/pki/tls/openssl.cnf >"${WORKDIR}"/openssl.cnf

title SECTION "openssl.cnf"
cat ${WORKDIR}/openssl.cnf
cat "${WORKDIR}"/openssl.cnf
title ENDSECTION
}

bind_setup()
{
title PARA "Bind setup"

cp /var/named/named.localhost ${WORKDIR}/localhost
cp /var/named/named.localhost "${WORKDIR}"/localhost
}

bind_test()
{
title PARA "Bind test"

TOKENURL=$(p11tool --list-token-urls | grep "softhsm")
KSKURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \
KSKURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \
| grep 'URL:.*object=localhost-ksk' \
| awk '{ print $NF }' \
| sed "s/type=.*\$/pin-value=$PIN/")"
ZSKURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \
ZSKURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \
| grep 'URL:.*object=localhost-zsk' \
| awk '{ print $NF }' \
| sed "s/type=.*\$/pin-value=$PIN/")"

pushd $WORKDIR
pushd "$WORKDIR"

title PARA "Test 1: Extract KSK and ZSK keys from PKCS11 URIs"
PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.extract \
Expand All @@ -130,15 +132,15 @@ bind_test()
OPENSSL_CONF=openssl.cnf \
dnssec-keyfromlabel -a RSASHA256 -l "$KSKURL" -f KSK localhost
for K in *.key; do
cat $K >>localhost
cat "$K" >>localhost
done
test -s ${PKCS11_DEBUG_FILE}.extract
test -s "${PKCS11_DEBUG_FILE}".extract

title PARA "Test 2: Sign zone"
PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.sign \
OPENSSL_CONF=openssl.cnf \
dnssec-signzone -o localhost localhost
test -s ${PKCS11_DEBUG_FILE}.sign
test -s "${PKCS11_DEBUG_FILE}".sign

popd
echo "Test passed"
Expand All @@ -148,14 +150,14 @@ cleanup()
{
title PARA "Clean-up"

for L in ${PKCS11_DEBUG_FILE}.*; do
for L in "${PKCS11_DEBUG_FILE}".*; do
title SECTION "$L"
cat $L
cat "$L"
title ENDSECTION
done

pushd $BASEDIR >/dev/null
rm -rf $WORKDIR
pushd "$BASEDIR" >/dev/null
rm -rf "$WORKDIR"
if [ -e /var/lib/softhsm/tokens.bck ]; then
rm -rf /var/lib/softhsm/tokens
mv /var/lib/softhsm/tokens.bck /var/lib/softhsm/tokens
Expand Down
55 changes: 28 additions & 27 deletions tests/integration/httpd.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# Copyright (C) 2024 Ondrej Moris <[email protected]>
# SPDX-License-Identifier: Apache-2.0

# shellcheck disable=SC1091
source "../helpers.sh"

BASEDIR=$PWD
Expand All @@ -22,7 +23,7 @@ install_dependencies()
elif [ "$FEDORA_VERSION" -eq 39 ]; then
releasever="--releasever=40"
fi
dnf install -y $releasever --skip-broken \
dnf install -y "$releasever" --skip-broken \
autoconf automake autoconf-archive libtool \
p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \
p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \
Expand All @@ -33,15 +34,15 @@ softhsm_token_setup()
{
title PARA "Softhsm token setup"

pushd $WORKDIR
pushd "$WORKDIR"
mkdir ca server
openssl req -x509 -sha256 -newkey rsa:2048 -noenc -batch \
-keyout ca/key.pem -out ca/cert.pem
openssl req -newkey rsa:2048 -subj '/CN=localhost' -noenc -batch \
-keyout server/key.pem -out server/csr.pem
openssl x509 -req -CA ca/cert.pem -CAkey ca/key.pem \
-in server/csr.pem -out server/cert.pem -CAcreateserial
chown -R apache:apache $WORKDIR
chown -R apache:apache "$WORKDIR"

usermod -a -G ods apache
cp -rnp /var/lib/softhsm/tokens{,.bck}
Expand All @@ -54,20 +55,20 @@ softhsm_token_setup()
--label httpd \
--id=%01 \
--login \
--set-pin $PIN $TOKENURL
--set-pin "$PIN" "$TOKENURL"
runuser -u apache -- p11tool \
--write \
--load-certificate server/cert.pem \
--label httpd \
--id=%01 \
--login \
--set-pin $PIN $TOKENURL
--set-pin "$PIN" "$TOKENURL"
popd

export PKCS11_PROVIDER_MODULE="/usr/lib64/pkcs11/libsofthsm2.so"

title SECTION "List token content"
p11tool --login --set-pin $PIN --list-all $TOKENURL
p11tool --login --set-pin "$PIN" --list-all "$TOKENURL"
title ENDSECTION
}

Expand All @@ -83,36 +84,37 @@ pkcs11_provider_setup()
fi
echo "Skipped (running in Github Actions)"
else
git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \
${WORKDIR}/pkcs11-provider
pushd $WORKDIR/pkcs11-provider
git checkout ${GIT_REF:-"main"}
git clone \
"${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \
"${WORKDIR}"/pkcs11-provider
pushd "$WORKDIR"/pkcs11-provider
git checkout "${GIT_REF:-"main"}"
autoreconf -fiv
./configure --libdir=/usr/lib64
make
make install
popd
export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so
fi
test -e $PKCS11_MODULE
test -e "$PKCS11_MODULE"
}

openssl_setup()
{
title PARA "OpenSSL setup"

echo "$PIN" >$PIN_FILE
echo "$PIN" >"$PIN_FILE"
sed \
-e "s|\(default = default_sect\)|\1\npkcs11 = pkcs11_sect\n|" \
-e "s|\(\[default_sect\]\)|\[pkcs11_sect\]\n\1|" \
-e "s|\(\[default_sect\]\)|module = $PKCS11_MODULE\n\1|" \
-e "s|\(\[default_sect\]\)|pkcs11-module-load-behavior = early\n\1|" \
-e "s|\(\[default_sect\]\)|pkcs11-module-token-pin = file:$PIN_FILE\n\1|" \
-e "s|\(\[default_sect\]\)|activate = 1\n\n\1|" \
/etc/pki/tls/openssl.cnf >${WORKDIR}/openssl.cnf
/etc/pki/tls/openssl.cnf >"${WORKDIR}"/openssl.cnf

title SECTION "openssl.cnf"
cat ${WORKDIR}/openssl.cnf
cat "${WORKDIR}"/openssl.cnf
title ENDSECTION
}

Expand All @@ -121,10 +123,10 @@ httpd_setup()
title PARAM "Httpd setup"

TOKENURL=$(p11tool --list-token-urls | grep "softtoken")
KEYURL="$(p11tool --login --set-pin $PIN --list-keys $TOKENURL \
KEYURL="$(p11tool --login --set-pin "$PIN" --list-keys "$TOKENURL" \
| grep 'URL:.*object=httpd;type=private' \
| awk '{ print $NF }')?pin-value=$PIN"
CERTURL=$(p11tool --list-all-certs $TOKENURL \
CERTURL=$(p11tool --list-all-certs "$TOKENURL" \
| grep "URL:.*object=httpd;type=cert" \
| awk '{ print $NF }')

Expand Down Expand Up @@ -155,34 +157,35 @@ httpd_test()

title PARA "Test 2: Curl connects to httpd over TLS"
PKCS11_PROVIDER_DEBUG=file:${PKCS11_DEBUG_FILE}.curl \
curl -v -sS --cacert ${WORKDIR}/ca/cert.pem https://localhost >/dev/null
curl -v -sS --cacert "${WORKDIR}"/ca/cert.pem https://localhost >/dev/null

echo "Test passed"
}

# shellcheck disable=SC2317
cleanup()
{
title PARA "Clean-up"

for L in ${PKCS11_DEBUG_FILE}.*; do
for L in "${PKCS11_DEBUG_FILE}".*; do
title SECTION "$L"
cat $L
cat "$L"
title ENDSECTION
done
ssl_log="/var/log/httpd/ssl_error_log"
if [ -e $ssl_log ]; then
if [ -e "$ssl_log" ]; then
title SECTION "$ssl_log"
cat $ssl_log
cat "$ssl_log"
title ENDSECTION
fi

pushd $BASEDIR >/dev/null
rm -rf $WORKDIR
pushd "$BASEDIR" >/dev/null
rm -rf "$WORKDIR"
if pgrep httpd >/dev/null; then
pkill httpd
fi
if [ -e ${MOD_SSL_CONF}.bck ]; then
mv ${MOD_SSL_CONF}.bck $MOD_SSL_CONF
if [ -e "${MOD_SSL_CONF}".bck ]; then
mv "${MOD_SSL_CONF}".bck "$MOD_SSL_CONF"
fi
if [ -e /var/lib/softhsm/tokens.bck ]; then
rm -rf /var/lib/softhsm/tokens
Expand All @@ -203,5 +206,3 @@ httpd_setup

# Test.
httpd_test

exit 0
29 changes: 16 additions & 13 deletions tests/integration/libssh.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# Copyright (C) 2024 Ondrej Moris <[email protected]>
# SPDX-License-Identifier: Apache-2.0

# shellcheck disable=SC1091
source "../helpers.sh"

BASEDIR=$PWD
Expand Down Expand Up @@ -30,36 +31,37 @@ pkcs11_provider_setup()
exit 1
fi
else
git clone ${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"} \
${WORKDIR}/pkcs11-provider
pushd $WORKDIR/pkcs11-provider
git checkout ${GIT_REF:-"main"}
git clone \
"${GIT_URL:-"https://github.com/latchset/pkcs11-provider.git"}" \
"${WORKDIR}"/pkcs11-provider
pushd "$WORKDIR"/pkcs11-provider
git checkout "${GIT_REF:-"main"}"
autoreconf -fiv
./configure --libdir=/usr/lib64
make
make install
popd
export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so
fi
test -e $PKCS11_MODULE
test -e "$PKCS11_MODULE"
}

libssh_setup()
{
title PRAM "Clone, setup and build libssh"

git clone https://gitlab.com/libssh/libssh-mirror.git \
${WORKDIR}/libssh-mirror
"${WORKDIR}"/libssh-mirror

mkdir ${WORKDIR}/libssh-mirror/build
pushd ${WORKDIR}/libssh-mirror/build
mkdir "${WORKDIR}"/libssh-mirror/build
pushd "${WORKDIR}"/libssh-mirror/build
cmake \
-DUNIT_TESTING=ON \
-DCLIENT_TESTING=ON \
-DCMAKE_BUILD_TYPE=Debug \
-DWITH_PKCS11_URI=ON \
-DWITH_PKCS11_PROVIDER=ON \
-DPKCS11_PROVIDER=${PKCS11_MODULE} ..
-DPKCS11_PROVIDER="${PKCS11_MODULE}" ..
make
popd
}
Expand All @@ -68,7 +70,7 @@ libssh_test()
{
title PARAM "Run libssh pkcs11 tests"

pushd ${WORKDIR}/libssh-mirror/build
pushd "${WORKDIR}"/libssh-mirror/build
PKCS11_PROVIDER_DEBUG=file:$PKCS11_DEBUG_FILE ctest \
--output-on-failure -R \
'(torture_auth_pkcs11|torture_pki_rsa_uri|torture_pki_ecdsa_uri)' \
Expand All @@ -80,16 +82,17 @@ libssh_test()
popd
}

# shellcheck disable=SC2317
cleanup()
{
title PARA "Clean-up"

title SECTION "$PKCS11_DEBUG_FILE"
cat $PKCS11_DEBUG_FILE
cat "$PKCS11_DEBUG_FILE"
title ENDSECTION

pushd $BASEDIR >/dev/null
rm -rf $WORKDIR
pushd "$BASEDIR" >/dev/null
rm -rf "$WORKDIR"

title LINE "Done"
}
Expand Down

0 comments on commit ef4bb48

Please sign in to comment.