fixup! Add setup script for testing with Kryoptic module

simo5 · Jul 5, 2024 · 2c2c03d · 2c2c03d
1 parent ee8af97
commit 2c2c03d
Showing 1 changed file with 25 additions and 37 deletions.
diff --git a/tests/setup-kryoptic.sh b/tests/setup-kryoptic.sh
@@ -107,6 +107,8 @@ p11tool --provider=${P11LIB} --initialize-pin \
     "pkcs11:manufacturer=Kryoptic%20Project%00;token=Test%00" 2>&1
 
 
+P11DEFARGS="--module=${P11LIB}--login --pin=${PINVALUE}"
+
 # General cert configs
 cat >> "${TMPPDIR}/cert.cfg" <<HEREDOC
 ca
@@ -128,14 +130,14 @@ CACRTN="caCert"
 
 
 ((SERIAL+=1))
-pkcs11-tool --keypairgen --key-type="RSA:2048" --login --pin=${PINVALUE} \
-	--module=${P11LIB} --label="${CACRTN}" --id="$KEYID" 2>&1
+pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="RSA:2048" \
+	--label="${CACRTN}" --id="${KEYID}" 2>&1
 "${certtool}" --generate-self-signed --outfile="${CACRT}.crt" \
 	--template="${TMPPDIR}/cert.cfg" --provider="$P11LIB" \
         --load-privkey "pkcs11:object=$CACRTN;type=private" \
         --load-pubkey "pkcs11:object=$CACRTN;type=public" --outder 2>&1
-pkcs11-tool --write-object "${CACRT}.crt" --type=cert --id=$KEYID \
-        --label="$CACRTN" --module="$P11LIB" --login --pin=${PINVALUE} 2>&1
+pkcs11-tool ${P11DEFARGS} --write-object "${CACRT}.crt" --type=cert \
+        --id=$KEYID --label="$CACRTN" 2>&1
 
 # the organization identification is not in the CA
 echo 'organization = "PKCS11 Provider"' >> "${TMPPDIR}/cert.cfg"
@@ -157,8 +159,8 @@ ca_sign() {
         --load-pubkey "pkcs11:object=$LABEL;type=public" --outder \
         --load-ca-certificate "${CACRT}.crt" --inder \
         --load-ca-privkey="pkcs11:object=$CACRTN;type=private" 2>&1
-    pkcs11-tool --write-object "${CRT}.crt" --type=cert --id="$KEYID" \
-        --label="$LABEL" --module="$P11LIB" --login --pin=${PINVALUE} 2>&1
+    pkcs11-tool ${P11DEFARGS} --write-object "${CRT}.crt" --type=cert \
+        --id="$KEYID" --label="$LABEL" 2>&1
 }
 
 # generate RSA key pair and self-signed certificate
@@ -167,8 +169,8 @@ URIKEYID="%00%01"
 TSTCRT="${TMPPDIR}/testcert"
 TSTCRTN="testCert"
 
-pkcs11-tool --keypairgen --key-type="RSA:2048" --login --pin=$PINVALUE \
-	--module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID"
+pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="RSA:2048" \
+	--label="${TSTCRTN}" --id="$KEYID"
 ca_sign "$TSTCRT" $TSTCRTN "My Test Cert" $KEYID
 
 BASEURIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
@@ -193,8 +195,8 @@ URIKEYID="%00%02"
 ECCRT="${TMPPDIR}/eccert"
 ECCRTN="ecCert"
 
-pkcs11-tool --keypairgen --key-type="EC:secp256r1" --login --pin=$PINVALUE \
-	--module="$P11LIB" --label="${ECCRTN}" --id="$KEYID"
+pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:secp256r1" \
+	--label="${ECCRTN}" --id="$KEYID"
 ca_sign "$ECCRT" $ECCRTN "My EC Cert" $KEYID
 
 ECBASEURIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
@@ -209,8 +211,8 @@ URIKEYID="%00%03"
 ECPEERCRT="${TMPPDIR}/ecpeercert"
 ECPEERCRTN="ecPeerCert"
 
-pkcs11-tool --keypairgen --key-type="EC:secp256r1" --login --pin=$PINVALUE \
-	--module="$P11LIB" --label="$ECPEERCRTN" --id="$KEYID"
+pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:secp256r1" \
+	--label="$ECPEERCRTN" --id="$KEYID"
 ca_sign "$ECPEERCRT" $ECPEERCRTN "My Peer EC Cert" $KEYID
 
 ECPEERBASEURIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
@@ -242,7 +244,7 @@ echo ""
 #EDCRT="${TMPPDIR}/edcert"
 #EDCRTN="edCert"
 #
-#pkcs11-tool --keypairgen --key-type="EC:edwards25519" --login --pin=$PINVALUE --module="$P11LIB" \
+#pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:edwards25519" \
 #	--label="${EDCRTN}" --id="$KEYID"
 #ca_sign "$EDCRT" $EDCRTN "My ED25519 Cert" $KEYID
 #
@@ -268,10 +270,10 @@ URIKEYID="%00%05"
 TSTCRT="${TMPPDIR}/testcert2"
 TSTCRTN="testCert2"
 
-pkcs11-tool --keypairgen --key-type="RSA:2048" --login --pin=$PINVALUE \
-	--module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID"
+pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="RSA:2048" \
+	--label="${TSTCRTN}" --id="$KEYID"
 ca_sign "$TSTCRT" $TSTCRTN "My Test Cert 2" $KEYID
-pkcs11-tool --delete-object --type pubkey --id 0005 --module="$P11LIB" --login --pin=$PINVALUE
+pkcs11-tool ${P11DEFARGS} --delete-object --type pubkey --id 0005
 
 BASE2URIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
 BASE2URIWITHPINSOURCE="pkcs11:id=${URIKEYID}?pin-source=${PINFILE}"
@@ -320,10 +322,10 @@ else
     URIKEYID="%00%07"
     ECXCRTN="ecExplicitCert"
 
-    pkcs11-tool --write-object="${TESTSSRCDIR}/explicit_ec.key.der" --type=privkey --login --pin=$PINVALUE \
-        --module="$P11LIB" --label="${ECXCRTN}" --id="$KEYID"
-    pkcs11-tool --write-object="${TESTSSRCDIR}/explicit_ec.pub.der" --type=pubkey --login --pin=$PINVALUE \
-        --module="$P11LIB" --label="${ECXCRTN}" --id="$KEYID"
+    pkcs11-tool ${P11DEFARGS} --write-object="${TESTSSRCDIR}/explicit_ec.key.der" --type=privkey \
+        --label="${ECXCRTN}" --id="$KEYID"
+    pkcs11-tool ${P11DEFARGS} --write-object="${TESTSSRCDIR}/explicit_ec.pub.der" --type=pubkey \
+        --label="${ECXCRTN}" --id="$KEYID"
 
     ECXBASEURIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
     ECXBASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID}?pin-source=file:${PINFILE}"
@@ -345,8 +347,8 @@ fi
 #TSTCRT="${TMPPDIR}/eccert3"
 #TSTCRTN="ecCert3"
 #
-#pkcs11-tool --keypairgen --key-type="EC:secp521r1" --login --pin=$PINVALUE \
-#	--module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID" --always-auth
+#pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:secp521r1" \
+#	--label="${TSTCRTN}" --id="$KEYID" --always-auth
 #ca_sign "$TSTCRT" $TSTCRTN "My EC Cert 3" $KEYID
 #
 #ECBASE3URIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
@@ -367,7 +369,7 @@ fi
 
 title PARA "Show contents of kryoptic token"
 echo " ----------------------------------------------------------------------------------------------------"
-pkcs11-tool -O --login --pin=$PINVALUE --module="$P11LIB"
+pkcs11-tool ${P11DEFARGS} -O
 echo " ----------------------------------------------------------------------------------------------------"
 
 title PARA "Output configurations"
@@ -421,13 +423,6 @@ export ECPEERPUBURI="${ECPEERPUBURI}"
 export ECPEERPRIURI="${ECPEERPRIURI}"
 export ECPEERCRTURI="${ECPEERCRTURI}"
 
-#export EDBASEURIWITHPINVALUE="${EDBASEURIWITHPINVALUE}"
-#export EDBASEURIWITHPINSOURCE="${EDBASEURIWITHPINSOURCE}"
-#export EDBASEURI="${EDBASEURI}"
-#export EDPUBURI="${EDPUBURI}"
-#export EDPRIURI="${EDPRIURI}"
-#export EDCRTURI="${EDCRTURI}"
-
 export BASE2URIWITHPINVALUE="${BASEURIWITHPINVALUE}"
 export BASE2URIWITHPINSOURCE="${BASEURIWITHPINSOURCE}"
 export BASE2URI="${BASE2URI}"
@@ -439,13 +434,6 @@ export ECBASE2URIWITHPINSOURCE="${ECBASE2URIWITHPINSOURCE}"
 export ECBASE2URI="${ECBASE2URI}"
 export ECPRI2URI="${ECPRI2URI}"
 export ECCRT2URI="${ECCRT2URI}"
-
-#export ECBASE3URIWITHPINVALUE="${ECBASE3URIWITHPINVALUE}"
-#export ECBASE3URIWITHPINSOURCE="${ECBASE3URIWITHPINSOURCE}"
-#export ECBASE3URI="${ECBASE3URI}"
-#export ECPUB3URI="${ECPUB3URI}"
-#export ECPRI3URI="${ECPRI3URI}"
-#export ECCRT3URI="${ECCRT3URI}"
 DBGSCRIPT
 
 if [ -n "${ECXBASEURI}" ]; then