tests: smartcard tests

closes #66 Signed-off-by: Jérôme Jutteau <[email protected]>
jerome-jutteau · May 26, 2021 · ebbbcb9 · ebbbcb9
1 parent 4869f4f
commit ebbbcb9
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -22,6 +22,7 @@ Use the same issue tracker to report problems with the documentation.
 Pre-requisites:
 - An Outscale account on eu-west-2 region
 - At least 10 AccessKeys in your quota
+- Have `softhsm2`, `pkcs11-tool` and `openssl` installed
 
 Setup:
 - Fill a valid `default` profile in `~/.osc/config.json`

diff --git a/tests/_gen_smartcard_config_file b/tests/_gen_smartcard_config_file
@@ -0,0 +1,71 @@
+#!/bin/bash
+set -e
+echo -n "$(basename $0): "
+
+
+ssl_engine="/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so"
+module="/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so"
+token_label="osc-test-token"
+rsa_label="osc.key"
+cert_label="osc.cert"
+
+# Test SoftHSMv2
+softhsm2-util --version &> /dev/null || { echo "softhsm2-util not found"; exit 1; }
+
+# Test pkcs11-tool
+pkcs11-tool --test --module $module &> /dev/null || { echo "pkcs11-tool --test failed"; exit 1; }
+
+# Test openssl
+openssl help &> /dev/null || { echo "openssl not found"; exit 1;}
+
+# Clean existing SoftHSMv2 token
+softhsm2-util --module $module --delete-token --token $token_label &> /dev/null || true
+softhsm2-util --module $module --init-token --pin 0000 --so-pin 1234 --free --label $token_label &> /dev/null || { echo "Cannot initialize SoftHSM token"; exit 1; }
+
+# Generate RSA key on smartcard
+pkcs11-tool --module $module --keypairgen --key-type rsa:2048 --usage-sign --login --pin 0000 --token-label $token_label --label $rsa_label &> /dev/null || { echo "Cannot create RSA key"; exit 1; }
+
+# Register engine in openssl
+openssl engine dynamic -pre SO_PATH:$ssl_engine -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:$module &> /dev/null || { echo "Cannot register pkcs11 to openssl"; exit 1; }
+
+# Test engine
+openssl engine -t -c pkcs11 &> /dev/null || { echo "pkcs11 engine not available to openssl"; exit 1; }
+
+# Generate cert
+openssl req -new -x509 -out osc.crt -days 365 -addext basicConstraints=critical,CA:TRUE,pathlen:1 -subj "/CN=OSC-TEST-CA" -engine pkcs11 -keyform engine -key "pkcs11:token=${token_label};object=${rsa_label};pin-value=0000" &> /dev/null || { echo "Cannot create openssl cert"; exit 1; }
+
+# Convert to der format
+openssl x509 -inform pem -outform der -in osc.crt -out osc.crt.der &> /dev/null || { echo "Cannot convert to der format"; exit 1; }
+
+# Send der to smartcard
+pkcs11-tool --module $module --write-object osc.crt.der --type cert --token-label $token_label --label $cert_label &> /dev/null || { echo "Cannot write certificate to smartcard"; exit 1; }
+
+# Clean files
+rm -rf osc.crt osc.crt.der
+
+# Generate configuration
+rm -rf ~/.osc
+mkdir -p ~/.osc
+echo -n "
+{
+    \"default\": {
+	\"access_key\": \"${OSC_TEST_ACCESS_KEY}\",
+	\"secret_key\": \"${OSC_TEST_SECRET_KEY}\",
+	\"ssl_engine_id\": \"pkcs11\",
+	\"ssl_engine_path\": \"${ssl_engine}\",
+	\"ssl_module_path\": \"${module}\",
+	\"x509_client_cert\": \"pkcs11:token=${token_label};type=cert;object=${cert_label}\",
+	\"x509_client_key\": \"pkcs11:token=${token_label};type=private;object=${rsa_label};pin-value=0000\",
+	\"region\": \"eu-west-2\",
+	\"endpoints\": {
+	    \"api\": \"api.eu-west-2.outscale.com/api/v1\",
+	    \"fcu\": \"fcu.eu-west-2.outscale.com\",
+	    \"lbu\": \"lbu.eu-west-2.outscale.com\",
+	    \"eim\": \"eim.eu-west-2.outscale.com\",
+	    \"icu\": \"icu.eu-west-2.outscale.com\",
+	    \"directlink\": \"directlink.eu-west-2.outscale.com\",
+	    \"oos\": \"oos.eu-west-2.outscale.com\"
+	}
+    }
+}" > ~/.osc/config.json
+echo "OK"
diff --git a/tests/_run b/tests/_run
@@ -15,6 +15,12 @@ for t in *.sh ; do
     ./$t
 done
 
+./_clean_config_files
+./_gen_smartcard_config_file
+for t in *.sh ; do
+    ./$t
+done
+
 ./_clean_config_files
 ./_gen_config_file
 for t in specific/*.sh ; do