Skip to content

Commit

Permalink
[pre-commit.ci] auto fixes from pre-commit.com hooks
Browse files Browse the repository at this point in the history 
for more information, see https://pre-commit.ci
  • Loading branch information
@pre-commit-ci
pre-commit-ci[bot] committed Apr 17, 2023
1 parent 7e26ee2 commit b23ab3c
Showing 1 changed file with 147 additions and 73 deletions.
220 changes: 147 additions & 73 deletions tests/softhsm_setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@ def run_cmd(args, softhsm_conf=None) -> Tuple[bytes, bytes]:
conf = f.read()
msg = '[cmd: {cmd}] [code: {code}] [stdout: {out}] [stderr: {err}] [config: {conf}]'
msg = msg.format(
cmd=" ".join(args), code=rv, out=out.strip(), err=err.strip(), conf=conf,
cmd=" ".join(args),
code=rv,
out=out.strip(),
err=err.strip(),
conf=conf,
)
raise RuntimeError(msg)
return out, err
Expand Down Expand Up @@ -90,9 +94,7 @@ def run_cmd(args, softhsm_conf=None) -> Tuple[bytes, bytes]:
if component_path['SOFTHSM'].endswith('softhsm2-util'):
softhsm_version = 2

openssl_version = subprocess.check_output([component_path['OPENSSL'],
'version']
)[8:11].decode()
openssl_version = subprocess.check_output([component_path['OPENSSL'], 'version'])[8:11].decode()

p11_test_files: List[str] = []
softhsm_conf: Optional[str] = None
Expand Down Expand Up @@ -121,27 +123,41 @@ def setup() -> None:
with open(softhsm_conf, "w") as f:
if softhsm_version == 2:
softhsm_db = _temp_dir()
f.write("""
f.write(
"""
# Generated by test
directories.tokendir = %s
objectstore.backend = file
log.level = DEBUG
""" % softhsm_db)
"""
% softhsm_db
)
else:
softhsm_db = _temp_file()
f.write("""
f.write(
"""
# Generated by test
0:%s
""" % softhsm_db)
"""
% softhsm_db
)

logging.debug("Initializing the token")
out, err = run_cmd([component_path['SOFTHSM'],
'--slot', '0',
'--label', 'test',
'--init-token',
'--pin', 'secret1',
'--so-pin', 'secret2'],
softhsm_conf=softhsm_conf)
out, err = run_cmd(
[
component_path['SOFTHSM'],
'--slot',
'0',
'--label',
'test',
'--init-token',
'--pin',
'secret1',
'--so-pin',
'secret2',
],
softhsm_conf=softhsm_conf,
)

# logging.debug("Generating 1024 bit RSA key in token")
# run_cmd([component_path['PKCS11_TOOL'],
Expand All @@ -155,26 +171,45 @@ def setup() -> None:

hash_priv_key = _temp_file()
logging.debug("Converting test private key to format for softhsm")
run_cmd([component_path['OPENSSL'], 'pkcs8',
'-topk8',
'-inform', 'PEM',
'-outform', 'PEM',
'-nocrypt',
'-in', os.path.join(DATA_DIR, 'rsakey.pem'),
'-out', hash_priv_key], softhsm_conf=softhsm_conf)
run_cmd(
[
component_path['OPENSSL'],
'pkcs8',
'-topk8',
'-inform',
'PEM',
'-outform',
'PEM',
'-nocrypt',
'-in',
os.path.join(DATA_DIR, 'rsakey.pem'),
'-out',
hash_priv_key,
],
softhsm_conf=softhsm_conf,
)

logging.debug("Importing the test key to softhsm")
run_cmd([component_path['SOFTHSM'],
'--import', hash_priv_key,
'--token', 'test',
'--id', 'a1b2',
'--label', 'test',
'--pin', 'secret1'],
softhsm_conf=softhsm_conf)
run_cmd([component_path['PKCS11_TOOL'],
'--module', component_path['P11_MODULE'],
'-l',
'--pin', 'secret1', '-O'], softhsm_conf=softhsm_conf)
run_cmd(
[
component_path['SOFTHSM'],
'--import',
hash_priv_key,
'--token',
'test',
'--id',
'a1b2',
'--label',
'test',
'--pin',
'secret1',
],
softhsm_conf=softhsm_conf,
)
run_cmd(
[component_path['PKCS11_TOOL'], '--module', component_path['P11_MODULE'], '-l', '--pin', 'secret1', '-O'],
softhsm_conf=softhsm_conf,
)
signer_cert_pem = _temp_file()
openssl_conf = _temp_file()
logging.debug("Generating OpenSSL config for version {}".format(openssl_version))
Expand All @@ -185,21 +220,25 @@ def setup() -> None:
# if openssl_version.startswith(b'1.')
# else ""
# )
f.write("\n".join([
"openssl_conf = openssl_def",
"[openssl_def]",
"engines = engine_section",
"[engine_section]",
"pkcs11 = pkcs11_section",
"[req]",
"distinguished_name = req_distinguished_name",
"[req_distinguished_name]",
"[pkcs11_section]",
"engine_id = pkcs11",
# dynamic_path,
"MODULE_PATH = %s" % component_path['P11_MODULE'],
"init = 0",
]))
f.write(
"\n".join(
[
"openssl_conf = openssl_def",
"[openssl_def]",
"engines = engine_section",
"[engine_section]",
"pkcs11 = pkcs11_section",
"[req]",
"distinguished_name = req_distinguished_name",
"[req_distinguished_name]",
"[pkcs11_section]",
"engine_id = pkcs11",
# dynamic_path,
"MODULE_PATH = %s" % component_path['P11_MODULE'],
"init = 0",
]
)
)

with open(openssl_conf, "r") as f:
logging.debug('-------- START DEBUG openssl_conf --------')
Expand All @@ -213,34 +252,69 @@ def setup() -> None:
signer_cert_der = _temp_file()

logging.debug("Generating self-signed certificate")
run_cmd([component_path['OPENSSL'], 'req',
'-new',
'-x509',
'-subj', "/CN=Test Signer",
'-engine', 'pkcs11',
'-config', openssl_conf,
'-keyform', 'engine',
'-key', 'label_test',
'-passin', 'pass:secret1',
'-out', signer_cert_pem], softhsm_conf=softhsm_conf)

run_cmd([component_path['OPENSSL'], 'x509',
'-inform', 'PEM',
'-outform', 'DER',
'-in', signer_cert_pem,
'-out', signer_cert_der], softhsm_conf=softhsm_conf)
run_cmd(
[
component_path['OPENSSL'],
'req',
'-new',
'-x509',
'-subj',
"/CN=Test Signer",
'-engine',
'pkcs11',
'-config',
openssl_conf,
'-keyform',
'engine',
'-key',
'label_test',
'-passin',
'pass:secret1',
'-out',
signer_cert_pem,
],
softhsm_conf=softhsm_conf,
)

run_cmd(
[
component_path['OPENSSL'],
'x509',
'-inform',
'PEM',
'-outform',
'DER',
'-in',
signer_cert_pem,
'-out',
signer_cert_der,
],
softhsm_conf=softhsm_conf,
)

logging.debug("Importing certificate into token")

run_cmd([component_path['PKCS11_TOOL'],
'--module', component_path['P11_MODULE'],
'-l',
'--slot-index', '0',
'--id', 'a1b2',
'--label', 'test',
'-y', 'cert',
'-w', signer_cert_der,
'--pin', 'secret1'], softhsm_conf=softhsm_conf)
run_cmd(
[
component_path['PKCS11_TOOL'],
'--module',
component_path['P11_MODULE'],
'-l',
'--slot-index',
'0',
'--id',
'a1b2',
'--label',
'test',
'-y',
'cert',
'-w',
signer_cert_der,
'--pin',
'secret1',
],
softhsm_conf=softhsm_conf,
)

# TODO: Should be teardowned in teardown:
os.environ['SOFTHSM_CONF'] = softhsm_conf
Expand Down

0 comments on commit b23ab3c

Please sign in to comment.