Skip to content

Commit

Permalink
tests: Verify ALWAYS AUTHENTICATE invokes interactive prompts
Browse files Browse the repository at this point in the history
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
  • Loading branch information
Jakuje committed Nov 20, 2023
1 parent cb8d7d2 commit e12ca0e
Showing 1 changed file with 51 additions and 6 deletions.
57 changes: 51 additions & 6 deletions tests/tbasic
Original file line number Diff line number Diff line change
Expand Up @@ -211,15 +211,60 @@ sed "s/^pkcs11-module-token-pin.*$/pkcs11-module-cache-pins = cache/" \
"${OPENSSL_CONF}" > "${OPENSSL_CONF}.pincaching"
OPENSSL_CONF=${OPENSSL_CONF}.pincaching
$CHECKER "${TESTBLDDIR}/pincache"
$CHECKER "${TESTBLDDIR}/pincache" "$ECPRIURI"
OPENSSL_CONF=${ORIG_OPENSSL_CONF}

OPENSSL_CONF=${OPENSSL_CONF}.nopin

if [[ -n $ECPRI3URI ]]; then
echo "ECPRI3URI is $ECPRI3URI"
title PARA "Test the Login is repeated when ALWAYS AUTHENTICATE is set"
$CHECKER "${TESTBLDDIR}/pincache" "$EC3PRIURI"
# TODO no way to check from logs that this really happen
title PARA "Test interactive Login on key without ALWAYS AUTHENTICATE"
output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$BASEURI\";
expect \"Enter PIN for PKCS#11 Token (Slot *:\" {
send \"${PINVALUE}\r\"; exp_continue; }
expect \"ALL A-OK\";")
FAIL=0
echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1
prompts=$(echo "$output" | grep -c "Enter PIN for PKCS#11 Token (Slot .*):" 2>&1)
# 1 login to read key only
if [ "$prompts" -ne "1" ]; then
echo "Failed receive expected amount of prompts (got $prompts, expected 1)"
FAIL=2
fi
if [ $FAIL -eq 1 ]; then
echo "Failed to obtain expected prompt"
fi
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

if [[ -n $ECBASE3URI ]]; then
title PARA "Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE"
output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$ECBASE3URI\";
expect \"Enter PIN for PKCS#11 Token (Slot *:\" {
send \"${PINVALUE}\r\"; exp_continue; }
expect \"ALL A-OK\";")
FAIL=0
echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1
prompts=$(echo "$output" | grep -c "Enter PIN for PKCS#11 Token (Slot .*):" 2>&1)
# 1 login to read key + 16 signatures from 2 processes
if [ "$prompts" -ne "33" ]; then
echo "Failed receive expected amount of prompts (got $prompts, expected 33)"
FAIL=2
fi
if [ $FAIL -eq 1 ]; then
echo "Failed to obtain expected prompt"
fi
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi
fi
OPENSSL_CONF=${ORIG_OPENSSL_CONF}


exit 0

0 comments on commit e12ca0e

Please sign in to comment.