@@ -45,7 +45,11 @@ def run_cmd(args, softhsm_conf=None) -> Tuple[bytes, bytes]:
4545 conf = f .read ()
4646 msg = '[cmd: {cmd}] [code: {code}] [stdout: {out}] [stderr: {err}] [config: {conf}]'
4747 msg = msg .format (
48- cmd = " " .join (args ), code = rv , out = out .strip (), err = err .strip (), conf = conf ,
48+ cmd = " " .join (args ),
49+ code = rv ,
50+ out = out .strip (),
51+ err = err .strip (),
52+ conf = conf ,
4953 )
5054 raise RuntimeError (msg )
5155 return out , err
@@ -90,9 +94,7 @@ def run_cmd(args, softhsm_conf=None) -> Tuple[bytes, bytes]:
9094if component_path ['SOFTHSM' ].endswith ('softhsm2-util' ):
9195 softhsm_version = 2
9296
93- openssl_version = subprocess .check_output ([component_path ['OPENSSL' ],
94- 'version' ]
95- )[8 :11 ].decode ()
97+ openssl_version = subprocess .check_output ([component_path ['OPENSSL' ], 'version' ])[8 :11 ].decode ()
9698
9799p11_test_files : List [str ] = []
98100softhsm_conf : Optional [str ] = None
@@ -121,27 +123,41 @@ def setup() -> None:
121123 with open (softhsm_conf , "w" ) as f :
122124 if softhsm_version == 2 :
123125 softhsm_db = _temp_dir ()
124- f .write ("""
126+ f .write (
127+ """
125128# Generated by test
126129directories.tokendir = %s
127130objectstore.backend = file
128131log.level = DEBUG
129- """ % softhsm_db )
132+ """
133+ % softhsm_db
134+ )
130135 else :
131136 softhsm_db = _temp_file ()
132- f .write ("""
137+ f .write (
138+ """
133139# Generated by test
1341400:%s
135- """ % softhsm_db )
141+ """
142+ % softhsm_db
143+ )
136144
137145 logging .debug ("Initializing the token" )
138- out , err = run_cmd ([component_path ['SOFTHSM' ],
139- '--slot' , '0' ,
140- '--label' , 'test' ,
141- '--init-token' ,
142- '--pin' , 'secret1' ,
143- '--so-pin' , 'secret2' ],
144- softhsm_conf = softhsm_conf )
146+ out , err = run_cmd (
147+ [
148+ component_path ['SOFTHSM' ],
149+ '--slot' ,
150+ '0' ,
151+ '--label' ,
152+ 'test' ,
153+ '--init-token' ,
154+ '--pin' ,
155+ 'secret1' ,
156+ '--so-pin' ,
157+ 'secret2' ,
158+ ],
159+ softhsm_conf = softhsm_conf ,
160+ )
145161
146162 # logging.debug("Generating 1024 bit RSA key in token")
147163 # run_cmd([component_path['PKCS11_TOOL'],
@@ -155,26 +171,45 @@ def setup() -> None:
155171
156172 hash_priv_key = _temp_file ()
157173 logging .debug ("Converting test private key to format for softhsm" )
158- run_cmd ([component_path ['OPENSSL' ], 'pkcs8' ,
159- '-topk8' ,
160- '-inform' , 'PEM' ,
161- '-outform' , 'PEM' ,
162- '-nocrypt' ,
163- '-in' , os .path .join (DATA_DIR , 'rsakey.pem' ),
164- '-out' , hash_priv_key ], softhsm_conf = softhsm_conf )
174+ run_cmd (
175+ [
176+ component_path ['OPENSSL' ],
177+ 'pkcs8' ,
178+ '-topk8' ,
179+ '-inform' ,
180+ 'PEM' ,
181+ '-outform' ,
182+ 'PEM' ,
183+ '-nocrypt' ,
184+ '-in' ,
185+ os .path .join (DATA_DIR , 'rsakey.pem' ),
186+ '-out' ,
187+ hash_priv_key ,
188+ ],
189+ softhsm_conf = softhsm_conf ,
190+ )
165191
166192 logging .debug ("Importing the test key to softhsm" )
167- run_cmd ([component_path ['SOFTHSM' ],
168- '--import' , hash_priv_key ,
169- '--token' , 'test' ,
170- '--id' , 'a1b2' ,
171- '--label' , 'test' ,
172- '--pin' , 'secret1' ],
173- softhsm_conf = softhsm_conf )
174- run_cmd ([component_path ['PKCS11_TOOL' ],
175- '--module' , component_path ['P11_MODULE' ],
176- '-l' ,
177- '--pin' , 'secret1' , '-O' ], softhsm_conf = softhsm_conf )
193+ run_cmd (
194+ [
195+ component_path ['SOFTHSM' ],
196+ '--import' ,
197+ hash_priv_key ,
198+ '--token' ,
199+ 'test' ,
200+ '--id' ,
201+ 'a1b2' ,
202+ '--label' ,
203+ 'test' ,
204+ '--pin' ,
205+ 'secret1' ,
206+ ],
207+ softhsm_conf = softhsm_conf ,
208+ )
209+ run_cmd (
210+ [component_path ['PKCS11_TOOL' ], '--module' , component_path ['P11_MODULE' ], '-l' , '--pin' , 'secret1' , '-O' ],
211+ softhsm_conf = softhsm_conf ,
212+ )
178213 signer_cert_pem = _temp_file ()
179214 openssl_conf = _temp_file ()
180215 logging .debug ("Generating OpenSSL config for version {}" .format (openssl_version ))
@@ -185,21 +220,25 @@ def setup() -> None:
185220 # if openssl_version.startswith(b'1.')
186221 # else ""
187222 # )
188- f .write ("\n " .join ([
189- "openssl_conf = openssl_def" ,
190- "[openssl_def]" ,
191- "engines = engine_section" ,
192- "[engine_section]" ,
193- "pkcs11 = pkcs11_section" ,
194- "[req]" ,
195- "distinguished_name = req_distinguished_name" ,
196- "[req_distinguished_name]" ,
197- "[pkcs11_section]" ,
198- "engine_id = pkcs11" ,
199- # dynamic_path,
200- "MODULE_PATH = %s" % component_path ['P11_MODULE' ],
201- "init = 0" ,
202- ]))
223+ f .write (
224+ "\n " .join (
225+ [
226+ "openssl_conf = openssl_def" ,
227+ "[openssl_def]" ,
228+ "engines = engine_section" ,
229+ "[engine_section]" ,
230+ "pkcs11 = pkcs11_section" ,
231+ "[req]" ,
232+ "distinguished_name = req_distinguished_name" ,
233+ "[req_distinguished_name]" ,
234+ "[pkcs11_section]" ,
235+ "engine_id = pkcs11" ,
236+ # dynamic_path,
237+ "MODULE_PATH = %s" % component_path ['P11_MODULE' ],
238+ "init = 0" ,
239+ ]
240+ )
241+ )
203242
204243 with open (openssl_conf , "r" ) as f :
205244 logging .debug ('-------- START DEBUG openssl_conf --------' )
@@ -213,34 +252,69 @@ def setup() -> None:
213252 signer_cert_der = _temp_file ()
214253
215254 logging .debug ("Generating self-signed certificate" )
216- run_cmd ([component_path ['OPENSSL' ], 'req' ,
217- '-new' ,
218- '-x509' ,
219- '-subj' , "/CN=Test Signer" ,
220- '-engine' , 'pkcs11' ,
221- '-config' , openssl_conf ,
222- '-keyform' , 'engine' ,
223- '-key' , 'label_test' ,
224- '-passin' , 'pass:secret1' ,
225- '-out' , signer_cert_pem ], softhsm_conf = softhsm_conf )
226-
227- run_cmd ([component_path ['OPENSSL' ], 'x509' ,
228- '-inform' , 'PEM' ,
229- '-outform' , 'DER' ,
230- '-in' , signer_cert_pem ,
231- '-out' , signer_cert_der ], softhsm_conf = softhsm_conf )
255+ run_cmd (
256+ [
257+ component_path ['OPENSSL' ],
258+ 'req' ,
259+ '-new' ,
260+ '-x509' ,
261+ '-subj' ,
262+ "/CN=Test Signer" ,
263+ '-engine' ,
264+ 'pkcs11' ,
265+ '-config' ,
266+ openssl_conf ,
267+ '-keyform' ,
268+ 'engine' ,
269+ '-key' ,
270+ 'label_test' ,
271+ '-passin' ,
272+ 'pass:secret1' ,
273+ '-out' ,
274+ signer_cert_pem ,
275+ ],
276+ softhsm_conf = softhsm_conf ,
277+ )
278+
279+ run_cmd (
280+ [
281+ component_path ['OPENSSL' ],
282+ 'x509' ,
283+ '-inform' ,
284+ 'PEM' ,
285+ '-outform' ,
286+ 'DER' ,
287+ '-in' ,
288+ signer_cert_pem ,
289+ '-out' ,
290+ signer_cert_der ,
291+ ],
292+ softhsm_conf = softhsm_conf ,
293+ )
232294
233295 logging .debug ("Importing certificate into token" )
234296
235- run_cmd ([component_path ['PKCS11_TOOL' ],
236- '--module' , component_path ['P11_MODULE' ],
237- '-l' ,
238- '--slot-index' , '0' ,
239- '--id' , 'a1b2' ,
240- '--label' , 'test' ,
241- '-y' , 'cert' ,
242- '-w' , signer_cert_der ,
243- '--pin' , 'secret1' ], softhsm_conf = softhsm_conf )
297+ run_cmd (
298+ [
299+ component_path ['PKCS11_TOOL' ],
300+ '--module' ,
301+ component_path ['P11_MODULE' ],
302+ '-l' ,
303+ '--slot-index' ,
304+ '0' ,
305+ '--id' ,
306+ 'a1b2' ,
307+ '--label' ,
308+ 'test' ,
309+ '-y' ,
310+ 'cert' ,
311+ '-w' ,
312+ signer_cert_der ,
313+ '--pin' ,
314+ 'secret1' ,
315+ ],
316+ softhsm_conf = softhsm_conf ,
317+ )
244318
245319 # TODO: Should be teardowned in teardown:
246320 os .environ ['SOFTHSM_CONF' ] = softhsm_conf
![pre-commit-ci[bot]](https://avatars.githubusercontent.com/in/68672?v=4&size=40){kind=avatar}
0 commit comments