tests/p11tool_checks.sh - pub/scm/linux/kernel/git/jejb/openssl-pkcs11-export - Git at Google

 #!/bin/bash
 set -x

 P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"
 CERTTOOL="certtool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"

 ${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass'|awk '{print $2}' > tmp.txt
 for mech in CKM_RSA_PKCS \
 		CKM_RSA_X_509 \
 		CKM_RSA_PKCS_PSS \
 		CKM_RSA_PKCS_OAEP; do
     grep -q $mech tmp.txt || exit 1;
 done

 ##
 # Build a custom template file for a certificate
 ##
 cat > tmp.tmpl <<EOF
 cn = "Test Cert"
 ca
 EOF

 export GNUTLS_PIN=Passw0rd
 ##
 # Check RSA
 ##
 ${CERTTOOL} --generate-self-signed --load-privkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' --template=tmp.tmpl > tmp.crt || exit 1
 certtool --verify --infile tmp.crt --load-ca-cert tmp.crt || exit 1
	#!/bin/bash
	set -x

	P11TOOL="p11tool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"
	CERTTOOL="certtool --provider ${srcdir}/../.libs/openssl-pkcs11-export.so"

	${P11TOOL} --list-mechanisms 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-nopass'\|awk '{print $2}' > tmp.txt
	for mech in CKM_RSA_PKCS \
	CKM_RSA_X_509 \
	CKM_RSA_PKCS_PSS \
	CKM_RSA_PKCS_OAEP; do
	grep -q $mech tmp.txt \|\| exit 1;
	done

	##
	# Build a custom template file for a certificate
	##
	cat > tmp.tmpl <<EOF
	cn = "Test Cert"
	ca
	EOF

	export GNUTLS_PIN=Passw0rd
	##
	# Check RSA
	##
	${CERTTOOL} --generate-self-signed --load-privkey 'pkcs11:manufacturer=openssl-pkcs11-export;token=key-pass;object=key-pass' --template=tmp.tmpl > tmp.crt \|\| exit 1
	certtool --verify --infile tmp.crt --load-ca-cert tmp.crt \|\| exit 1