diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-07-23 10:08:31 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2018-07-23 10:08:31 +0200 |
commit | 6353307e1c57627c135f9ca44ba5fa4251f84574 (patch) | |
tree | e865f52ef7321099a05ee247aa84516d0fde7561 /tests | |
parent | 84aeeecfa7ba816e47fd26131d4c257dfb1a8bca (diff) | |
download | nss-hg-6353307e1c57627c135f9ca44ba5fa4251f84574.tar.gz |
Bug 1475274, Provide a way to specify tokens by PKCS #11 URI, r=rrelyea
Summary: This patch allows client applications to specify tokens unambiguously with PKCS #11 URI, instead of token name. It also includes a minor fixes to PKCS #11 URI handling that previously treated the scheme case sensitively.
Reviewers: kaie, rrelyea
Bug #: 1475274
Differential Revision: https://phabricator.services.mozilla.com/D2099
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/cert/cert.sh | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh index 6da2a0be5..6d0547c9b 100755 --- a/tests/cert/cert.sh +++ b/tests/cert/cert.sh @@ -2124,6 +2124,23 @@ cert_test_implicit_db_init() certu -A -n ca -t 'C,C,C' -d ${P_R_IMPLICIT_INIT_DIR} -i "${SERVER_CADIR}/serverCA.ca.cert" } +cert_test_token_uri() +{ + echo "$SCRIPTNAME: specify token with PKCS#11 URI" + + CERTIFICATE_DB_URI=`${BINDIR}/certutil -U -f "${R_PWFILE}" -d ${P_R_SERVERDIR} | sed -n 's/^ *uri: \(.*NSS%20Certificate%20DB.*\)/\1/p'` + BUILTIN_OBJECTS_URI=`${BINDIR}/certutil -U -f "${R_PWFILE}" -d ${P_R_SERVERDIR} | sed -n 's/^ *uri: \(.*Builtin%20Object%20Token.*\)/\1/p'` + + CU_ACTION="List keys in NSS Certificate DB" + certu -K -f "${R_PWFILE}" -d ${P_R_SERVERDIR} -h ${CERTIFICATE_DB_URI} + + # This token shouldn't have any keys + CU_ACTION="List keys in NSS Builtin Objects" + RETEXPECTED=255 + certu -K -f "${R_PWFILE}" -d ${P_R_SERVERDIR} -h ${BUILTIN_OBJECTS_URI} + RETEXPECTED=0 +} + check_sign_algo() { certu -L -n "$CERTNAME" -d "${PROFILEDIR}" -f "${R_PWFILE}" | \ @@ -2579,6 +2596,7 @@ cert_test_password cert_test_distrust cert_test_ocspresp cert_test_rsapss +cert_test_token_uri if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then cert_crl_ssl |