1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-29 12:03:03 +00:00
freebsd/crypto/openssh/regress/agent-pkcs11.sh
Dag-Erling Smørgrav ce3adf4362 Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them.  This will make future merges from the vendor tree much
easier.

Approved by:	re (gjb)
2013-09-21 22:24:10 +00:00

70 lines
1.8 KiB
Bash
Executable File

# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
# Placed in the Public Domain.
tid="pkcs11 agent test"
TEST_SSH_PIN=""
TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
# setup environment for soft-pkcs11 token
SOFTPKCS11RC=$OBJ/pkcs11.info
export SOFTPKCS11RC
# prevent ssh-agent from calling ssh-askpass
SSH_ASKPASS=/usr/bin/true
export SSH_ASKPASS
unset DISPLAY
# start command w/o tty, so ssh-add accepts pin from stdin
notty() {
perl -e 'use POSIX; POSIX::setsid();
if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
}
trace "start agent"
eval `${SSHAGENT} -s` > /dev/null
r=$?
if [ $r -ne 0 ]; then
fail "could not start ssh-agent: exit code $r"
else
trace "generating key/cert"
rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
chmod 600 $OBJ/pkcs11.key
openssl req -key $OBJ/pkcs11.key -new -x509 \
-out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
# add to authorized keys
${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
trace "add pkcs11 key to agent"
echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -s failed: exit code $r"
fi
trace "pkcs11 list via agent"
${SSHADD} -l > /dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -l failed: exit code $r"
fi
trace "pkcs11 connect via agent"
${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
r=$?
if [ $r -ne 5 ]; then
fail "ssh connect failed (exit code $r)"
fi
trace "remove pkcs11 keys"
echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
r=$?
if [ $r -ne 0 ]; then
fail "ssh-add -e failed: exit code $r"
fi
trace "kill agent"
${SSHAGENT} -k > /dev/null
fi