From b100ce4c88ea7f149e93d65bbe4b5e99e1c877b5 Mon Sep 17 00:00:00 2001 From: Tom Krizek Date: Mon, 26 Feb 2024 13:52:55 +0100 Subject: [PATCH] Parse openssl-related vars in pytest The openssl config needs to be parsed for some tests that use SoftHSM2. Rewrite the parsing to python and ensure the required variables are properly set test-wide. --- bin/tests/system/conf.sh | 24 ------------ bin/tests/system/enginepkcs11/prereq.sh | 1 - bin/tests/system/enginepkcs11/setup.sh | 1 - bin/tests/system/enginepkcs11/tests.sh | 1 - bin/tests/system/isctest/vars/all.py | 3 +- bin/tests/system/isctest/vars/openssl.py | 49 ++++++++++++++++++++++++ bin/tests/system/keyfromlabel/prereq.sh | 1 - bin/tests/system/keyfromlabel/tests.sh | 1 - 8 files changed, 51 insertions(+), 30 deletions(-) create mode 100644 bin/tests/system/isctest/vars/openssl.py diff --git a/bin/tests/system/conf.sh b/bin/tests/system/conf.sh index 545919a5d9..e3e9a08fb9 100644 --- a/bin/tests/system/conf.sh +++ b/bin/tests/system/conf.sh @@ -572,28 +572,4 @@ copy_setports() { $1 >$2 } -# parse_openssl_config - Parse OpenSSL configuration for HSM settings -# -# Will set SOFTHSM2_MODULE, OPENSSL_ENGINE and ENGINE_ARG based on openssl configuration. -parse_openssl_config() { - ENGINE_ARG="" - [ -f "$OPENSSL_CONF" ] || return 0 - while IFS="=" read key val; do - # trim variables - key="${key## }" - key="${key%% }" - val="${val## }" - val="${val%% }" - case "$key" in - "engine_id") - OPENSSL_ENGINE="$val" - ENGINE_ARG="-E $OPENSSL_ENGINE" - ;; - "MODULE_PATH" | "pkcs11-module-path") - SOFTHSM2_MODULE="$val" - ;; - esac - done <"$OPENSSL_CONF" -} - grep_v() { grep -v "$@" || test $? = 1; } diff --git a/bin/tests/system/enginepkcs11/prereq.sh b/bin/tests/system/enginepkcs11/prereq.sh index 4eb2788a62..335b348a63 100644 --- a/bin/tests/system/enginepkcs11/prereq.sh +++ b/bin/tests/system/enginepkcs11/prereq.sh @@ -23,7 +23,6 @@ exit 255 } -parse_openssl_config [ -f "$SOFTHSM2_MODULE" ] || { echo_i "skip: softhsm2 module not available" exit 1 diff --git a/bin/tests/system/enginepkcs11/setup.sh b/bin/tests/system/enginepkcs11/setup.sh index bf140f1895..51d59dd854 100644 --- a/bin/tests/system/enginepkcs11/setup.sh +++ b/bin/tests/system/enginepkcs11/setup.sh @@ -20,7 +20,6 @@ $SHELL clean.sh OPENSSL_CONF= softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }' -parse_openssl_config printf '%s' "${HSMPIN:-1234}" >ns1/pin PWD=$(pwd) diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh index 9db388f22b..7b0c1072bf 100644 --- a/bin/tests/system/enginepkcs11/tests.sh +++ b/bin/tests/system/enginepkcs11/tests.sh @@ -16,7 +16,6 @@ set -e # shellcheck source=conf.sh . ../conf.sh -parse_openssl_config PWD=$(pwd) status=0 diff --git a/bin/tests/system/isctest/vars/all.py b/bin/tests/system/isctest/vars/all.py index 58e1689af2..2126c1c220 100644 --- a/bin/tests/system/isctest/vars/all.py +++ b/bin/tests/system/isctest/vars/all.py @@ -16,6 +16,7 @@ from .autoconf import AC_VARS # type: ignore # pylint: enable=import-error from .basic import BASIC_VARS +from .openssl import OPENSSL_VARS class VarLookup(ChainMap): @@ -48,4 +49,4 @@ class VarLookup(ChainMap): return iter(self.keys()) -ALL = VarLookup(AC_VARS, BASIC_VARS) +ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS) diff --git a/bin/tests/system/isctest/vars/openssl.py b/bin/tests/system/isctest/vars/openssl.py new file mode 100644 index 0000000000..1dcef67faf --- /dev/null +++ b/bin/tests/system/isctest/vars/openssl.py @@ -0,0 +1,49 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import os +import re + +from .. import log + + +OPENSSL_VARS = { + "OPENSSL_CONF": os.getenv("OPENSSL_CONF", ""), + "SOFTHSM2_CONF": os.getenv("SOFTHSM2_CONF", ""), + "SOFTHSM2_MODULE": "", + "ENGINE_ARG": "", +} + + +def parse_openssl_config(path: str): + if not os.path.isfile(path): + return + regex = re.compile(r"([^=]+)=(.*)") + log.debug(f"parsing openssl config: {path}") + with open(path, "r", encoding="utf-8") as conf: + for line in conf: + res = regex.match(line) + if res: + key = res.group(1).strip() + val = res.group(2).strip() + if key == "engine_id": + OPENSSL_VARS["ENGINE_ARG"] = f"-E {val}" + os.environ["ENGINE_ARG"] = f"-E {val}" + log.debug("ENGINE_ARG set to {OPENSSL_VARS['ENGINE_ARG']}") + elif key in ["MODULE_PATH", "pkcs11-module-path"]: + OPENSSL_VARS["SOFTHSM2_MODULE"] = val + os.environ["SOFTHSM2_MODULE"] = val + log.debug( + "SOFTHSM2_MODULE set to {OPENSSL_VARS['SOFTHSM2_MODULE']}" + ) + + +parse_openssl_config(OPENSSL_VARS["OPENSSL_CONF"]) diff --git a/bin/tests/system/keyfromlabel/prereq.sh b/bin/tests/system/keyfromlabel/prereq.sh index c6caa0dc88..be1850a1fa 100644 --- a/bin/tests/system/keyfromlabel/prereq.sh +++ b/bin/tests/system/keyfromlabel/prereq.sh @@ -18,7 +18,6 @@ exit 255 } -parse_openssl_config [ -f "$SOFTHSM2_MODULE" ] || { echo_i "skip: softhsm2 module not available" exit 1 diff --git a/bin/tests/system/keyfromlabel/tests.sh b/bin/tests/system/keyfromlabel/tests.sh index 2f818c5d77..f29f327098 100644 --- a/bin/tests/system/keyfromlabel/tests.sh +++ b/bin/tests/system/keyfromlabel/tests.sh @@ -16,7 +16,6 @@ set -e # shellcheck source=conf.sh . ../conf.sh -parse_openssl_config PWD=$(pwd) keygen() {