tests: Verify ALWAYS AUTHENTICATE invokes interactive prompts

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Nov 16, 2023 · 688997b · 688997b
1 parent ba7db56
commit 688997b
Showing 1 changed file with 51 additions and 8 deletions.
diff --git a/tests/tbasic b/tests/tbasic
@@ -211,15 +211,58 @@ sed "s/^pkcs11-module-token-pin.*$/pkcs11-module-cache-pins = cache/" \
     "${OPENSSL_CONF}" > "${OPENSSL_CONF}.pincaching"
 OPENSSL_CONF=${OPENSSL_CONF}.pincaching
 $CHECKER "${TESTBLDDIR}/pincache"
-
-if [[ -n $ECPRI3URI ]]; then
-    echo "ECPRI3URI is $ECPRI3URI"
-    title PARA "Test the Login is repeated when ALWAYS AUTHENTICATE is set"
-    $CHECKER "${TESTBLDDIR}/pincache" "$EC3PRIURI"
-    # TODO no way to check from logs that this really happen
-fi
-
+$CHECKER "${TESTBLDDIR}/pincache" "$ECPRIURI"
 OPENSSL_CONF=${ORIG_OPENSSL_CONF}
 
+if [[ -n $ECBASE3URI ]]; then
+    OPENSSL_CONF=${OPENSSL_CONF}.nopin
+    title PARA "Test interactive Login repeated for operation on key with ALWAYS AUTHENTICATE"
+    output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$ECBASE3URI\";
+                    expect \"Enter PIN for PKCS#11 Token (Slot *:\" {
+                        send \"${PINVALUE}\r\"; exp_continue; }
+                    expect \"ALL A-OK\";")
+    FAIL=0
+    echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1
+    prompts=$(echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" | wc -l  2>&1)
+    # 1 login to read key + 16 signatures from 2 processes
+    if [ $prompts -ne 33 ]; then
+        echo "Failed receive expected amount of prompts (got $prompts, expected 33)"
+        FAIL=2
+    fi
+    if [ $FAIL -eq 1 ]; then
+        echo "Failed to obtain expected prompt"
+    fi
+    if [ $FAIL -ne 0 ]; then
+        echo
+        echo "Original command output:"
+        echo "$output"
+        echo
+        exit 1
+    fi
+    title PARA "Test interactive Login on key without ALWAYS AUTHENTICATE"
+    output=$(expect -c "spawn -noecho $CHECKER ${TESTBLDDIR}/tsession \"$BASEURI\";
+                    expect \"Enter PIN for PKCS#11 Token (Slot *:\" {
+                        send \"${PINVALUE}\r\"; exp_continue; }
+                    expect \"ALL A-OK\";")
+    FAIL=0
+    echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" > /dev/null 2>&1 || FAIL=1
+    prompts=$(echo "$output" | grep "Enter PIN for PKCS#11 Token (Slot .*):" | wc -l  2>&1)
+    # 1 login to read key only
+    if [ $prompts -ne 1 ]; then
+        echo "Failed receive expected amount of prompts (got $prompts, expected 1)"
+        FAIL=2
+    fi
+    if [ $FAIL -eq 1 ]; then
+        echo "Failed to obtain expected prompt"
+    fi
+    if [ $FAIL -ne 0 ]; then
+        echo
+        echo "Original command output:"
+        echo "$output"
+        echo
+        exit 1
+    fi
+    OPENSSL_CONF=${ORIG_OPENSSL_CONF}
+fi
 
 exit 0