Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.5
swtpm/tests/test_swtpm_setup_create_cert
Stefan Berger 3064a72ff0 swtpm_setup: Get rid of 'c' code and support changing user in python 
Get rid of the 'c' code that only changed the user and add for support of
the --runas option to change to a different user in the python part.

To get 'make distcheck' to work I needed to name the swtpm_setup python
script with the suffix .in so that it gets copied to the build directory
as swtpm_setup. We need to change execute permissions on this file after
copying.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2020-09-09 09:53:05 -04:00

108 lines
2.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# For the license, see the LICENSE file in the root directory.
ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:=$(dirname "$0")}
SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}
PATH=$ROOT/src/swtpm:$PATH
SWTPM_SETUP=${ROOT}/src/swtpm_setup/swtpm_setup
SWTPM_LOCALCA=${ROOT}/samples/swtpm-localca
SWTPM=${ROOT}/src/swtpm/swtpm
workdir=$(mktemp -d)
SIGNINGKEY=${workdir}/signingkey.pem
ISSUERCERT=${workdir}/issuercert.pem
CERTSERIAL=${workdir}/certserial
PATH=${ROOT}/src/swtpm_bios:$PATH
trap "cleanup" SIGTERM EXIT
function cleanup()
{
rm -rf ${workdir}
}
# We want swtpm_cert to use the local CA and see that the
# local CA script automatically creates a signingkey and
# self-signed certificate
cat <<_EOF_ > ${workdir}/swtpm-localca.conf
statedir=${workdir}
signingkey = ${SIGNINGKEY}
issuercert = ${ISSUERCERT}
certserial = ${CERTSERIAL}
_EOF_
cat <<_EOF_ > ${workdir}/swtpm-localca.options
--tpm-manufacturer IBM
--tpm-model swtpm-libtpms
--tpm-version 1.2
--platform-manufacturer Fedora
--platform-version 2.1
--platform-model QEMU
_EOF_
cat <<_EOF_ > ${workdir}/swtpm_setup.conf
create_certs_tool=${SWTPM_LOCALCA}
create_certs_tool_config=${workdir}/swtpm-localca.conf
create_certs_tool_options=${workdir}/swtpm-localca.options
_EOF_
# We need to adapt the PATH so the correct swtpm_cert is picked
export PATH=${ROOT}/src/swtpm_cert:${PATH}
# Create a ROOT CA with a password-protected private key
export SWTPM_ROOTCA_PASSWORD=password
# we need to create at least one cert: --create-ek-cert
$SWTPM_SETUP \
--tpm-state ${workdir} \
--create-ek-cert \
--config ${workdir}/swtpm_setup.conf \
--logfile ${workdir}/logfile \
--tpm "${SWTPM} socket ${SWTPM_TEST_SECCOMP_OPT}"
if [ $? -ne 0 ]; then
echo "Error: Could not run $SWTPM_SETUP."
echo "Setup Logfile:"
cat ${workdir}/logfile
exit 1
fi
if [ ! -r "${SIGNINGKEY}" ]; then
echo "Error: Signingkey file ${SIGNINGKEY} was not created."
echo "Setup Logfile:"
cat ${workdir}/logfile
exit 1
fi
if [ ! -r "${ISSUERCERT}" ]; then
echo "Error: Issuer cert file ${ISSUERCERT} was not created."
echo "Setup Logfile:"
cat ${workdir}/logfile
exit 1
fi
if [ ! -r "${CERTSERIAL}" ]; then
echo "Error: Cert serial number file ${CERTSERIAL} was not created."
echo "Setup Logfile:"
cat ${workdir}/logfile
exit 1
fi
if [ -z "$(grep "ENCRYPTED PRIVATE KEY" ${workdir}/swtpm-localca-rootca-privkey.pem)" ]; then
echo "Error: Root CA's private key should be encrypted"
cat ${workdir}/swtpm-localca-rootca-privkey.pem
exit 1
fi
echo "OK"
exit 0
Reference in New Issue View Git Blame Copy Permalink