diff options
author | Rob Austein <sra@hactrn.net> | 2020-05-25 19:33:47 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2020-05-25 19:33:47 -0400 |
commit | fa3feddf3a25e34db2ac57ff8e962f13db07bf40 (patch) | |
tree | c001ead2bc727824ad26a1f5493c491eefe77185 /scripts/test-hsmcheck | |
parent | 5936befa654ce79b2f9ee7cd4f3beb6489bac227 (diff) |
Untested conversion to support Python 3
Diffstat (limited to 'scripts/test-hsmcheck')
-rwxr-xr-x | scripts/test-hsmcheck | 202 |
1 files changed, 101 insertions, 101 deletions
diff --git a/scripts/test-hsmcheck b/scripts/test-hsmcheck index b28d578..cb2efce 100755 --- a/scripts/test-hsmcheck +++ b/scripts/test-hsmcheck @@ -49,134 +49,134 @@ from xml.etree.ElementTree import ElementTree, Element, SubElement def write_config(): - """ - Write hsmcheck configuration file. - """ + """ + Write hsmcheck configuration file. + """ - e = Element("Configuration") - r = SubElement(e, "RepositoryList") - r = SubElement(r, "Repository", name = "default") - SubElement(r, "Module").text = args.driver - SubElement(r, "TokenLabel").text = args.token_label - SubElement(r, "PIN").text = args.pin - ElementTree(e).write(args.write_config) - args.write_config.flush() + e = Element("Configuration") + r = SubElement(e, "RepositoryList") + r = SubElement(r, "Repository", name = "default") + SubElement(r, "Module").text = args.driver + SubElement(r, "TokenLabel").text = args.token_label + SubElement(r, "PIN").text = args.pin + ElementTree(e).write(args.write_config) + args.write_config.flush() def hsmcheck(flag): - """ - Run hsmcheck program with appropriate options and verbosity. - """ - - assert flag in "rgsd" - cmd = (args.hsmcheck_binary, "-c", args.write_config.name, "-" + flag) - if args.verbose: - sys.stdout.write("Running: %s\n" % " ".join(cmd)) - if flag == "s": - text = check_output(cmd) - sys.stdout.write(text) - if not args.no_dnssec: - check_dnssec(text) - else: - check_call(cmd) + """ + Run hsmcheck program with appropriate options and verbosity. + """ + + assert flag in "rgsd" + cmd = (args.hsmcheck_binary, "-c", args.write_config.name, "-" + flag) + if args.verbose: + sys.stdout.write("Running: %s\n" % " ".join(cmd)) + if flag == "s": + text = check_output(cmd) + sys.stdout.write(text) + if not args.no_dnssec: + check_dnssec(text) + else: + check_call(cmd) def check_dnssec(text): - """ - Use DNSPython to attempt DNSSEC validation on "hsmcheck -s" output. + """ + Use DNSPython to attempt DNSSEC validation on "hsmcheck -s" output. - This requires the DNSPython toolkit, which in turn requires - PyCrypto; ECDSA support (not yet tested) requires a third package. - On Debian-family Linux, you can install these with: + This requires the DNSPython toolkit, which in turn requires + PyCrypto; ECDSA support (not yet tested) requires a third package. + On Debian-family Linux, you can install these with: - sudo apt-get install python-dnspython python-crypto python-ecdsa + sudo apt-get install python-dnspython python-crypto python-ecdsa - Equivalent packages exist for other platforms. - """ + Equivalent packages exist for other platforms. + """ - try: - from dns.exception import DNSException - import dns.dnssec - import dns.rrset - import Crypto.PublicKey.RSA - #import ecdsa.ecdsa - except ImportError: - sys.exit("Problem importing DNSPython or supporting crypto packages, are they installed?") + try: + from dns.exception import DNSException + import dns.dnssec + import dns.rrset + import Crypto.PublicKey.RSA + #import ecdsa.ecdsa + except ImportError: + sys.exit("Problem importing DNSPython or supporting crypto packages, are they installed?") - wired_ttl = "3600" - wired_rdclass = "IN" + wired_ttl = "3600" + wired_rdclass = "IN" - rrs = {} + rrs = {} - for line in text.splitlines(): + for line in text.splitlines(): - try: - name, ttl, rdclass, rdtype, rdata = line.split(None, 4) - except ValueError: - continue + try: + name, ttl, rdclass, rdtype, rdata = line.split(None, 4) + except ValueError: + continue - if ttl != wired_ttl or rdclass != wired_rdclass: - continue + if ttl != wired_ttl or rdclass != wired_rdclass: + continue - try: - rrs[name, rdtype].append(rdata) - except KeyError: - rrs[name, rdtype] = [rdata] + try: + rrs[name, rdtype].append(rdata) + except KeyError: + rrs[name, rdtype] = [rdata] - # Done parsing. We expect to have seen an A RRset, an RRSIG of that - # A RRset, and the DNSKEY that we'll need to verify the RRSIG. + # Done parsing. We expect to have seen an A RRset, an RRSIG of that + # A RRset, and the DNSKEY that we'll need to verify the RRSIG. - if len(rrs) != 3: - sys.exit("Expected two RRsets and an RRSIG, got %r" % rrs) + if len(rrs) != 3: + sys.exit("Expected two RRsets and an RRSIG, got %r" % rrs) - rrs = dict((rdtype, dns.rrset.from_text_list(name, int(wired_ttl), wired_rdclass, rdtype, rrs[name, rdtype])) - for name, rdtype in rrs) + rrs = dict((rdtype, dns.rrset.from_text_list(name, int(wired_ttl), wired_rdclass, rdtype, rrs[name, rdtype])) + for name, rdtype in rrs) - try: - dns.dnssec.validate(rrs["A"], rrs["RRSIG"], { rrs["DNSKEY"].name : rrs["DNSKEY"] }) - except DNSException, e: - sys.exit("DNSSEC verification failed: %s" % e) + try: + dns.dnssec.validate(rrs["A"], rrs["RRSIG"], { rrs["DNSKEY"].name : rrs["DNSKEY"] }) + except DNSException as e: + sys.exit("DNSSEC verification failed: %s" % e) - sys.stdout.write("\nDNSSEC verification successful!\n\n") + sys.stdout.write("\nDNSSEC verification successful!\n\n") # Main program. try: - default_config = NamedTemporaryFile() - default_hsmcheck = os.getenv("HSMCHECK", "hsmcheck") - default_driver = os.getenv("PKCS11_DRIVER", - os.path.realpath(os.path.join(os.path.dirname(sys.argv[0]), "..", "libpkcs11.so"))) - - parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter) - one_of = parser.add_mutually_exclusive_group() - one_of.add_argument("-a", "--all", "--rgsd", const = "rgsd", dest = "test", action = "store_const", help = "run all tests") - one_of.add_argument("-r", "--random", const = "r", dest = "test", action = "store_const", help = "just test random numbers") - one_of.add_argument("-g", "--generate", const = "g", dest = "test", action = "store_const", help = "just test key generation") - one_of.add_argument("-s", "--sign", const = "s", dest = "test", action = "store_const", help = "just test DNSSEC-signature") - one_of.add_argument("-d", "--delete", const = "d", dest = "test", action = "store_const", help = "just delete key") - parser.add_argument("-b", "--hsmcheck-binary", default = default_hsmcheck, help = "location of hsmcheck program") - parser.add_argument("-p", "--pin", default = "12345", help = "HSM PIN to use for tests") - parser.add_argument("-t", "--token-label", default = "Cryptech Token", help = "PKCS #11 label of Cryptech token") - parser.add_argument("-n", "--no-dnssec", action = "store_true", help = "do not attempt DNSSEC validation") - parser.add_argument("-v", "--verbose", action = "store_true", help = "bark more") - parser.add_argument("-D", "--driver", default = default_driver, help = "location of PKCS #11 driver") - parser.add_argument("-w", "--write-config", default = default_config, help = "write generated configuration to this file", - type = ArgumentFileType("w")) - parser.add_argument("--debug", action = "store_true", help = "debug this script") - parser.set_defaults(test = "rgsd") - args = parser.parse_args() - - try: - write_config() - for flag in args.test: - hsmcheck(flag) - - except Exception as e: - if args.debug: - raise - sys.exit("Failed: %s" % e) + default_config = NamedTemporaryFile() + default_hsmcheck = os.getenv("HSMCHECK", "hsmcheck") + default_driver = os.getenv("PKCS11_DRIVER", + os.path.realpath(os.path.join(os.path.dirname(sys.argv[0]), "..", "libpkcs11.so"))) + + parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter) + one_of = parser.add_mutually_exclusive_group() + one_of.add_argument("-a", "--all", "--rgsd", const = "rgsd", dest = "test", action = "store_const", help = "run all tests") + one_of.add_argument("-r", "--random", const = "r", dest = "test", action = "store_const", help = "just test random numbers") + one_of.add_argument("-g", "--generate", const = "g", dest = "test", action = "store_const", help = "just test key generation") + one_of.add_argument("-s", "--sign", const = "s", dest = "test", action = "store_const", help = "just test DNSSEC-signature") + one_of.add_argument("-d", "--delete", const = "d", dest = "test", action = "store_const", help = "just delete key") + parser.add_argument("-b", "--hsmcheck-binary", default = default_hsmcheck, help = "location of hsmcheck program") + parser.add_argument("-p", "--pin", default = "12345", help = "HSM PIN to use for tests") + parser.add_argument("-t", "--token-label", default = "Cryptech Token", help = "PKCS #11 label of Cryptech token") + parser.add_argument("-n", "--no-dnssec", action = "store_true", help = "do not attempt DNSSEC validation") + parser.add_argument("-v", "--verbose", action = "store_true", help = "bark more") + parser.add_argument("-D", "--driver", default = default_driver, help = "location of PKCS #11 driver") + parser.add_argument("-w", "--write-config", default = default_config, help = "write generated configuration to this file", + type = ArgumentFileType("w")) + parser.add_argument("--debug", action = "store_true", help = "debug this script") + parser.set_defaults(test = "rgsd") + args = parser.parse_args() + + try: + write_config() + for flag in args.test: + hsmcheck(flag) + + except Exception as e: + if args.debug: + raise + sys.exit("Failed: %s" % e) finally: - default_config.close() + default_config.close() |