aboutsummaryrefslogtreecommitdiff
path: root/scripts/test-hsmcheck
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2020-05-25 19:33:47 -0400
committerRob Austein <sra@hactrn.net>2020-05-25 19:33:47 -0400
commitfa3feddf3a25e34db2ac57ff8e962f13db07bf40 (patch)
treec001ead2bc727824ad26a1f5493c491eefe77185 /scripts/test-hsmcheck
parent5936befa654ce79b2f9ee7cd4f3beb6489bac227 (diff)
Untested conversion to support Python 3
Diffstat (limited to 'scripts/test-hsmcheck')
-rwxr-xr-xscripts/test-hsmcheck202
1 files changed, 101 insertions, 101 deletions
diff --git a/scripts/test-hsmcheck b/scripts/test-hsmcheck
index b28d578..cb2efce 100755
--- a/scripts/test-hsmcheck
+++ b/scripts/test-hsmcheck
@@ -49,134 +49,134 @@ from xml.etree.ElementTree import ElementTree, Element, SubElement
def write_config():
- """
- Write hsmcheck configuration file.
- """
+ """
+ Write hsmcheck configuration file.
+ """
- e = Element("Configuration")
- r = SubElement(e, "RepositoryList")
- r = SubElement(r, "Repository", name = "default")
- SubElement(r, "Module").text = args.driver
- SubElement(r, "TokenLabel").text = args.token_label
- SubElement(r, "PIN").text = args.pin
- ElementTree(e).write(args.write_config)
- args.write_config.flush()
+ e = Element("Configuration")
+ r = SubElement(e, "RepositoryList")
+ r = SubElement(r, "Repository", name = "default")
+ SubElement(r, "Module").text = args.driver
+ SubElement(r, "TokenLabel").text = args.token_label
+ SubElement(r, "PIN").text = args.pin
+ ElementTree(e).write(args.write_config)
+ args.write_config.flush()
def hsmcheck(flag):
- """
- Run hsmcheck program with appropriate options and verbosity.
- """
-
- assert flag in "rgsd"
- cmd = (args.hsmcheck_binary, "-c", args.write_config.name, "-" + flag)
- if args.verbose:
- sys.stdout.write("Running: %s\n" % " ".join(cmd))
- if flag == "s":
- text = check_output(cmd)
- sys.stdout.write(text)
- if not args.no_dnssec:
- check_dnssec(text)
- else:
- check_call(cmd)
+ """
+ Run hsmcheck program with appropriate options and verbosity.
+ """
+
+ assert flag in "rgsd"
+ cmd = (args.hsmcheck_binary, "-c", args.write_config.name, "-" + flag)
+ if args.verbose:
+ sys.stdout.write("Running: %s\n" % " ".join(cmd))
+ if flag == "s":
+ text = check_output(cmd)
+ sys.stdout.write(text)
+ if not args.no_dnssec:
+ check_dnssec(text)
+ else:
+ check_call(cmd)
def check_dnssec(text):
- """
- Use DNSPython to attempt DNSSEC validation on "hsmcheck -s" output.
+ """
+ Use DNSPython to attempt DNSSEC validation on "hsmcheck -s" output.
- This requires the DNSPython toolkit, which in turn requires
- PyCrypto; ECDSA support (not yet tested) requires a third package.
- On Debian-family Linux, you can install these with:
+ This requires the DNSPython toolkit, which in turn requires
+ PyCrypto; ECDSA support (not yet tested) requires a third package.
+ On Debian-family Linux, you can install these with:
- sudo apt-get install python-dnspython python-crypto python-ecdsa
+ sudo apt-get install python-dnspython python-crypto python-ecdsa
- Equivalent packages exist for other platforms.
- """
+ Equivalent packages exist for other platforms.
+ """
- try:
- from dns.exception import DNSException
- import dns.dnssec
- import dns.rrset
- import Crypto.PublicKey.RSA
- #import ecdsa.ecdsa
- except ImportError:
- sys.exit("Problem importing DNSPython or supporting crypto packages, are they installed?")
+ try:
+ from dns.exception import DNSException
+ import dns.dnssec
+ import dns.rrset
+ import Crypto.PublicKey.RSA
+ #import ecdsa.ecdsa
+ except ImportError:
+ sys.exit("Problem importing DNSPython or supporting crypto packages, are they installed?")
- wired_ttl = "3600"
- wired_rdclass = "IN"
+ wired_ttl = "3600"
+ wired_rdclass = "IN"
- rrs = {}
+ rrs = {}
- for line in text.splitlines():
+ for line in text.splitlines():
- try:
- name, ttl, rdclass, rdtype, rdata = line.split(None, 4)
- except ValueError:
- continue
+ try:
+ name, ttl, rdclass, rdtype, rdata = line.split(None, 4)
+ except ValueError:
+ continue
- if ttl != wired_ttl or rdclass != wired_rdclass:
- continue
+ if ttl != wired_ttl or rdclass != wired_rdclass:
+ continue
- try:
- rrs[name, rdtype].append(rdata)
- except KeyError:
- rrs[name, rdtype] = [rdata]
+ try:
+ rrs[name, rdtype].append(rdata)
+ except KeyError:
+ rrs[name, rdtype] = [rdata]
- # Done parsing. We expect to have seen an A RRset, an RRSIG of that
- # A RRset, and the DNSKEY that we'll need to verify the RRSIG.
+ # Done parsing. We expect to have seen an A RRset, an RRSIG of that
+ # A RRset, and the DNSKEY that we'll need to verify the RRSIG.
- if len(rrs) != 3:
- sys.exit("Expected two RRsets and an RRSIG, got %r" % rrs)
+ if len(rrs) != 3:
+ sys.exit("Expected two RRsets and an RRSIG, got %r" % rrs)
- rrs = dict((rdtype, dns.rrset.from_text_list(name, int(wired_ttl), wired_rdclass, rdtype, rrs[name, rdtype]))
- for name, rdtype in rrs)
+ rrs = dict((rdtype, dns.rrset.from_text_list(name, int(wired_ttl), wired_rdclass, rdtype, rrs[name, rdtype]))
+ for name, rdtype in rrs)
- try:
- dns.dnssec.validate(rrs["A"], rrs["RRSIG"], { rrs["DNSKEY"].name : rrs["DNSKEY"] })
- except DNSException, e:
- sys.exit("DNSSEC verification failed: %s" % e)
+ try:
+ dns.dnssec.validate(rrs["A"], rrs["RRSIG"], { rrs["DNSKEY"].name : rrs["DNSKEY"] })
+ except DNSException as e:
+ sys.exit("DNSSEC verification failed: %s" % e)
- sys.stdout.write("\nDNSSEC verification successful!\n\n")
+ sys.stdout.write("\nDNSSEC verification successful!\n\n")
# Main program.
try:
- default_config = NamedTemporaryFile()
- default_hsmcheck = os.getenv("HSMCHECK", "hsmcheck")
- default_driver = os.getenv("PKCS11_DRIVER",
- os.path.realpath(os.path.join(os.path.dirname(sys.argv[0]), "..", "libpkcs11.so")))
-
- parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter)
- one_of = parser.add_mutually_exclusive_group()
- one_of.add_argument("-a", "--all", "--rgsd", const = "rgsd", dest = "test", action = "store_const", help = "run all tests")
- one_of.add_argument("-r", "--random", const = "r", dest = "test", action = "store_const", help = "just test random numbers")
- one_of.add_argument("-g", "--generate", const = "g", dest = "test", action = "store_const", help = "just test key generation")
- one_of.add_argument("-s", "--sign", const = "s", dest = "test", action = "store_const", help = "just test DNSSEC-signature")
- one_of.add_argument("-d", "--delete", const = "d", dest = "test", action = "store_const", help = "just delete key")
- parser.add_argument("-b", "--hsmcheck-binary", default = default_hsmcheck, help = "location of hsmcheck program")
- parser.add_argument("-p", "--pin", default = "12345", help = "HSM PIN to use for tests")
- parser.add_argument("-t", "--token-label", default = "Cryptech Token", help = "PKCS #11 label of Cryptech token")
- parser.add_argument("-n", "--no-dnssec", action = "store_true", help = "do not attempt DNSSEC validation")
- parser.add_argument("-v", "--verbose", action = "store_true", help = "bark more")
- parser.add_argument("-D", "--driver", default = default_driver, help = "location of PKCS #11 driver")
- parser.add_argument("-w", "--write-config", default = default_config, help = "write generated configuration to this file",
- type = ArgumentFileType("w"))
- parser.add_argument("--debug", action = "store_true", help = "debug this script")
- parser.set_defaults(test = "rgsd")
- args = parser.parse_args()
-
- try:
- write_config()
- for flag in args.test:
- hsmcheck(flag)
-
- except Exception as e:
- if args.debug:
- raise
- sys.exit("Failed: %s" % e)
+ default_config = NamedTemporaryFile()
+ default_hsmcheck = os.getenv("HSMCHECK", "hsmcheck")
+ default_driver = os.getenv("PKCS11_DRIVER",
+ os.path.realpath(os.path.join(os.path.dirname(sys.argv[0]), "..", "libpkcs11.so")))
+
+ parser = ArgumentParser(description = __doc__, formatter_class = ArgumentDefaultsHelpFormatter)
+ one_of = parser.add_mutually_exclusive_group()
+ one_of.add_argument("-a", "--all", "--rgsd", const = "rgsd", dest = "test", action = "store_const", help = "run all tests")
+ one_of.add_argument("-r", "--random", const = "r", dest = "test", action = "store_const", help = "just test random numbers")
+ one_of.add_argument("-g", "--generate", const = "g", dest = "test", action = "store_const", help = "just test key generation")
+ one_of.add_argument("-s", "--sign", const = "s", dest = "test", action = "store_const", help = "just test DNSSEC-signature")
+ one_of.add_argument("-d", "--delete", const = "d", dest = "test", action = "store_const", help = "just delete key")
+ parser.add_argument("-b", "--hsmcheck-binary", default = default_hsmcheck, help = "location of hsmcheck program")
+ parser.add_argument("-p", "--pin", default = "12345", help = "HSM PIN to use for tests")
+ parser.add_argument("-t", "--token-label", default = "Cryptech Token", help = "PKCS #11 label of Cryptech token")
+ parser.add_argument("-n", "--no-dnssec", action = "store_true", help = "do not attempt DNSSEC validation")
+ parser.add_argument("-v", "--verbose", action = "store_true", help = "bark more")
+ parser.add_argument("-D", "--driver", default = default_driver, help = "location of PKCS #11 driver")
+ parser.add_argument("-w", "--write-config", default = default_config, help = "write generated configuration to this file",
+ type = ArgumentFileType("w"))
+ parser.add_argument("--debug", action = "store_true", help = "debug this script")
+ parser.set_defaults(test = "rgsd")
+ args = parser.parse_args()
+
+ try:
+ write_config()
+ for flag in args.test:
+ hsmcheck(flag)
+
+ except Exception as e:
+ if args.debug:
+ raise
+ sys.exit("Failed: %s" % e)
finally:
- default_config.close()
+ default_config.close()