diff options
-rw-r--r-- | lib/oeqa/selftest/updater.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index 8ee8378..690dae5 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py | |||
@@ -1,6 +1,7 @@ | |||
1 | # pylint: disable=C0111,C0325 | 1 | # pylint: disable=C0111,C0325 |
2 | import os | 2 | import os |
3 | import logging | 3 | import logging |
4 | import re | ||
4 | import subprocess | 5 | import subprocess |
5 | import unittest | 6 | import unittest |
6 | from time import sleep | 7 | from time import sleep |
@@ -273,6 +274,7 @@ class HsmTests(oeSelfTest): | |||
273 | self.assertIn(b'Fetched metadata: no', stdout, | 274 | self.assertIn(b'Fetched metadata: no', stdout, |
274 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | 275 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) |
275 | 276 | ||
277 | # Verify that HSM is not yet initialized. | ||
276 | pkcs11_command = 'pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O' | 278 | pkcs11_command = 'pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O' |
277 | stdout, stderr, retcode = self.run_command(pkcs11_command) | 279 | stdout, stderr, retcode = self.run_command(pkcs11_command) |
278 | self.assertNotEqual(retcode, 0, 'pkcs11-tool succeeded before initialization: ' + | 280 | self.assertNotEqual(retcode, 0, 'pkcs11-tool succeeded before initialization: ' + |
@@ -282,6 +284,7 @@ class HsmTests(oeSelfTest): | |||
282 | self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' + | 284 | self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' + |
283 | stdout.decode() + stderr.decode()) | 285 | stdout.decode() + stderr.decode()) |
284 | 286 | ||
287 | # Run cert_provider. | ||
285 | bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir', 'libdir', | 288 | bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir', 'libdir', |
286 | 'SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') | 289 | 'SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') |
287 | l = bb_vars['libdir'] | 290 | l = bb_vars['libdir'] |
@@ -297,6 +300,7 @@ class HsmTests(oeSelfTest): | |||
297 | result = runCmd(command, ignore_status=True) | 300 | result = runCmd(command, ignore_status=True) |
298 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | 301 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) |
299 | 302 | ||
303 | # Verify that HSM is able to initialize. | ||
300 | ran_ok = False | 304 | ran_ok = False |
301 | for delay in [5, 5, 5, 5, 10]: | 305 | for delay in [5, 5, 5, 5, 10]: |
302 | sleep(delay) | 306 | sleep(delay) |
@@ -314,6 +318,20 @@ class HsmTests(oeSelfTest): | |||
314 | self.assertIn(b'User PIN init.: yes', hsm_out, 'softhsm2-tool failed: ' + | 318 | self.assertIn(b'User PIN init.: yes', hsm_out, 'softhsm2-tool failed: ' + |
315 | hsm_err.decode() + hsm_out.decode()) | 319 | hsm_err.decode() + hsm_out.decode()) |
316 | 320 | ||
321 | # Check that pkcs11 output matches sofhsm output. | ||
322 | p11_p = re.compile(r'Using slot [0-9] with a present token \((0x[0-9a-f]*)\)\s') | ||
323 | p11_m = p11_p.search(p11_err.decode()) | ||
324 | self.assertTrue(p11_m, 'Slot number not found with pkcs11-tool: ' + p11_err.decode() + p11_out.decode()) | ||
325 | self.assertGreater(p11_m.lastindex, 0, 'Slot number not found with pkcs11-tool: ' + | ||
326 | p11_err.decode() + p11_out.decode()) | ||
327 | hsm_p = re.compile(r'Description:\s*SoftHSM slot ID (0x[0-9a-f]*)\s') | ||
328 | hsm_m = hsm_p.search(hsm_out.decode()) | ||
329 | self.assertTrue(hsm_m, 'Slot number not found with softhsm2-tool: ' + hsm_err.decode() + hsm_out.decode()) | ||
330 | self.assertGreater(hsm_m.lastindex, 0, 'Slot number not found with softhsm2-tool: ' + | ||
331 | hsm_err.decode() + hsm_out.decode()) | ||
332 | self.assertEqual(p11_m.group(1), hsm_m.group(1), 'Slot number does not match: ' + | ||
333 | p11_err.decode() + p11_out.decode() + hsm_err.decode() + hsm_out.decode()) | ||
334 | |||
317 | # Verify that device HAS provisioned. | 335 | # Verify that device HAS provisioned. |
318 | ran_ok = False | 336 | ran_ok = False |
319 | for delay in [5, 5, 5, 5, 10]: | 337 | for delay in [5, 5, 5, 5, 10]: |
@@ -326,6 +344,11 @@ class HsmTests(oeSelfTest): | |||
326 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, | 344 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, |
327 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | 345 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) |
328 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | 346 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) |
347 | p = re.compile(r'Device ID: ([a-z0-9-]*)\n') | ||
348 | m = p.search(stdout.decode()) | ||
349 | self.assertTrue(m, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
350 | self.assertGreater(m.lastindex, 0, 'Device ID could not be read: ' + stderr.decode() + stdout.decode()) | ||
351 | logger.info('Device successfully provisioned with ID: ' + m.group(1)) | ||
329 | 352 | ||
330 | 353 | ||
331 | def qemu_launch(efi=False, machine=None): | 354 | def qemu_launch(efi=False, machine=None): |