diff options
author | 2020-03-30 09:24:26 +0900 | |
---|---|---|
committer | 2020-03-30 09:24:26 +0900 | |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-updater/recipes-support/softhsm-testtoken/files | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/meta-updater/recipes-support/softhsm-testtoken/files')
-rw-r--r-- | external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.service | 12 | ||||
-rw-r--r-- | external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.sh | 27 |
2 files changed, 39 insertions, 0 deletions
diff --git a/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.service b/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.service new file mode 100644 index 00000000..23317b90 --- /dev/null +++ b/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.service @@ -0,0 +1,12 @@ +[Unit] +Description=Create a mock smartcard for testing +Before=aktualizr.service +RequiredBy=aktualizr.service + +[Service] +RestartSec=10 +Restart=on-failure +ExecStart=/usr/bin/createtoken.sh + +[Install] +WantedBy=aktualizr.service diff --git a/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.sh b/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.sh new file mode 100644 index 00000000..fa4569d9 --- /dev/null +++ b/external/meta-updater/recipes-support/softhsm-testtoken/files/createtoken.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then + # The token has already been initialized, exit + exit 0 +fi + +if ! ls /var/sota/import/pkey.pem /var/sota/import/client.pem; then + # Key/certificate pair is not present, repeat + exit 1 +fi + +mkdir -p /var/lib/softhsm/tokens +softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 + +openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/import/pkey.pem -out /var/sota/import/pkey.p8 +softhsm2-util --import /var/sota/import/pkey.p8 --label "pkey" --id 02 --token 'Virtual token' --pin 1234 +openssl x509 -outform der -in /var/sota/import/client.pem -out /var/sota/import/client.der +pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/import/client.der --type cert --login --pin 1234 + +# Import UPTANE keypair if it exists +if [ -f /var/sota/import/ecukey.pem ]; then + openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/import/ecukey.pem -out /var/sota/import/ecukey.p8 + softhsm2-util --import /var/sota/import/ecukey.p8 --label "uptanekey" --id 03 --token 'Virtual token' --pin 1234 +fi + +exit 0 |