Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added improved support for CA stored in PKCS#11 based token (RFC 7512 URIs). #433

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Minor shellcheck and Travis-CI fixes.
  • Loading branch information
robpower committed Mar 10, 2021
commit ace08fcb8f47a662961edbaa012573de675623d2
4 changes: 2 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -19,9 +19,9 @@ matrix:
- PATH=/usr/bin:/bin:./:/usr/local/bin
- PKCS11_ENGINE=/usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
- PKCS11_MODULE_PATH=/usr/lib/softhsm/libsofthsm2.so
- PKCS11_SLOT=01
- PKCS11_KEY_ID=01
- PKCS11_PIN=1234
- PKCS11_LABEL=test-CA-key
- PKCS11_KEY_LABEL=test-CA-key
- TEST_PKCS11=1 # Triggers op_test.sh to pass the pkcs11 parameter to build-ca
before_install:
# opensc to get pkcs11-tool
14 changes: 3 additions & 11 deletions easyrsa3/easyrsa
Original file line number Diff line number Diff line change
@@ -754,14 +754,14 @@ Please select one of the available ones.
If your device do not appear in the list, please verify it is connected
and run the command again.\n"
tokens="$($EASYRSA_P11TOOL --list-token-urls| sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\|/g')"
for token_count in $(seq $(echo ${tokens}|awk -F"|" '{print NF}'))
for token_count in $(seq "$(echo ${tokens}|awk -F"|" '{print NF}')")
do
echo "\t[${token_count}] : \"$(echo $tokens|cut -d '|' -f${token_count})\""
token_count=$(( ${token_count} + 1 ))
done
echo -n "Enter PKCS11 Token number:"
echo "Enter PKCS11 Token number:"
read userinput
if [ ${userinput} -lt 1 ] || [ ${userinput} -gt $(echo ${tokens}|awk -F"|" '{print NF}') ]; then
if [ "${userinput}" -lt "1" ] || [ "${userinput}" -gt "$(echo ${tokens}|awk -F"|" '{print NF}')" ]; then
die "Invalid PKCS11 Token number selected."
fi
PKCS11_TOKEN_URI="$(echo ${tokens}|cut -d '|' -f${userinput})"
@@ -830,14 +830,6 @@ Expected '${EASYRSA_ALGO}', found '${existing_label}'."
fi
fi


if [ "$EASYRSA_ALGO" = "rsa" ]; then
KEY_TYPE=rsa:$EASYRSA_KEY_SIZE
elif [ "$EASYRSA_ALGO" = "ec" ]; then
KEY_TYPE=EC:$EASYRSA_CURVE
else
die "Unsupported \$EASYRSA_ALGO=$EASYRSA_ALGO"
fi
# Save the parameters for future usage to the out_key file
# TODO: Consider replacing with a pkcs11 url passed directly to the engine instead
cat > "$out_key_tmp" << EOF