Merge pull request #52 from c00kiemon5ter/feature-configure-p11test-env

Feature configure p11test env

Author: leifj

src/xmlsec/test/__init__.py

@@ -5,14 +5,19 @@
 __author__ = 'leifj'
 
 
+def paths_for_component(component, default_paths):
+    env_path = os.environ.get(component)
+    return [env_path] if env_path else default_paths
+
+
 def find_alts(alts):
     for a in alts:
         if os.path.exists(a):
             return a
     return None
 
 
-def run_cmd(args,softhsm_conf=None):
+def run_cmd(args, softhsm_conf=None):
     env = {}
     if softhsm_conf is not None:
         env['SOFTHSM_CONF'] = softhsm_conf
@@ -25,4 +30,4 @@ def run_cmd(args,softhsm_conf=None):
         logging.debug(out)
     rv = proc.wait()
     if rv:
-        raise RuntimeError("command exited with code != 0: %d" % rv)
+        raise RuntimeError("command exited with code != 0: %d" % rv)

src/xmlsec/test/p11_test.py

@@ -4,7 +4,6 @@
 
 __author__ = 'leifj'
 
-import xmlsec
 import pkg_resources
 import unittest
 import logging
@@ -13,50 +12,77 @@
 import subprocess
 import shutil
 import tempfile
+
 from defusedxml import lxml
 from lxml import etree
-from . import find_alts, run_cmd
+
+import xmlsec
+from xmlsec.test import paths_for_component
+from xmlsec.test import find_alts
+from xmlsec.test import run_cmd
+
+from xmlsec.test.case import load_test_data
 
 try:
     from PyKCS11 import PyKCS11Error
     from PyKCS11.LowLevel import CKR_PIN_INCORRECT
 except ImportError:
     raise unittest.SkipTest("PyKCS11 not installed")
-from xmlsec.test.case import load_test_data
-
-P11_MODULE = find_alts(['/usr/lib/libsofthsm.so', '/usr/lib/softhsm/libsofthsm.so', '/usr/lib/softhsm/libsofthsm2.so'])
-P11_ENGINE = find_alts(['/usr/lib/ssl/engines/libpkcs11.so','/usr/lib/engines/engine_pkcs11.so'])
-P11_SPY = find_alts(['/usr/lib/pkcs11/pkcs11-spy.so'])
-PKCS11_TOOL = find_alts(['/usr/bin/pkcs11-tool'])
-OPENSC_TOOL = find_alts(['/usr/bin/opensc-tool'])
-SOFTHSM = find_alts(['/usr/bin/softhsm','/usr/bin/softhsm2-util'])
-OPENSSL = find_alts(['/usr/bin/openssl'])
 
 try:
     import xmlsec.pk11 as pk11
 except Exception:
     raise unittest.SkipTest("PyKCS11 not installed")
 
-if OPENSSL is None:
-    raise unittest.SkipTest("OpenSSL not installed")
-
-if SOFTHSM is None:
-    raise unittest.SkipTest("SoftHSM2 not installed")
-
-if OPENSC_TOOL is None:
-    raise unittest.SkipTest("OpenSC not installed")
-
-if PKCS11_TOOL is None:
-    raise unittest.SkipTest("pkcs11-tool not installed")
 
-if P11_ENGINE is None:
-    raise unittest.SkipTest("libengine-pkcs11-openssl is not installed")
+component_default_paths = {
+    'P11_MODULE': [
+        '/usr/lib/libsofthsm.so',
+        '/usr/lib/softhsm/libsofthsm.so',
+        '/usr/lib/softhsm/libsofthsm2.so',
+    ],
+    'P11_ENGINE': [
+        '/usr/lib/ssl/engines/libpkcs11.so',
+        '/usr/lib/engines/engine_pkcs11.so',
+        '/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so',
+    ],
+    'P11_SPY': [
+        '/usr/lib/pkcs11/pkcs11-spy.so',
+    ],
+    'PKCS11_TOOL': [
+        '/usr/bin/pkcs11-tool',
+    ],
+    'OPENSC_TOOL': [
+        '/usr/bin/opensc-tool',
+    ],
+    'SOFTHSM': [
+        '/usr/bin/softhsm',
+        '/usr/bin/softhsm2-util',
+    ],
+    'OPENSSL': [
+        '/usr/bin/openssl',
+    ],
+}
+
+component_path = {
+    component: find_alts(
+        paths_for_component(component, component_default_paths[component])
+    )
+    for component in component_default_paths.keys()
+}
+
+if any(path is None for component, path in component_path.items()):
+    missing = [
+        component
+        for component, path in component_path.items()
+        if path is None
+    ]
+    raise unittest.SkipTest("Required components missing: {}".format(missing))
 
 softhsm_version = 1
-if SOFTHSM=='/usr/bin/softhsm2-util':
+if component_path['SOFTHSM'] == '/usr/bin/softhsm2-util':
     softhsm_version = 2
 
-
 p11_test_files = []
 softhsm_conf = None
 server_cert_pem = None
@@ -69,13 +95,14 @@ def _tf():
     p11_test_files.append(f.name)
     return f.name
 
+
 def _td():
     d = tempfile.mkdtemp()
     p11_test_files.append(d)
     return d
 
 
-@unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+@unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
 def setup():
     logging.debug("Creating test pkcs11 token using softhsm")
     try:
@@ -95,28 +122,28 @@ def setup():
             else:
                 softhsm_db = _tf()
                 f.write("#Generated by pyXMLSecurity test\n0:%s\n" % softhsm_db)
-                
+
         logging.debug("Initializing the token")
-        run_cmd([SOFTHSM,
+        run_cmd([component_path['SOFTHSM'],
                  '--slot', '0',
                  '--label', 'test',
                  '--init-token',
                  '--pin', 'secret1',
-                 '--so-pin', 'secret2'],softhsm_conf=softhsm_conf)
+                 '--so-pin', 'secret2'], softhsm_conf=softhsm_conf)
         logging.debug("Generating 1024 bit RSA key in token")
-        run_cmd([PKCS11_TOOL,
-                 '--module', P11_MODULE,
+        run_cmd([component_path['PKCS11_TOOL'],
+                 '--module', component_path['P11_MODULE'],
                  '-l',
                  '-k',
                  '--key-type', 'rsa:1024',
                  '--slot-index', '0',
                  '--id', 'a1b2',
                  '--label', 'test',
-                 '--pin', 'secret1'],softhsm_conf=softhsm_conf)
-        run_cmd([PKCS11_TOOL,
-                 '--module', P11_MODULE,
+                 '--pin', 'secret1'], softhsm_conf=softhsm_conf)
+        run_cmd([component_path['PKCS11_TOOL'],
+                 '--module', component_path['P11_MODULE'],
                  '-l',
-                 '--pin', 'secret1', '-O'],softhsm_conf=softhsm_conf)
+                 '--pin', 'secret1', '-O'], softhsm_conf=softhsm_conf)
         global signer_cert_der
         global signer_cert_pem
         signer_cert_pem = _tf()
@@ -143,12 +170,12 @@ def setup():
 distinguished_name = req_distinguished_name
 
 [req_distinguished_name]
-                """ % (P11_ENGINE, P11_MODULE))
+""" % (component_path['P11_ENGINE'], component_path['P11_MODULE']))
 
         signer_cert_der = _tf()
 
         logging.debug("Generating self-signed certificate")
-        run_cmd([OPENSSL, 'req',
+        run_cmd([component_path['OPENSSL'], 'req',
                  '-new',
                  '-x509',
                  '-subj', "/CN=Test Signer",
@@ -157,27 +184,27 @@ def setup():
                  '-keyform', 'engine',
                  '-key', 'pkcs11:token=test',
                  '-passin', 'pass:secret1',
-                 '-out', signer_cert_pem],softhsm_conf=softhsm_conf)
+                 '-out', signer_cert_pem], softhsm_conf=softhsm_conf)
 
-        run_cmd([OPENSSL, 'x509',
+        run_cmd([component_path['OPENSSL'], 'x509',
                  '-inform', 'PEM',
                  '-outform', 'DER',
                  '-in', signer_cert_pem,
-                 '-out', signer_cert_der],softhsm_conf=softhsm_conf)
+                 '-out', signer_cert_der], softhsm_conf=softhsm_conf)
 
         logging.debug("Importing certificate into token")
 
-        run_cmd([PKCS11_TOOL,
-                 '--module', P11_MODULE,
+        run_cmd([component_path['PKCS11_TOOL'],
+                 '--module', component_path['P11_MODULE'],
                  '-l',
                  '--slot-index', '0',
                  '--id', 'a1b2',
                  '--label', 'test',
                  '-y', 'cert',
                  '-w', signer_cert_der,
-                 '--pin', 'secret1'],softhsm_conf=softhsm_conf)
+                 '--pin', 'secret1'], softhsm_conf=softhsm_conf)
 
-    except Exception, ex:
+    except Exception as ex:
         print "-" * 64
         traceback.print_exc()
         print "-" * 64
@@ -212,13 +239,13 @@ def setUp(self):
 
         self.cases = load_test_data('data/signverify')
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_open_session(self):
         session = None
         try:
             os.environ['SOFTHSM_CONF'] = softhsm_conf
             os.environ['SOFTHSM2_CONF'] = softhsm_conf
-            session = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+            session = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
             assert session is not None
         except Exception, ex:
             traceback.print_exc()
@@ -227,13 +254,13 @@ def test_open_session(self):
             if session is not None:
                 pk11._close_session(session)
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_open_session_no_pin(self):
         session = None
         try:
             os.environ['SOFTHSM_CONF'] = softhsm_conf
             os.environ['SOFTHSM2_CONF'] = softhsm_conf
-            session = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test" % P11_MODULE)
+            session = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test" % P11_MODULE)
             assert session is not None
         except Exception, ex:
             traceback.print_exc()
@@ -242,15 +269,15 @@ def test_open_session_no_pin(self):
             if session is not None:
                 pk11._close_session(session)
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_two_sessions(self):
         session1 = None
         session2 = None
         try:
             os.environ['SOFTHSM_CONF'] = softhsm_conf
             os.environ['SOFTHSM2_CONF'] = softhsm_conf
-            session1 = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
-            session2 = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+            session1 = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+            session2 = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
             assert session1 != session2
             assert session1 is not None
             assert session2 is not None
@@ -262,24 +289,24 @@ def test_two_sessions(self):
             if session2 is not None:
                 pk11._close_session(session2)
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_bad_login(self):
         os.environ['SOFTHSM_CONF'] = softhsm_conf
         os.environ['SOFTHSM2_CONF'] = softhsm_conf
         try:
-            session = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test?pin=wrong" % P11_MODULE)
+            session = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test?pin=wrong" % P11_MODULE)
             assert False, "We should have failed the last login"
         except PyKCS11Error, ex:
             assert ex.value == CKR_PIN_INCORRECT
             pass
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_find_key(self):
         session = None
         try:
             os.environ['SOFTHSM_CONF'] = softhsm_conf
             os.environ['SOFTHSM2_CONF'] = softhsm_conf
-            session = pk11._session(P11_MODULE, pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+            session = pk11._session(component_path['P11_MODULE'], pk11_uri="pkcs11://%s/test?pin=secret1" % P11_MODULE)
             key, cert = pk11._find_key(session, "test")
             assert key is not None
             assert cert is not None
@@ -290,7 +317,7 @@ def test_find_key(self):
             if session is not None:
                 pk11._close_session(session)
 
-    @unittest.skipIf(P11_MODULE is None, "SoftHSM PKCS11 module not installed")
+    @unittest.skipIf(component_path['P11_MODULE'] is None, "SoftHSM PKCS11 module not installed")
     def test_SAML_sign_with_pkcs11(self):
         """
         Test signing a SAML assertion using PKCS#11 and then verifying it using plain file.
@@ -302,7 +329,7 @@ def test_SAML_sign_with_pkcs11(self):
         os.environ['SOFTHSM2_CONF'] = softhsm_conf
 
         signed = xmlsec.sign(case.as_etree('in.xml'),
-                             key_spec="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+                             key_spec="pkcs11://%s/test?pin=secret1" % component_path['P11_MODULE'])
 
         # verify signature using the public key
         res = xmlsec.verify(signed, signer_cert_pem)
@@ -319,7 +346,7 @@ def test_SAML_sign_with_pkcs11_cert(self):
         os.environ['SOFTHSM2_CONF'] = softhsm_conf
 
         signed = xmlsec.sign(case.as_etree('in2.xml'),
-                             key_spec="pkcs11://%s/test?pin=secret1" % P11_MODULE)
+                             key_spec="pkcs11://%s/test?pin=secret1" % component_path['P11_MODULE'])
 
         print("XML output :\n{}\n\n".format(etree.tostring(signed)))
         # verify signature using the public key