From 4f20f724eb4f39d014a2917a1c8f3d25ed6a4bd7 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Tue, 23 Jan 2024 12:10:06 +0530 Subject: [PATCH] added e2e test for pkcs11 token signing Signed-off-by: Vivek Kumar Sahu add license Signed-off-by: Vivek Kumar Sahu small fix Signed-off-by: Vivek Kumar Sahu update shebang portable with cross platform Signed-off-by: Vivek Kumar Sahu enable exit on error and xtrace mode Signed-off-by: Vivek Kumar Sahu cleanup container Signed-off-by: Vivek Kumar Sahu pkcs11 test with upcoming changes Signed-off-by: Vivek Kumar Sahu run pkcs11 e2e test in a separate workflow Signed-off-by: Vivek Kumar Sahu add pkcs11 test in separate workflow Signed-off-by: Vivek Kumar Sahu --- .github/workflows/e2e-tests.yml | 17 ++++++++++++++ test/e2e_test_pkcs11.sh | 40 +++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100755 test/e2e_test_pkcs11.sh diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index cbc1b6512da4..d30683dbe1ba 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -31,6 +31,9 @@ on: pull_request: workflow_dispatch: +env: + GO_VERSION: '1.21' + jobs: e2e-secrets: strategy: @@ -73,3 +76,17 @@ jobs: - name: Run e2e_signblob_tsa_mtls.sh shell: bash run: make && PATH="$PWD:$PATH" ./test/e2e_signblob_tsa_mtls.sh + + e2e-test-pkcs11: + name: Run pkcs11 e2e tests + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: ${{ env.GO_VERSION }} + check-latest: true + + - name: Run pkcs11 end-to-end tests + run: ./test/e2e_test_pkcs11.sh diff --git a/test/e2e_test_pkcs11.sh b/test/e2e_test_pkcs11.sh new file mode 100755 index 000000000000..6e385c7a6f1c --- /dev/null +++ b/test/e2e_test_pkcs11.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +# Copyright 2024 The Sigstore Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Test pkcs11 token signing +CONTAINER_ID=$(docker run -dit --name softhsm -v $(pwd):/root/cosign -p 2345:2345 vegardit/softhsm2-pkcs11-proxy@sha256:557a65d2a14e3986f2389d36ddce75609cbd8fb7ee6cf08a78adcc8236c2a80e) + +docker exec -i $CONTAINER_ID /bin/bash << 'EOF' + +apk update + +# add make pcsc-lite-libs go command +apk add make build-base go + +cd /root/cosign + +softhsm2-util --init-token --free --label "My Token" --pin 1234 --so-pin 1234 +go test -v -cover -coverprofile=./cover.out -tags=softhsm,pkcs11key -coverpkg github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key test/pkcs11_test.go + +EOF + +cleanup_pkcs11() { + docker rm -f $CONTAINER_ID +} + +trap cleanup_pkcs11 EXIT