Skip to content

tests: Add a pkcs11-certificate test case#640

Merged
mihaimaruseac merged 4 commits into
sigstore:mainfrom
stefanberger:pkcs11_cert_test
Jun 17, 2026
Merged

tests: Add a pkcs11-certificate test case#640
mihaimaruseac merged 4 commits into
sigstore:mainfrom
stefanberger:pkcs11_cert_test

Conversation

@stefanberger

@stefanberger stefanberger commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Since the PKCS #11 module for SoftHSM is outside the default pkcs11 module paths, add an option --module-paths to the CLI tool for passing the paths to PKCS #11 modules and use it in test cases since on Ubuntu the module is located in /usr/lib/softhsm.

If the openssl command line tool is available then create a CA and sign the HSM's public key with it and then test signing and verifying with the pkcs11-certificate method.

Summary

Checklist
  • All commits are signed-off, using DCO
  • All new code has docstrings and type annotations
  • All new code is covered by tests. Aim for at least 90% coverage. CI is configured to highlight lines not covered by tests.
  • Public facing changes are paired with documentation changes
  • Release note has been added to CHANGELOG.md if needed

@stefanberger stefanberger requested review from a team as code owners June 15, 2026 14:31
SequeI
SequeI previously approved these changes Jun 15, 2026
View reviewed changes

@SequeI SequeI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thank you!

@stefanberger

stefanberger commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

lgtm, thank you!

One more change: Now they should run with all the other command line tests.

@stefanberger stefanberger force-pushed the pkcs11_cert_test branch 7 times, most recently from 3df1b21 to 3f8a4da Compare June 15, 2026 16:01
@stefanberger
cli: Add --module-paths option for paths to PKCS sigstore#11 modules
0280cef 
Some PKCS sigstore#11 modules are not in the expected paths of /usr/lib64/pkcs11
or /usr/lib/pkcs11. An example is the SoftHSM2 module that is in
/usr/lib/softhsm/ on Ubuntu and other distros. Therefore, add an option
--module_paths to the CLI to be able to use SoftHSM2 it in CLI tests cases.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tests: Add a pkcs11-certificate test case
2be55e6 
If the openssl command line tool is available then create a CA and sign
the HSM's public key with it and then test signing and verifying with
pkcs11-certificate method.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tests: Add --module-paths for paths to SoftHSM2 module to pkcs11 tests
9aa61e2 
Since the Ubuntu SoftHSM2 PKCS sigstore#11 module is outside the default paths
its path must be provided using the --module-paths command line option.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tests: Move pkcs11 tests to directory with other CLI tests
03956af 
Run the pkcs11 tests with all the other command line tests.
Adjust the path to the softhsm_setup script where necessary.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@mihaimaruseac mihaimaruseac merged commit bb6ee8f into sigstore:main Jun 17, 2026
52 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

@SequeI SequeI SequeI approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stefanberger @mihaimaruseac @SequeI