test: Run hwtests with token not supporting raw RSA signatures

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>

2 files changed, 19 insertions, 0 deletions

diff --git a/tests/meson.build b/tests/meson.build
index 87945a2..1b9a3eb 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -2,6 +2,8 @@ env = environment()
 env.set('G_TEST_SRCDIR', meson.current_source_dir())
 env.set('G_TEST_BUILDDIR', meson.build_root())
 env.set('SOFTHSM2_CONF', meson.build_root() / 'softhsm2.conf')
+env2 = env
+env2.set('SOFTHSM2_CONF', meson.build_root() / 'softhsm2-no-raw.conf')
 
 pkcs11_tool_dep = find_program('pkcs11-tool', required: false)
 p11tool_dep = find_program('p11tool', required: false)
@@ -70,3 +72,11 @@ test(
   depends: [softhsm],
   env: env,
 )
+
+# again with different softhsm configuration not allowing raw RSA signatures */
+test(
+  'hwtests_no_raw',
+  hwtests_test,
+  depends: [softhsm],
+  env: env2,
+)
diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh
index 5341cd3..94b133c 100755
--- a/tests/setup-softhsm2.sh
+++ b/tests/setup-softhsm2.sh
@@ -3,6 +3,7 @@
 SRCDIR=`dirname "$0"`
 NSSDB=hwdb
 CONF=softhsm2.conf
+CONF2=softhsm2-no-raw.conf
 SOPIN="12345678"
 PIN="77777777"
 export GNUTLS_PIN=$PIN
@@ -86,6 +87,14 @@ export SOFTHSM2_CONF="$CONF"
 if [ ! -f "$CONF" ]; then
 	echo "directories.tokendir = `pwd`/tokens/" > $CONF
 	echo "slots.removable = true" >> $CONF
+	# One possible configuration is working with a token
+	# that does not support raw signature, which we need
+	# to emulate using PKCS#1.5
+	cat $CONF > $CONF2
+	echo "slots.mechanisms = CKM_RSA_PKCS" >> $CONF2
+	# we should be able to use just -CKM_RSA_X_509 but
+	# it is broken because of a bug
+	# https://github.com/opendnssec/SoftHSMv2/pull/561
 fi
 
 # SoftHSM configuration directory