Provide a minimum smoke test for PKCS#11 operation
Basics
Logistics
Basics
Logistics
Description
Our unit tests, thin on the ground as they are in any case, do not include any tests which involve use of PKCS#11 tokens. I’ve recently run into an issue which might have been detected if we had that in place earlier.
This is tricky to do, because most interesting PKCS#11 tokens are hardware and SoftHSM is native software not really usable from a Java unit testing environment (and in many environments, just plain broken).
As a proof of concept and a way to help debug my current issue, I’d like to build an environment which encapsulates a known-good SoftHSM configuration and some scripts to invoke xmlsectool to sign using the token held in SoftHSM. My shibboleth-mda-docker project (which is designed to help test the MDA, and incorporates both SoftHSM and (a production version of) xmlsectool seems like it would be a good starting point.
Environment
None
Activity
Ian Young
March 21, 2025 at 6:00 PM
It’s not as polished as the MDA equivalent but I do now have something to fill this need:
Our unit tests, thin on the ground as they are in any case, do not include any tests which involve use of PKCS#11 tokens. I’ve recently run into an issue which might have been detected if we had that in place earlier.
This is tricky to do, because most interesting PKCS#11 tokens are hardware and SoftHSM is native software not really usable from a Java unit testing environment (and in many environments, just plain broken).
As a proof of concept and a way to help debug my current issue, I’d like to build an environment which encapsulates a known-good SoftHSM configuration and some scripts to invoke
xmlsectoolto sign using the token held in SoftHSM. My shibboleth-mda-docker project (which is designed to help test the MDA, and incorporates both SoftHSM and (a production version of)xmlsectoolseems like it would be a good starting point.