Test the PKCS11 provider built-in to libhx509.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22436 ec53bebd-3082-4978-b11e-865c3cabbd6b

tests/kdc/Makefile.am

@@ -26,7 +26,14 @@ TESTS = $(SCRIPT_TESTS)
 port = 49188
 admport = 49189
 
-do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \
+if HAVE_DLOPEN
+do_dlopen = -e 's,[@]DLOPEN[@],true,g'
+else
+do_dlopen = -e 's,[@]DLOPEN[@],false,g'
+endif
+
+do_subst = sed $(do_dlopen) \
+	-e 's,[@]srcdir[@],$(srcdir),g' \
 	-e 's,[@]port[@],$(port),g' \
 	-e 's,[@]admport[@],$(admport),g' \
 	-e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \

tests/kdc/check-pkinit.in

@@ -231,6 +231,39 @@ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
 ${kdestroy}
 
 
+KRB5_CONFIG="${objdir}/krb5-pkinit.conf"
+export KRB5_CONFIG
+
+echo "Trying PKCS11 support"
+
+cat > test-rc-file.rc <<EOF
+certificate	cert	User certificate	FILE:${base}/pkinit.crt,${keyfile2}
+EOF
+
+SOFTPKCS11RC="test-rc-file.rc"
+export SOFTPKCS11RC
+
+dir=${base}/../../lib/hx509
+file=
+
+for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do
+    if [ -f $dir/$a ] ; then
+	file=$dir/$a
+	break
+    fi
+done
+
+if [ X"$file" != X -a @DLOPEN@ ] ; then
+
+    echo "Trying pk-init (principal in pki-mapping file) "; > messages.log
+    ${kinit} -C PKCS11:${file} foo@${R} || \
+	{ ec=1 ; eval "${testfailed}"; }
+    ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
+    ${kdestroy}
+
+fi
+
+
 echo "killing kdc (${kdcpid})"
 kill $kdcpid || exit 1