xrdgsitest

NAME

xrdgsitest - test crypto functionality relevant for the GSI implementation

SYNOPSIS

xrdgsitest [-h, --help] [-v, --verbose]

DESCRIPTION

The xrdgsitest utility runs a few tests of the crypto functionality implemented in XrdCrypto relevant for the XrdSecgsi module, i.e. handling of certificates, proxies, chains, verification and similar actions.

OPTIONS

-h, --help display help
-v, --verbose

Print very detailed information about the tests.

FILES

The program needs access to a user certificate file and its private key, and the related CA file(s); the CRL is downloaded using the information found in the CA certificate. The location of the files are the standard ones and they can modified by the standard environment variables:
X509_USER_CERT [$HOME/.globus/usercert.pem] user certificate
X509_USER_KEY [$HOME/.globus/userkey.pem] user private key
X509_USER_PROXY [/tmp/x509up_u<uid>] user proxy
X509_CERT_DIR [/etc/grid-security/certificates/] CA certificates and CRL
directories

OUTPUT

The output is a list of PASSED/FAILED test similar to
$ xrdgsitest

|| ---------------------------------------------------------------------------------
|| Crypto functionality tests for GSI ----------------------------------------------
|| ---------------------------------------------------------------------------------
|| Loading EEC ............................................................. PASSED
|| Loading User Proxy ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Recreate the proxy certificate --------------------------------------------------
Enter PEM pass phrase:
|| Recreating User Proxy ................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Load CA certificates ------------------------------------------------------------
|| Loading CA certificate .................................................. PASSED
|| Loading CA certificate .................................................. PASSED
|| ---------------------------------------------------------------------------------
|| Testing ParseFile ---------------------------------------------------------------
|| Chain reorder: ......................................................... PASSED
|| Chain verify: .......................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing ExportChain -------------------------------------------------------------
|| Attach to X509ExportChain ............................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing Chain Import ------------------------------------------------------------
|| Chain reorder: ......................................................... PASSED
|| Chain verify: .......................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain import and verification ---------------------------------------
|| GSI chain verify: ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain copy ----------------------------------------------------------
|| GSI chain verify: ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing Cert verification -------------------------------------------------------
|| verify cert: EE signed by CA ............................................ PASSED
|| verify cert: PX signed by EE ............................................ PASSED
|| verify cert: PX not signed by CA ........................................ PASSED
|| ---------------------------------------------------------------------------------
|| Testing request creation --------------------------------------------------------
|| Creating request ........................................................ PASSED
|| ---------------------------------------------------------------------------------
|| Testing request signature -------------------------------------------------------
|| Check proxyCertInfo extension ........................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing export of signed proxy --------------------------------------------------
|| Saving signed proxy chain to file ....................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL identification ------------------------------------------------------
|| Check CRL distribution points extension OK .............................. PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL loading -------------------------------------------------------------
--2016-12-12 19:31:36-- http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certification%20Authority%202.crl
Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52, 2001:1458:201:96::100:26
Connecting to cafiles.cern.ch (cafiles.cern.ch)|137.138.4.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1097 (1.1K) [application/pkix-crl]
Saving to: â/tmp/5168735f.0.crltmpâ

/tmp/5168735f.0.crltmp 100%[========================================================================>] 1.07K --.-KB/s in 0s

2016-12-12 19:31:36 (383 MB/s) - â/tmp/5168735f.0.crltmpâ saved [1097/1097]

|| Loading CA1 crl ......................................................... PASSED
|| CRL signature OK ........................................................ PASSED
|| ---------------------------------------------------------------------------------

The result of each test can be interleaved with details when the verbose
option is chosen.

LICENSE

License terms can be displayed by typing "xrootd -H".

SUPPORT LEVEL

The xrdgsitest command is supported by the xrootd collaboration. Contact information can be found at

http://xrootd.org/contact.html