xrdgsitest - Man Page

test crypto functionality relevant for the GSI implementation

Synopsis

xrdgsitest [-h, --help] [-v, --verbose]

Description

The xrdgsitest utility runs a few tests of the crypto functionality implemented in XrdCrypto relevant for the XrdSecgsi module, i.e. handling of certificates, proxies, chains, verification and similar actions.

Options

-h,  --help
display help
-v,  --verbose

Print very detailed information about the tests.

Files

The program needs access to a user certificate file and its private key, and the related CA file(s); the CRL is downloaded using the information found in the CA certificate.  The location of the files are the standard ones and they can modified by the standard environment variables:

X509_USER_CERT  [$HOME/.globus/usercert.pem]       user certificate

X509_USER_KEY   [$HOME/.globus/userkey.pem]        user private key

X509_USER_PROXY [/tmp/x509up_u<uid>]               user proxy

X509_CERT_DIR   [/etc/grid-security/certificates/] CA certificates and CRL directories

Output

The output is a list of PASSED/FAILED test similar to

$ xrdgsitest

|| ---------------------------------------------------------------------------------
|| Crypto functionality tests for GSI ----------------------------------------------
|| ---------------------------------------------------------------------------------
|| Loading EEC .............................................................  PASSED
|| Loading User Proxy ......................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Recreate the proxy certificate --------------------------------------------------
Enter PEM pass phrase:
|| Recreating User Proxy ...................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Load CA certificates ------------------------------------------------------------
|| Loading CA certificate ..................................................  PASSED
|| Loading CA certificate ..................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing ParseFile ---------------------------------------------------------------
|| Chain reorder:  .........................................................  PASSED
|| Chain verify:  ..........................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing ExportChain -------------------------------------------------------------
|| Attach to X509ExportChain ...............................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing Chain Import ------------------------------------------------------------
|| Chain reorder:  .........................................................  PASSED
|| Chain verify:  ..........................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain import and verification ---------------------------------------
|| GSI chain verify:  ......................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain copy ----------------------------------------------------------
|| GSI chain verify:  ......................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing Cert verification -------------------------------------------------------
|| verify cert: EE signed by CA ............................................  PASSED
|| verify cert: PX signed by EE ............................................  PASSED
|| verify cert: PX not signed by CA ........................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing request creation --------------------------------------------------------
|| Creating request ........................................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing request signature -------------------------------------------------------
|| Check proxyCertInfo extension ...........................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing export of signed proxy --------------------------------------------------
|| Saving signed proxy chain to file .......................................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL identification ------------------------------------------------------
|| Check CRL distribution points extension OK ..............................  PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL loading -------------------------------------------------------------
--2016-12-12 19:31:36--  http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certification%20Authority%202.crl
Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52, 2001:1458:201:96::100:26
Connecting to cafiles.cern.ch (cafiles.cern.ch)|137.138.4.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1097 (1.1K) [application/pkix-crl]
Saving to: ‘/tmp/5168735f.0.crltmp’

/tmp/5168735f.0.crltmp                100%[========================================================================>]   1.07K  --.-KB/s    in 0s      

2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved [1097/1097]

|| Loading CA1 crl .........................................................  PASSED
|| CRL signature OK ........................................................  PASSED
|| ---------------------------------------------------------------------------------

The result of each test can be interleaved with details when the verbose option is chosen.

License

License terms can be displayed by typing "xrootd -H".

Support Level

The xrdgsitest command is supported by the xrootd collaboration. Contact information can be found at

http://xrootd.org/contact.html

Info

v5.2.0