1xrdgsitest(1)               General Commands Manual              xrdgsitest(1)
2
3
4

NAME

6       xrdgsitest - test crypto functionality relevant for the GSI implementa‐
7       tion
8

SYNOPSIS

10       xrdgsitest [-h, --help] [-v, --verbose]
11

DESCRIPTION

13       The xrdgsitest utility runs a few tests of the crypto functionality
14       implemented in XrdCrypto relevant for the XrdSecgsi module, i.e. han‐
15       dling of certificates, proxies, chains, verification and similar
16       actions.
17

OPTIONS

19       -h, --help display help
20
21       -v, --verbose
22              Print very detailed information about the tests.
23
24

FILES

26       The program needs access to a user certificate file and its private
27       key, and the related CA file(s); the CRL is downloaded using the infor‐
28       mation found in the CA certificate.  The location of the files are the
29       standard ones and they can modified by the standard environment vari‐
30       ables:
31
32       X509_USER_CERT  [$HOME/.globus/usercert.pem]       user certificate
33
34       X509_USER_KEY   [$HOME/.globus/userkey.pem]        user private key
35
36       X509_USER_PROXY [/tmp/x509up_u<uid>]               user proxy
37
38       X509_CERT_DIR   [/etc/grid-security/certificates/] CA certificates and
39       CRL directories
40

OUTPUT

42       The output is a list of PASSED/FAILED test similar to
43
44       $ xrdgsitest
45              ||
46              ---------------------------------------------------------------------------------
47              || Crypto functionality tests for GSI
48              ----------------------------------------------
49              ||
50              ---------------------------------------------------------------------------------
51              || Loading EEC
52              .............................................................
53              PASSED
54              || Loading User Proxy
55              ......................................................  PASSED
56              ||
57              ---------------------------------------------------------------------------------
58              || Recreate the proxy certificate
59              --------------------------------------------------
60              Enter PEM pass phrase:
61              || Recreating User Proxy
62              ...................................................  PASSED
63              ||
64              ---------------------------------------------------------------------------------
65              || Load CA certificates
66              ------------------------------------------------------------
67              || Loading CA certificate
68              ..................................................  PASSED
69              || Loading CA certificate
70              ..................................................  PASSED
71              ||
72              ---------------------------------------------------------------------------------
73              || Testing ParseFile
74              ---------------------------------------------------------------
75              || Chain reorder:
76              .........................................................
77              PASSED
78              || Chain verify:
79              ..........................................................
80              PASSED
81              ||
82              ---------------------------------------------------------------------------------
83              || Testing ExportChain
84              -------------------------------------------------------------
85              || Attach to X509ExportChain
86              ...............................................  PASSED
87              ||
88              ---------------------------------------------------------------------------------
89              || Testing Chain Import
90              ------------------------------------------------------------
91              || Chain reorder:
92              .........................................................
93              PASSED
94              || Chain verify:
95              ..........................................................
96              PASSED
97              ||
98              ---------------------------------------------------------------------------------
99              || Testing GSI chain import and verification
100              ---------------------------------------
101              || GSI chain verify:
102              ......................................................  PASSED
103              ||
104              ---------------------------------------------------------------------------------
105              || Testing GSI chain copy
106              ----------------------------------------------------------
107              || GSI chain verify:
108              ......................................................  PASSED
109              ||
110              ---------------------------------------------------------------------------------
111              || Testing Cert verification
112              -------------------------------------------------------
113              || verify cert: EE signed by CA
114              ............................................  PASSED
115              || verify cert: PX signed by EE
116              ............................................  PASSED
117              || verify cert: PX not signed by CA
118              ........................................  PASSED
119              ||
120              ---------------------------------------------------------------------------------
121              || Testing request creation
122              --------------------------------------------------------
123              || Creating request
124              ........................................................  PASSED
125              ||
126              ---------------------------------------------------------------------------------
127              || Testing request signature
128              -------------------------------------------------------
129              || Check proxyCertInfo extension
130              ...........................................  PASSED
131              ||
132              ---------------------------------------------------------------------------------
133              || Testing export of signed proxy
134              --------------------------------------------------
135              || Saving signed proxy chain to file
136              .......................................  PASSED
137              ||
138              ---------------------------------------------------------------------------------
139              || Testing CRL identification
140              ------------------------------------------------------
141              || Check CRL distribution points extension OK
142              ..............................  PASSED
143              ||
144              ---------------------------------------------------------------------------------
145              || Testing CRL loading
146              -------------------------------------------------------------
147              --2016-12-12 19:31:36--
148              http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certifica
149              tion%20Authority%202.crl
150              Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52,
151              2001:1458:201:96::100:26
152              Connecting to cafiles.cern.ch
153              (cafiles.cern.ch)|137.138.4.52|:80... connected.
154              HTTP request sent, awaiting response... 200 OK
155              Length: 1097 (1.1K) [application/pkix-crl]
156              Saving to: ‘/tmp/5168735f.0.crltmp’
157
158              /tmp/5168735f.0.crltmp
159              100%[========================================================================>]
160              1.07K  --.-KB/s    in 0s
161
162              2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved
163              [1097/1097]
164
165              || Loading CA1 crl
166              .........................................................
167              PASSED
168              || CRL signature OK
169              ........................................................  PASSED
170              ||
171              ---------------------------------------------------------------------------------
172
173
174       The result of each test can be interleaved with details when the ver‐
175       bose option is chosen.
176

LICENSE

178       License terms can be displayed by typing "xrootd -H".
179

SUPPORT LEVEL

181       The xrdgsitest command is supported by the xrootd collaboration.  Con‐
182       tact information can be found at
183                           http://xrootd.org/contact.html
184
185
186
187                                    v4.9.1                       xrdgsitest(1)
Impressum