1xrdgsitest(1) General Commands Manual xrdgsitest(1)
2
3
4
6 xrdgsitest - test crypto functionality relevant for the GSI implementa‐
7 tion
8
10 xrdgsitest [-h, --help] [-v, --verbose]
11
13 The xrdgsitest utility runs a few tests of the crypto functionality
14 implemented in XrdCrypto relevant for the XrdSecgsi module, i.e. han‐
15 dling of certificates, proxies, chains, verification and similar
16 actions.
17
19 -h, --help display help
20
21 -v, --verbose
22 Print very detailed information about the tests.
23
24
26 The program needs access to a user certificate file and its private
27 key, and the related CA file(s); the CRL is downloaded using the infor‐
28 mation found in the CA certificate. The location of the files are the
29 standard ones and they can modified by the standard environment vari‐
30 ables:
31
32 X509_USER_CERT [$HOME/.globus/usercert.pem] user certificate
33
34 X509_USER_KEY [$HOME/.globus/userkey.pem] user private key
35
36 X509_USER_PROXY [/tmp/x509up_u<uid>] user proxy
37
38 X509_CERT_DIR [/etc/grid-security/certificates/] CA certificates and
39 CRL directories
40
42 The output is a list of PASSED/FAILED test similar to
43
44 $ xrdgsitest
45 ||
46 ---------------------------------------------------------------------------------
47 || Crypto functionality tests for GSI
48 ----------------------------------------------
49 ||
50 ---------------------------------------------------------------------------------
51 || Loading EEC
52 .............................................................
53 PASSED
54 || Loading User Proxy
55 ...................................................... PASSED
56 ||
57 ---------------------------------------------------------------------------------
58 || Recreate the proxy certificate
59 --------------------------------------------------
60 Enter PEM pass phrase:
61 || Recreating User Proxy
62 ................................................... PASSED
63 ||
64 ---------------------------------------------------------------------------------
65 || Load CA certificates
66 ------------------------------------------------------------
67 || Loading CA certificate
68 .................................................. PASSED
69 || Loading CA certificate
70 .................................................. PASSED
71 ||
72 ---------------------------------------------------------------------------------
73 || Testing ParseFile
74 ---------------------------------------------------------------
75 || Chain reorder:
76 .........................................................
77 PASSED
78 || Chain verify:
79 ..........................................................
80 PASSED
81 ||
82 ---------------------------------------------------------------------------------
83 || Testing ExportChain
84 -------------------------------------------------------------
85 || Attach to X509ExportChain
86 ............................................... PASSED
87 ||
88 ---------------------------------------------------------------------------------
89 || Testing Chain Import
90 ------------------------------------------------------------
91 || Chain reorder:
92 .........................................................
93 PASSED
94 || Chain verify:
95 ..........................................................
96 PASSED
97 ||
98 ---------------------------------------------------------------------------------
99 || Testing GSI chain import and verification
100 ---------------------------------------
101 || GSI chain verify:
102 ...................................................... PASSED
103 ||
104 ---------------------------------------------------------------------------------
105 || Testing GSI chain copy
106 ----------------------------------------------------------
107 || GSI chain verify:
108 ...................................................... PASSED
109 ||
110 ---------------------------------------------------------------------------------
111 || Testing Cert verification
112 -------------------------------------------------------
113 || verify cert: EE signed by CA
114 ............................................ PASSED
115 || verify cert: PX signed by EE
116 ............................................ PASSED
117 || verify cert: PX not signed by CA
118 ........................................ PASSED
119 ||
120 ---------------------------------------------------------------------------------
121 || Testing request creation
122 --------------------------------------------------------
123 || Creating request
124 ........................................................ PASSED
125 ||
126 ---------------------------------------------------------------------------------
127 || Testing request signature
128 -------------------------------------------------------
129 || Check proxyCertInfo extension
130 ........................................... PASSED
131 ||
132 ---------------------------------------------------------------------------------
133 || Testing export of signed proxy
134 --------------------------------------------------
135 || Saving signed proxy chain to file
136 ....................................... PASSED
137 ||
138 ---------------------------------------------------------------------------------
139 || Testing CRL identification
140 ------------------------------------------------------
141 || Check CRL distribution points extension OK
142 .............................. PASSED
143 ||
144 ---------------------------------------------------------------------------------
145 || Testing CRL loading
146 -------------------------------------------------------------
147 --2016-12-12 19:31:36--
148 http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certifica‐
149 tion%20Authority%202.crl
150 Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52,
151 2001:1458:201:96::100:26
152 Connecting to cafiles.cern.ch
153 (cafiles.cern.ch)|137.138.4.52|:80... connected.
154 HTTP request sent, awaiting response... 200 OK
155 Length: 1097 (1.1K) [application/pkix-crl]
156 Saving to: ‘/tmp/5168735f.0.crltmp’
157
158 /tmp/5168735f.0.crltmp
159 100%[========================================================================>]
160 1.07K --.-KB/s in 0s
161
162 2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved
163 [1097/1097]
164
165 || Loading CA1 crl
166 .........................................................
167 PASSED
168 || CRL signature OK
169 ........................................................ PASSED
170 ||
171 ---------------------------------------------------------------------------------
172
173
174 The result of each test can be interleaved with details when the ver‐
175 bose option is chosen.
176
178 License terms can be displayed by typing "xrootd -H".
179
181 The xrdgsitest command is supported by the xrootd collaboration. Con‐
182 tact information can be found at
183 http://xrootd.org/contact.html
184
185
186
187 v4.9.1 xrdgsitest(1)