1xrdgsitest(1) General Commands Manual xrdgsitest(1)
2
3
4
6 xrdgsitest - test crypto functionality relevant for the GSI implementa‐
7 tion
8
10 xrdgsitest [-h, --help] [-v, --verbose]
11
13 The xrdgsitest utility runs a few tests of the crypto functionality im‐
14 plemented in XrdCrypto relevant for the XrdSecgsi module, i.e. handling
15 of certificates, proxies, chains, verification and similar actions.
16
18 -h, --help display help
19
20 -v, --verbose
21 Print very detailed information about the tests.
22
23
25 The program needs access to a user certificate file and its private
26 key, and the related CA file(s); the CRL is downloaded using the infor‐
27 mation found in the CA certificate. The location of the files are the
28 standard ones and they can modified by the standard environment vari‐
29 ables:
30
31 X509_USER_CERT [$HOME/.globus/usercert.pem] user certificate
32
33 X509_USER_KEY [$HOME/.globus/userkey.pem] user private key
34
35 X509_USER_PROXY [/tmp/x509up_u<uid>] user proxy
36
37 X509_CERT_DIR [/etc/grid-security/certificates/] CA certificates and
38 CRL directories
39
41 The output is a list of PASSED/FAILED test similar to
42
43 $ xrdgsitest
44 ||
45 ---------------------------------------------------------------------------------
46 || Crypto functionality tests for GSI
47 ----------------------------------------------
48 ||
49 ---------------------------------------------------------------------------------
50 || Loading EEC
51 .............................................................
52 PASSED
53 || Loading User Proxy
54 ...................................................... PASSED
55 ||
56 ---------------------------------------------------------------------------------
57 || Recreate the proxy certificate
58 --------------------------------------------------
59 Enter PEM pass phrase:
60 || Recreating User Proxy
61 ................................................... PASSED
62 ||
63 ---------------------------------------------------------------------------------
64 || Load CA certificates
65 ------------------------------------------------------------
66 || Loading CA certificate
67 .................................................. PASSED
68 || Loading CA certificate
69 .................................................. PASSED
70 ||
71 ---------------------------------------------------------------------------------
72 || Testing ParseFile
73 ---------------------------------------------------------------
74 || Chain reorder:
75 .........................................................
76 PASSED
77 || Chain verify:
78 ..........................................................
79 PASSED
80 ||
81 ---------------------------------------------------------------------------------
82 || Testing ExportChain
83 -------------------------------------------------------------
84 || Attach to X509ExportChain
85 ............................................... PASSED
86 ||
87 ---------------------------------------------------------------------------------
88 || Testing Chain Import
89 ------------------------------------------------------------
90 || Chain reorder:
91 .........................................................
92 PASSED
93 || Chain verify:
94 ..........................................................
95 PASSED
96 ||
97 ---------------------------------------------------------------------------------
98 || Testing GSI chain import and verification
99 ---------------------------------------
100 || GSI chain verify:
101 ...................................................... PASSED
102 ||
103 ---------------------------------------------------------------------------------
104 || Testing GSI chain copy
105 ----------------------------------------------------------
106 || GSI chain verify:
107 ...................................................... PASSED
108 ||
109 ---------------------------------------------------------------------------------
110 || Testing Cert verification
111 -------------------------------------------------------
112 || verify cert: EE signed by CA
113 ............................................ PASSED
114 || verify cert: PX signed by EE
115 ............................................ PASSED
116 || verify cert: PX not signed by CA
117 ........................................ PASSED
118 ||
119 ---------------------------------------------------------------------------------
120 || Testing request creation
121 --------------------------------------------------------
122 || Creating request
123 ........................................................ PASSED
124 ||
125 ---------------------------------------------------------------------------------
126 || Testing request signature
127 -------------------------------------------------------
128 || Check proxyCertInfo extension
129 ........................................... PASSED
130 ||
131 ---------------------------------------------------------------------------------
132 || Testing export of signed proxy
133 --------------------------------------------------
134 || Saving signed proxy chain to file
135 ....................................... PASSED
136 ||
137 ---------------------------------------------------------------------------------
138 || Testing CRL identification
139 ------------------------------------------------------
140 || Check CRL distribution points extension OK
141 .............................. PASSED
142 ||
143 ---------------------------------------------------------------------------------
144 || Testing CRL loading
145 -------------------------------------------------------------
146 --2016-12-12 19:31:36--
147 http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certifica‐
148 tion%20Authority%202.crl
149 Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52,
150 2001:1458:201:96::100:26
151 Connecting to cafiles.cern.ch
152 (cafiles.cern.ch)|137.138.4.52|:80... connected.
153 HTTP request sent, awaiting response... 200 OK
154 Length: 1097 (1.1K) [application/pkix-crl]
155 Saving to: ‘/tmp/5168735f.0.crltmp’
156
157 /tmp/5168735f.0.crltmp
158 100%[========================================================================>]
159 1.07K --.-KB/s in 0s
160
161 2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved
162 [1097/1097]
163
164 || Loading CA1 crl
165 .........................................................
166 PASSED
167 || CRL signature OK
168 ........................................................ PASSED
169 ||
170 ---------------------------------------------------------------------------------
171
172
173 The result of each test can be interleaved with details when the ver‐
174 bose option is chosen.
175
177 License terms can be displayed by typing "xrootd -H".
178
180 The xrdgsitest command is supported by the xrootd collaboration. Con‐
181 tact information can be found at
182 http://xrootd.org/contact.html
183
184
185
186 v5.4.3 xrdgsitest(1)