1xrdgsitest(1)               General Commands Manual              xrdgsitest(1)
2
3
4

NAME

6       xrdgsitest - test crypto functionality relevant for the GSI implementa‐
7       tion
8

SYNOPSIS

10       xrdgsitest [-h, --help] [-v, --verbose]
11

DESCRIPTION

13       The xrdgsitest utility runs a few tests of the crypto functionality im‐
14       plemented in XrdCrypto relevant for the XrdSecgsi module, i.e. handling
15       of certificates, proxies, chains, verification and similar actions.
16

OPTIONS

18       -h, --help display help
19
20       -v, --verbose
21              Print very detailed information about the tests.
22
23

FILES

25       The program needs access to a user certificate file and its private
26       key, and the related CA file(s); the CRL is downloaded using the infor‐
27       mation found in the CA certificate.  The location of the files are the
28       standard ones and they can modified by the standard environment vari‐
29       ables:
30
31       X509_USER_CERT  [$HOME/.globus/usercert.pem]       user certificate
32
33       X509_USER_KEY   [$HOME/.globus/userkey.pem]        user private key
34
35       X509_USER_PROXY [/tmp/x509up_u<uid>]               user proxy
36
37       X509_CERT_DIR   [/etc/grid-security/certificates/] CA certificates and
38       CRL directories
39

OUTPUT

41       The output is a list of PASSED/FAILED test similar to
42
43       $ xrdgsitest
44              ||
45              ---------------------------------------------------------------------------------
46              || Crypto functionality tests for GSI
47              ----------------------------------------------
48              ||
49              ---------------------------------------------------------------------------------
50              || Loading EEC
51              .............................................................
52              PASSED
53              || Loading User Proxy
54              ......................................................  PASSED
55              ||
56              ---------------------------------------------------------------------------------
57              || Recreate the proxy certificate
58              --------------------------------------------------
59              Enter PEM pass phrase:
60              || Recreating User Proxy
61              ...................................................  PASSED
62              ||
63              ---------------------------------------------------------------------------------
64              || Load CA certificates
65              ------------------------------------------------------------
66              || Loading CA certificate
67              ..................................................  PASSED
68              || Loading CA certificate
69              ..................................................  PASSED
70              ||
71              ---------------------------------------------------------------------------------
72              || Testing ParseFile
73              ---------------------------------------------------------------
74              || Chain reorder:
75              .........................................................
76              PASSED
77              || Chain verify:
78              ..........................................................
79              PASSED
80              ||
81              ---------------------------------------------------------------------------------
82              || Testing ExportChain
83              -------------------------------------------------------------
84              || Attach to X509ExportChain
85              ...............................................  PASSED
86              ||
87              ---------------------------------------------------------------------------------
88              || Testing Chain Import
89              ------------------------------------------------------------
90              || Chain reorder:
91              .........................................................
92              PASSED
93              || Chain verify:
94              ..........................................................
95              PASSED
96              ||
97              ---------------------------------------------------------------------------------
98              || Testing GSI chain import and verification
99              ---------------------------------------
100              || GSI chain verify:
101              ......................................................  PASSED
102              ||
103              ---------------------------------------------------------------------------------
104              || Testing GSI chain copy
105              ----------------------------------------------------------
106              || GSI chain verify:
107              ......................................................  PASSED
108              ||
109              ---------------------------------------------------------------------------------
110              || Testing Cert verification
111              -------------------------------------------------------
112              || verify cert: EE signed by CA
113              ............................................  PASSED
114              || verify cert: PX signed by EE
115              ............................................  PASSED
116              || verify cert: PX not signed by CA
117              ........................................  PASSED
118              ||
119              ---------------------------------------------------------------------------------
120              || Testing request creation
121              --------------------------------------------------------
122              || Creating request
123              ........................................................  PASSED
124              ||
125              ---------------------------------------------------------------------------------
126              || Testing request signature
127              -------------------------------------------------------
128              || Check proxyCertInfo extension
129              ...........................................  PASSED
130              ||
131              ---------------------------------------------------------------------------------
132              || Testing export of signed proxy
133              --------------------------------------------------
134              || Saving signed proxy chain to file
135              .......................................  PASSED
136              ||
137              ---------------------------------------------------------------------------------
138              || Testing CRL identification
139              ------------------------------------------------------
140              || Check CRL distribution points extension OK
141              ..............................  PASSED
142              ||
143              ---------------------------------------------------------------------------------
144              || Testing CRL loading
145              -------------------------------------------------------------
146              --2016-12-12 19:31:36--
147              http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certifica
148              tion%20Authority%202.crl
149              Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52,
150              2001:1458:201:96::100:26
151              Connecting to cafiles.cern.ch
152              (cafiles.cern.ch)|137.138.4.52|:80... connected.
153              HTTP request sent, awaiting response... 200 OK
154              Length: 1097 (1.1K) [application/pkix-crl]
155              Saving to: ‘/tmp/5168735f.0.crltmp’
156
157              /tmp/5168735f.0.crltmp
158              100%[========================================================================>]
159              1.07K  --.-KB/s    in 0s
160
161              2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved
162              [1097/1097]
163
164              || Loading CA1 crl
165              .........................................................
166              PASSED
167              || CRL signature OK
168              ........................................................  PASSED
169              ||
170              ---------------------------------------------------------------------------------
171
172
173       The result of each test can be interleaved with details when the ver‐
174       bose option is chosen.
175

LICENSE

177       License terms can be displayed by typing "xrootd -H".
178

SUPPORT LEVEL

180       The xrdgsitest command is supported by the xrootd collaboration.  Con‐
181       tact information can be found at
182                           http://xrootd.org/contact.html
183
184
185
186                                    v5.4.3                       xrdgsitest(1)
Impressum