xrdgsitest(1) General Commands Manual xrdgsitest(1)

xrdgsitest - test crypto functionality relevant for the GSI implementation

xrdgsitest [-h, --help] [-v, --verbose]

The xrdgsitest utility runs a few tests of the crypto functionality implemented in XrdCrypto relevant for the XrdSecgsi module, i.e. handling of certificates, proxies, chains, verification and similar actions.

-h, --help display help

Print very detailed information about the tests.

The program needs access to a user certificate file and its private key, and the related CA file(s); the CRL is downloaded using the information found in the CA certificate. The location of the files are the standard ones and they can modified by the standard environment variables:

The output is a list of PASSED/FAILED test similar to

$ xrdgsitest

|| ---------------------------------------------------------------------------------
|| Crypto functionality tests for GSI ----------------------------------------------
|| ---------------------------------------------------------------------------------
|| Loading EEC ............................................................. PASSED
|| Loading User Proxy ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Recreate the proxy certificate --------------------------------------------------
Enter PEM pass phrase:
|| Recreating User Proxy ................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Load CA certificates ------------------------------------------------------------
|| Loading CA certificate .................................................. PASSED
|| Loading CA certificate .................................................. PASSED
|| ---------------------------------------------------------------------------------
|| Testing ParseFile ---------------------------------------------------------------
|| Chain reorder: ......................................................... PASSED
|| Chain verify: .......................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing ExportChain -------------------------------------------------------------
|| Attach to X509ExportChain ............................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing Chain Import ------------------------------------------------------------
|| Chain reorder: ......................................................... PASSED
|| Chain verify: .......................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain import and verification ---------------------------------------
|| GSI chain verify: ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing GSI chain copy ----------------------------------------------------------
|| GSI chain verify: ...................................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing Cert verification -------------------------------------------------------
|| verify cert: EE signed by CA ............................................ PASSED
|| verify cert: PX signed by EE ............................................ PASSED
|| verify cert: PX not signed by CA ........................................ PASSED
|| ---------------------------------------------------------------------------------
|| Testing request creation --------------------------------------------------------
|| Creating request ........................................................ PASSED
|| ---------------------------------------------------------------------------------
|| Testing request signature -------------------------------------------------------
|| Check proxyCertInfo extension ........................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing export of signed proxy --------------------------------------------------
|| Saving signed proxy chain to file ....................................... PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL identification ------------------------------------------------------
|| Check CRL distribution points extension OK .............................. PASSED
|| ---------------------------------------------------------------------------------
|| Testing CRL loading -------------------------------------------------------------
--2016-12-12 19:31:36-- http://cafiles.cern.ch/cafiles/crl/CERN%20Root%20Certification%20Authority%202.crl
Resolving cafiles.cern.ch (cafiles.cern.ch)... 137.138.4.52, 2001:1458:201:96::100:26
Connecting to cafiles.cern.ch (cafiles.cern.ch)|137.138.4.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1097 (1.1K) [application/pkix-crl]
Saving to: ‘/tmp/5168735f.0.crltmp’

/tmp/5168735f.0.crltmp 100%[========================================================================>] 1.07K --.-KB/s in 0s

2016-12-12 19:31:36 (383 MB/s) - ‘/tmp/5168735f.0.crltmp’ saved [1097/1097]

|| Loading CA1 crl ......................................................... PASSED
|| CRL signature OK ........................................................ PASSED
|| ---------------------------------------------------------------------------------

License terms can be displayed by typing "xrootd -H".

The xrdgsitest command is supported by the xrootd collaboration. Contact information can be found at
http://xrootd.org/contact.html

v5.6.4