sign and verify once per found token

If more than one token is found, all of them should have the same
key. This is a somewhat lame way of verifying they all work. Lame
because the resulting signature will be made from the last key only.

Also pass PIN in URI.

2 files changed, 11 insertions, 5 deletions

diff --git a/tests/do-sign.sh b/tests/do-sign.sh
index 9552a5a..512687d 100755
--- a/tests/do-sign.sh
+++ b/tests/do-sign.sh
@@ -13,9 +13,12 @@ if [ -n "$SERVER_PROVIDER" ]; then
 	eval "$P11_KIT_ENV"
 fi    
 
-openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
-	-sign "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \
+token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)"
+for url in $token_urls; do
+    openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
+	-sign "${url};pin-value=ffff" \
 	-out $SIGFILE
+done
 
 if [ -n "$SERVER_PROVIDER" ]; then
 	p11-kit server --kill > /dev/null
diff --git a/tests/do-verify.sh b/tests/do-verify.sh
index a18a762..fded962 100755
--- a/tests/do-verify.sh
+++ b/tests/do-verify.sh
@@ -14,9 +14,12 @@ if [ -n "$SERVER_PROVIDER" ]; then
 	eval "$P11_KIT_ENV"
 fi    
 
-openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
-	-prverify "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \
-	-signature $SIGFILE | egrep "^Verified OK$"
+token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)"
+for url in $token_urls; do
+    openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \
+	    -prverify "${url};pin-value=ffff" \
+	    -signature $SIGFILE | egrep "^Verified OK$"
+done
 
 if [ -n "$SERVER_PROVIDER" ]; then
 	p11-kit server --kill > /dev/null