0s autopkgtest [23:31:16]: starting date and time: 2024-04-09 23:31:16+0000 0s autopkgtest [23:31:16]: git checkout: 43bc6cdf gitlab-ci: do not include the salsa pipeline 0s autopkgtest [23:31:16]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.joebkvgb/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:curl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=curl/8.5.0-2ubuntu10 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@lcy02-101.secgroup --name adt-noble-amd64-sssd-20240409-233116-juju-7f2275-prod-proposed-migration-environment-2-054a5a3e-155c-46fe-a4f9-ffe3ef72e509 --image adt/ubuntu-noble-amd64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 487s autopkgtest [23:39:23]: testbed dpkg architecture: amd64 487s autopkgtest [23:39:23]: testbed apt version: 2.7.14build2 487s autopkgtest [23:39:23]: @@@@@@@@@@@@@@@@@@@@ test bed setup 487s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 487s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [613 kB] 487s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [334 kB] 487s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [4796 B] 487s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [6468 B] 487s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [266 kB] 487s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [352 kB] 487s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3508 B] 487s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [3680 B] 487s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [20.0 kB] 487s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [116 B] 487s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [412 kB] 487s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [789 kB] 487s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [9396 B] 487s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [3580 B] 487s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [716 B] 487s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [196 B] 490s Fetched 2936 kB in 1s (5641 kB/s) 490s Reading package lists... 491s Reading package lists... 491s Building dependency tree... 491s Reading state information... 492s Calculating upgrade... 492s The following packages will be upgraded: 492s curl libcurl3t64-gnutls libcurl4t64 492s 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 492s Need to get 900 kB of archives. 492s After this operation, 0 B of additional disk space will be used. 492s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 curl amd64 8.5.0-2ubuntu10 [227 kB] 492s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libcurl4t64 amd64 8.5.0-2ubuntu10 [340 kB] 492s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libcurl3t64-gnutls amd64 8.5.0-2ubuntu10 [333 kB] 507s Fetched 900 kB in 0s (29.2 MB/s) 507s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73681 files and directories currently installed.) 507s Preparing to unpack .../curl_8.5.0-2ubuntu10_amd64.deb ... 507s Unpacking curl (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 507s Preparing to unpack .../libcurl4t64_8.5.0-2ubuntu10_amd64.deb ... 507s Unpacking libcurl4t64:amd64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 507s Preparing to unpack .../libcurl3t64-gnutls_8.5.0-2ubuntu10_amd64.deb ... 507s Unpacking libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 507s Setting up libcurl4t64:amd64 (8.5.0-2ubuntu10) ... 507s Setting up libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10) ... 507s Setting up curl (8.5.0-2ubuntu10) ... 507s Processing triggers for man-db (2.12.0-4build1) ... 507s Processing triggers for libc-bin (2.39-0ubuntu8) ... 507s Reading package lists... 507s Building dependency tree... 507s Reading state information... 507s The following packages will be REMOVED: 507s amd64-microcode* bpfcc-tools* bpftrace* firmware-sof-signed* 507s fontconfig-config* fonts-dejavu-core* fonts-dejavu-mono* ieee-data* 507s intel-microcode* iucode-tool* libbpfcc* libc-dev-bin* libc-devtools* 507s libc6-dev* libclang-cpp18* libclang1-18* libcrypt-dev* libdeflate0* 507s libfontconfig1* libgd3* libjbig0* libjpeg-turbo8* libjpeg8* liblerc4* 507s libllvm18* libsharpyuv0* libtiff6* libwebp7* libxpm4* linux-firmware* 507s linux-generic* linux-image-generic* linux-libc-dev* python3-bpfcc* 507s python3-netaddr* rpcsvc-proto* ubuntu-kernel-accessories* 507s 0 upgraded, 0 newly installed, 37 to remove and 0 not upgraded. 507s After this operation, 775 MB disk space will be freed. 507s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73681 files and directories currently installed.) 507s Removing linux-generic (6.8.0-22.22) ... 507s Removing linux-image-generic (6.8.0-22.22) ... 507s Removing amd64-microcode (3.20231019.1ubuntu1) ... 507s update-initramfs: deferring update (trigger activated) 507s Removing bpfcc-tools (0.29.1+ds-1ubuntu6) ... 507s Removing bpftrace (0.20.2-1ubuntu3) ... 507s Removing firmware-sof-signed (2023.12.1-1ubuntu1) ... 507s Removing libc-devtools (2.39-0ubuntu8) ... 507s Removing libgd3:amd64 (2.3.3-9ubuntu4) ... 507s Removing libfontconfig1:amd64 (2.15.0-1.1ubuntu2) ... 507s Removing fontconfig-config (2.15.0-1.1ubuntu2) ... 507s Removing fonts-dejavu-core (2.37-8) ... 507s Removing fonts-dejavu-mono (2.37-8) ... 507s Removing python3-netaddr (0.8.0-2ubuntu1) ... 507s Removing ieee-data (20220827.1) ... 507s Removing intel-microcode (3.20240312.1build1) ... 507s update-initramfs: deferring update (trigger activated) 507s Removing iucode-tool (2.3.1-3) ... 507s Removing python3-bpfcc (0.29.1+ds-1ubuntu6) ... 507s Removing libbpfcc:amd64 (0.29.1+ds-1ubuntu6) ... 507s Removing libc6-dev:amd64 (2.39-0ubuntu8) ... 507s Removing libc-dev-bin (2.39-0ubuntu8) ... 507s Removing libclang-cpp18 (1:18.1.2-1ubuntu3) ... 507s Removing libclang1-18 (1:18.1.2-1ubuntu3) ... 507s Removing libcrypt-dev:amd64 (1:4.4.36-4) ... 507s Removing libtiff6:amd64 (4.5.1+git230720-4ubuntu2) ... 507s Removing libdeflate0:amd64 (1.19-1) ... 507s Removing libjbig0:amd64 (2.1-6.1ubuntu1) ... 507s Removing libjpeg8:amd64 (8c-2ubuntu11) ... 507s Removing libjpeg-turbo8:amd64 (2.1.5-2ubuntu1) ... 507s Removing liblerc4:amd64 (4.0.0+ds-4ubuntu1) ... 507s Removing libllvm18:amd64 (1:18.1.2-1ubuntu3) ... 507s Removing libwebp7:amd64 (1.3.2-0.4build3) ... 507s Removing libsharpyuv0:amd64 (1.3.2-0.4build3) ... 507s Removing libxpm4:amd64 (1:3.5.17-1build2) ... 507s Removing linux-firmware (20240202.git36777504-0ubuntu1) ... 507s Removing linux-libc-dev:amd64 (6.8.0-22.22) ... 507s Removing rpcsvc-proto (1.4.2-0ubuntu6) ... 507s Removing ubuntu-kernel-accessories (1.538build1) ... 507s Processing triggers for libc-bin (2.39-0ubuntu8) ... 507s Processing triggers for man-db (2.12.0-4build1) ... 507s Processing triggers for initramfs-tools (0.142ubuntu24) ... 507s update-initramfs: Generating /boot/initrd.img-6.8.0-22-generic 507s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 507s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 65868 files and directories currently installed.) 507s Purging configuration files for fontconfig-config (2.15.0-1.1ubuntu2) ... 507s Purging configuration files for intel-microcode (3.20240312.1build1) ... 507s update-initramfs: deferring update (trigger activated) 507s Purging configuration files for firmware-sof-signed (2023.12.1-1ubuntu1) ... 507s Purging configuration files for amd64-microcode (3.20231019.1ubuntu1) ... 507s update-initramfs: deferring update (trigger activated) 507s Purging configuration files for fonts-dejavu-mono (2.37-8) ... 507s Purging configuration files for fonts-dejavu-core (2.37-8) ... 507s Purging configuration files for ieee-data (20220827.1) ... 507s Purging configuration files for libcrypt-dev:amd64 (1:4.4.36-4) ... 507s Processing triggers for initramfs-tools (0.142ubuntu24) ... 507s update-initramfs: Generating /boot/initrd.img-6.8.0-22-generic 507s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 515s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 515s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 515s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 515s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 515s Reading package lists...Reading package lists... 515s autopkgtest [23:39:49]: rebooting testbed after setup commands that affected boot 515s 515s Building dependency tree... 515s Reading state information... 515s Calculating upgrade... 515s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 515s Reading package lists... 515s Building dependency tree... 515s Reading state information... 515s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 534s autopkgtest [23:40:09]: testbed running kernel: Linux 6.8.0-22-generic #22-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 4 22:30:32 UTC 2024 535s autopkgtest [23:40:11]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 550s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (dsc) [5056 B] 550s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (tar) [7983 kB] 550s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main sssd 2.9.4-1.1ubuntu5 (diff) [49.1 kB] 550s gpgv: Signature made Fri Apr 5 14:55:59 2024 UTC 550s gpgv: using RSA key 8AFD08D3D1B817B2DF8982F501AC4B4083590A98 550s gpgv: Can't check signature: No public key 550s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu5.dsc: no acceptable signature found 550s autopkgtest [23:40:18]: testing package sssd version 2.9.4-1.1ubuntu5 551s autopkgtest [23:40:27]: build not needed 1031s autopkgtest [23:48:27]: test ldap-user-group-ldap-auth: preparing testbed 1035s Reading package lists... 1036s Building dependency tree... 1036s Reading state information... 1036s Starting pkgProblemResolver with broken count: 0 1036s Starting 2 pkgProblemResolver with broken count: 0 1036s Done 1036s The following additional packages will be installed: 1036s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 1036s libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 libdhash1t64 1036s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 1036s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 1036s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 1036s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 1036s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 1036s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 1036s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 1036s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 1036s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 1036s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 1036s tcl8.6 1036s Suggested packages: 1036s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 1036s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 1036s Recommended packages: 1036s cracklib-runtime libsasl2-modules-gssapi-mit 1036s | libsasl2-modules-gssapi-heimdal 1037s The following NEW packages will be installed: 1037s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 1037s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 1037s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 1037s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 1037s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 1037s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 1037s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 1037s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 1037s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 1037s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 1037s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 1037s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 1037s tcl-expect tcl8.6 1037s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 1037s Need to get 12.7 MB/12.7 MB of archives. 1037s After this operation, 48.8 MB of additional disk space will be used. 1037s Get:1 /tmp/autopkgtest.NDJ5uc/1-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [864 B] 1037s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libltdl7 amd64 2.4.7-7 [40.5 kB] 1037s Get:3 http://ftpmaster.internal/ubuntu noble/main amd64 libodbc2 amd64 2.3.12-1build2 [158 kB] 1037s Get:4 http://ftpmaster.internal/ubuntu noble/main amd64 slapd amd64 2.6.7+dfsg-1~exp1ubuntu8 [1553 kB] 1037s Get:5 http://ftpmaster.internal/ubuntu noble/main amd64 libtcl8.6 amd64 8.6.14+dfsg-1build1 [988 kB] 1037s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 tcl8.6 amd64 8.6.14+dfsg-1build1 [14.7 kB] 1037s Get:7 http://ftpmaster.internal/ubuntu noble/universe amd64 tcl-expect amd64 5.45.4-2build1 [105 kB] 1037s Get:8 http://ftpmaster.internal/ubuntu noble/universe amd64 expect amd64 5.45.4-2build1 [137 kB] 1037s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 ldap-utils amd64 2.6.7+dfsg-1~exp1ubuntu8 [153 kB] 1037s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu5 [29.6 kB] 1037s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu5 [23.3 kB] 1037s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu5 [26.8 kB] 1037s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 1037s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 1037s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 1037s Get:16 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 1037s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 1037s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 1037s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 1037s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 1037s Get:21 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu5 [17.4 kB] 1037s Get:22 http://ftpmaster.internal/ubuntu noble/universe amd64 libjose0 amd64 11-3build2 [44.3 kB] 1037s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libverto-libevent1t64 amd64 0.3.1-1.2ubuntu3 [6424 B] 1037s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libverto1t64 amd64 0.3.1-1.2ubuntu3 [10.5 kB] 1037s Get:25 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkrad0 amd64 1.20.1-6ubuntu2 [22.2 kB] 1037s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 1037s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1 [46.7 kB] 1037s Get:28 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 1037s Get:29 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu8 [187 kB] 1037s Get:30 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu4 [48.2 kB] 1037s Get:31 http://ftpmaster.internal/ubuntu noble/universe amd64 libnss-sudo all 1.9.15p5-3ubuntu4 [15.1 kB] 1037s Get:32 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3 [7658 B] 1037s Get:33 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3 [13.4 kB] 1037s Get:34 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3 [11.7 kB] 1037s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu8 [70.6 kB] 1037s Get:36 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu8 [6018 kB] 1039s Get:37 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu8 [62.4 kB] 1039s Get:38 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu5 [31.5 kB] 1039s Get:39 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu5 [50.5 kB] 1039s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 python3-sss amd64 2.9.4-1.1ubuntu5 [47.1 kB] 1039s Get:41 http://ftpmaster.internal/ubuntu noble/main amd64 libc-ares2 amd64 1.27.0-1 [73.6 kB] 1039s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu5 [47.2 kB] 1039s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu5 [21.7 kB] 1039s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu5 [30.3 kB] 1039s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-common amd64 2.9.4-1.1ubuntu5 [1139 kB] 1039s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 sssd-idp amd64 2.9.4-1.1ubuntu5 [27.4 kB] 1039s Get:47 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 sssd-passkey amd64 2.9.4-1.1ubuntu5 [32.4 kB] 1039s Get:48 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu5 [77.1 kB] 1039s Get:49 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu5 [88.8 kB] 1039s Get:50 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu5 [136 kB] 1039s Get:51 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu5 [221 kB] 1039s Get:52 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu5 [14.5 kB] 1039s Get:53 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu5 [31.3 kB] 1039s Get:54 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu5 [44.6 kB] 1039s Get:55 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd amd64 2.9.4-1.1ubuntu5 [4110 B] 1039s Get:56 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-dbus amd64 2.9.4-1.1ubuntu5 [104 kB] 1039s Get:57 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 sssd-kcm amd64 2.9.4-1.1ubuntu5 [140 kB] 1039s Get:58 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-tools amd64 2.9.4-1.1ubuntu5 [97.8 kB] 1039s Get:59 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libipa-hbac-dev amd64 2.9.4-1.1ubuntu5 [6662 B] 1039s Get:60 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-certmap-dev amd64 2.9.4-1.1ubuntu5 [5726 B] 1039s Get:61 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-idmap-dev amd64 2.9.4-1.1ubuntu5 [8370 B] 1039s Get:62 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-nss-idmap-dev amd64 2.9.4-1.1ubuntu5 [6708 B] 1039s Get:63 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 libsss-sudo amd64 2.9.4-1.1ubuntu5 [21.2 kB] 1039s Get:64 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 python3-libipa-hbac amd64 2.9.4-1.1ubuntu5 [16.8 kB] 1039s Get:65 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 python3-libsss-nss-idmap amd64 2.9.4-1.1ubuntu5 [9184 B] 1039s Preconfiguring packages ... 1039s Fetched 12.7 MB in 0s (44.1 MB/s) 1039s Selecting previously unselected package libltdl7:amd64. 1039s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 65845 files and directories currently installed.) 1039s Preparing to unpack .../00-libltdl7_2.4.7-7_amd64.deb ... 1039s Unpacking libltdl7:amd64 (2.4.7-7) ... 1039s Selecting previously unselected package libodbc2:amd64. 1039s Preparing to unpack .../01-libodbc2_2.3.12-1build2_amd64.deb ... 1039s Unpacking libodbc2:amd64 (2.3.12-1build2) ... 1039s Selecting previously unselected package slapd. 1039s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 1039s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 1039s Selecting previously unselected package libtcl8.6:amd64. 1039s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 1039s Unpacking libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 1039s Selecting previously unselected package tcl8.6. 1039s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_amd64.deb ... 1039s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 1039s Selecting previously unselected package tcl-expect:amd64. 1039s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_amd64.deb ... 1039s Unpacking tcl-expect:amd64 (5.45.4-2build1) ... 1039s Selecting previously unselected package expect. 1039s Preparing to unpack .../06-expect_5.45.4-2build1_amd64.deb ... 1039s Unpacking expect (5.45.4-2build1) ... 1039s Selecting previously unselected package ldap-utils. 1039s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8_amd64.deb ... 1039s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 1039s Selecting previously unselected package libavahi-common-data:amd64. 1039s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu5_amd64.deb ... 1039s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu5) ... 1039s Selecting previously unselected package libavahi-common3:amd64. 1039s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu5_amd64.deb ... 1039s Unpacking libavahi-common3:amd64 (0.8-13ubuntu5) ... 1039s Selecting previously unselected package libavahi-client3:amd64. 1039s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu5_amd64.deb ... 1039s Unpacking libavahi-client3:amd64 (0.8-13ubuntu5) ... 1039s Selecting previously unselected package libbasicobjects0t64:amd64. 1039s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libcollection4t64:amd64. 1039s Preparing to unpack .../12-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libcrack2:amd64. 1039s Preparing to unpack .../13-libcrack2_2.9.6-5.1build2_amd64.deb ... 1039s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 1039s Selecting previously unselected package libdhash1t64:amd64. 1039s Preparing to unpack .../14-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libevent-2.1-7t64:amd64. 1039s Preparing to unpack .../15-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 1039s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 1039s Selecting previously unselected package libpath-utils1t64:amd64. 1039s Preparing to unpack .../16-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libref-array1t64:amd64. 1039s Preparing to unpack .../17-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libini-config5t64:amd64. 1039s Preparing to unpack .../18-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 1039s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 1039s Selecting previously unselected package libipa-hbac0t64. 1039s Preparing to unpack .../19-libipa-hbac0t64_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libjose0:amd64. 1039s Preparing to unpack .../20-libjose0_11-3build2_amd64.deb ... 1039s Unpacking libjose0:amd64 (11-3build2) ... 1039s Selecting previously unselected package libverto-libevent1t64:amd64. 1039s Preparing to unpack .../21-libverto-libevent1t64_0.3.1-1.2ubuntu3_amd64.deb ... 1039s Unpacking libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 1039s Selecting previously unselected package libverto1t64:amd64. 1039s Preparing to unpack .../22-libverto1t64_0.3.1-1.2ubuntu3_amd64.deb ... 1039s Unpacking libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 1039s Selecting previously unselected package libkrad0:amd64. 1039s Preparing to unpack .../23-libkrad0_1.20.1-6ubuntu2_amd64.deb ... 1039s Unpacking libkrad0:amd64 (1.20.1-6ubuntu2) ... 1039s Selecting previously unselected package libtalloc2:amd64. 1039s Preparing to unpack .../24-libtalloc2_2.4.2-1build2_amd64.deb ... 1039s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 1039s Selecting previously unselected package libtdb1:amd64. 1039s Preparing to unpack .../25-libtdb1_1.4.10-1_amd64.deb ... 1039s Unpacking libtdb1:amd64 (1.4.10-1) ... 1039s Selecting previously unselected package libtevent0t64:amd64. 1039s Preparing to unpack .../26-libtevent0t64_0.16.1-2build1_amd64.deb ... 1039s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 1039s Selecting previously unselected package libldb2:amd64. 1039s Preparing to unpack .../27-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu8_amd64.deb ... 1039s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 1039s Selecting previously unselected package libnfsidmap1:amd64. 1039s Preparing to unpack .../28-libnfsidmap1_1%3a2.6.4-3ubuntu4_amd64.deb ... 1039s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu4) ... 1039s Selecting previously unselected package libnss-sudo. 1039s Preparing to unpack .../29-libnss-sudo_1.9.15p5-3ubuntu4_all.deb ... 1039s Unpacking libnss-sudo (1.9.15p5-3ubuntu4) ... 1039s Selecting previously unselected package libpwquality-common. 1039s Preparing to unpack .../30-libpwquality-common_1.4.5-3_all.deb ... 1039s Unpacking libpwquality-common (1.4.5-3) ... 1039s Selecting previously unselected package libpwquality1:amd64. 1039s Preparing to unpack .../31-libpwquality1_1.4.5-3_amd64.deb ... 1039s Unpacking libpwquality1:amd64 (1.4.5-3) ... 1039s Selecting previously unselected package libpam-pwquality:amd64. 1039s Preparing to unpack .../32-libpam-pwquality_1.4.5-3_amd64.deb ... 1039s Unpacking libpam-pwquality:amd64 (1.4.5-3) ... 1039s Selecting previously unselected package libwbclient0:amd64. 1039s Preparing to unpack .../33-libwbclient0_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1039s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1039s Selecting previously unselected package samba-libs:amd64. 1039s Preparing to unpack .../34-samba-libs_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1039s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1039s Selecting previously unselected package libsmbclient0:amd64. 1039s Preparing to unpack .../35-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1039s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1039s Selecting previously unselected package libnss-sss:amd64. 1039s Preparing to unpack .../36-libnss-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libpam-sss:amd64. 1039s Preparing to unpack .../37-libpam-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package python3-sss. 1039s Preparing to unpack .../38-python3-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking python3-sss (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libc-ares2:amd64. 1039s Preparing to unpack .../39-libc-ares2_1.27.0-1_amd64.deb ... 1039s Unpacking libc-ares2:amd64 (1.27.0-1) ... 1039s Selecting previously unselected package libsss-certmap0. 1039s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libsss-idmap0. 1039s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libsss-nss-idmap0. 1039s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-common. 1039s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-common (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-idp. 1039s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-idp (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-passkey. 1039s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-passkey (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-ad-common. 1039s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-ad-common (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-krb5-common. 1039s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-ad. 1039s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-ad (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-ipa. 1039s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-ipa (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-krb5. 1039s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-krb5 (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-ldap. 1039s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-ldap (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-proxy. 1039s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-proxy (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd. 1039s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-dbus. 1039s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-dbus (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-kcm. 1039s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-kcm (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package sssd-tools. 1039s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking sssd-tools (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libipa-hbac-dev. 1039s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu5) ... 1039s Selecting previously unselected package libsss-certmap-dev. 1039s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu5_amd64.deb ... 1039s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package libsss-idmap-dev. 1040s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu5_amd64.deb ... 1040s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package libsss-nss-idmap-dev. 1040s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu5_amd64.deb ... 1040s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package libsss-sudo. 1040s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu5_amd64.deb ... 1040s Unpacking libsss-sudo (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package python3-libipa-hbac. 1040s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu5_amd64.deb ... 1040s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package python3-libsss-nss-idmap. 1040s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu5_amd64.deb ... 1040s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu5) ... 1040s Selecting previously unselected package autopkgtest-satdep. 1040s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 1040s Unpacking autopkgtest-satdep (0) ... 1040s Setting up libpwquality-common (1.4.5-3) ... 1040s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu4) ... 1040s Setting up libsss-idmap0 (2.9.4-1.1ubuntu5) ... 1040s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 1040s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu5) ... 1040s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu5) ... 1040s Setting up libtdb1:amd64 (1.4.10-1) ... 1040s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 1040s Setting up libc-ares2:amd64 (1.27.0-1) ... 1040s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8) ... 1040s Setting up libjose0:amd64 (11-3build2) ... 1040s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1040s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 1040s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libavahi-common-data:amd64 (0.8-13ubuntu5) ... 1040s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libtcl8.6:amd64 (8.6.14+dfsg-1build1) ... 1040s Setting up libltdl7:amd64 (2.4.7-7) ... 1040s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 1040s Setting up libodbc2:amd64 (2.3.12-1build2) ... 1040s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu5) ... 1040s Setting up libnss-sudo (1.9.15p5-3ubuntu4) ... 1040s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 1040s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 1040s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 1040s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu5) ... 1040s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8) ... 1040s Creating new user openldap... done. 1040s Creating initial configuration... done. 1040s Creating LDAP directory... done. 1041s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 1041s Setting up libsss-sudo (2.9.4-1.1ubuntu5) ... 1041s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu5) ... 1041s Setting up libavahi-common3:amd64 (0.8-13ubuntu5) ... 1041s Setting up tcl-expect:amd64 (5.45.4-2build1) ... 1041s Setting up libsss-certmap0 (2.9.4-1.1ubuntu5) ... 1041s Setting up libpwquality1:amd64 (1.4.5-3) ... 1041s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu5) ... 1041s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 1041s Setting up libavahi-client3:amd64 (0.8-13ubuntu5) ... 1041s Setting up expect (5.45.4-2build1) ... 1041s Setting up libpam-pwquality:amd64 (1.4.5-3) ... 1041s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1041s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu5) ... 1041s Setting up python3-sss (2.9.4-1.1ubuntu5) ... 1041s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1041s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu5) ... 1041s Setting up sssd-common (2.9.4-1.1ubuntu5) ... 1041s Creating SSSD system user & group... 1041s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 1041s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 1041s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 1041s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 1042s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 1042s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 1042s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 1042s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 1043s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 1043s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 1043s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 1050s sssd-autofs.service is a disabled or a static unit, not starting it. 1050s sssd-nss.service is a disabled or a static unit, not starting it. 1050s sssd-pam.service is a disabled or a static unit, not starting it. 1050s sssd-ssh.service is a disabled or a static unit, not starting it. 1050s sssd-sudo.service is a disabled or a static unit, not starting it. 1050s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1050s Setting up sssd-proxy (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-kcm (2.9.4-1.1ubuntu5) ... 1050s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 1050s sssd-kcm.service is a disabled or a static unit, not starting it. 1050s Setting up sssd-dbus (2.9.4-1.1ubuntu5) ... 1050s sssd-ifp.service is a disabled or a static unit, not starting it. 1050s Setting up sssd-ad-common (2.9.4-1.1ubuntu5) ... 1050s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 1050s sssd-pac.service is a disabled or a static unit, not starting it. 1050s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1050s Setting up sssd-krb5-common (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-krb5 (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-ldap (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-ad (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-tools (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-ipa (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd (2.9.4-1.1ubuntu5) ... 1050s Setting up libverto-libevent1t64:amd64 (0.3.1-1.2ubuntu3) ... 1050s Setting up libverto1t64:amd64 (0.3.1-1.2ubuntu3) ... 1050s Setting up libkrad0:amd64 (1.20.1-6ubuntu2) ... 1050s Setting up sssd-passkey (2.9.4-1.1ubuntu5) ... 1050s Setting up sssd-idp (2.9.4-1.1ubuntu5) ... 1050s Setting up autopkgtest-satdep (0) ... 1050s Processing triggers for libc-bin (2.39-0ubuntu8) ... 1050s Processing triggers for ufw (0.36.2-5) ... 1050s Processing triggers for man-db (2.12.0-4build1) ... 1050s Processing triggers for dbus (1.14.10-4ubuntu3) ... 1051s (Reading database ... 67140 files and directories currently installed.) 1051s Removing autopkgtest-satdep (0) ... 1051s autopkgtest [23:48:47]: test ldap-user-group-ldap-auth: [----------------------- 1051s + . debian/tests/util 1051s + . debian/tests/common-tests 1051s + mydomain=example.com 1051s + myhostname=ldap.example.com 1051s + mysuffix=dc=example,dc=com 1051s + admin_dn=cn=admin,dc=example,dc=com 1051s + admin_pw=secret 1051s + ldap_user=testuser1 1051s + ldap_user_pw=testuser1secret 1051s + ldap_group=ldapusers 1051s + adjust_hostname ldap.example.com 1051s + local myhostname=ldap.example.com 1051s + echo ldap.example.com 1051s + hostname ldap.example.com 1051s + grep -qE ldap.example.com /etc/hosts 1051s + echo 127.0.1.10 ldap.example.com 1051s + reconfigure_slapd 1051s + debconf-set-selections 1052s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 1052s + dpkg-reconfigure -fnoninteractive -pcritical slapd 1052s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 1052s Moving old database directory to /var/backups: 1052s - directory unknown... done. 1052s Creating initial configuration... done. 1052s Creating LDAP directory... done. 1052s + generate_certs ldap.example.com 1052s + local cn=ldap.example.com 1052s + local cert=/etc/ldap/server.pem 1052s + local key=/etc/ldap/server.key 1052s + local cnf=/etc/ldap/openssl.cnf 1052s + cat 1052s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 1052s ..............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1052s ................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1052s ----- 1052s + chmod 0640 /etc/ldap/server.key 1052s + chgrp openldap /etc/ldap/server.key 1052s + [ ! -f /etc/ldap/server.pem ] 1052s + [ ! -f /etc/ldap/server.key ] 1052s + enable_ldap_ssl 1052s + cat 1052s + cat 1052s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 1052s modifying entry "cn=config" 1052s 1052s + populate_ldap_rfc2307 1052s + cat 1052s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 1052s adding new entry "ou=People,dc=example,dc=com" 1052s 1052s adding new entry "ou=Group,dc=example,dc=com" 1052s 1052s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 1052s 1052s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 1052s 1052s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 1052s 1052s + configure_sssd_ldap_rfc2307 1052s + cat 1052s + chmod 0600 /etc/sssd/sssd.conf 1052s + systemctl restart sssd 1053s + enable_pam_mkhomedir 1053s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 1053s + echo session optional pam_mkhomedir.so 1053s + run_common_tests 1053s + echo Assert local user databases do not have our LDAP test dataAssert local user databases do not have our LDAP test data 1053s 1053s + check_local_user testuser1 1053s + local local_user=testuser1 1053s + grep -q ^testuser1 /etc/passwd 1053s + check_local_group testuser1 1053s + local local_group=testuser1 1053s + grep -q ^testuser1 /etc/group 1053s + check_local_group ldapusers 1053s + local local_group=ldapusers 1053s + grep -q ^ldapusers /etc/group 1053s The LDAP user is known to the system via getent 1053s + echo The LDAP user is known to the system via getent 1053s + check_getent_user testuser1 1053s + local getent_user=testuser1 1053s + local output 1053s + getent passwd testuser1 1053s The LDAP user's private group is known to the system via getent 1053s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 1053s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 1053s + echo The LDAP user's private group is known to the system via getent 1053s + check_getent_group testuser1 1053s + local getent_group=testuser1 1053s + local output 1053s + getent group testuser1 1053s + output=testuser1:*:10001:testuser1 1053s + [ -z testuser1:*:10001:testuser1 ] 1053s + echo The LDAP group ldapusers is known to the system via getent 1053s + check_getent_group ldapusers 1053s + local getent_group=ldapusers 1053s + local output 1053s The LDAP group ldapusers is known to the system via getent 1053s + getent group ldapusers 1053s The id(1) command can resolve the group membership of the LDAP user 1053s + output=ldapusers:*:10100:testuser1 1053s + [ -z ldapusers:*:10100:testuser1 ] 1053s + echo The id(1) command can resolve the group membership of the LDAP user 1053s + id -Gn testuser1 1053s The LDAP user can login on a terminal 1053s + output=testuser1 ldapusers 1053s + [ testuser1 ldapusers != testuser1 ldapusers ] 1053s + echo The LDAP user can login on a terminal 1053s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 1053s spawn login 1053s ldap.example.com login: testuser1 1053s Password: 1053s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-22-generic x86_64) 1053s 1053s * Documentation: https://help.ubuntu.com 1053s * Management: https://landscape.canonical.com 1053s * Support: https://ubuntu.com/pro 1053s 1053s 1053s The programs included with the Ubuntu system are free software; 1053s the exact distribution terms for each program are described in the 1053s individual files in /usr/share/doc/*/copyright. 1053s 1053s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 1053s applicable law. 1053s 1053s 1053s The programs included with the Ubuntu system are free software; 1053s the exact distribution terms for each program are described in the 1053s individual files in /usr/share/doc/*/copyright. 1053s 1053s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 1053s applicable law. 1053s 1053s Creating directory '/home/testuser1'. 1053s [?2004htestuser1@ldap:~$ id -un 1053s [?2004l testuser1 1053s [?2004htestuser1@ldap:~$ autopkgtest [23:48:49]: test ldap-user-group-ldap-auth: -----------------------] 1053s autopkgtest [23:48:49]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 1053s ldap-user-group-ldap-auth PASS 1053s autopkgtest [23:48:49]: test ldap-user-group-krb5-auth: preparing testbed 1064s Reading package lists... 1064s Building dependency tree... 1064s Reading state information... 1064s Starting pkgProblemResolver with broken count: 0 1064s Starting 2 pkgProblemResolver with broken count: 0 1064s Done 1064s The following additional packages will be installed: 1064s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 1064s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 1064s Suggested packages: 1064s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 1064s The following NEW packages will be installed: 1064s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 1064s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 1064s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 1064s Need to get 599 kB/600 kB of archives. 1064s After this operation, 2119 kB of additional disk space will be used. 1064s Get:1 /tmp/autopkgtest.NDJ5uc/2-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [892 B] 1064s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 krb5-config all 2.7 [22.0 kB] 1064s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libgssrpc4t64 amd64 1.20.1-6ubuntu2 [57.6 kB] 1064s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkadm5clnt-mit12 amd64 1.20.1-6ubuntu2 [40.1 kB] 1064s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkdb5-10t64 amd64 1.20.1-6ubuntu2 [40.3 kB] 1064s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libkadm5srv-mit12 amd64 1.20.1-6ubuntu2 [53.0 kB] 1064s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 krb5-user amd64 1.20.1-6ubuntu2 [109 kB] 1064s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 krb5-kdc amd64 1.20.1-6ubuntu2 [182 kB] 1064s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 krb5-admin-server amd64 1.20.1-6ubuntu2 [95.9 kB] 1065s Preconfiguring packages ... 1067s Fetched 599 kB in 0s (14.9 MB/s) 1067s Selecting previously unselected package krb5-config. 1067s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 67140 files and directories currently installed.) 1067s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 1067s Unpacking krb5-config (2.7) ... 1067s Selecting previously unselected package libgssrpc4t64:amd64. 1067s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package libkadm5clnt-mit12:amd64. 1067s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package libkdb5-10t64:amd64. 1067s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package libkadm5srv-mit12:amd64. 1067s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package krb5-user. 1067s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking krb5-user (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package krb5-kdc. 1067s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking krb5-kdc (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package krb5-admin-server. 1067s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2_amd64.deb ... 1067s Unpacking krb5-admin-server (1.20.1-6ubuntu2) ... 1067s Selecting previously unselected package autopkgtest-satdep. 1067s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 1067s Unpacking autopkgtest-satdep (0) ... 1067s Setting up libgssrpc4t64:amd64 (1.20.1-6ubuntu2) ... 1067s Setting up krb5-config (2.7) ... 1067s Setting up libkadm5clnt-mit12:amd64 (1.20.1-6ubuntu2) ... 1067s Setting up libkdb5-10t64:amd64 (1.20.1-6ubuntu2) ... 1067s Setting up libkadm5srv-mit12:amd64 (1.20.1-6ubuntu2) ... 1067s Setting up krb5-user (1.20.1-6ubuntu2) ... 1067s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 1067s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 1067s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 1067s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 1067s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 1067s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 1067s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 1067s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 1067s Setting up krb5-kdc (1.20.1-6ubuntu2) ... 1067s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 1067s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1067s Setting up krb5-admin-server (1.20.1-6ubuntu2) ... 1067s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 1068s Setting up autopkgtest-satdep (0) ... 1068s Processing triggers for man-db (2.12.0-4build1) ... 1068s Processing triggers for libc-bin (2.39-0ubuntu8) ... 1096s (Reading database ... 67235 files and directories currently installed.) 1096s Removing autopkgtest-satdep (0) ... 1096s autopkgtest [23:49:32]: test ldap-user-group-krb5-auth: [----------------------- 1096s + . debian/tests/util 1096s + . debian/tests/common-tests 1096s + mydomain=example.com 1096s + myhostname=ldap.example.com 1096s + mysuffix=dc=example,dc=com 1096s + myrealm=EXAMPLE.COM 1096s + admin_dn=cn=admin,dc=example,dc=com 1096s + admin_pw=secret 1096s + ldap_user=testuser1 1096s + ldap_user_pw=testuser1secret 1096s + kerberos_principal_pw=testuser1kerberos 1096s + ldap_group=ldapusers 1096s + adjust_hostname ldap.example.com 1096s + local myhostname=ldap.example.com 1096s + echo ldap.example.com 1096s + hostname ldap.example.com 1096s + grep -qE ldap.example.com /etc/hosts 1096s + reconfigure_slapd 1096s + debconf-set-selections 1096s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8-20240409-234848.ldapdb 1096s + dpkg-reconfigure -fnoninteractive -pcritical slapd 1096s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8... done. 1096s Moving old database directory to /var/backups: 1096s - directory unknown... done. 1097s Creating initial configuration... done. 1097s Creating LDAP directory... done. 1097s + generate_certs ldap.example.com 1097s + local cn=ldap.example.com 1097s + local cert=/etc/ldap/server.pem 1097s + local key=/etc/ldap/server.key 1097s + local cnf=/etc/ldap/openssl.cnf 1097s + cat 1097s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 1097s .......................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1097s ......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1097s ----- 1097s + chmod 0640 /etc/ldap/server.key 1097s + chgrp openldap /etc/ldap/server.key 1097s + [ ! -f /etc/ldap/server.pem ] 1097s + [ ! -f /etc/ldap/server.key ] 1097s + enable_ldap_ssl 1097s + cat 1097s + cat 1097s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 1097s modifying entry "cn=config" 1097s 1097s + populate_ldap_rfc2307 1097s + cat 1097s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 1097s adding new entry "ou=People,dc=example,dc=com" 1097s 1097s adding new entry "ou=Group,dc=example,dc=com" 1097s 1097s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 1097s 1097s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 1097s 1097s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 1097s 1097s + create_realm EXAMPLE.COM ldap.example.com 1097s + local realm_name=EXAMPLE.COM 1097s + local kerberos_server=ldap.example.com 1097s + rm -rf /var/lib/krb5kdc/* 1097s + rm -rf /etc/krb5kdc/kdc.conf 1097s + rm -f /etc/krb5.keytab 1097s + cat 1097s + cat 1097s + echo # */admin * 1097s + kdb5_util create -s -P secretpassword 1097s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 1097s master key name 'K/M@EXAMPLE.COM' 1097s + systemctl restart krb5-kdc.service krb5-admin-server.service 1097s + create_krb_principal testuser1 testuser1kerberos 1097s + local principal=testuser1 1097s + local password=testuser1kerberos 1097s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 1097s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 1097s Authenticating as principal root/admin@EXAMPLE.COM with password. 1097s Principal "testuser1@EXAMPLE.COM" created. 1097s + configure_sssd_ldap_rfc2307_krb5_auth 1097s + cat 1097s + chmod 0600 /etc/sssd/sssd.conf 1097s + systemctl restart sssd 1097s + enable_pam_mkhomedir 1097s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 1097s Assert local user databases do not have our LDAP test data 1097s + run_common_tests 1097s + echo Assert local user databases do not have our LDAP test data 1097s + check_local_user testuser1 1097s + local local_user=testuser1 1097s + grep -q ^testuser1 /etc/passwd 1097s + check_local_group testuser1 1097s + local local_group=testuser1 1097s + grep -q ^testuser1 /etc/group 1097s The LDAP user is known to the system via getent 1097s + check_local_group ldapusers 1097s + local local_group=ldapusers 1097s + grep -q ^ldapusers /etc/group 1097s + echo The LDAP user is known to the system via getent 1097s + check_getent_user testuser1 1097s + local getent_user=testuser1 1097s + local output 1097s + getent passwd testuser1 1097s The LDAP user's private group is known to the system via getent 1097s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 1097s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 1097s + echo The LDAP user's private group is known to the system via getent 1097s + check_getent_group testuser1 1097s + local getent_group=testuser1 1097s + local output 1097s + getent group testuser1 1097s + The LDAP group ldapusers is known to the system via getent 1098s output=testuser1:*:10001:testuser1 1098s + [ -z testuser1:*:10001:testuser1 ] 1098s + echo The LDAP group ldapusers is known to the system via getent 1098s + check_getent_group ldapusers 1098s + local getent_group=ldapusers 1098s + local output 1098s + getent group ldapusers 1098s + output=ldapusers:*:10100:testuser1 1098s + [ -z ldapusers:*:10100:testuser1 ] 1098s + echo The id(1) command can resolve the group membership of the LDAP user 1098s + The id(1) command can resolve the group membership of the LDAP user 1098s id -Gn testuser1 1098s + output=testuser1 ldapusers 1098s + [ testuser1 ldapusers != testuser1 ldapusers ] 1098s + echo The Kerberos principal can login on a terminal 1098s + kdestroy 1098s The Kerberos principal can login on a terminal 1098s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 1098s spawn login 1098s ldap.example.com login: testuser1 1098s Password: 1098s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-22-generic x86_64) 1098s 1098s * Documentation: https://help.ubuntu.com 1098s * Management: https://landscape.canonical.com 1098s * Support: https://ubuntu.com/pro 1098s 1098s 1098s The programs included with the Ubuntu system are free software; 1098s the exact distribution terms for each program are described in the 1098s individual files in /usr/share/doc/*/copyright. 1098s 1098s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 1098s applicable law. 1098s 1098s [?2004htestuser1@ldap:~$ id -un 1098s [?2004l testuser1 1098s [?2004htestuser1@ldap:~$ klist 1098s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_StBwOs 1098s Default principal: testuser1@EXAMPLE.COM 1098s 1098s Valid starting Expires Service principal 1098s 04/09/24 23:49:34 04/10/24 09:49:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM 1098s renew until 04/10/24 23:49:34 1098s autopkgtest [23:49:34]: test ldap-user-group-krb5-auth: -----------------------] 1100s ldap-user-group-krb5-auth PASS 1100s autopkgtest [23:49:36]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 1100s autopkgtest [23:49:36]: test sssd-softhism2-certificates-tests.sh: preparing testbed 1674s autopkgtest [23:59:10]: testbed dpkg architecture: amd64 1676s autopkgtest [23:59:12]: testbed apt version: 2.7.14build2 1676s autopkgtest [23:59:12]: @@@@@@@@@@@@@@@@@@@@ test bed setup 1686s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 1686s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [4796 B] 1686s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [6468 B] 1686s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [610 kB] 1686s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [334 kB] 1686s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 Packages [352 kB] 1686s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main i386 Packages [265 kB] 1686s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 c-n-f Metadata [3508 B] 1686s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted i386 Packages [3680 B] 1686s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 Packages [20.0 kB] 1686s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted amd64 c-n-f Metadata [116 B] 1686s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/universe i386 Packages [391 kB] 1686s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 Packages [768 kB] 1686s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe amd64 c-n-f Metadata [9396 B] 1686s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse i386 Packages [716 B] 1686s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 Packages [3580 B] 1686s Get:17 http://ftpmaster.internal/ubuntu noble-proposed/multiverse amd64 c-n-f Metadata [196 B] 1686s Fetched 2890 kB in 1s (5519 kB/s) 1686s Reading package lists... 1687s Reading package lists... 1688s Building dependency tree... 1688s Reading state information... 1688s Calculating upgrade... 1688s The following packages will be upgraded: 1688s curl libcurl3t64-gnutls libcurl4t64 linux-firmware 1688s 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1688s Need to get 476 MB of archives. 1688s After this operation, 5723 kB of additional disk space will be used. 1688s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 curl amd64 8.5.0-2ubuntu10 [227 kB] 1688s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libcurl4t64 amd64 8.5.0-2ubuntu10 [340 kB] 1688s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libcurl3t64-gnutls amd64 8.5.0-2ubuntu10 [333 kB] 1688s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 linux-firmware amd64 20240318.git3b128b60-0ubuntu2 [475 MB] 1696s Fetched 476 MB in 3s (144 MB/s) 1696s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73681 files and directories currently installed.) 1696s Preparing to unpack .../curl_8.5.0-2ubuntu10_amd64.deb ... 1696s Unpacking curl (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 1696s Preparing to unpack .../libcurl4t64_8.5.0-2ubuntu10_amd64.deb ... 1696s Unpacking libcurl4t64:amd64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 1696s Preparing to unpack .../libcurl3t64-gnutls_8.5.0-2ubuntu10_amd64.deb ... 1696s Unpacking libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10) over (8.5.0-2ubuntu9) ... 1696s Preparing to unpack .../linux-firmware_20240318.git3b128b60-0ubuntu2_amd64.deb ... 1696s Unpacking linux-firmware (20240318.git3b128b60-0ubuntu2) over (20240202.git36777504-0ubuntu1) ... 1696s Setting up libcurl4t64:amd64 (8.5.0-2ubuntu10) ... 1696s Setting up linux-firmware (20240318.git3b128b60-0ubuntu2) ... 1696s Setting up libcurl3t64-gnutls:amd64 (8.5.0-2ubuntu10) ... 1696s Setting up curl (8.5.0-2ubuntu10) ... 1696s Processing triggers for man-db (2.12.0-4build1) ... 1696s Processing triggers for libc-bin (2.39-0ubuntu8) ... 1696s Processing triggers for initramfs-tools (0.142ubuntu24) ... 1696s update-initramfs: Generating /boot/initrd.img-6.8.0-22-generic 1696s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 1704s Reading package lists... 1704s Building dependency tree... 1704s Reading state information... 1705s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1705s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 1705s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 1705s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 1705s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 1714s Reading package lists... 1714s Reading package lists...autopkgtest [23:59:44]: rebooting testbed after setup commands that affected boot 1714s 1714s Building dependency tree... 1714s Reading state information... 1714s Calculating upgrade... 1714s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1714s Reading package lists... 1714s Building dependency tree... 1714s Reading state information... 1714s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1861s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 1877s Reading package lists... 1877s Building dependency tree... 1877s Reading state information... 1877s Starting pkgProblemResolver with broken count: 0 1877s Starting 2 pkgProblemResolver with broken count: 0 1877s Done 1878s The following additional packages will be installed: 1878s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 1878s libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 libdhash1t64 1878s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 1878s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 1878s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 1878s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 1878s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 1878s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 1878s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 1878s Suggested packages: 1878s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 1878s Recommended packages: 1878s cracklib-runtime libsasl2-modules-gssapi-mit 1878s | libsasl2-modules-gssapi-heimdal ldap-utils 1878s The following NEW packages will be installed: 1878s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 1878s libavahi-common3 libbasicobjects0t64 libc-ares2 libcollection4t64 libcrack2 1878s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 1878s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 1878s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 1878s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 1878s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 1878s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 1878s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 1878s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 1878s Need to get 10.1 MB/10.1 MB of archives. 1878s After this operation, 39.2 MB of additional disk space will be used. 1878s Get:1 /tmp/autopkgtest.NDJ5uc/3-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [744 B] 1878s Get:2 http://ftpmaster.internal/ubuntu noble/main amd64 libevent-2.1-7t64 amd64 2.1.12-stable-9ubuntu2 [145 kB] 1878s Get:3 http://ftpmaster.internal/ubuntu noble/main amd64 libunbound8 amd64 1.19.2-1ubuntu3 [440 kB] 1878s Get:4 http://ftpmaster.internal/ubuntu noble/main amd64 libgnutls-dane0t64 amd64 3.8.3-1.1ubuntu3 [23.5 kB] 1878s Get:5 http://ftpmaster.internal/ubuntu noble/universe amd64 gnutls-bin amd64 3.8.3-1.1ubuntu3 [270 kB] 1878s Get:6 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common-data amd64 0.8-13ubuntu5 [29.6 kB] 1878s Get:7 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-common3 amd64 0.8-13ubuntu5 [23.3 kB] 1878s Get:8 http://ftpmaster.internal/ubuntu noble/main amd64 libavahi-client3 amd64 0.8-13ubuntu5 [26.8 kB] 1878s Get:9 http://ftpmaster.internal/ubuntu noble/main amd64 libbasicobjects0t64 amd64 0.6.2-2.1build1 [5854 B] 1878s Get:10 http://ftpmaster.internal/ubuntu noble/main amd64 libcollection4t64 amd64 0.6.2-2.1build1 [22.8 kB] 1878s Get:11 http://ftpmaster.internal/ubuntu noble/main amd64 libcrack2 amd64 2.9.6-5.1build2 [29.0 kB] 1878s Get:12 http://ftpmaster.internal/ubuntu noble/main amd64 libdhash1t64 amd64 0.6.2-2.1build1 [8614 B] 1878s Get:13 http://ftpmaster.internal/ubuntu noble/main amd64 libpath-utils1t64 amd64 0.6.2-2.1build1 [8744 B] 1878s Get:14 http://ftpmaster.internal/ubuntu noble/main amd64 libref-array1t64 amd64 0.6.2-2.1build1 [7420 B] 1878s Get:15 http://ftpmaster.internal/ubuntu noble/main amd64 libini-config5t64 amd64 0.6.2-2.1build1 [43.5 kB] 1878s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libipa-hbac0t64 amd64 2.9.4-1.1ubuntu5 [17.4 kB] 1878s Get:17 http://ftpmaster.internal/ubuntu noble/main amd64 libtalloc2 amd64 2.4.2-1build2 [27.3 kB] 1878s Get:18 http://ftpmaster.internal/ubuntu noble/main amd64 libtdb1 amd64 1.4.10-1 [46.7 kB] 1878s Get:19 http://ftpmaster.internal/ubuntu noble/main amd64 libtevent0t64 amd64 0.16.1-2build1 [42.6 kB] 1878s Get:20 http://ftpmaster.internal/ubuntu noble/main amd64 libldb2 amd64 2:2.8.0+samba4.19.5+dfsg-4ubuntu8 [187 kB] 1878s Get:21 http://ftpmaster.internal/ubuntu noble/main amd64 libnfsidmap1 amd64 1:2.6.4-3ubuntu4 [48.2 kB] 1878s Get:22 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality-common all 1.4.5-3 [7658 B] 1878s Get:23 http://ftpmaster.internal/ubuntu noble/main amd64 libpwquality1 amd64 1.4.5-3 [13.4 kB] 1878s Get:24 http://ftpmaster.internal/ubuntu noble/main amd64 libpam-pwquality amd64 1.4.5-3 [11.7 kB] 1878s Get:25 http://ftpmaster.internal/ubuntu noble/main amd64 libwbclient0 amd64 2:4.19.5+dfsg-4ubuntu8 [70.6 kB] 1878s Get:26 http://ftpmaster.internal/ubuntu noble/main amd64 samba-libs amd64 2:4.19.5+dfsg-4ubuntu8 [6018 kB] 1878s Get:27 http://ftpmaster.internal/ubuntu noble/main amd64 libsmbclient0 amd64 2:4.19.5+dfsg-4ubuntu8 [62.4 kB] 1878s Get:28 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2-common amd64 2.6.1-2.2ubuntu3 [6198 B] 1878s Get:29 http://ftpmaster.internal/ubuntu noble/universe amd64 libsofthsm2 amd64 2.6.1-2.2ubuntu3 [266 kB] 1878s Get:30 http://ftpmaster.internal/ubuntu noble/universe amd64 softhsm2 amd64 2.6.1-2.2ubuntu3 [175 kB] 1878s Get:31 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 python3-sss amd64 2.9.4-1.1ubuntu5 [47.1 kB] 1878s Get:32 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-idmap0 amd64 2.9.4-1.1ubuntu5 [21.7 kB] 1878s Get:33 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libnss-sss amd64 2.9.4-1.1ubuntu5 [31.5 kB] 1878s Get:34 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libpam-sss amd64 2.9.4-1.1ubuntu5 [50.5 kB] 1878s Get:35 http://ftpmaster.internal/ubuntu noble/main amd64 libc-ares2 amd64 1.27.0-1 [73.6 kB] 1878s Get:36 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-certmap0 amd64 2.9.4-1.1ubuntu5 [47.2 kB] 1878s Get:37 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 libsss-nss-idmap0 amd64 2.9.4-1.1ubuntu5 [30.3 kB] 1878s Get:38 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-common amd64 2.9.4-1.1ubuntu5 [1139 kB] 1878s Get:39 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ad-common amd64 2.9.4-1.1ubuntu5 [77.1 kB] 1878s Get:40 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-krb5-common amd64 2.9.4-1.1ubuntu5 [88.8 kB] 1878s Get:41 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ad amd64 2.9.4-1.1ubuntu5 [136 kB] 1878s Get:42 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ipa amd64 2.9.4-1.1ubuntu5 [221 kB] 1878s Get:43 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-krb5 amd64 2.9.4-1.1ubuntu5 [14.5 kB] 1878s Get:44 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-ldap amd64 2.9.4-1.1ubuntu5 [31.3 kB] 1878s Get:45 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd-proxy amd64 2.9.4-1.1ubuntu5 [44.6 kB] 1878s Get:46 http://ftpmaster.internal/ubuntu noble-proposed/main amd64 sssd amd64 2.9.4-1.1ubuntu5 [4110 B] 1878s Fetched 10.1 MB in 0s (53.1 MB/s) 1878s Selecting previously unselected package libevent-2.1-7t64:amd64. 1879s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 73743 files and directories currently installed.) 1879s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_amd64.deb ... 1879s Unpacking libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 1879s Selecting previously unselected package libunbound8:amd64. 1879s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3_amd64.deb ... 1879s Unpacking libunbound8:amd64 (1.19.2-1ubuntu3) ... 1879s Selecting previously unselected package libgnutls-dane0t64:amd64. 1879s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3_amd64.deb ... 1879s Unpacking libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3) ... 1879s Selecting previously unselected package gnutls-bin. 1879s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3_amd64.deb ... 1879s Unpacking gnutls-bin (3.8.3-1.1ubuntu3) ... 1879s Selecting previously unselected package libavahi-common-data:amd64. 1879s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu5_amd64.deb ... 1879s Unpacking libavahi-common-data:amd64 (0.8-13ubuntu5) ... 1879s Selecting previously unselected package libavahi-common3:amd64. 1879s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu5_amd64.deb ... 1879s Unpacking libavahi-common3:amd64 (0.8-13ubuntu5) ... 1879s Selecting previously unselected package libavahi-client3:amd64. 1879s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu5_amd64.deb ... 1879s Unpacking libavahi-client3:amd64 (0.8-13ubuntu5) ... 1879s Selecting previously unselected package libbasicobjects0t64:amd64. 1879s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libcollection4t64:amd64. 1879s Preparing to unpack .../08-libcollection4t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libcollection4t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libcrack2:amd64. 1879s Preparing to unpack .../09-libcrack2_2.9.6-5.1build2_amd64.deb ... 1879s Unpacking libcrack2:amd64 (2.9.6-5.1build2) ... 1879s Selecting previously unselected package libdhash1t64:amd64. 1879s Preparing to unpack .../10-libdhash1t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libdhash1t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libpath-utils1t64:amd64. 1879s Preparing to unpack .../11-libpath-utils1t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libref-array1t64:amd64. 1879s Preparing to unpack .../12-libref-array1t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libref-array1t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libini-config5t64:amd64. 1879s Preparing to unpack .../13-libini-config5t64_0.6.2-2.1build1_amd64.deb ... 1879s Unpacking libini-config5t64:amd64 (0.6.2-2.1build1) ... 1879s Selecting previously unselected package libipa-hbac0t64. 1879s Preparing to unpack .../14-libipa-hbac0t64_2.9.4-1.1ubuntu5_amd64.deb ... 1879s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 1879s Selecting previously unselected package libtalloc2:amd64. 1879s Preparing to unpack .../15-libtalloc2_2.4.2-1build2_amd64.deb ... 1879s Unpacking libtalloc2:amd64 (2.4.2-1build2) ... 1879s Selecting previously unselected package libtdb1:amd64. 1879s Preparing to unpack .../16-libtdb1_1.4.10-1_amd64.deb ... 1879s Unpacking libtdb1:amd64 (1.4.10-1) ... 1879s Selecting previously unselected package libtevent0t64:amd64. 1879s Preparing to unpack .../17-libtevent0t64_0.16.1-2build1_amd64.deb ... 1879s Unpacking libtevent0t64:amd64 (0.16.1-2build1) ... 1879s Selecting previously unselected package libldb2:amd64. 1879s Preparing to unpack .../18-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu8_amd64.deb ... 1879s Unpacking libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 1879s Selecting previously unselected package libnfsidmap1:amd64. 1879s Preparing to unpack .../19-libnfsidmap1_1%3a2.6.4-3ubuntu4_amd64.deb ... 1879s Unpacking libnfsidmap1:amd64 (1:2.6.4-3ubuntu4) ... 1879s Selecting previously unselected package libpwquality-common. 1879s Preparing to unpack .../20-libpwquality-common_1.4.5-3_all.deb ... 1879s Unpacking libpwquality-common (1.4.5-3) ... 1879s Selecting previously unselected package libpwquality1:amd64. 1879s Preparing to unpack .../21-libpwquality1_1.4.5-3_amd64.deb ... 1879s Unpacking libpwquality1:amd64 (1.4.5-3) ... 1879s Selecting previously unselected package libpam-pwquality:amd64. 1879s Preparing to unpack .../22-libpam-pwquality_1.4.5-3_amd64.deb ... 1879s Unpacking libpam-pwquality:amd64 (1.4.5-3) ... 1879s Selecting previously unselected package libwbclient0:amd64. 1879s Preparing to unpack .../23-libwbclient0_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1879s Unpacking libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1879s Selecting previously unselected package samba-libs:amd64. 1879s Preparing to unpack .../24-samba-libs_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1879s Unpacking samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1879s Selecting previously unselected package libsmbclient0:amd64. 1879s Preparing to unpack .../25-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu8_amd64.deb ... 1879s Unpacking libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1879s Selecting previously unselected package softhsm2-common. 1879s Preparing to unpack .../26-softhsm2-common_2.6.1-2.2ubuntu3_amd64.deb ... 1879s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 1879s Selecting previously unselected package libsofthsm2. 1879s Preparing to unpack .../27-libsofthsm2_2.6.1-2.2ubuntu3_amd64.deb ... 1879s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 1879s Selecting previously unselected package softhsm2. 1879s Preparing to unpack .../28-softhsm2_2.6.1-2.2ubuntu3_amd64.deb ... 1879s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 1879s Selecting previously unselected package python3-sss. 1879s Preparing to unpack .../29-python3-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1879s Unpacking python3-sss (2.9.4-1.1ubuntu5) ... 1879s Selecting previously unselected package libsss-idmap0. 1879s Preparing to unpack .../30-libsss-idmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1879s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu5) ... 1879s Selecting previously unselected package libnss-sss:amd64. 1879s Preparing to unpack .../31-libnss-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1879s Unpacking libnss-sss:amd64 (2.9.4-1.1ubuntu5) ... 1879s Selecting previously unselected package libpam-sss:amd64. 1879s Preparing to unpack .../32-libpam-sss_2.9.4-1.1ubuntu5_amd64.deb ... 1879s Unpacking libpam-sss:amd64 (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package libc-ares2:amd64. 1880s Preparing to unpack .../33-libc-ares2_1.27.0-1_amd64.deb ... 1880s Unpacking libc-ares2:amd64 (1.27.0-1) ... 1880s Selecting previously unselected package libsss-certmap0. 1880s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package libsss-nss-idmap0. 1880s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-common. 1880s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-common (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-ad-common. 1880s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-ad-common (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-krb5-common. 1880s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-ad. 1880s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-ad (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-ipa. 1880s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-ipa (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-krb5. 1880s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-krb5 (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-ldap. 1880s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-ldap (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd-proxy. 1880s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd-proxy (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package sssd. 1880s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu5_amd64.deb ... 1880s Unpacking sssd (2.9.4-1.1ubuntu5) ... 1880s Selecting previously unselected package autopkgtest-satdep. 1880s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 1880s Unpacking autopkgtest-satdep (0) ... 1880s Setting up libpwquality-common (1.4.5-3) ... 1880s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 1880s 1880s Creating config file /etc/softhsm/softhsm2.conf with new version 1880s Setting up libnfsidmap1:amd64 (1:2.6.4-3ubuntu4) ... 1880s Setting up libsss-idmap0 (2.9.4-1.1ubuntu5) ... 1880s Setting up libbasicobjects0t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu5) ... 1880s Setting up libref-array1t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libtdb1:amd64 (1.4.10-1) ... 1880s Setting up libcollection4t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libevent-2.1-7t64:amd64 (2.1.12-stable-9ubuntu2) ... 1880s Setting up libc-ares2:amd64 (1.27.0-1) ... 1880s Setting up libwbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1880s Setting up libtalloc2:amd64 (2.4.2-1build2) ... 1880s Setting up libpath-utils1t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libunbound8:amd64 (1.19.2-1ubuntu3) ... 1880s Setting up libgnutls-dane0t64:amd64 (3.8.3-1.1ubuntu3) ... 1880s Setting up libavahi-common-data:amd64 (0.8-13ubuntu5) ... 1880s Setting up libdhash1t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libcrack2:amd64 (2.9.6-5.1build2) ... 1880s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu5) ... 1880s Setting up libini-config5t64:amd64 (0.6.2-2.1build1) ... 1880s Setting up libtevent0t64:amd64 (0.16.1-2build1) ... 1880s Setting up libnss-sss:amd64 (2.9.4-1.1ubuntu5) ... 1880s Setting up gnutls-bin (3.8.3-1.1ubuntu3) ... 1880s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 1880s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 1880s Setting up libavahi-common3:amd64 (0.8-13ubuntu5) ... 1880s Setting up libsss-certmap0 (2.9.4-1.1ubuntu5) ... 1880s Setting up libpwquality1:amd64 (1.4.5-3) ... 1880s Setting up libldb2:amd64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu8) ... 1880s Setting up libavahi-client3:amd64 (0.8-13ubuntu5) ... 1880s Setting up libpam-pwquality:amd64 (1.4.5-3) ... 1880s Setting up samba-libs:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1880s Setting up python3-sss (2.9.4-1.1ubuntu5) ... 1881s Setting up libsmbclient0:amd64 (2:4.19.5+dfsg-4ubuntu8) ... 1881s Setting up libpam-sss:amd64 (2.9.4-1.1ubuntu5) ... 1881s Setting up sssd-common (2.9.4-1.1ubuntu5) ... 1881s Creating SSSD system user & group... 1881s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 1881s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 1881s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 1881s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 1881s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 1881s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 1882s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 1882s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 1882s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 1882s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 1883s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 1883s sssd-autofs.service is a disabled or a static unit, not starting it. 1883s sssd-nss.service is a disabled or a static unit, not starting it. 1883s sssd-pam.service is a disabled or a static unit, not starting it. 1883s sssd-ssh.service is a disabled or a static unit, not starting it. 1883s sssd-sudo.service is a disabled or a static unit, not starting it. 1883s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1883s Setting up sssd-proxy (2.9.4-1.1ubuntu5) ... 1883s Setting up sssd-ad-common (2.9.4-1.1ubuntu5) ... 1883s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 1884s sssd-pac.service is a disabled or a static unit, not starting it. 1884s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 1884s Setting up sssd-krb5-common (2.9.4-1.1ubuntu5) ... 1884s Setting up sssd-krb5 (2.9.4-1.1ubuntu5) ... 1884s Setting up sssd-ldap (2.9.4-1.1ubuntu5) ... 1884s Setting up sssd-ad (2.9.4-1.1ubuntu5) ... 1884s Setting up sssd-ipa (2.9.4-1.1ubuntu5) ... 1884s Setting up sssd (2.9.4-1.1ubuntu5) ... 1884s Setting up autopkgtest-satdep (0) ... 1884s Processing triggers for man-db (2.12.0-4build1) ... 1885s Processing triggers for libc-bin (2.39-0ubuntu8) ... 1893s (Reading database ... 74340 files and directories currently installed.) 1893s Removing autopkgtest-satdep (0) ... 1940s autopkgtest [00:03:36]: test sssd-softhism2-certificates-tests.sh: [----------------------- 1940s + '[' -z ubuntu ']' 1940s + required_tools=(p11tool openssl softhsm2-util) 1940s + for cmd in "${required_tools[@]}" 1940s + command -v p11tool 1940s + for cmd in "${required_tools[@]}" 1940s + command -v openssl 1940s + for cmd in "${required_tools[@]}" 1940s + command -v softhsm2-util 1940s + PIN=053350 1940s +++ find /usr/lib/softhsm/libsofthsm2.so 1940s +++ head -n 1 1940s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1940s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1940s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1940s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1940s + '[' '!' -v NO_SSSD_TESTS ']' 1940s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 1940s + ca_db_arg=ca_db 1940s ++ /usr/libexec/sssd/p11_child --help 1940s + p11_child_help='Usage: p11_child [OPTION...] 1940s -d, --debug-level=INT Debug level 1940s --debug-timestamps=INT Add debug timestamps 1940s --debug-microseconds=INT Show timestamps with microseconds 1940s --dumpable=INT Allow core dumps 1940s --debug-fd=INT An open file descriptor for the debug 1940s logs 1940s --logger=stderr|files|journald Set logger 1940s --auth Run in auth mode 1940s --pre Run in pre-auth mode 1940s --wait_for_card Wait until card is available 1940s --verification Run in verification mode 1940s --pin Expect PIN on stdin 1940s --keypad Expect PIN on keypad 1940s --verify=STRING Tune validation 1940s --ca_db=STRING CA DB to use 1940s --module_name=STRING Module name for authentication 1940s --token_name=STRING Token name for authentication 1940s --key_id=STRING Key ID for authentication 1940s --label=STRING Label for authentication 1940s --certificate=STRING certificate to verify, base64 encoded 1940s --uri=STRING PKCS#11 URI to restrict selection 1940s --chain-id=LONG Tevent chain ID used for logging 1940s purposes 1940s 1940s Help options: 1940s -?, --help Show this help message 1940s --usage Display brief usage message' 1940s + echo 'Usage: p11_child [OPTION...] 1940s -d, --debug-level=INT Debug level 1940s --debug-timestamps=INT Add debug timestamps 1940s --debug-microseconds=INT Show timestamps with microseconds 1940s --dumpable=INT Allow core dumps 1940s --debug-fd=INT An open file descriptor for the debug 1940s logs 1940s --logger=stderr|files|journald Set logger 1940s --auth Run in auth mode 1940s --pre Run in pre-auth mode 1940s --wait_for_card Wait until card is available 1940s --verification Run in verification mode 1940s --pin Expect PIN on stdin 1940s --keypad Expect PIN on keypad 1940s --verify=STRING Tune validation 1940s --ca_db=STRING CA DB to use 1940s --module_name=STRING Module name for authentication 1940s --token_name=STRING Token name for authentication 1940s --key_id=STRING Key ID for authentication 1940s --label=STRING Label for authentication 1940s --certificate=STRING certificate to verify, base64 encoded 1940s --uri=STRING PKCS#11 URI to restrict selection 1940s --chain-id=LONG Tevent chain ID used for logging 1940s purposes 1940s 1940s Help options: 1940s -?, --help Show this help message 1940s --usage Display brief usage message' 1940s + grep nssdb -qs 1940s + echo 'Usage: p11_child [OPTION...] 1940s -d, --debug-level=INT Debug level 1940s --debug-timestamps=INT Add debug timestamps 1940s --debug-microseconds=INT Show timestamps with microseconds 1940s --dumpable=INT Allow core dumps 1940s --debug-fd=INT An open file descriptor for the debug 1940s logs 1940s --logger=stderr|files|journald Set logger 1940s --auth Run in auth mode 1940s --pre Run in pre-auth mode 1940s --wait_for_card Wait until card is available 1940s --verification Run in verification mode 1940s --pin Expect PIN on stdin 1940s --keypad Expect PIN on keypad 1940s --verify=STRING Tune validation 1940s --ca_db=STRING CA DB to use 1940s --module_name=STRING Module name for authentication 1940s --token_name=STRING Token name for authentication 1940s --key_id=STRING Key ID for authentication 1940s --label=STRING Label for authentication 1940s --certificate=STRING certificate to verify, base64 encoded 1940s --uri=STRING PKCS#11 URI to restrict selection 1940s --chain-id=LONG Tevent chain ID used for logging 1940s purposes 1940s 1940s Help options: 1940s -?, --help Show this help message 1940s --usage Display brief usage message' 1940s + grep -qs -- --ca_db 1940s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 1940s ++ mktemp -d -t sssd-softhsm2-XXXXXX 1940s + tmpdir=/tmp/sssd-softhsm2-U3LurW 1940s + keys_size=1024 1940s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1940s + trap 'rm -rf "$tmpdir"' EXIT 1940s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1940s + echo -n 01 1940s + touch /tmp/sssd-softhsm2-U3LurW/index.txt 1940s + mkdir -p /tmp/sssd-softhsm2-U3LurW/new_certs 1940s + cat 1940s + root_ca_key_pass=pass:random-root-CA-password-12619 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-root-CA-key.pem -passout pass:random-root-CA-password-12619 1024 1940s + openssl req -passin pass:random-root-CA-password-12619 -batch -config /tmp/sssd-softhsm2-U3LurW/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-U3LurW/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1940s + cat 1940s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-20633 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-20633 1024 1940s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-20633 -config /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.config -key /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-12619 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-certificate-request.pem 1940s + openssl req -text -noout -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-certificate-request.pem 1940s Certificate Request: 1940s Data: 1940s Version: 1 (0x0) 1940s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1940s Subject Public Key Info: 1940s Public Key Algorithm: rsaEncryption 1940s Public-Key: (1024 bit) 1940s Modulus: 1940s 00:af:b9:75:7a:79:b5:43:71:46:86:27:ff:11:0b: 1940s 98:7b:95:97:10:26:43:bf:f2:a7:78:d3:58:fc:b5: 1940s 34:8f:0e:9d:54:90:5a:cd:63:75:83:29:1d:ee:a2: 1940s 69:a6:33:66:95:23:94:59:38:67:6f:af:c3:8b:07: 1940s 9b:5a:e5:53:54:52:14:d2:b0:4c:46:d4:0b:e9:d3: 1940s a5:b8:f7:f1:79:84:ca:eb:2d:83:95:d7:fe:8e:0c: 1940s 58:48:26:02:f0:c0:f2:61:c7:bd:ff:94:e7:13:a6: 1940s 8f:9d:e1:f7:55:9f:69:2d:80:f2:af:5c:b7:77:c0: 1940s f6:11:63:54:4e:f4:06:54:d3 1940s Exponent: 65537 (0x10001) 1940s Attributes: 1940s (none) 1940s Requested Extensions: 1940s Signature Algorithm: sha256WithRSAEncryption 1940s Signature Value: 1940s 59:4c:fe:0f:45:92:45:31:e2:4f:25:70:6b:db:07:14:6a:5d: 1940s 2f:72:75:8a:0f:4c:81:fe:24:06:b3:45:b3:6a:13:4d:ee:4f: 1940s d2:b1:b5:e4:66:b0:e1:36:a4:34:82:a2:0d:25:0a:7b:b5:7c: 1940s 02:04:e1:40:25:c9:63:26:db:e8:1b:4d:4d:41:8b:46:06:46: 1940s 42:ff:1e:2d:63:d7:46:f3:ec:07:4f:4e:76:ff:ed:30:93:5a: 1940s b6:b7:d3:cf:85:fd:02:da:60:09:c3:e1:68:ae:da:3b:fd:88: 1940s ad:4c:39:2e:80:3e:d5:69:ae:bd:30:fa:8e:df:79:3c:9f:ea: 1940s e2:c2 1940s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-U3LurW/test-root-CA.config -passin pass:random-root-CA-password-12619 -keyfile /tmp/sssd-softhsm2-U3LurW/test-root-CA-key.pem -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1940s Using configuration from /tmp/sssd-softhsm2-U3LurW/test-root-CA.config 1940s Check that the request matches the signature 1940s Signature ok 1940s Certificate Details: 1940s Serial Number: 1 (0x1) 1940s Validity 1940s Not Before: Apr 10 00:03:36 2024 GMT 1940s Not After : Apr 10 00:03:36 2025 GMT 1940s Subject: 1940s organizationName = Test Organization 1940s organizationalUnitName = Test Organization Unit 1940s commonName = Test Organization Intermediate CA 1940s X509v3 extensions: 1940s X509v3 Subject Key Identifier: 1940s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1940s X509v3 Authority Key Identifier: 1940s keyid:D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1940s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1940s serial:00 1940s X509v3 Basic Constraints: 1940s CA:TRUE 1940s X509v3 Key Usage: critical 1940s Digital Signature, Certificate Sign, CRL Sign 1940s Certificate is to be certified until Apr 10 00:03:36 2025 GMT (365 days) 1940s 1940s Write out database with 1 new entries 1940s Database updated 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1940s /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem: OK 1940s + cat 1940s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-25310 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-25310 1024 1940s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-25310 -config /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-20633 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-certificate-request.pem 1940s + openssl req -text -noout -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-certificate-request.pem 1940s Certificate Request: 1940s Data: 1940s Version: 1 (0x0) 1940s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1940s Subject Public Key Info: 1940s Public Key Algorithm: rsaEncryption 1940s Public-Key: (1024 bit) 1940s Modulus: 1940s 00:bd:bd:b6:28:07:e5:57:ad:01:92:49:55:c8:96: 1940s 75:97:c2:4d:a8:5a:44:7e:ed:b0:2c:cd:1f:72:d5: 1940s 12:a5:22:0c:b4:9e:83:cf:b8:1e:90:1b:20:5c:b9: 1940s ac:bb:34:17:b8:d5:00:cd:9c:a1:17:53:e9:1f:d1: 1940s d3:c4:a2:35:43:2c:b7:2c:e7:fc:c2:62:67:d9:f6: 1940s 7d:d5:db:6f:92:79:a9:47:cb:09:cb:e2:75:ae:94: 1940s 5e:bf:fb:87:32:83:48:69:d9:7b:63:3f:9d:9f:31: 1940s ce:16:3a:38:a6:8e:e5:87:c1:02:4d:cf:66:09:1f: 1940s ee:68:bf:17:3b:85:30:23:ff 1940s Exponent: 65537 (0x10001) 1940s Attributes: 1940s (none) 1940s Requested Extensions: 1940s Signature Algorithm: sha256WithRSAEncryption 1940s Signature Value: 1940s 5a:53:ad:c5:78:c7:8b:61:eb:d9:61:28:04:b4:43:73:a0:75: 1940s cc:1a:65:84:e1:f8:b9:3d:58:44:61:59:d2:f5:99:b2:f0:ba: 1940s f0:19:26:27:8f:f7:9e:22:26:1a:20:31:d9:35:87:86:2c:fb: 1940s 0d:df:4a:c2:99:ca:08:d9:02:48:48:44:29:19:1a:e0:07:85: 1940s 6b:43:73:7d:a2:61:d2:c2:55:38:50:b0:e3:2b:3e:1e:89:7e: 1940s c7:48:ab:c4:6e:5d:db:06:bd:b6:68:7b:ad:66:f1:db:9f:89: 1940s f8:19:be:ec:f3:6d:04:c6:26:76:93:0c:9e:91:ec:8a:f2:fd: 1940s e6:9e 1940s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-20633 -keyfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1940s Using configuration from /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.config 1940s Check that the request matches the signature 1940s Signature ok 1940s Certificate Details: 1940s Serial Number: 2 (0x2) 1940s Validity 1940s Not Before: Apr 10 00:03:36 2024 GMT 1940s Not After : Apr 10 00:03:36 2025 GMT 1940s Subject: 1940s organizationName = Test Organization 1940s organizationalUnitName = Test Organization Unit 1940s commonName = Test Organization Sub Intermediate CA 1940s X509v3 extensions: 1940s X509v3 Subject Key Identifier: 1940s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1940s X509v3 Authority Key Identifier: 1940s keyid:70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1940s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1940s serial:01 1940s X509v3 Basic Constraints: 1940s CA:TRUE 1940s X509v3 Key Usage: critical 1940s Digital Signature, Certificate Sign, CRL Sign 1940s Certificate is to be certified until Apr 10 00:03:36 2025 GMT (365 days) 1940s 1940s Write out database with 1 new entries 1940s Database updated 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1940s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1940s /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem: OK 1940s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1940s + local cmd=openssl 1940s + shift 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1940s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1940s error 20 at 0 depth lookup: unable to get local issuer certificate 1940s error /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem: verification failed 1940s + cat 1940s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-30205 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-30205 1024 1940s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-30205 -key /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-request.pem 1940s + openssl req -text -noout -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-request.pem 1940s Certificate Request: 1940s Data: 1940s Version: 1 (0x0) 1940s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1940s Subject Public Key Info: 1940s Public Key Algorithm: rsaEncryption 1940s Public-Key: (1024 bit) 1940s Modulus: 1940s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1940s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1940s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1940s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1940s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1940s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1940s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1940s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1940s 72:02:17:a5:5f:bd:81:ab:b5 1940s Exponent: 65537 (0x10001) 1940s Attributes: 1940s Requested Extensions: 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Root CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Signature Algorithm: sha256WithRSAEncryption 1940s Signature Value: 1940s 6d:38:02:28:5b:03:b8:53:97:1f:0d:05:81:df:e1:99:0e:56: 1940s e2:ba:98:03:01:a2:53:15:ef:b1:b3:f8:47:18:09:86:04:c1: 1940s e2:99:9f:b3:d3:9e:5f:bf:95:06:a3:53:1b:a3:ef:f8:7b:d8: 1940s c2:2a:e6:3b:43:18:4f:fe:52:de:c5:7a:9b:d0:c1:1e:df:28: 1940s b0:2e:27:aa:4a:3e:4a:63:af:9a:fe:19:e5:0d:7d:82:64:73: 1940s 88:b2:2a:2f:30:b3:13:0b:cc:b4:40:62:37:1c:15:75:e9:ad: 1940s be:9a:de:ad:40:7e:dc:b7:6c:ad:b0:5e:fb:a1:f5:e6:3a:b2: 1940s 6b:0b 1940s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-U3LurW/test-root-CA.config -passin pass:random-root-CA-password-12619 -keyfile /tmp/sssd-softhsm2-U3LurW/test-root-CA-key.pem -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1940s Using configuration from /tmp/sssd-softhsm2-U3LurW/test-root-CA.config 1940s Check that the request matches the signature 1940s Signature ok 1940s Certificate Details: 1940s Serial Number: 3 (0x3) 1940s Validity 1940s Not Before: Apr 10 00:03:36 2024 GMT 1940s Not After : Apr 10 00:03:36 2025 GMT 1940s Subject: 1940s organizationName = Test Organization 1940s organizationalUnitName = Test Organization Unit 1940s commonName = Test Organization Root Trusted Certificate 0001 1940s X509v3 extensions: 1940s X509v3 Authority Key Identifier: 1940s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Root CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Certificate is to be certified until Apr 10 00:03:36 2025 GMT (365 days) 1940s 1940s Write out database with 1 new entries 1940s Database updated 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1940s /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem: OK 1940s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1940s + local cmd=openssl 1940s + shift 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1940s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1940s error 20 at 0 depth lookup: unable to get local issuer certificate 1940s error /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem: verification failed 1940s + cat 1940s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-17506 1024 1940s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-17506 -key /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-request.pem 1940s + openssl req -text -noout -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-request.pem 1940s Certificate Request: 1940s Data: 1940s Version: 1 (0x0) 1940s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1940s Subject Public Key Info: 1940s Public Key Algorithm: rsaEncryption 1940s Public-Key: (1024 bit) 1940s Modulus: 1940s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1940s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1940s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1940s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1940s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1940s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1940s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1940s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1940s 6b:9a:0c:d8:85:b9:c4:83:8d 1940s Exponent: 65537 (0x10001) 1940s Attributes: 1940s Requested Extensions: 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Intermediate CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Signature Algorithm: sha256WithRSAEncryption 1940s Signature Value: 1940s a0:64:a2:5e:5e:23:7a:42:26:8a:67:ff:a8:8b:dd:aa:e5:59: 1940s ea:4d:e4:ea:70:e0:01:44:d9:87:b1:c8:4c:e8:3c:78:34:a0: 1940s c9:46:bf:2e:b7:23:1c:bf:81:7b:af:4f:4d:d1:df:91:c3:ff: 1940s 89:b7:81:f8:61:f8:e0:9d:74:08:82:06:5c:b1:35:54:c4:ff: 1940s 3c:58:2c:7e:90:93:87:ba:78:4f:ab:b3:b3:2e:9a:7c:b3:aa: 1940s e3:bf:45:a1:2c:ac:67:b6:8f:f9:75:78:0c:c0:e6:7f:c3:94: 1940s 1f:db:68:6f:96:39:15:ce:b8:83:9a:df:71:2b:21:eb:72:31: 1940s ef:1c 1940s + openssl ca -passin pass:random-intermediate-CA-password-20633 -config /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1940s Using configuration from /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.config 1940s Check that the request matches the signature 1940s Signature ok 1940s Certificate Details: 1940s Serial Number: 4 (0x4) 1940s Validity 1940s Not Before: Apr 10 00:03:36 2024 GMT 1940s Not After : Apr 10 00:03:36 2025 GMT 1940s Subject: 1940s organizationName = Test Organization 1940s organizationalUnitName = Test Organization Unit 1940s commonName = Test Organization Intermediate Trusted Certificate 0001 1940s X509v3 extensions: 1940s X509v3 Authority Key Identifier: 1940s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Intermediate CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Certificate is to be certified until Apr 10 00:03:36 2025 GMT (365 days) 1940s 1940s Write out database with 1 new entries 1940s Database updated 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1940s + echo 'This certificate should not be trusted fully' 1940s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1940s + local cmd=openssl 1940s + shift 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1940s This certificate should not be trusted fully 1940s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1940s error 2 at 1 depth lookup: unable to get issuer certificate 1940s error /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1940s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1940s /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem: OK 1940s + cat 1940s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1940s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1024 1940s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-4964 -key /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1940s + openssl req -text -noout -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1940s Certificate Request: 1940s Data: 1940s Version: 1 (0x0) 1940s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1940s Subject Public Key Info: 1940s Public Key Algorithm: rsaEncryption 1940s Public-Key: (1024 bit) 1940s Modulus: 1940s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1940s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1940s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1940s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1940s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1940s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1940s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1940s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1940s 13:7a:96:9d:dc:98:9b:84:55 1940s Exponent: 65537 (0x10001) 1940s Attributes: 1940s Requested Extensions: 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Sub Intermediate CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Signature Algorithm: sha256WithRSAEncryption 1940s Signature Value: 1940s a8:bb:b2:df:0b:b8:fa:c0:11:93:b5:3e:53:67:be:7c:e9:d0: 1940s 9c:ea:6d:f8:14:45:63:ef:39:86:fb:e3:f1:c2:d3:25:b0:fc: 1940s 9a:91:61:51:40:7d:43:fb:e5:59:7e:19:7f:db:fe:6d:71:82: 1940s 80:a4:3d:b5:c5:d1:e9:26:69:21:0e:c9:b0:ba:52:cb:d7:8c: 1940s 7f:5e:0b:d7:b8:be:01:ac:0f:84:19:e3:7f:98:6e:23:92:20: 1940s ad:81:42:e7:f0:f3:59:1f:d5:7d:ca:9e:0b:54:14:6c:f4:d2: 1940s 7f:c7:5d:ce:92:cc:41:19:c3:d2:dc:ad:ef:92:13:0b:f8:0b: 1940s 30:c4 1940s + openssl ca -passin pass:random-sub-intermediate-CA-password-25310 -config /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1940s Using configuration from /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.config 1940s Check that the request matches the signature 1940s Signature ok 1940s Certificate Details: 1940s Serial Number: 5 (0x5) 1940s Validity 1940s Not Before: Apr 10 00:03:36 2024 GMT 1940s Not After : Apr 10 00:03:36 2025 GMT 1940s Subject: 1940s organizationName = Test Organization 1940s organizationalUnitName = Test Organization Unit 1940s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1940s X509v3 extensions: 1940s X509v3 Authority Key Identifier: 1940s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1940s X509v3 Basic Constraints: 1940s CA:FALSE 1940s Netscape Cert Type: 1940s SSL Client, S/MIME 1940s Netscape Comment: 1940s Test Organization Sub Intermediate CA trusted Certificate 1940s X509v3 Subject Key Identifier: 1940s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1940s X509v3 Key Usage: critical 1940s Digital Signature, Non Repudiation, Key Encipherment 1940s X509v3 Extended Key Usage: 1940s TLS Web Client Authentication, E-mail Protection 1940s X509v3 Subject Alternative Name: 1940s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1940s Certificate is to be certified until Apr 10 00:03:36 2025 GMT (365 days) 1940s 1940s Write out database with 1 new entries 1940s Database updated 1940s + openssl x509 -noout -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1940s This certificate should not be trusted fully 1940s + echo 'This certificate should not be trusted fully' 1940s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1940s + local cmd=openssl 1940s + shift 1940s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1941s error 2 at 1 depth lookup: unable to get issuer certificate 1941s error /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1941s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s + local cmd=openssl 1941s + shift 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1941s error 20 at 0 depth lookup: unable to get local issuer certificate 1941s error /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1941s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1941s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s + local cmd=openssl 1941s + shift 1941s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1941s error 20 at 0 depth lookup: unable to get local issuer certificate 1941s error /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1941s + echo 'Building a the full-chain CA file...' 1941s + cat /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1941s Building a the full-chain CA file... 1941s + cat /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1941s + cat /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1941s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1941s + openssl pkcs7 -print_certs -noout 1941s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s 1941s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1941s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s 1941s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1941s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1941s 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem: OK 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem: OK 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem: OK 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem /tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem: OK 1941s + openssl verify -CAfile /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1941s /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1941s Certificates generation completed! 1941s + echo 'Certificates generation completed!' 1941s + [[ -v NO_SSSD_TESTS ]] 1941s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /dev/null 1941s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /dev/null 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_ring=/dev/null 1941s + local verify_option= 1941s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_cn 1941s + local key_name 1941s + local tokens_dir 1941s + local output_cert_file 1941s + token_name= 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1941s + key_name=test-root-CA-trusted-certificate-0001 1941s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s ++ sed -n 's/ *commonName *= //p' 1941s + key_cn='Test Organization Root Trusted Certificate 0001' 1941s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1941s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1941s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + token_name='Test Organization Root Tr Token' 1941s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1941s + local key_file 1941s + local decrypted_key 1941s + mkdir -p /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + key_file=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key.pem 1941s + decrypted_key=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1941s + cat 1941s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 1941s Slot 0 has a free/uninitialized token. 1941s The token has been initialized and is reassigned to slot 1100491178 1941s + softhsm2-util --show-slots 1941s Available slots: 1941s Slot 1100491178 1941s Slot info: 1941s Description: SoftHSM slot ID 0x419829aa 1941s Manufacturer ID: SoftHSM project 1941s Hardware version: 2.6 1941s Firmware version: 2.6 1941s Token present: yes 1941s Token info: 1941s Manufacturer ID: SoftHSM project 1941s Model: SoftHSM v2 1941s Hardware version: 2.6 1941s Firmware version: 2.6 1941s Serial number: 8fc58ddac19829aa 1941s Initialized: yes 1941s User PIN init.: yes 1941s Label: Test Organization Root Tr Token 1941s Slot 1 1941s Slot info: 1941s Description: SoftHSM slot ID 0x1 1941s Manufacturer ID: SoftHSM project 1941s Hardware version: 2.6 1941s Firmware version: 2.6 1941s Token present: yes 1941s Token info: 1941s Manufacturer ID: SoftHSM project 1941s Model: SoftHSM v2 1941s Hardware version: 2.6 1941s Firmware version: 2.6 1941s Serial number: 1941s Initialized: no 1941s User PIN init.: no 1941s Label: 1941s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1941s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-30205 -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1941s writing RSA key 1941s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1941s + rm /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1941s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1941s Object 0: 1941s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1941s Type: X.509 Certificate (RSA-1024) 1941s Expires: Thu Apr 10 00:03:36 2025 1941s Label: Test Organization Root Trusted Certificate 0001 1941s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1941s 1941s Test Organization Root Tr Token 1941s + echo 'Test Organization Root Tr Token' 1941s + '[' -n '' ']' 1941s + local output_base_name=SSSD-child-14503 1941s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-14503.output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-14503.pem 1941s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1941s [p11_child[2214]] [main] (0x0400): p11_child started. 1941s [p11_child[2214]] [main] (0x2000): Running in [pre-auth] mode. 1941s [p11_child[2214]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2214]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2214]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1941s [p11_child[2214]] [do_work] (0x0040): init_verification failed. 1941s [p11_child[2214]] [main] (0x0020): p11_child failed (5) 1941s + return 2 1941s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /dev/null no_verification 1941s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /dev/null no_verification 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_ring=/dev/null 1941s + local verify_option=no_verification 1941s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_cn 1941s + local key_name 1941s + local tokens_dir 1941s + local output_cert_file 1941s + token_name= 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1941s + key_name=test-root-CA-trusted-certificate-0001 1941s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s ++ sed -n 's/ *commonName *= //p' 1941s + key_cn='Test Organization Root Trusted Certificate 0001' 1941s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1941s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1941s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + token_name='Test Organization Root Tr Token' 1941s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1941s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1941s + echo 'Test Organization Root Tr Token' 1941s + '[' -n no_verification ']' 1941s + local verify_arg=--verify=no_verification 1941s + local output_base_name=SSSD-child-20827 1941s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.pem 1941s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1941s Test Organization Root Tr Token 1941s [p11_child[2220]] [main] (0x0400): p11_child started. 1941s [p11_child[2220]] [main] (0x2000): Running in [pre-auth] mode. 1941s [p11_child[2220]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2220]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2220]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1941s [p11_child[2220]] [do_card] (0x4000): Module List: 1941s [p11_child[2220]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2220]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2220]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2220]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2220]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2220]] [do_card] (0x4000): Login NOT required. 1941s [p11_child[2220]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2220]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2220]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2220]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s + local found_md5 expected_md5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + expected_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.output 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.output .output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.pem 1941s + echo -n 053350 1941s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1941s [p11_child[2228]] [main] (0x0400): p11_child started. 1941s [p11_child[2228]] [main] (0x2000): Running in [auth] mode. 1941s [p11_child[2228]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2228]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2228]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1941s [p11_child[2228]] [do_card] (0x4000): Module List: 1941s [p11_child[2228]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2228]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2228]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2228]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2228]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2228]] [do_card] (0x4000): Login required. 1941s [p11_child[2228]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2228]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2228]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1941s [p11_child[2228]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1941s [p11_child[2228]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1941s [p11_child[2228]] [do_card] (0x4000): Certificate verified and validated. 1941s [p11_child[2228]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-20827-auth.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s + local verify_option= 1941s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_cn 1941s + local key_name 1941s + local tokens_dir 1941s + local output_cert_file 1941s + token_name= 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1941s + key_name=test-root-CA-trusted-certificate-0001 1941s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s ++ sed -n 's/ *commonName *= //p' 1941s + key_cn='Test Organization Root Trusted Certificate 0001' 1941s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1941s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1941s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + token_name='Test Organization Root Tr Token' 1941s Test Organization Root Tr Token 1941s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1941s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1941s + echo 'Test Organization Root Tr Token' 1941s + '[' -n '' ']' 1941s + local output_base_name=SSSD-child-30552 1941s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.pem 1941s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s [p11_child[2238]] [main] (0x0400): p11_child started. 1941s [p11_child[2238]] [main] (0x2000): Running in [pre-auth] mode. 1941s [p11_child[2238]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2238]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2238]] [do_card] (0x4000): Module List: 1941s [p11_child[2238]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2238]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2238]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2238]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2238]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2238]] [do_card] (0x4000): Login NOT required. 1941s [p11_child[2238]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2238]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2238]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2238]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2238]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s + local found_md5 expected_md5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + expected_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.output 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.output .output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.pem 1941s + echo -n 053350 1941s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1941s [p11_child[2246]] [main] (0x0400): p11_child started. 1941s [p11_child[2246]] [main] (0x2000): Running in [auth] mode. 1941s [p11_child[2246]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2246]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2246]] [do_card] (0x4000): Module List: 1941s [p11_child[2246]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2246]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2246]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2246]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2246]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2246]] [do_card] (0x4000): Login required. 1941s [p11_child[2246]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2246]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2246]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2246]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1941s [p11_child[2246]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1941s [p11_child[2246]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1941s [p11_child[2246]] [do_card] (0x4000): Certificate verified and validated. 1941s [p11_child[2246]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-30552-auth.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1941s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s + local verify_option=partial_chain 1941s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_cn 1941s + local key_name 1941s + local tokens_dir 1941s + local output_cert_file 1941s + token_name= 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1941s + key_name=test-root-CA-trusted-certificate-0001 1941s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s ++ sed -n 's/ *commonName *= //p' 1941s + key_cn='Test Organization Root Trusted Certificate 0001' 1941s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1941s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1941s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + token_name='Test Organization Root Tr Token' 1941s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1941s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1941s + echo 'Test Organization Root Tr Token' 1941s + '[' -n partial_chain ']' 1941s + local verify_arg=--verify=partial_chain 1941s + local output_base_name=SSSD-child-11306 1941s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.pem 1941s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1941s Test Organization Root Tr Token 1941s [p11_child[2256]] [main] (0x0400): p11_child started. 1941s [p11_child[2256]] [main] (0x2000): Running in [pre-auth] mode. 1941s [p11_child[2256]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2256]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2256]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1941s [p11_child[2256]] [do_card] (0x4000): Module List: 1941s [p11_child[2256]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2256]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2256]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2256]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2256]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2256]] [do_card] (0x4000): Login NOT required. 1941s [p11_child[2256]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2256]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2256]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2256]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2256]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.pem 1941s + local found_md5 expected_md5 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + expected_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.output 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.output .output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.pem 1941s + echo -n 053350 1941s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1941s [p11_child[2264]] [main] (0x0400): p11_child started. 1941s [p11_child[2264]] [main] (0x2000): Running in [auth] mode. 1941s [p11_child[2264]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2264]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2264]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1941s [p11_child[2264]] [do_card] (0x4000): Module List: 1941s [p11_child[2264]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2264]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2264]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2264]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2264]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2264]] [do_card] (0x4000): Login required. 1941s [p11_child[2264]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2264]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2264]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2264]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1941s [p11_child[2264]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1941s [p11_child[2264]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1941s [p11_child[2264]] [do_card] (0x4000): Certificate verified and validated. 1941s [p11_child[2264]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-11306-auth.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1941s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1941s + local verify_option= 1941s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1941s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1941s + local key_cn 1941s + local key_name 1941s + local tokens_dir 1941s + local output_cert_file 1941s + token_name= 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1941s + key_name=test-root-CA-trusted-certificate-0001 1941s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s ++ sed -n 's/ *commonName *= //p' 1941s + key_cn='Test Organization Root Trusted Certificate 0001' 1941s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1941s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1941s Test Organization Root Tr Token 1941s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1941s + token_name='Test Organization Root Tr Token' 1941s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1941s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1941s + echo 'Test Organization Root Tr Token' 1941s + '[' -n '' ']' 1941s + local output_base_name=SSSD-child-19904 1941s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.pem 1941s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1941s [p11_child[2274]] [main] (0x0400): p11_child started. 1941s [p11_child[2274]] [main] (0x2000): Running in [pre-auth] mode. 1941s [p11_child[2274]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2274]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2274]] [do_card] (0x4000): Module List: 1941s [p11_child[2274]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2274]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2274]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2274]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2274]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2274]] [do_card] (0x4000): Login NOT required. 1941s [p11_child[2274]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2274]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2274]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2274]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2274]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s + local found_md5 expected_md5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1941s + expected_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904.pem 1941s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1941s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1941s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.output 1941s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.output .output 1941s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.pem 1941s + echo -n 053350 1941s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1941s [p11_child[2282]] [main] (0x0400): p11_child started. 1941s [p11_child[2282]] [main] (0x2000): Running in [auth] mode. 1941s [p11_child[2282]] [main] (0x2000): Running with effective IDs: [0][0]. 1941s [p11_child[2282]] [main] (0x2000): Running with real IDs [0][0]. 1941s [p11_child[2282]] [do_card] (0x4000): Module List: 1941s [p11_child[2282]] [do_card] (0x4000): common name: [softhsm2]. 1941s [p11_child[2282]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2282]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1941s [p11_child[2282]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1941s [p11_child[2282]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1941s [p11_child[2282]] [do_card] (0x4000): Login required. 1941s [p11_child[2282]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1941s [p11_child[2282]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1941s [p11_child[2282]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1941s [p11_child[2282]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1941s [p11_child[2282]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1941s [p11_child[2282]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1941s [p11_child[2282]] [do_card] (0x4000): Certificate verified and validated. 1941s [p11_child[2282]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1941s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.output 1941s + echo '-----BEGIN CERTIFICATE-----' 1941s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.output 1941s + echo '-----END CERTIFICATE-----' 1941s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.pem 1941s Certificate: 1941s Data: 1941s Version: 3 (0x2) 1941s Serial Number: 3 (0x3) 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1941s Validity 1941s Not Before: Apr 10 00:03:36 2024 GMT 1941s Not After : Apr 10 00:03:36 2025 GMT 1941s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1941s Subject Public Key Info: 1941s Public Key Algorithm: rsaEncryption 1941s Public-Key: (1024 bit) 1941s Modulus: 1941s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1941s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1941s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1941s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1941s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1941s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1941s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1941s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1941s 72:02:17:a5:5f:bd:81:ab:b5 1941s Exponent: 65537 (0x10001) 1941s X509v3 extensions: 1941s X509v3 Authority Key Identifier: 1941s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1941s X509v3 Basic Constraints: 1941s CA:FALSE 1941s Netscape Cert Type: 1941s SSL Client, S/MIME 1941s Netscape Comment: 1941s Test Organization Root CA trusted Certificate 1941s X509v3 Subject Key Identifier: 1941s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1941s X509v3 Key Usage: critical 1941s Digital Signature, Non Repudiation, Key Encipherment 1941s X509v3 Extended Key Usage: 1941s TLS Web Client Authentication, E-mail Protection 1941s X509v3 Subject Alternative Name: 1941s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1941s Signature Algorithm: sha256WithRSAEncryption 1941s Signature Value: 1941s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1941s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1941s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1941s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1941s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1941s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1941s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1941s 7c:9b 1941s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19904-auth.pem 1942s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1942s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1942s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s + local verify_option=partial_chain 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-root-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Root Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1942s Test Organization Root Tr Token 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1942s + token_name='Test Organization Root Tr Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Root Tr Token' 1942s + '[' -n partial_chain ']' 1942s + local verify_arg=--verify=partial_chain 1942s + local output_base_name=SSSD-child-10657 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s [p11_child[2292]] [main] (0x0400): p11_child started. 1942s [p11_child[2292]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2292]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2292]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2292]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1942s [p11_child[2292]] [do_card] (0x4000): Module List: 1942s [p11_child[2292]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2292]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2292]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2292]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1942s [p11_child[2292]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2292]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2292]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1942s [p11_child[2292]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1942s [p11_child[2292]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2292]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2292]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.pem 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 3 (0x3) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1942s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1942s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1942s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1942s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1942s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1942s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1942s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1942s 72:02:17:a5:5f:bd:81:ab:b5 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Root CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1942s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1942s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1942s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1942s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1942s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1942s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1942s 7c:9b 1942s + local found_md5 expected_md5 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + expected_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657.pem 1942s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1942s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1942s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.output 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.output .output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.pem 1942s + echo -n 053350 1942s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1942s [p11_child[2300]] [main] (0x0400): p11_child started. 1942s [p11_child[2300]] [main] (0x2000): Running in [auth] mode. 1942s [p11_child[2300]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2300]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2300]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1942s [p11_child[2300]] [do_card] (0x4000): Module List: 1942s [p11_child[2300]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2300]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2300]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2300]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1942s [p11_child[2300]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2300]] [do_card] (0x4000): Login required. 1942s [p11_child[2300]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1942s [p11_child[2300]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1942s [p11_child[2300]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2300]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x419829aa;slot-manufacturer=SoftHSM%20project;slot-id=1100491178;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8fc58ddac19829aa;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1942s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1942s [p11_child[2300]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1942s [p11_child[2300]] [do_card] (0x4000): Certificate verified and validated. 1942s [p11_child[2300]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.pem 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 3 (0x3) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:a6:fe:a3:8f:a0:4c:79:3d:a2:97:9b:93:8a:0d: 1942s 85:2e:bb:0f:5f:38:7e:5a:50:50:6b:3b:83:58:34: 1942s 9d:d7:ae:5c:49:54:6e:84:c2:3d:0f:96:ed:d5:a9: 1942s 42:50:59:d2:fa:e7:1c:46:1f:18:19:f8:1f:f2:f1: 1942s dd:8d:dd:6b:25:b3:71:09:49:6b:92:2c:76:93:04: 1942s 63:ba:5f:5d:1d:ea:c8:ef:29:66:8f:05:88:dd:f8: 1942s de:b3:c8:5d:f7:58:0a:fd:a5:97:90:b3:9a:eb:4d: 1942s 53:91:32:d0:17:e5:d0:3b:bd:5a:48:f3:d5:b5:50: 1942s 72:02:17:a5:5f:bd:81:ab:b5 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s D9:B5:B4:8E:F9:7B:D2:C9:5B:39:6D:77:A6:D8:E3:6F:00:65:EC:8D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Root CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s C5:33:36:DC:58:35:99:F1:48:D0:DE:5D:E8:68:05:B2:A8:AC:DE:31 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 49:bb:43:c5:ce:c3:1d:6d:89:28:ed:73:d6:f8:de:f6:8b:42: 1942s 33:c0:c3:68:b5:32:3c:ea:bf:99:12:ea:cf:76:34:46:da:af: 1942s c0:ea:8c:2b:11:42:77:c2:30:cb:d3:04:f0:6a:11:48:95:97: 1942s 23:43:8a:e1:60:a1:41:3b:cd:61:a7:3d:47:21:6e:80:a3:ec: 1942s 93:bf:43:63:bb:d1:da:0c:ed:d4:98:48:34:ab:64:13:00:82: 1942s 80:59:65:1b:b9:91:71:42:fc:7b:53:26:df:58:00:7a:89:00: 1942s 2e:e9:72:ac:81:a0:1d:a5:b4:7c:6e:09:ea:9f:f9:53:ee:e3: 1942s 7c:9b 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-10657-auth.pem 1942s + found_md5=Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 1942s + '[' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 '!=' Modulus=A6FEA38FA04C793DA2979B938A0D852EBB0F5F387E5A50506B3B8358349DD7AE5C49546E84C23D0F96EDD5A9425059D2FAE71C461F1819F81FF2F1DD8DDD6B25B37109496B922C76930463BA5F5D1DEAC8EF29668F0588DDF8DEB3C85DF7580AFDA59790B39AEB4D539132D017E5D03BBD5A48F3D5B550720217A55FBD81ABB5 ']' 1942s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s + local verify_option= 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-root-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Root Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1942s Test Organization Root Tr Token 1942s + token_name='Test Organization Root Tr Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Root Tr Token' 1942s + '[' -n '' ']' 1942s + local output_base_name=SSSD-child-4576 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4576.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4576.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s [p11_child[2310]] [main] (0x0400): p11_child started. 1942s [p11_child[2310]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2310]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2310]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2310]] [do_card] (0x4000): Module List: 1942s [p11_child[2310]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2310]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2310]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2310]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1942s [p11_child[2310]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2310]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2310]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1942s [p11_child[2310]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1942s [p11_child[2310]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1942s [p11_child[2310]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1942s [p11_child[2310]] [do_card] (0x4000): No certificate found. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-4576.output 1942s + return 2 1942s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem partial_chain 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem partial_chain 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s + local verify_option=partial_chain 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-30205 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-root-ca-trusted-cert-0001-30205 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-root-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-root-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Root Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1942s Test Organization Root Tr Token 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 1942s + token_name='Test Organization Root Tr Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-root-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Root Tr Token' 1942s + '[' -n partial_chain ']' 1942s + local verify_arg=--verify=partial_chain 1942s + local output_base_name=SSSD-child-16849 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-16849.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-16849.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1942s [p11_child[2317]] [main] (0x0400): p11_child started. 1942s [p11_child[2317]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2317]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2317]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2317]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1942s [p11_child[2317]] [do_card] (0x4000): Module List: 1942s [p11_child[2317]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2317]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2317]] [do_card] (0x4000): Description [SoftHSM slot ID 0x419829aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2317]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 1942s [p11_child[2317]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x419829aa][1100491178] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2317]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2317]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 1942s [p11_child[2317]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1942s [p11_child[2317]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1942s [p11_child[2317]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 1942s [p11_child[2317]] [do_card] (0x4000): No certificate found. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-16849.output 1942s + return 2 1942s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /dev/null 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /dev/null 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/dev/null 1942s + local verify_option= 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + local key_file 1942s + local decrypted_key 1942s + mkdir -p /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + key_file=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key.pem 1942s + decrypted_key=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1942s + cat 1942s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 1942s + softhsm2-util --show-slots 1942s Slot 0 has a free/uninitialized token. 1942s The token has been initialized and is reassigned to slot 1752753974 1942s Available slots: 1942s Slot 1752753974 1942s Slot info: 1942s Description: SoftHSM slot ID 0x6878e736 1942s Manufacturer ID: SoftHSM project 1942s Hardware version: 2.6 1942s Firmware version: 2.6 1942s Token present: yes 1942s Token info: 1942s Manufacturer ID: SoftHSM project 1942s Model: SoftHSM v2 1942s Hardware version: 2.6 1942s Firmware version: 2.6 1942s Serial number: 9057641a6878e736 1942s Initialized: yes 1942s User PIN init.: yes 1942s Label: Test Organization Interme Token 1942s Slot 1 1942s Slot info: 1942s Description: SoftHSM slot ID 0x1 1942s Manufacturer ID: SoftHSM project 1942s Hardware version: 2.6 1942s Firmware version: 2.6 1942s Token present: yes 1942s Token info: 1942s Manufacturer ID: SoftHSM project 1942s Model: SoftHSM v2 1942s Hardware version: 2.6 1942s Firmware version: 2.6 1942s Serial number: 1942s Initialized: no 1942s User PIN init.: no 1942s Label: 1942s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1942s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-17506 -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1942s writing RSA key 1942s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1942s + rm /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1942s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1942s Object 0: 1942s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1942s Type: X.509 Certificate (RSA-1024) 1942s Expires: Thu Apr 10 00:03:36 2025 1942s Label: Test Organization Intermediate Trusted Certificate 0001 1942s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1942s 1942s Test Organization Interme Token 1942s + echo 'Test Organization Interme Token' 1942s + '[' -n '' ']' 1942s + local output_base_name=SSSD-child-4694 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4694.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4694.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 1942s [p11_child[2333]] [main] (0x0400): p11_child started. 1942s [p11_child[2333]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2333]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2333]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2333]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 1942s [p11_child[2333]] [do_work] (0x0040): init_verification failed. 1942s [p11_child[2333]] [main] (0x0020): p11_child failed (5) 1942s + return 2 1942s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /dev/null no_verification 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /dev/null no_verification 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/dev/null 1942s + local verify_option=no_verification 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s Test Organization Interme Token 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Interme Token' 1942s + '[' -n no_verification ']' 1942s + local verify_arg=--verify=no_verification 1942s + local output_base_name=SSSD-child-8489 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 1942s [p11_child[2339]] [main] (0x0400): p11_child started. 1942s [p11_child[2339]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2339]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2339]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2339]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1942s [p11_child[2339]] [do_card] (0x4000): Module List: 1942s [p11_child[2339]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2339]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2339]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2339]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2339]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2339]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2339]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2339]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2339]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2339]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.pem 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 4 (0x4) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1942s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1942s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1942s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1942s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1942s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1942s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1942s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1942s 6b:9a:0c:d8:85:b9:c4:83:8d 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Intermediate CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1942s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1942s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1942s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1942s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1942s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1942s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1942s 49:32 1942s + local found_md5 expected_md5 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + expected_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489.pem 1942s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1942s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.output 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.output .output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.pem 1942s + echo -n 053350 1942s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1942s [p11_child[2347]] [main] (0x0400): p11_child started. 1942s [p11_child[2347]] [main] (0x2000): Running in [auth] mode. 1942s [p11_child[2347]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2347]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2347]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 1942s [p11_child[2347]] [do_card] (0x4000): Module List: 1942s [p11_child[2347]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2347]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2347]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2347]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2347]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2347]] [do_card] (0x4000): Login required. 1942s [p11_child[2347]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2347]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2347]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1942s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1942s [p11_child[2347]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1942s [p11_child[2347]] [do_card] (0x4000): Certificate verified and validated. 1942s [p11_child[2347]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.pem 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 4 (0x4) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1942s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1942s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1942s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1942s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1942s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1942s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1942s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1942s 6b:9a:0c:d8:85:b9:c4:83:8d 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Intermediate CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1942s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1942s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1942s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1942s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1942s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1942s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1942s 49:32 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-8489-auth.pem 1942s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1942s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s + local verify_option= 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Interme Token' 1942s + '[' -n '' ']' 1942s + local output_base_name=SSSD-child-24766 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-24766.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-24766.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s Test Organization Interme Token 1942s [p11_child[2357]] [main] (0x0400): p11_child started. 1942s [p11_child[2357]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2357]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2357]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2357]] [do_card] (0x4000): Module List: 1942s [p11_child[2357]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2357]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2357]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2357]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2357]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2357]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2357]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2357]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1942s [p11_child[2357]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1942s [p11_child[2357]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1942s [p11_child[2357]] [do_card] (0x4000): No certificate found. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-24766.output 1942s + return 2 1942s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s + local verify_option=partial_chain 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s Test Organization Interme Token 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Interme Token' 1942s + '[' -n partial_chain ']' 1942s + local verify_arg=--verify=partial_chain 1942s + local output_base_name=SSSD-child-20933 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20933.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20933.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1942s [p11_child[2364]] [main] (0x0400): p11_child started. 1942s [p11_child[2364]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2364]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2364]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2364]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1942s [p11_child[2364]] [do_card] (0x4000): Module List: 1942s [p11_child[2364]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2364]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2364]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2364]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2364]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2364]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2364]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2364]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1942s [p11_child[2364]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1942s [p11_child[2364]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1942s [p11_child[2364]] [do_card] (0x4000): No certificate found. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20933.output 1942s + return 2 1942s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s + local verify_option= 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Interme Token' 1942s + '[' -n '' ']' 1942s + local output_base_name=SSSD-child-4583 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s Test Organization Interme Token 1942s [p11_child[2371]] [main] (0x0400): p11_child started. 1942s [p11_child[2371]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2371]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2371]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2371]] [do_card] (0x4000): Module List: 1942s [p11_child[2371]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2371]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2371]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2371]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2371]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2371]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2371]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2371]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1942s [p11_child[2371]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2371]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2371]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.pem 1942s + local found_md5 expected_md5 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 4 (0x4) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1942s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1942s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1942s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1942s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1942s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1942s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1942s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1942s 6b:9a:0c:d8:85:b9:c4:83:8d 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Intermediate CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1942s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1942s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1942s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1942s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1942s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1942s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1942s 49:32 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + expected_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583.pem 1942s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1942s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.output 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.output .output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.pem 1942s + echo -n 053350 1942s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1942s [p11_child[2379]] [main] (0x0400): p11_child started. 1942s [p11_child[2379]] [main] (0x2000): Running in [auth] mode. 1942s [p11_child[2379]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2379]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2379]] [do_card] (0x4000): Module List: 1942s [p11_child[2379]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2379]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2379]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2379]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2379]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2379]] [do_card] (0x4000): Login required. 1942s [p11_child[2379]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2379]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1942s [p11_child[2379]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2379]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1942s [p11_child[2379]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1942s [p11_child[2379]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1942s [p11_child[2379]] [do_card] (0x4000): Certificate verified and validated. 1942s [p11_child[2379]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1942s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.output 1942s + echo '-----BEGIN CERTIFICATE-----' 1942s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.output 1942s + echo '-----END CERTIFICATE-----' 1942s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.pem 1942s Certificate: 1942s Data: 1942s Version: 3 (0x2) 1942s Serial Number: 4 (0x4) 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1942s Validity 1942s Not Before: Apr 10 00:03:36 2024 GMT 1942s Not After : Apr 10 00:03:36 2025 GMT 1942s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1942s Subject Public Key Info: 1942s Public Key Algorithm: rsaEncryption 1942s Public-Key: (1024 bit) 1942s Modulus: 1942s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1942s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1942s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1942s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1942s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1942s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1942s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1942s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1942s 6b:9a:0c:d8:85:b9:c4:83:8d 1942s Exponent: 65537 (0x10001) 1942s X509v3 extensions: 1942s X509v3 Authority Key Identifier: 1942s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1942s X509v3 Basic Constraints: 1942s CA:FALSE 1942s Netscape Cert Type: 1942s SSL Client, S/MIME 1942s Netscape Comment: 1942s Test Organization Intermediate CA trusted Certificate 1942s X509v3 Subject Key Identifier: 1942s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1942s X509v3 Key Usage: critical 1942s Digital Signature, Non Repudiation, Key Encipherment 1942s X509v3 Extended Key Usage: 1942s TLS Web Client Authentication, E-mail Protection 1942s X509v3 Subject Alternative Name: 1942s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1942s Signature Algorithm: sha256WithRSAEncryption 1942s Signature Value: 1942s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1942s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1942s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1942s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1942s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1942s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1942s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1942s 49:32 1942s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-4583-auth.pem 1942s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1942s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1942s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1942s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s + local verify_option=partial_chain 1942s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1942s + local key_cn 1942s + local key_name 1942s + local tokens_dir 1942s + local output_cert_file 1942s + token_name= 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1942s + key_name=test-intermediate-CA-trusted-certificate-0001 1942s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1942s ++ sed -n 's/ *commonName *= //p' 1942s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1942s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1942s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1942s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1942s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1942s + token_name='Test Organization Interme Token' 1942s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1942s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1942s + echo 'Test Organization Interme Token' 1942s Test Organization Interme Token 1942s + '[' -n partial_chain ']' 1942s + local verify_arg=--verify=partial_chain 1942s + local output_base_name=SSSD-child-19290 1942s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.output 1942s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.pem 1942s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1942s [p11_child[2389]] [main] (0x0400): p11_child started. 1942s [p11_child[2389]] [main] (0x2000): Running in [pre-auth] mode. 1942s [p11_child[2389]] [main] (0x2000): Running with effective IDs: [0][0]. 1942s [p11_child[2389]] [main] (0x2000): Running with real IDs [0][0]. 1942s [p11_child[2389]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1942s [p11_child[2389]] [do_card] (0x4000): Module List: 1942s [p11_child[2389]] [do_card] (0x4000): common name: [softhsm2]. 1942s [p11_child[2389]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2389]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1942s [p11_child[2389]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1942s [p11_child[2389]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1942s [p11_child[2389]] [do_card] (0x4000): Login NOT required. 1942s [p11_child[2389]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1942s [p11_child[2389]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1942s [p11_child[2389]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1942s [p11_child[2389]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1942s [p11_child[2389]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.pem 1943s + local found_md5 expected_md5 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 4 (0x4) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1943s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1943s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1943s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1943s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1943s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1943s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1943s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1943s 6b:9a:0c:d8:85:b9:c4:83:8d 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1943s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1943s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1943s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1943s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1943s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1943s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1943s 49:32 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + expected_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290.pem 1943s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1943s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.output 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.output .output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.pem 1943s + echo -n 053350 1943s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1943s [p11_child[2397]] [main] (0x0400): p11_child started. 1943s [p11_child[2397]] [main] (0x2000): Running in [auth] mode. 1943s [p11_child[2397]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2397]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2397]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2397]] [do_card] (0x4000): Module List: 1943s [p11_child[2397]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2397]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2397]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2397]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1943s [p11_child[2397]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2397]] [do_card] (0x4000): Login required. 1943s [p11_child[2397]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1943s [p11_child[2397]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2397]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2397]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1943s [p11_child[2397]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1943s [p11_child[2397]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1943s [p11_child[2397]] [do_card] (0x4000): Certificate verified and validated. 1943s [p11_child[2397]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 4 (0x4) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1943s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1943s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1943s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1943s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1943s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1943s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1943s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1943s 6b:9a:0c:d8:85:b9:c4:83:8d 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1943s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1943s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1943s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1943s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1943s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1943s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1943s 49:32 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-19290-auth.pem 1943s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1943s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s + local verify_option= 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Interme Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1943s + echo 'Test Organization Interme Token' 1943s + '[' -n '' ']' 1943s + local output_base_name=SSSD-child-11710 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11710.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-11710.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s Test Organization Interme Token 1943s [p11_child[2407]] [main] (0x0400): p11_child started. 1943s [p11_child[2407]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2407]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2407]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2407]] [do_card] (0x4000): Module List: 1943s [p11_child[2407]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2407]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2407]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2407]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1943s [p11_child[2407]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2407]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2407]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1943s [p11_child[2407]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1943s [p11_child[2407]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1943s [p11_child[2407]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 1943s [p11_child[2407]] [do_card] (0x4000): No certificate found. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-11710.output 1943s + return 2 1943s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem partial_chain 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem partial_chain 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s + local verify_option=partial_chain 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-17506 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Interme Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 1943s + echo 'Test Organization Interme Token' 1943s + '[' -n partial_chain ']' 1943s + local verify_arg=--verify=partial_chain 1943s + local output_base_name=SSSD-child-15564 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem 1943s Test Organization Interme Token 1943s [p11_child[2414]] [main] (0x0400): p11_child started. 1943s [p11_child[2414]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2414]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2414]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2414]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2414]] [do_card] (0x4000): Module List: 1943s [p11_child[2414]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2414]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2414]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2414]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1943s [p11_child[2414]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2414]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2414]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1943s [p11_child[2414]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2414]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2414]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2414]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.pem 1943s + local found_md5 expected_md5 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 4 (0x4) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1943s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1943s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1943s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1943s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1943s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1943s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1943s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1943s 6b:9a:0c:d8:85:b9:c4:83:8d 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1943s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1943s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1943s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1943s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1943s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1943s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1943s 49:32 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-intermediate-CA-trusted-certificate-0001.pem 1943s + expected_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564.pem 1943s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1943s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.output 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.output .output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.pem 1943s + echo -n 053350 1943s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1943s [p11_child[2422]] [main] (0x0400): p11_child started. 1943s [p11_child[2422]] [main] (0x2000): Running in [auth] mode. 1943s [p11_child[2422]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2422]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2422]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2422]] [do_card] (0x4000): Module List: 1943s [p11_child[2422]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2422]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2422]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6878e736] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2422]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 1943s [p11_child[2422]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x6878e736][1752753974] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2422]] [do_card] (0x4000): Login required. 1943s [p11_child[2422]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 1943s [p11_child[2422]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2422]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2422]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6878e736;slot-manufacturer=SoftHSM%20project;slot-id=1752753974;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9057641a6878e736;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1943s [p11_child[2422]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1943s [p11_child[2422]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1943s [p11_child[2422]] [do_card] (0x4000): Certificate verified and validated. 1943s [p11_child[2422]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 4 (0x4) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:c7:b5:59:52:8f:7f:31:74:a8:e5:dc:68:09:ff: 1943s 2b:a9:92:81:34:43:b0:39:31:8d:ed:43:12:12:83: 1943s 5e:7e:30:81:cf:79:dd:48:49:33:35:1c:28:95:88: 1943s be:58:c6:9a:a6:b6:d7:ee:3a:ab:cd:8f:58:98:7c: 1943s 21:2e:a5:17:52:90:ec:26:e2:90:4e:30:df:2e:bd: 1943s e8:13:8a:de:a1:86:99:08:31:c8:8b:b6:4b:85:32: 1943s 86:f4:00:8f:a3:d5:66:fb:52:ce:b5:8f:9d:f3:19: 1943s ea:80:37:b8:05:79:a0:a4:d3:b9:b1:c3:a9:48:25: 1943s 6b:9a:0c:d8:85:b9:c4:83:8d 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 70:67:41:77:31:91:FA:E5:AF:F8:4B:8C:1C:99:EB:36:7A:A0:EC:9D 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s E7:32:99:0C:49:52:D7:B7:EB:BE:B6:6C:E8:5F:09:4B:7A:28:70:81 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 8d:7a:65:56:43:f9:0e:2f:c3:7c:3e:a0:13:ce:a5:42:8c:3a: 1943s ca:d8:83:53:54:43:87:61:ef:4a:c1:2e:db:20:b8:70:bd:f7: 1943s a4:29:d0:5e:fb:e9:ff:fc:c7:3d:87:c4:c9:f8:32:24:82:c7: 1943s 89:aa:de:87:35:06:d7:98:e6:dc:29:d3:e3:b1:be:49:f0:87: 1943s 60:7f:91:49:58:e0:b2:09:38:0d:6b:3d:3c:58:7a:7b:63:6b: 1943s aa:07:83:01:95:28:ae:03:98:de:20:26:b1:ab:a2:1b:da:3c: 1943s e6:ab:2d:cf:e7:9b:87:2c:f3:71:f2:42:f7:10:6f:cd:18:d7: 1943s 49:32 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15564-auth.pem 1943s + found_md5=Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D 1943s + '[' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D '!=' Modulus=C7B559528F7F3174A8E5DC6809FF2BA992813443B039318DED431212835E7E3081CF79DD484933351C289588BE58C69AA6B6D7EE3AABCD8F58987C212EA5175290EC26E2904E30DF2EBDE8138ADEA186990831C88BB64B853286F4008FA3D566FB52CEB58F9DF319EA8037B80579A0A4D3B9B1C3A948256B9A0CD885B9C4838D ']' 1943s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s + local verify_option= 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Sub Int Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + local key_file 1943s + local decrypted_key 1943s + mkdir -p /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1943s + key_file=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1943s + decrypted_key=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1943s + cat 1943s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 1943s Slot 0 has a free/uninitialized token. 1943s The token has been initialized and is reassigned to slot 415371792 1943s + softhsm2-util --show-slots 1943s Available slots: 1943s Slot 415371792 1943s Slot info: 1943s Description: SoftHSM slot ID 0x18c21210 1943s Manufacturer ID: SoftHSM project 1943s Hardware version: 2.6 1943s Firmware version: 2.6 1943s Token present: yes 1943s Token info: 1943s Manufacturer ID: SoftHSM project 1943s Model: SoftHSM v2 1943s Hardware version: 2.6 1943s Firmware version: 2.6 1943s Serial number: d9da0d0298c21210 1943s Initialized: yes 1943s User PIN init.: yes 1943s Label: Test Organization Sub Int Token 1943s Slot 1 1943s Slot info: 1943s Description: SoftHSM slot ID 0x1 1943s Manufacturer ID: SoftHSM project 1943s Hardware version: 2.6 1943s Firmware version: 2.6 1943s Token present: yes 1943s Token info: 1943s Manufacturer ID: SoftHSM project 1943s Model: SoftHSM v2 1943s Hardware version: 2.6 1943s Firmware version: 2.6 1943s Serial number: 1943s Initialized: no 1943s User PIN init.: no 1943s Label: 1943s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1943s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-4964 -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1943s writing RSA key 1943s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1943s + rm /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1943s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1943s Object 0: 1943s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1943s Type: X.509 Certificate (RSA-1024) 1943s Expires: Thu Apr 10 00:03:36 2025 1943s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1943s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1943s 1943s Test Organization Sub Int Token 1943s + echo 'Test Organization Sub Int Token' 1943s + '[' -n '' ']' 1943s + local output_base_name=SSSD-child-30576 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30576.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-30576.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s [p11_child[2441]] [main] (0x0400): p11_child started. 1943s [p11_child[2441]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2441]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2441]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2441]] [do_card] (0x4000): Module List: 1943s [p11_child[2441]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2441]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2441]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2441]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2441]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2441]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2441]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2441]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1943s [p11_child[2441]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1943s [p11_child[2441]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1943s [p11_child[2441]] [do_card] (0x4000): No certificate found. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-30576.output 1943s + return 2 1943s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-CA.pem partial_chain 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s + local verify_option=partial_chain 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Sub Int Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1943s + echo 'Test Organization Sub Int Token' 1943s + '[' -n partial_chain ']' 1943s + local verify_arg=--verify=partial_chain 1943s + local output_base_name=SSSD-child-32206 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-32206.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-32206.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-CA.pem 1943s Test Organization Sub Int Token 1943s [p11_child[2448]] [main] (0x0400): p11_child started. 1943s [p11_child[2448]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2448]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2448]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2448]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2448]] [do_card] (0x4000): Module List: 1943s [p11_child[2448]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2448]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2448]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2448]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2448]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2448]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2448]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2448]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1943s [p11_child[2448]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1943s [p11_child[2448]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1943s [p11_child[2448]] [do_card] (0x4000): No certificate found. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-32206.output 1943s + return 2 1943s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s + local verify_option= 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Sub Int Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1943s + echo 'Test Organization Sub Int Token' 1943s Test Organization Sub Int Token 1943s + '[' -n '' ']' 1943s + local output_base_name=SSSD-child-9169 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s [p11_child[2455]] [main] (0x0400): p11_child started. 1943s [p11_child[2455]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2455]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2455]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2455]] [do_card] (0x4000): Module List: 1943s [p11_child[2455]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2455]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2455]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2455]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2455]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2455]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2455]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2455]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2455]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2455]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2455]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 5 (0x5) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1943s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1943s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1943s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1943s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1943s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1943s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1943s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1943s 13:7a:96:9d:dc:98:9b:84:55 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Sub Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1943s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1943s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1943s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1943s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1943s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1943s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1943s 36:8a 1943s + local found_md5 expected_md5 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + expected_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169.pem 1943s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1943s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1943s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.output 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.output .output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.pem 1943s + echo -n 053350 1943s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1943s [p11_child[2463]] [main] (0x0400): p11_child started. 1943s [p11_child[2463]] [main] (0x2000): Running in [auth] mode. 1943s [p11_child[2463]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2463]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2463]] [do_card] (0x4000): Module List: 1943s [p11_child[2463]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2463]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2463]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2463]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2463]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2463]] [do_card] (0x4000): Login required. 1943s [p11_child[2463]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2463]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2463]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2463]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1943s [p11_child[2463]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1943s [p11_child[2463]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1943s [p11_child[2463]] [do_card] (0x4000): Certificate verified and validated. 1943s [p11_child[2463]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 5 (0x5) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1943s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1943s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1943s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1943s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1943s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1943s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1943s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1943s 13:7a:96:9d:dc:98:9b:84:55 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Sub Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1943s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1943s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1943s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1943s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1943s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1943s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1943s 36:8a 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-9169-auth.pem 1943s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1943s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1943s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1943s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem partial_chain 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s + local verify_option=partial_chain 1943s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1943s + local key_cn 1943s + local key_name 1943s + local tokens_dir 1943s + local output_cert_file 1943s + token_name= 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1943s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1943s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s ++ sed -n 's/ *commonName *= //p' 1943s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1943s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1943s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1943s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1943s + token_name='Test Organization Sub Int Token' 1943s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1943s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1943s + echo 'Test Organization Sub Int Token' 1943s + '[' -n partial_chain ']' 1943s + local verify_arg=--verify=partial_chain 1943s + local output_base_name=SSSD-child-21329 1943s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.pem 1943s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem 1943s Test Organization Sub Int Token 1943s [p11_child[2473]] [main] (0x0400): p11_child started. 1943s [p11_child[2473]] [main] (0x2000): Running in [pre-auth] mode. 1943s [p11_child[2473]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2473]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2473]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2473]] [do_card] (0x4000): Module List: 1943s [p11_child[2473]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2473]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2473]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2473]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2473]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2473]] [do_card] (0x4000): Login NOT required. 1943s [p11_child[2473]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2473]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2473]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2473]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2473]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.pem 1943s + local found_md5 expected_md5 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 5 (0x5) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1943s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1943s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1943s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1943s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1943s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1943s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1943s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1943s 13:7a:96:9d:dc:98:9b:84:55 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Sub Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1943s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1943s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1943s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1943s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1943s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1943s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1943s 36:8a 1943s + expected_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329.pem 1943s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1943s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1943s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.output 1943s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.output .output 1943s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.pem 1943s + echo -n 053350 1943s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1943s [p11_child[2481]] [main] (0x0400): p11_child started. 1943s [p11_child[2481]] [main] (0x2000): Running in [auth] mode. 1943s [p11_child[2481]] [main] (0x2000): Running with effective IDs: [0][0]. 1943s [p11_child[2481]] [main] (0x2000): Running with real IDs [0][0]. 1943s [p11_child[2481]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1943s [p11_child[2481]] [do_card] (0x4000): Module List: 1943s [p11_child[2481]] [do_card] (0x4000): common name: [softhsm2]. 1943s [p11_child[2481]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2481]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1943s [p11_child[2481]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1943s [p11_child[2481]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1943s [p11_child[2481]] [do_card] (0x4000): Login required. 1943s [p11_child[2481]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1943s [p11_child[2481]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1943s [p11_child[2481]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1943s [p11_child[2481]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1943s [p11_child[2481]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1943s [p11_child[2481]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1943s [p11_child[2481]] [do_card] (0x4000): Certificate verified and validated. 1943s [p11_child[2481]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1943s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.output 1943s + echo '-----BEGIN CERTIFICATE-----' 1943s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.output 1943s + echo '-----END CERTIFICATE-----' 1943s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.pem 1943s Certificate: 1943s Data: 1943s Version: 3 (0x2) 1943s Serial Number: 5 (0x5) 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1943s Validity 1943s Not Before: Apr 10 00:03:36 2024 GMT 1943s Not After : Apr 10 00:03:36 2025 GMT 1943s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1943s Subject Public Key Info: 1943s Public Key Algorithm: rsaEncryption 1943s Public-Key: (1024 bit) 1943s Modulus: 1943s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1943s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1943s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1943s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1943s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1943s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1943s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1943s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1943s 13:7a:96:9d:dc:98:9b:84:55 1943s Exponent: 65537 (0x10001) 1943s X509v3 extensions: 1943s X509v3 Authority Key Identifier: 1943s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1943s X509v3 Basic Constraints: 1943s CA:FALSE 1943s Netscape Cert Type: 1943s SSL Client, S/MIME 1943s Netscape Comment: 1943s Test Organization Sub Intermediate CA trusted Certificate 1943s X509v3 Subject Key Identifier: 1943s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1943s X509v3 Key Usage: critical 1943s Digital Signature, Non Repudiation, Key Encipherment 1943s X509v3 Extended Key Usage: 1943s TLS Web Client Authentication, E-mail Protection 1943s X509v3 Subject Alternative Name: 1943s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1943s Signature Algorithm: sha256WithRSAEncryption 1943s Signature Value: 1943s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1943s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1943s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1943s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1943s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1943s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1943s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1943s 36:8a 1943s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-21329-auth.pem 1944s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1944s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s + local verify_option= 1944s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_cn 1944s + local key_name 1944s + local tokens_dir 1944s + local output_cert_file 1944s + token_name= 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1944s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1944s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s ++ sed -n 's/ *commonName *= //p' 1944s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1944s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1944s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1944s Test Organization Sub Int Token 1944s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1944s + token_name='Test Organization Sub Int Token' 1944s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1944s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1944s + echo 'Test Organization Sub Int Token' 1944s + '[' -n '' ']' 1944s + local output_base_name=SSSD-child-20353 1944s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20353.output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-20353.pem 1944s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s [p11_child[2491]] [main] (0x0400): p11_child started. 1944s [p11_child[2491]] [main] (0x2000): Running in [pre-auth] mode. 1944s [p11_child[2491]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2491]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2491]] [do_card] (0x4000): Module List: 1944s [p11_child[2491]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2491]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2491]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2491]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2491]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2491]] [do_card] (0x4000): Login NOT required. 1944s [p11_child[2491]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2491]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1944s [p11_child[2491]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 1944s [p11_child[2491]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1944s [p11_child[2491]] [do_card] (0x4000): No certificate found. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-20353.output 1944s + return 2 1944s + invalid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem partial_chain 1944s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem partial_chain 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem 1944s + local verify_option=partial_chain 1944s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_cn 1944s + local key_name 1944s + local tokens_dir 1944s + local output_cert_file 1944s + token_name= 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1944s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1944s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s ++ sed -n 's/ *commonName *= //p' 1944s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1944s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1944s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1944s Test Organization Sub Int Token 1944s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1944s + token_name='Test Organization Sub Int Token' 1944s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1944s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1944s + echo 'Test Organization Sub Int Token' 1944s + '[' -n partial_chain ']' 1944s + local verify_arg=--verify=partial_chain 1944s + local output_base_name=SSSD-child-19801 1944s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19801.output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-19801.pem 1944s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-root-intermediate-chain-CA.pem 1944s [p11_child[2498]] [main] (0x0400): p11_child started. 1944s [p11_child[2498]] [main] (0x2000): Running in [pre-auth] mode. 1944s [p11_child[2498]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2498]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2498]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1944s [p11_child[2498]] [do_card] (0x4000): Module List: 1944s [p11_child[2498]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2498]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2498]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2498]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2498]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2498]] [do_card] (0x4000): Login NOT required. 1944s [p11_child[2498]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2498]] [do_verification] (0x0040): X509_verify_cert failed [0]. 1944s [p11_child[2498]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 1944s [p11_child[2498]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 1944s [p11_child[2498]] [do_card] (0x4000): No certificate found. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-19801.output 1944s + return 2 1944s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem partial_chain 1944s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem partial_chain 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s + local verify_option=partial_chain 1944s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_cn 1944s + local key_name 1944s + local tokens_dir 1944s + local output_cert_file 1944s + token_name= 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1944s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1944s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s ++ sed -n 's/ *commonName *= //p' 1944s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1944s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1944s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1944s Test Organization Sub Int Token 1944s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1944s + token_name='Test Organization Sub Int Token' 1944s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1944s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1944s + echo 'Test Organization Sub Int Token' 1944s + '[' -n partial_chain ']' 1944s + local verify_arg=--verify=partial_chain 1944s + local output_base_name=SSSD-child-2219 1944s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.pem 1944s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem 1944s [p11_child[2505]] [main] (0x0400): p11_child started. 1944s [p11_child[2505]] [main] (0x2000): Running in [pre-auth] mode. 1944s [p11_child[2505]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2505]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2505]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1944s [p11_child[2505]] [do_card] (0x4000): Module List: 1944s [p11_child[2505]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2505]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2505]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2505]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2505]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2505]] [do_card] (0x4000): Login NOT required. 1944s [p11_child[2505]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2505]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1944s [p11_child[2505]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1944s [p11_child[2505]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1944s [p11_child[2505]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.output 1944s + echo '-----BEGIN CERTIFICATE-----' 1944s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.output 1944s + echo '-----END CERTIFICATE-----' 1944s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.pem 1944s Certificate: 1944s Data: 1944s Version: 3 (0x2) 1944s Serial Number: 5 (0x5) 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1944s Validity 1944s Not Before: Apr 10 00:03:36 2024 GMT 1944s Not After : Apr 10 00:03:36 2025 GMT 1944s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1944s Subject Public Key Info: 1944s Public Key Algorithm: rsaEncryption 1944s Public-Key: (1024 bit) 1944s Modulus: 1944s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1944s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1944s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1944s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1944s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1944s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1944s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1944s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1944s 13:7a:96:9d:dc:98:9b:84:55 1944s Exponent: 65537 (0x10001) 1944s X509v3 extensions: 1944s X509v3 Authority Key Identifier: 1944s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1944s X509v3 Basic Constraints: 1944s CA:FALSE 1944s Netscape Cert Type: 1944s SSL Client, S/MIME 1944s Netscape Comment: 1944s Test Organization Sub Intermediate CA trusted Certificate 1944s X509v3 Subject Key Identifier: 1944s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1944s X509v3 Key Usage: critical 1944s Digital Signature, Non Repudiation, Key Encipherment 1944s X509v3 Extended Key Usage: 1944s TLS Web Client Authentication, E-mail Protection 1944s X509v3 Subject Alternative Name: 1944s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Signature Value: 1944s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1944s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1944s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1944s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1944s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1944s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1944s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1944s 36:8a 1944s + local found_md5 expected_md5 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + expected_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219.pem 1944s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1944s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.output 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.output .output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.pem 1944s + echo -n 053350 1944s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1944s [p11_child[2513]] [main] (0x0400): p11_child started. 1944s [p11_child[2513]] [main] (0x2000): Running in [auth] mode. 1944s [p11_child[2513]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2513]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2513]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1944s [p11_child[2513]] [do_card] (0x4000): Module List: 1944s [p11_child[2513]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2513]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2513]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2513]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2513]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2513]] [do_card] (0x4000): Login required. 1944s [p11_child[2513]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2513]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1944s [p11_child[2513]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1944s [p11_child[2513]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1944s [p11_child[2513]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1944s [p11_child[2513]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1944s [p11_child[2513]] [do_card] (0x4000): Certificate verified and validated. 1944s [p11_child[2513]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.output 1944s + echo '-----BEGIN CERTIFICATE-----' 1944s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.output 1944s + echo '-----END CERTIFICATE-----' 1944s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.pem 1944s Certificate: 1944s Data: 1944s Version: 3 (0x2) 1944s Serial Number: 5 (0x5) 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1944s Validity 1944s Not Before: Apr 10 00:03:36 2024 GMT 1944s Not After : Apr 10 00:03:36 2025 GMT 1944s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1944s Subject Public Key Info: 1944s Public Key Algorithm: rsaEncryption 1944s Public-Key: (1024 bit) 1944s Modulus: 1944s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1944s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1944s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1944s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1944s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1944s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1944s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1944s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1944s 13:7a:96:9d:dc:98:9b:84:55 1944s Exponent: 65537 (0x10001) 1944s X509v3 extensions: 1944s X509v3 Authority Key Identifier: 1944s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1944s X509v3 Basic Constraints: 1944s CA:FALSE 1944s Netscape Cert Type: 1944s SSL Client, S/MIME 1944s Netscape Comment: 1944s Test Organization Sub Intermediate CA trusted Certificate 1944s X509v3 Subject Key Identifier: 1944s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1944s X509v3 Key Usage: critical 1944s Digital Signature, Non Repudiation, Key Encipherment 1944s X509v3 Extended Key Usage: 1944s TLS Web Client Authentication, E-mail Protection 1944s X509v3 Subject Alternative Name: 1944s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Signature Value: 1944s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1944s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1944s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1944s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1944s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1944s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1944s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1944s 36:8a 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-2219-auth.pem 1944s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1944s + valid_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-intermediate-sub-chain-CA.pem partial_chain 1944s + check_certificate /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 /tmp/sssd-softhsm2-U3LurW/test-intermediate-sub-chain-CA.pem partial_chain 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_ring=/tmp/sssd-softhsm2-U3LurW/test-intermediate-sub-chain-CA.pem 1944s + local verify_option=partial_chain 1944s + prepare_softhsm2_card /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local certificate=/tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-4964 1944s + local key_cn 1944s + local key_name 1944s + local tokens_dir 1944s + local output_cert_file 1944s + token_name= 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1944s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1944s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s ++ sed -n 's/ *commonName *= //p' 1944s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1944s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1944s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1944s + tokens_dir=/tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1944s + token_name='Test Organization Sub Int Token' 1944s + '[' '!' -e /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1944s + '[' '!' -d /tmp/sssd-softhsm2-U3LurW/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 1944s + echo 'Test Organization Sub Int Token' 1944s Test Organization Sub Int Token 1944s + '[' -n partial_chain ']' 1944s + local verify_arg=--verify=partial_chain 1944s + local output_base_name=SSSD-child-15064 1944s + local output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.pem 1944s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-sub-chain-CA.pem 1944s [p11_child[2523]] [main] (0x0400): p11_child started. 1944s [p11_child[2523]] [main] (0x2000): Running in [pre-auth] mode. 1944s [p11_child[2523]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2523]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2523]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1944s [p11_child[2523]] [do_card] (0x4000): Module List: 1944s [p11_child[2523]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2523]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2523]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2523]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2523]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2523]] [do_card] (0x4000): Login NOT required. 1944s [p11_child[2523]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2523]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1944s [p11_child[2523]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1944s [p11_child[2523]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1944s [p11_child[2523]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.output 1944s + echo '-----BEGIN CERTIFICATE-----' 1944s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.output 1944s + echo '-----END CERTIFICATE-----' 1944s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.pem 1944s Certificate: 1944s Data: 1944s Version: 3 (0x2) 1944s Serial Number: 5 (0x5) 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1944s Validity 1944s Not Before: Apr 10 00:03:36 2024 GMT 1944s Not After : Apr 10 00:03:36 2025 GMT 1944s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1944s Subject Public Key Info: 1944s Public Key Algorithm: rsaEncryption 1944s Public-Key: (1024 bit) 1944s Modulus: 1944s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1944s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1944s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1944s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1944s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1944s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1944s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1944s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1944s 13:7a:96:9d:dc:98:9b:84:55 1944s Exponent: 65537 (0x10001) 1944s X509v3 extensions: 1944s X509v3 Authority Key Identifier: 1944s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1944s X509v3 Basic Constraints: 1944s CA:FALSE 1944s Netscape Cert Type: 1944s SSL Client, S/MIME 1944s Netscape Comment: 1944s Test Organization Sub Intermediate CA trusted Certificate 1944s X509v3 Subject Key Identifier: 1944s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1944s X509v3 Key Usage: critical 1944s Digital Signature, Non Repudiation, Key Encipherment 1944s X509v3 Extended Key Usage: 1944s TLS Web Client Authentication, E-mail Protection 1944s X509v3 Subject Alternative Name: 1944s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Signature Value: 1944s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1944s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1944s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1944s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1944s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1944s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1944s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1944s 36:8a 1944s + local found_md5 expected_md5 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/test-sub-intermediate-CA-trusted-certificate-0001.pem 1944s + expected_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064.pem 1944s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1944s + output_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.output 1944s ++ basename /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.output .output 1944s + output_cert_file=/tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.pem 1944s + echo -n 053350 1944s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-U3LurW/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1944s [p11_child[2531]] [main] (0x0400): p11_child started. 1944s [p11_child[2531]] [main] (0x2000): Running in [auth] mode. 1944s [p11_child[2531]] [main] (0x2000): Running with effective IDs: [0][0]. 1944s [p11_child[2531]] [main] (0x2000): Running with real IDs [0][0]. 1944s [p11_child[2531]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 1944s [p11_child[2531]] [do_card] (0x4000): Module List: 1944s [p11_child[2531]] [do_card] (0x4000): common name: [softhsm2]. 1944s [p11_child[2531]] [do_card] (0x4000): dll name: [/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2531]] [do_card] (0x4000): Description [SoftHSM slot ID 0x18c21210] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 1944s [p11_child[2531]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 1944s [p11_child[2531]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x18c21210][415371792] of module [0][/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so]. 1944s [p11_child[2531]] [do_card] (0x4000): Login required. 1944s [p11_child[2531]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 1944s [p11_child[2531]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 1944s [p11_child[2531]] [do_card] (0x4000): /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 1944s [p11_child[2531]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x18c21210;slot-manufacturer=SoftHSM%20project;slot-id=415371792;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d9da0d0298c21210;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 1944s [p11_child[2531]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 1944s [p11_child[2531]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 1944s [p11_child[2531]] [do_card] (0x4000): Certificate verified and validated. 1944s [p11_child[2531]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 1944s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.output 1944s + echo '-----BEGIN CERTIFICATE-----' 1944s + tail -n1 /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.output 1944s + echo '-----END CERTIFICATE-----' 1944s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.pem 1944s Certificate: 1944s Data: 1944s Version: 3 (0x2) 1944s Serial Number: 5 (0x5) 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1944s Validity 1944s Not Before: Apr 10 00:03:36 2024 GMT 1944s Not After : Apr 10 00:03:36 2025 GMT 1944s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1944s Subject Public Key Info: 1944s Public Key Algorithm: rsaEncryption 1944s Public-Key: (1024 bit) 1944s Modulus: 1944s 00:bb:92:69:0a:76:af:56:90:65:53:c9:46:eb:47: 1944s b7:3c:6e:d8:e7:3b:d4:8f:87:36:04:a1:ce:04:1c: 1944s 62:7e:ae:b1:9e:8f:0e:75:4b:7f:c8:36:29:ba:23: 1944s 6f:4f:0a:e8:59:6e:7c:9b:75:6a:bc:e2:12:2e:03: 1944s 9d:b3:57:07:c8:f7:f9:84:78:8c:96:fe:61:34:0f: 1944s 29:2e:cb:19:2f:03:78:a9:39:e2:ed:bc:87:5c:d8: 1944s a3:d3:3a:92:65:64:e9:2d:f2:c3:8c:9d:c6:e8:1b: 1944s 03:97:01:48:c9:93:61:5b:e4:d6:03:1f:e6:c8:0a: 1944s 13:7a:96:9d:dc:98:9b:84:55 1944s Exponent: 65537 (0x10001) 1944s X509v3 extensions: 1944s X509v3 Authority Key Identifier: 1944s 71:FB:6C:B6:08:E1:A3:02:AE:A3:65:4F:20:20:06:9C:A9:C4:63:6B 1944s X509v3 Basic Constraints: 1944s CA:FALSE 1944s Netscape Cert Type: 1944s SSL Client, S/MIME 1944s Netscape Comment: 1944s Test Organization Sub Intermediate CA trusted Certificate 1944s X509v3 Subject Key Identifier: 1944s 0E:96:AF:AF:07:68:5B:61:FF:F1:83:BD:04:45:90:94:FB:0E:02:C8 1944s X509v3 Key Usage: critical 1944s Digital Signature, Non Repudiation, Key Encipherment 1944s X509v3 Extended Key Usage: 1944s TLS Web Client Authentication, E-mail Protection 1944s X509v3 Subject Alternative Name: 1944s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1944s Signature Algorithm: sha256WithRSAEncryption 1944s Signature Value: 1944s 56:a4:1d:7c:fa:cb:48:c6:92:f7:0e:8e:2e:e5:45:f9:f6:f2: 1944s c9:7d:59:44:9a:2f:57:d4:2c:c3:99:eb:5f:78:f1:53:8a:b0: 1944s 5f:1e:c6:8f:82:fd:be:e6:f4:de:7e:55:bc:3f:4d:f5:6d:9c: 1944s d6:cb:11:d0:e2:6e:47:14:71:80:c4:f4:8b:42:61:9f:10:da: 1944s 5d:8e:6a:6e:02:6f:cb:66:e5:fc:cb:27:b7:1f:31:f8:dc:75: 1944s 41:cb:6b:db:c2:89:33:e3:cf:93:7d:d1:80:d8:af:bc:03:0d: 1944s 6f:58:b6:e6:cf:6d:fd:77:2b:2f:09:f8:e7:82:52:c1:8e:e9: 1944s 36:8a 1944s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-U3LurW/SSSD-child-15064-auth.pem 1944s 1944s Test completed, Root CA and intermediate issued certificates verified! 1944s + found_md5=Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 1944s + '[' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 '!=' Modulus=BB92690A76AF56906553C946EB47B73C6ED8E73BD48F873604A1CE041C627EAEB19E8F0E754B7FC83629BA236F4F0AE8596E7C9B756ABCE2122E039DB35707C8F7F984788C96FE61340F292ECB192F0378A939E2EDBC875CD8A3D33A926564E92DF2C38C9DC6E81B03970148C993615BE4D6031FE6C80A137A969DDC989B8455 ']' 1944s + set +x 1952s autopkgtest [00:03:40]: test sssd-softhism2-certificates-tests.sh: -----------------------] 1961s sssd-softhism2-certificates-tests.sh PASS 1961s autopkgtest [00:03:57]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 1961s autopkgtest [00:03:57]: test sssd-smart-card-pam-auth-configs: preparing testbed 1976s Reading package lists... 1977s Building dependency tree... 1977s Reading state information... 1977s Starting pkgProblemResolver with broken count: 0 1977s Starting 2 pkgProblemResolver with broken count: 0 1977s Done 1977s The following additional packages will be installed: 1977s pamtester 1977s The following NEW packages will be installed: 1977s autopkgtest-satdep pamtester 1977s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 1977s Need to get 12.7 kB/13.5 kB of archives. 1977s After this operation, 36.9 kB of additional disk space will be used. 1977s Get:1 /tmp/autopkgtest.NDJ5uc/4-autopkgtest-satdep.deb autopkgtest-satdep amd64 0 [756 B] 1977s Get:2 http://ftpmaster.internal/ubuntu noble/universe amd64 pamtester amd64 0.1.2-4 [12.7 kB] 1978s Fetched 12.7 kB in 0s (236 kB/s) 1978s Selecting previously unselected package pamtester. 1978s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 74341 files and directories currently installed.) 1978s Preparing to unpack .../pamtester_0.1.2-4_amd64.deb ... 1978s Unpacking pamtester (0.1.2-4) ... 1978s Selecting previously unselected package autopkgtest-satdep. 1978s Preparing to unpack .../4-autopkgtest-satdep.deb ... 1978s Unpacking autopkgtest-satdep (0) ... 1978s Setting up pamtester (0.1.2-4) ... 1978s Setting up autopkgtest-satdep (0) ... 1978s Processing triggers for man-db (2.12.0-4build1) ... 1980s (Reading database ... 74347 files and directories currently installed.) 1980s Removing autopkgtest-satdep (0) ... 1980s autopkgtest [00:04:16]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1980s autopkgtest [00:04:16]: test sssd-smart-card-pam-auth-configs: [----------------------- 1980s + '[' -z ubuntu ']' 1980s + export DEBIAN_FRONTEND=noninteractive 1980s + DEBIAN_FRONTEND=noninteractive 1980s + required_tools=(pamtester softhsm2-util sssd) 1980s + [[ ! -v OFFLINE_MODE ]] 1980s + for cmd in "${required_tools[@]}" 1980s + command -v pamtester 1980s + for cmd in "${required_tools[@]}" 1980s + command -v softhsm2-util 1980s + for cmd in "${required_tools[@]}" 1980s + command -v sssd 1980s + PIN=123456 1980s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 1980s + tmpdir=/tmp/sssd-softhsm2-certs-IqeMuY 1980s + backupsdir= 1980s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 1980s + declare -a restore_paths 1980s + declare -a delete_paths 1980s + trap handle_exit EXIT 1980s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 1980s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 1980s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1980s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 1980s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-IqeMuY GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 1980s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-IqeMuY 1980s + GENERATE_SMART_CARDS=1 1980s + KEEP_TEMPORARY_FILES=1 1980s + NO_SSSD_TESTS=1 1980s + bash debian/tests/sssd-softhism2-certificates-tests.sh 1980s + '[' -z ubuntu ']' 1980s + required_tools=(p11tool openssl softhsm2-util) 1980s + for cmd in "${required_tools[@]}" 1980s + command -v p11tool 1980s + for cmd in "${required_tools[@]}" 1980s + command -v openssl 1980s + for cmd in "${required_tools[@]}" 1980s + command -v softhsm2-util 1980s + PIN=123456 1980s +++ find /usr/lib/softhsm/libsofthsm2.so 1980s +++ head -n 1 1980s ++ realpath /usr/lib/softhsm/libsofthsm2.so 1980s + SOFTHSM2_MODULE=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so 1980s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 1980s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 1980s + '[' '!' -v NO_SSSD_TESTS ']' 1980s + '[' '!' -e /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so ']' 1980s + tmpdir=/tmp/sssd-softhsm2-certs-IqeMuY 1980s + keys_size=1024 1980s + [[ ! -v KEEP_TEMPORARY_FILES ]] 1980s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 1980s + echo -n 01 1980s + touch /tmp/sssd-softhsm2-certs-IqeMuY/index.txt 1980s + mkdir -p /tmp/sssd-softhsm2-certs-IqeMuY/new_certs 1980s + cat 1980s + root_ca_key_pass=pass:random-root-CA-password-31055 1980s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-key.pem -passout pass:random-root-CA-password-31055 1024 1980s + openssl req -passin pass:random-root-CA-password-31055 -batch -config /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem 1980s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem 1980s + cat 1980s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-20042 1980s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-20042 1024 1980s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-20042 -config /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-31055 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-certificate-request.pem 1980s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-certificate-request.pem 1980s Certificate Request: 1980s Data: 1980s Version: 1 (0x0) 1980s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1980s Subject Public Key Info: 1980s Public Key Algorithm: rsaEncryption 1980s Public-Key: (1024 bit) 1980s Modulus: 1980s 00:c8:b2:96:cd:a1:d1:9e:b8:d6:bf:c9:58:0f:e9: 1980s 74:b7:cd:76:11:d0:98:d1:fa:f0:29:c1:be:40:98: 1980s 1f:12:ff:1c:bc:89:67:7a:6d:26:cf:d1:76:5b:5d: 1980s 13:1d:4c:90:59:19:81:0e:aa:a4:de:80:ba:3c:7b: 1980s 43:b5:b9:ff:35:77:38:1a:36:47:89:af:de:2d:72: 1980s fa:86:56:e2:dc:bc:d3:f5:64:64:a8:e6:e2:ae:3b: 1980s 47:bb:2c:b4:ce:d6:5c:f1:bf:d3:ee:00:4b:ce:28: 1980s 1f:13:6f:99:53:bf:3f:0b:55:51:e0:9c:c1:6f:d2: 1980s 77:49:3d:aa:e1:0c:d0:ef:97 1980s Exponent: 65537 (0x10001) 1980s Attributes: 1980s (none) 1980s Requested Extensions: 1980s Signature Algorithm: sha256WithRSAEncryption 1980s Signature Value: 1980s 9e:85:8f:15:57:ae:dd:6e:32:6f:f3:81:e7:a2:e2:e3:2b:5f: 1980s 87:04:40:e8:e9:55:41:b6:86:44:79:b3:c0:fd:74:e2:03:a4: 1980s ee:11:35:62:21:65:03:99:03:29:6d:af:f2:9c:a9:b3:10:d9: 1980s ee:1e:77:f7:d1:0e:8d:71:48:6c:56:9b:b7:5e:e7:db:e8:5c: 1980s 21:a9:54:78:3a:d9:cd:3e:50:93:18:8c:63:ec:a1:de:d8:8b: 1980s a0:7e:c1:a3:78:eb:9d:c3:dc:19:88:de:82:d6:40:ee:c0:d0: 1980s da:3e:a4:58:e4:2e:93:05:d4:06:1e:88:b4:c5:54:22:2a:59: 1980s 4d:fd 1980s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.config -passin pass:random-root-CA-password-31055 -keyfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem 1980s Using configuration from /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.config 1980s Check that the request matches the signature 1980s Signature ok 1980s Certificate Details: 1980s Serial Number: 1 (0x1) 1980s Validity 1980s Not Before: Apr 10 00:04:16 2024 GMT 1980s Not After : Apr 10 00:04:16 2025 GMT 1980s Subject: 1980s organizationName = Test Organization 1980s organizationalUnitName = Test Organization Unit 1980s commonName = Test Organization Intermediate CA 1980s X509v3 extensions: 1980s X509v3 Subject Key Identifier: 1980s 53:9B:06:A8:BF:B6:4E:4D:79:B9:02:C0:2C:64:8B:3A:46:6E:C4:F0 1980s X509v3 Authority Key Identifier: 1980s keyid:4C:F0:30:B8:AF:59:36:F8:2F:E6:30:C5:01:AB:96:26:03:A5:8C:C5 1980s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1980s serial:00 1980s X509v3 Basic Constraints: 1980s CA:TRUE 1980s X509v3 Key Usage: critical 1980s Digital Signature, Certificate Sign, CRL Sign 1980s Certificate is to be certified until Apr 10 00:04:16 2025 GMT (365 days) 1980s 1980s Write out database with 1 new entries 1980s Database updated 1980s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem 1980s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem 1980s /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem: OK 1980s + cat 1980s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-8667 1980s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-8667 1024 1980s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-8667 -config /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-20042 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-certificate-request.pem 1980s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-certificate-request.pem 1980s Certificate Request: 1980s Data: 1980s Version: 1 (0x0) 1980s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1980s Subject Public Key Info: 1980s Public Key Algorithm: rsaEncryption 1980s Public-Key: (1024 bit) 1980s Modulus: 1980s 00:bf:a8:e4:a6:03:e7:c5:62:34:1c:8e:f4:a4:62: 1980s aa:28:7b:a4:80:75:61:7b:48:60:0f:66:90:89:75: 1980s 56:a0:8d:00:15:48:ff:5e:53:da:19:09:11:98:55: 1980s 5b:16:2c:f1:42:c8:07:db:71:8d:7a:62:2c:c1:1c: 1980s 07:f6:60:37:1c:a8:04:4c:a8:b7:55:ee:5f:d6:d4: 1980s c2:38:47:ef:04:2c:1a:87:7f:83:6a:24:ab:41:49: 1980s 36:e2:b3:dd:cb:89:f4:6b:0d:e0:87:95:be:4c:84: 1980s 15:19:96:b2:2a:86:31:34:71:a3:77:e0:4f:c7:f1: 1980s ad:a1:8d:31:3b:e8:19:e7:03 1980s Exponent: 65537 (0x10001) 1980s Attributes: 1980s (none) 1980s Requested Extensions: 1980s Signature Algorithm: sha256WithRSAEncryption 1980s Signature Value: 1980s 4b:0c:9b:87:ff:99:2e:ec:60:9c:6c:a2:07:4f:c7:f4:eb:bc: 1980s ec:41:0a:b2:78:22:8d:c4:78:65:e9:01:dc:6f:88:14:b7:77: 1980s 71:e1:39:2a:f5:31:76:58:58:64:bf:f4:27:4b:12:c8:94:68: 1980s 1a:21:04:f5:af:ee:83:53:d4:7f:62:d8:f4:a8:c2:2e:4b:bc: 1980s 6d:8b:53:b2:03:22:48:dd:b4:22:37:49:46:b0:f3:aa:04:88: 1980s c2:12:8f:4c:43:8a:fc:a4:2e:f7:65:3e:f6:51:b2:d0:95:bd: 1980s 54:15:ad:f3:8d:b3:e1:4c:30:7b:72:bd:e7:26:64:89:f9:24: 1980s 4d:de 1980s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-20042 -keyfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1980s Using configuration from /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.config 1980s Check that the request matches the signature 1980s Signature ok 1980s Certificate Details: 1980s Serial Number: 2 (0x2) 1980s Validity 1980s Not Before: Apr 10 00:04:16 2024 GMT 1980s Not After : Apr 10 00:04:16 2025 GMT 1980s Subject: 1980s organizationName = Test Organization 1980s organizationalUnitName = Test Organization Unit 1980s commonName = Test Organization Sub Intermediate CA 1980s X509v3 extensions: 1980s X509v3 Subject Key Identifier: 1980s 46:0C:E7:58:2D:2E:9D:30:98:9D:85:78:81:E3:CA:B4:41:A0:A7:17 1980s X509v3 Authority Key Identifier: 1980s keyid:53:9B:06:A8:BF:B6:4E:4D:79:B9:02:C0:2C:64:8B:3A:46:6E:C4:F0 1980s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 1980s serial:01 1980s X509v3 Basic Constraints: 1980s CA:TRUE 1980s X509v3 Key Usage: critical 1980s Digital Signature, Certificate Sign, CRL Sign 1980s Certificate is to be certified until Apr 10 00:04:16 2025 GMT (365 days) 1980s 1980s Write out database with 1 new entries 1980s Database updated 1980s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1980s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1980s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1980s + local cmd=openssl 1980s + shift 1980s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1980s /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem: OK 1980s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1980s error 20 at 0 depth lookup: unable to get local issuer certificate 1980s error /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem: verification failed 1980s + cat 1980s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-7299 1980s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-7299 1024 1980s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-7299 -key /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-request.pem 1980s Certificate Request: 1980s Data: 1980s Version: 1 (0x0) 1980s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1980s Subject Public Key Info: 1980s Public Key Algorithm: rsaEncryption 1980s Public-Key: (1024 bit) 1980s Modulus: 1980s 00:ec:30:c1:fb:13:64:e5:b6:8b:fe:3f:cd:2e:1d: 1980s aa:f2:cf:aa:79:76:51:52:e5:60:b3:7c:05:d2:17: 1980s 11:e5:6d:a7:94:75:ce:d4:b5:5a:4c:66:fa:41:0c: 1980s 73:80:6f:82:aa:e2:f4:87:7f:dd:ad:87:3b:9c:b0: 1980s b6:23:79:0f:66:ee:9a:00:cd:a0:90:43:4c:94:63: 1980s c7:b4:fd:32:42:5c:df:91:b4:f2:43:ec:78:a5:bb: 1980s 93:59:4a:10:e4:ce:c9:f9:eb:c6:7b:70:58:7a:29: 1980s 0e:7c:63:bf:15:69:97:02:77:a0:21:59:7f:ce:c5: 1980s 16:0b:e8:20:ea:d6:46:ba:09 1980s Exponent: 65537 (0x10001) 1980s Attributes: 1980s Requested Extensions: 1980s X509v3 Basic Constraints: 1980s CA:FALSE 1980s Netscape Cert Type: 1980s SSL Client, S/MIME 1980s Netscape Comment: 1980s Test Organization Root CA trusted Certificate 1980s X509v3 Subject Key Identifier: 1980s BA:B7:B9:29:1A:9F:7E:5E:89:F5:FD:12:B3:6F:9C:55:7A:4B:0B:61 1980s X509v3 Key Usage: critical 1980s Digital Signature, Non Repudiation, Key Encipherment 1980s X509v3 Extended Key Usage: 1980s TLS Web Client Authentication, E-mail Protection 1980s X509v3 Subject Alternative Name: 1980s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1980s Signature Algorithm: sha256WithRSAEncryption 1980s Signature Value: 1980s 93:cc:41:61:7e:bd:55:ec:c5:47:d9:61:fd:11:0e:f4:82:74: 1980s b6:33:89:65:8b:9d:2f:61:54:1a:05:15:7f:14:06:ca:d7:a9: 1980s c1:19:5b:61:ff:30:be:6a:3c:23:e2:ba:6a:34:30:4b:37:f4: 1980s f0:6b:9a:a4:e4:4a:d6:9c:1a:c7:33:41:dc:ab:3e:36:f8:37: 1980s 2a:fc:51:ac:18:48:10:69:94:e1:36:5c:4d:80:21:30:26:70: 1980s 96:43:ad:5c:13:cb:5e:85:17:ea:ca:e1:99:d4:1b:a8:43:bb: 1980s 83:bf:13:a5:88:1c:01:a6:29:51:01:2c:e4:7d:f9:40:55:20: 1980s a9:67 1980s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-request.pem 1980s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.config -passin pass:random-root-CA-password-31055 -keyfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1980s Using configuration from /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.config 1980s Check that the request matches the signature 1980s Signature ok 1981s Certificate Details: 1981s Serial Number: 3 (0x3) 1981s Validity 1981s Not Before: Apr 10 00:04:17 2024 GMT 1981s Not After : Apr 10 00:04:17 2025 GMT 1981s Subject: 1981s organizationName = Test Organization 1981s organizationalUnitName = Test Organization Unit 1981s commonName = Test Organization Root Trusted Certificate 0001 1981s X509v3 extensions: 1981s X509v3 Authority Key Identifier: 1981s 4C:F0:30:B8:AF:59:36:F8:2F:E6:30:C5:01:AB:96:26:03:A5:8C:C5 1981s X509v3 Basic Constraints: 1981s CA:FALSE 1981s Netscape Cert Type: 1981s SSL Client, S/MIME 1981s Netscape Comment: 1981s Test Organization Root CA trusted Certificate 1981s X509v3 Subject Key Identifier: 1981s BA:B7:B9:29:1A:9F:7E:5E:89:F5:FD:12:B3:6F:9C:55:7A:4B:0B:61 1981s X509v3 Key Usage: critical 1981s Digital Signature, Non Repudiation, Key Encipherment 1981s X509v3 Extended Key Usage: 1981s TLS Web Client Authentication, E-mail Protection 1981s X509v3 Subject Alternative Name: 1981s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1981s Certificate is to be certified until Apr 10 00:04:17 2025 GMT (365 days) 1981s 1981s Write out database with 1 new entries 1981s Database updated 1981s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem: OK 1981s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s + local cmd=openssl 1981s + shift 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 1981s error 20 at 0 depth lookup: unable to get local issuer certificate 1981s error /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem: verification failed 1981s + cat 1981s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-1823 1981s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-1823 1024 1981s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-1823 -key /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-request.pem 1981s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-request.pem 1981s Certificate Request: 1981s Data: 1981s Version: 1 (0x0) 1981s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 1981s Subject Public Key Info: 1981s Public Key Algorithm: rsaEncryption 1981s Public-Key: (1024 bit) 1981s Modulus: 1981s 00:bf:d8:c3:54:1d:1a:d1:be:31:d8:3b:ee:5c:82: 1981s 69:3a:96:fe:07:66:e1:6f:a8:e0:83:11:99:2a:18: 1981s 84:5b:16:52:a7:30:95:a6:33:87:15:6e:bb:cb:90: 1981s f9:21:29:f7:6c:fd:cd:24:05:1b:aa:66:17:1e:7d: 1981s 59:63:4d:2f:81:1c:94:91:75:53:2f:84:b0:4c:77: 1981s 71:a3:42:38:dd:77:91:13:43:67:0c:49:63:17:e1: 1981s 43:45:fd:4c:7a:df:88:b6:b3:26:d3:bc:46:39:a0: 1981s c6:f0:1f:d8:f5:5f:7e:06:94:83:b8:98:f7:61:8b: 1981s 15:73:a1:54:e2:5a:63:9d:eb 1981s Exponent: 65537 (0x10001) 1981s Attributes: 1981s Requested Extensions: 1981s X509v3 Basic Constraints: 1981s CA:FALSE 1981s Netscape Cert Type: 1981s SSL Client, S/MIME 1981s Netscape Comment: 1981s Test Organization Intermediate CA trusted Certificate 1981s X509v3 Subject Key Identifier: 1981s DD:E8:B5:76:23:69:F4:DB:23:3E:D3:B0:A5:B1:5E:5F:C2:B3:30:39 1981s X509v3 Key Usage: critical 1981s Digital Signature, Non Repudiation, Key Encipherment 1981s X509v3 Extended Key Usage: 1981s TLS Web Client Authentication, E-mail Protection 1981s X509v3 Subject Alternative Name: 1981s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1981s Signature Algorithm: sha256WithRSAEncryption 1981s Signature Value: 1981s 97:7b:86:a1:95:45:6c:37:79:05:9f:a4:0a:c5:fb:93:ae:9f: 1981s 62:18:50:37:ba:3f:c1:62:b5:28:2a:19:76:b3:46:77:d1:1e: 1981s 0d:be:d9:51:85:24:67:50:f7:0f:84:a4:e8:a4:1e:a1:c9:28: 1981s 2c:73:10:68:15:98:a7:ba:46:74:0b:70:e5:07:9a:b6:da:0a: 1981s 24:b7:5a:d0:a5:38:38:2c:a2:d5:e3:e4:9f:84:63:e2:31:49: 1981s 14:a9:c7:a9:4b:9b:16:df:1b:67:73:81:e6:2a:90:b2:4a:c0: 1981s 68:fe:42:86:13:d4:7d:74:ab:7e:3e:25:7a:a0:a7:2b:93:53: 1981s 08:f8 1981s + openssl ca -passin pass:random-intermediate-CA-password-20042 -config /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s Using configuration from /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.config 1981s Check that the request matches the signature 1981s Signature ok 1981s Certificate Details: 1981s Serial Number: 4 (0x4) 1981s Validity 1981s Not Before: Apr 10 00:04:17 2024 GMT 1981s Not After : Apr 10 00:04:17 2025 GMT 1981s Subject: 1981s organizationName = Test Organization 1981s organizationalUnitName = Test Organization Unit 1981s commonName = Test Organization Intermediate Trusted Certificate 0001 1981s X509v3 extensions: 1981s X509v3 Authority Key Identifier: 1981s 53:9B:06:A8:BF:B6:4E:4D:79:B9:02:C0:2C:64:8B:3A:46:6E:C4:F0 1981s X509v3 Basic Constraints: 1981s CA:FALSE 1981s Netscape Cert Type: 1981s SSL Client, S/MIME 1981s Netscape Comment: 1981s Test Organization Intermediate CA trusted Certificate 1981s X509v3 Subject Key Identifier: 1981s DD:E8:B5:76:23:69:F4:DB:23:3E:D3:B0:A5:B1:5E:5F:C2:B3:30:39 1981s X509v3 Key Usage: critical 1981s Digital Signature, Non Repudiation, Key Encipherment 1981s X509v3 Extended Key Usage: 1981s TLS Web Client Authentication, E-mail Protection 1981s X509v3 Subject Alternative Name: 1981s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1981s Certificate is to be certified until Apr 10 00:04:17 2025 GMT (365 days) 1981s 1981s Write out database with 1 new entries 1981s Database updated 1981s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s This certificate should not be trusted fully 1981s + echo 'This certificate should not be trusted fully' 1981s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s + local cmd=openssl 1981s + shift 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1981s error 2 at 1 depth lookup: unable to get issuer certificate 1981s error /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 1981s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem: OK 1981s + cat 1981s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-28744 1981s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-28744 1024 1981s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-28744 -key /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1981s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 1981s Certificate Request: 1981s Data: 1981s Version: 1 (0x0) 1981s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1981s Subject Public Key Info: 1981s Public Key Algorithm: rsaEncryption 1981s Public-Key: (1024 bit) 1981s Modulus: 1981s 00:aa:23:93:0b:62:64:ba:ba:f4:b4:6f:f2:a3:a6: 1981s 18:95:e6:31:91:c6:49:3a:48:8e:7d:a6:85:22:0c: 1981s d9:ce:ad:bf:aa:00:66:f9:e0:0c:f5:9d:bb:e5:c3: 1981s b1:4e:16:2b:be:60:7e:d4:0b:1e:92:0f:1c:60:c8: 1981s e5:c7:8e:c6:94:da:14:de:90:e5:0f:51:81:06:2e: 1981s 5f:83:ca:b2:49:ae:c6:46:7f:df:9d:14:83:8a:0f: 1981s 18:20:7a:d0:38:58:a0:89:a8:1f:93:f5:ec:80:58: 1981s 48:a3:07:71:e2:70:26:8d:e6:f5:5d:d5:cf:c8:db: 1981s f4:31:05:9e:88:4d:ba:05:4b 1981s Exponent: 65537 (0x10001) 1981s Attributes: 1981s Requested Extensions: 1981s X509v3 Basic Constraints: 1981s CA:FALSE 1981s Netscape Cert Type: 1981s SSL Client, S/MIME 1981s Netscape Comment: 1981s Test Organization Sub Intermediate CA trusted Certificate 1981s X509v3 Subject Key Identifier: 1981s 16:A8:0B:EF:40:71:5F:1A:26:A6:70:2E:72:DD:E8:EB:10:38:77:64 1981s X509v3 Key Usage: critical 1981s Digital Signature, Non Repudiation, Key Encipherment 1981s X509v3 Extended Key Usage: 1981s TLS Web Client Authentication, E-mail Protection 1981s X509v3 Subject Alternative Name: 1981s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1981s Signature Algorithm: sha256WithRSAEncryption 1981s Signature Value: 1981s 8e:b6:a8:28:d7:bb:ec:44:ac:0e:c2:7f:9f:46:72:b0:ff:cb: 1981s eb:50:ef:21:a1:d8:e3:6a:3b:7b:db:98:2a:55:5e:ff:72:c2: 1981s 86:9f:a2:cf:55:09:b6:72:41:26:71:2a:f9:ca:22:1b:01:65: 1981s 7c:4f:5b:e5:be:94:3f:ae:af:de:9d:a0:9e:14:a9:d8:e4:ed: 1981s fd:bc:db:ff:30:22:8d:3a:9e:ed:2f:1c:c5:7e:98:97:79:0c: 1981s 33:c4:05:90:44:5e:ba:69:21:61:52:04:79:c1:37:f6:ea:49: 1981s 46:a5:c7:f9:57:d0:33:27:01:25:c8:ef:f0:c3:2c:1e:06:e5: 1981s 6e:f2 1981s + openssl ca -passin pass:random-sub-intermediate-CA-password-8667 -config /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s Using configuration from /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.config 1981s Check that the request matches the signature 1981s Signature ok 1981s Certificate Details: 1981s Serial Number: 5 (0x5) 1981s Validity 1981s Not Before: Apr 10 00:04:17 2024 GMT 1981s Not After : Apr 10 00:04:17 2025 GMT 1981s Subject: 1981s organizationName = Test Organization 1981s organizationalUnitName = Test Organization Unit 1981s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 1981s X509v3 extensions: 1981s X509v3 Authority Key Identifier: 1981s 46:0C:E7:58:2D:2E:9D:30:98:9D:85:78:81:E3:CA:B4:41:A0:A7:17 1981s X509v3 Basic Constraints: 1981s CA:FALSE 1981s Netscape Cert Type: 1981s SSL Client, S/MIME 1981s Netscape Comment: 1981s Test Organization Sub Intermediate CA trusted Certificate 1981s X509v3 Subject Key Identifier: 1981s 16:A8:0B:EF:40:71:5F:1A:26:A6:70:2E:72:DD:E8:EB:10:38:77:64 1981s X509v3 Key Usage: critical 1981s Digital Signature, Non Repudiation, Key Encipherment 1981s X509v3 Extended Key Usage: 1981s TLS Web Client Authentication, E-mail Protection 1981s X509v3 Subject Alternative Name: 1981s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 1981s Certificate is to be certified until Apr 10 00:04:17 2025 GMT (365 days) 1981s 1981s Write out database with 1 new entries 1981s Database updated 1981s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s This certificate should not be trusted fully 1981s + echo 'This certificate should not be trusted fully' 1981s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s + local cmd=openssl 1981s + shift 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1981s error 2 at 1 depth lookup: unable to get issuer certificate 1981s error /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1981s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s + local cmd=openssl 1981s + shift 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1981s error 20 at 0 depth lookup: unable to get local issuer certificate 1981s error /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1981s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1981s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s + local cmd=openssl 1981s + shift 1981s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 1981s error 20 at 0 depth lookup: unable to get local issuer certificate 1981s error /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 1981s + echo 'Building a the full-chain CA file...' 1981s + cat /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1981s Building a the full-chain CA file... 1981s + cat /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem 1981s + cat /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 1981s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem 1981s + openssl pkcs7 -print_certs -noout 1981s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1981s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1981s 1981s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1981s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 1981s 1981s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 1981s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 1981s 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA.pem: OK 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem: OK 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem: OK 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-root-intermediate-chain-CA.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-root-intermediate-chain-CA.pem: OK 1981s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 1981s + echo 'Certificates generation completed!' 1981s + [[ -v NO_SSSD_TESTS ]] 1981s + [[ -v GENERATE_SMART_CARDS ]] 1981s Certificates generation completed! 1981s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7299 1981s + local certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s + local key_pass=pass:random-root-ca-trusted-cert-0001-7299 1981s + local key_cn 1981s + local key_name 1981s + local tokens_dir 1981s + local output_cert_file 1981s + token_name= 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem .pem 1981s + key_name=test-root-CA-trusted-certificate-0001 1981s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem 1981s ++ sed -n 's/ *commonName *= //p' 1981s + key_cn='Test Organization Root Trusted Certificate 0001' 1981s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1981s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf 1981s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 1981s + tokens_dir=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001 1981s + token_name='Test Organization Root Tr Token' 1981s + '[' '!' -e /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 1981s + local key_file 1981s + local decrypted_key 1981s + mkdir -p /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001 1981s + key_file=/tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key.pem 1981s + decrypted_key=/tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1981s + cat 1981s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 1981s Slot 0 has a free/uninitialized token. 1981s The token has been initialized and is reassigned to slot 1450238877 1981s + softhsm2-util --show-slots 1981s Available slots: 1981s Slot 1450238877 1981s Slot info: 1981s Description: SoftHSM slot ID 0x5670e39d 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: b435f8955670e39d 1981s Initialized: yes 1981s User PIN init.: yes 1981s Label: Test Organization Root Tr Token 1981s Slot 1 1981s Slot info: 1981s Description: SoftHSM slot ID 0x1 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: 1981s Initialized: no 1981s User PIN init.: no 1981s Label: 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-7299 -in /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1981s writing RSA key 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + rm /tmp/sssd-softhsm2-certs-IqeMuY/test-root-CA-trusted-certificate-0001-key-decrypted.pem 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1981s Object 0: 1981s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b435f8955670e39d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 1981s Type: X.509 Certificate (RSA-1024) 1981s Expires: Thu Apr 10 00:04:17 2025 1981s Label: Test Organization Root Trusted Certificate 0001 1981s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1981s 1981s Test Organization Root Tr Token 1981s + echo 'Test Organization Root Tr Token' 1981s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-1823 1981s + local certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-1823 1981s + local key_cn 1981s + local key_name 1981s + local tokens_dir 1981s + local output_cert_file 1981s + token_name= 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem .pem 1981s + key_name=test-intermediate-CA-trusted-certificate-0001 1981s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem 1981s ++ sed -n 's/ *commonName *= //p' 1981s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 1981s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1981s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1981s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 1981s + tokens_dir=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001 1981s + token_name='Test Organization Interme Token' 1981s + '[' '!' -e /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 1981s + local key_file 1981s + local decrypted_key 1981s + mkdir -p /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-intermediate-CA-trusted-certificate-0001 1981s + key_file=/tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key.pem 1981s + decrypted_key=/tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s + cat 1981s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 1981s Slot 0 has a free/uninitialized token. 1981s The token has been initialized and is reassigned to slot 77979581 1981s + softhsm2-util --show-slots 1981s Available slots: 1981s Slot 77979581 1981s Slot info: 1981s Description: SoftHSM slot ID 0x4a5dfbd 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: 64c6386d04a5dfbd 1981s Initialized: yes 1981s User PIN init.: yes 1981s Label: Test Organization Interme Token 1981s Slot 1 1981s Slot info: 1981s Description: SoftHSM slot ID 0x1 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: 1981s Initialized: no 1981s User PIN init.: no 1981s Label: 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-1823 -in /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s writing RSA key 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + rm /tmp/sssd-softhsm2-certs-IqeMuY/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1981s Object 0: 1981s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=64c6386d04a5dfbd;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 1981s Type: X.509 Certificate (RSA-1024) 1981s Expires: Thu Apr 10 00:04:17 2025 1981s Label: Test Organization Intermediate Trusted Certificate 0001 1981s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1981s 1981s Test Organization Interme Token 1981s + echo 'Test Organization Interme Token' 1981s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-28744 1981s + local certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-28744 1981s + local key_cn 1981s + local key_name 1981s + local tokens_dir 1981s + local output_cert_file 1981s + token_name= 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 1981s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 1981s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem 1981s ++ sed -n 's/ *commonName *= //p' 1981s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 1981s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 1981s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1981s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 1981s ++ basename /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 1981s + tokens_dir=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1981s + token_name='Test Organization Sub Int Token' 1981s + '[' '!' -e /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 1981s + local key_file 1981s + local decrypted_key 1981s + mkdir -p /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 1981s + key_file=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 1981s + decrypted_key=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s + cat 1981s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 1981s + softhsm2-util --show-slots 1981s Slot 0 has a free/uninitialized token. 1981s The token has been initialized and is reassigned to slot 1849701022 1981s Available slots: 1981s Slot 1849701022 1981s Slot info: 1981s Description: SoftHSM slot ID 0x6e40329e 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: f466180a6e40329e 1981s Initialized: yes 1981s User PIN init.: yes 1981s Label: Test Organization Sub Int Token 1981s Slot 1 1981s Slot info: 1981s Description: SoftHSM slot ID 0x1 1981s Manufacturer ID: SoftHSM project 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Token present: yes 1981s Token info: 1981s Manufacturer ID: SoftHSM project 1981s Model: SoftHSM v2 1981s Hardware version: 2.6 1981s Firmware version: 2.6 1981s Serial number: 1981s Initialized: no 1981s User PIN init.: no 1981s Label: 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-28744 -in /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s writing RSA key 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 1981s + rm /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 1981s + p11tool --provider=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --list-all 1981s Object 0: 1981s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f466180a6e40329e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 1981s Type: X.509 Certificate (RSA-1024) 1981s Expires: Thu Apr 10 00:04:17 2025 1981s Label: Test Organization Sub Intermediate Trusted Certificate 0001 1981s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 1981s 1981s + echo 'Test Organization Sub Int Token' 1981s + echo 'Certificates generation completed!' 1981s + exit 0 1981s Test Organization Sub Int Token 1981s Certificates generation completed! 1981s + find /tmp/sssd-softhsm2-certs-IqeMuY -type d -exec chmod 777 '{}' ';' 1981s + find /tmp/sssd-softhsm2-certs-IqeMuY -type f -exec chmod 666 '{}' ';' 1981s + backup_file /etc/sssd/sssd.conf 1981s + '[' -z '' ']' 1981s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 1981s + backupsdir=/tmp/sssd-softhsm2-backups-XJfvuY 1981s + '[' -e /etc/sssd/sssd.conf ']' 1981s + delete_paths+=("$1") 1981s + rm -f /etc/sssd/sssd.conf 1981s ++ runuser -u ubuntu -- sh -c 'echo ~' 1981s + user_home=/home/ubuntu 1981s + mkdir -p /home/ubuntu 1981s + chown ubuntu:ubuntu /home/ubuntu 1981s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 1981s + user_config=/home/ubuntu/.config 1981s + system_config=/etc 1981s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 1981s + for path_pair in "${softhsm2_conf_paths[@]}" 1981s + IFS=: 1981s + read -r -a path 1981s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1981s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 1981s + '[' -z /tmp/sssd-softhsm2-backups-XJfvuY ']' 1981s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 1981s + delete_paths+=("$1") 1981s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 1981s + for path_pair in "${softhsm2_conf_paths[@]}" 1981s + IFS=: 1981s + read -r -a path 1981s + path=/etc/softhsm/softhsm2.conf 1981s + backup_file /etc/softhsm/softhsm2.conf 1981s + '[' -z /tmp/sssd-softhsm2-backups-XJfvuY ']' 1981s + '[' -e /etc/softhsm/softhsm2.conf ']' 1981s ++ dirname /etc/softhsm/softhsm2.conf 1981s + local back_dir=/tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm 1981s ++ basename /etc/softhsm/softhsm2.conf 1981s + local back_path=/tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm/softhsm2.conf 1981s + '[' '!' -e /tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm/softhsm2.conf ']' 1981s + mkdir -p /tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm 1981s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm/softhsm2.conf 1981s + restore_paths+=("$back_path") 1981s + rm -f /etc/softhsm/softhsm2.conf 1981s + test_authentication login /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem 1981s + pam_service=login 1981s + certificate_config=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf 1981s + ca_db=/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem 1981s + verification_options= 1981s + mkdir -p -m 700 /etc/sssd 1981s Using CA DB '/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem' with verification options: '' 1981s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 1981s + cat 1981s + chmod 600 /etc/sssd/sssd.conf 1981s + for path_pair in "${softhsm2_conf_paths[@]}" 1981s + IFS=: 1981s + read -r -a path 1981s + user=ubuntu 1981s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 1981s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 1981s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 1981s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 1981s + runuser -u ubuntu -- softhsm2-util --show-slots 1981s + grep 'Test Organization' 1981s Label: Test Organization Root Tr Token 1981s + for path_pair in "${softhsm2_conf_paths[@]}" 1981s + IFS=: 1981s + read -r -a path 1981s + user=root 1981s + path=/etc/softhsm/softhsm2.conf 1981s ++ dirname /etc/softhsm/softhsm2.conf 1981s + runuser -u root -- mkdir -p /etc/softhsm 1981s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 1981s + runuser -u root -- softhsm2-util --show-slots 1981s + grep 'Test Organization' 1981s Label: Test Organization Root Tr Token 1981s + systemctl restart sssd 1981s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 1982s + for alternative in "${alternative_pam_configs[@]}" 1982s + pam-auth-update --enable sss-smart-card-optional 1982s + cat /etc/pam.d/common-auth 1982s # 1982s # /etc/pam.d/common-auth - authentication settings common to all services 1982s # 1982s # This file is included from other service-specific PAM config files, 1982s # and should contain a list of the authentication modules that define 1982s # the central authentication scheme for use on the system 1982s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 1982s # traditional Unix authentication mechanisms. 1982s # 1982s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 1982s # To take advantage of this, it is recommended that you configure any 1982s # local modules either before or after the default block, and use 1982s # pam-auth-update to manage selection of other modules. See 1982s # pam-auth-update(8) for details. 1982s 1982s # here are the per-package modules (the "Primary" block) 1982s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 1982s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 1982s auth [success=1 default=ignore] pam_sss.so use_first_pass 1982s # here's the fallback if no module succeeds 1982s auth requisite pam_deny.so 1982s # prime the stack with a positive return value if there isn't one already; 1982s # this avoids us returning an error just because nothing sets a success code 1982s # since the modules above will each just jump around 1982s auth required pam_permit.so 1982s # and here are more per-package modules (the "Additional" block) 1982s auth optional pam_cap.so 1982s # end of pam-auth-update config 1982s + echo -n -e 123456 1982s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1982s pamtester: invoking pam_start(login, ubuntu, ...) 1982s pamtester: performing operation - authenticate 1982s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1982s + echo -n -e 123456 1982s + runuser -u ubuntu -- pamtester -v login '' authenticate 1982s pamtester: invoking pam_start(login, , ...) 1982s pamtester: performing operation - authenticate 1982s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 1982s + echo -n -e wrong123456 1982s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 1982s pamtester: invoking pam_start(login, ubuntu, ...) 1982s pamtester: performing operation - authenticate 1985s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 1985s + echo -n -e wrong123456 1985s + runuser -u ubuntu -- pamtester -v login '' authenticate 1985s pamtester: invoking pam_start(login, , ...) 1985s pamtester: performing operation - authenticate 2003s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 2003s PAM configuration 2003s ----------------- 2003s 2003s Incompatible PAM profiles selected. 2003s 2003s The following PAM profiles cannot be used together: 2003s 2003s SSS required smart card authentication, SSS optional smart card 2003s authentication 2003s 2003s Please select a different set of modules to enable. 2003s 2003s + echo -n -e 123456 2003s + pamtester -v login root authenticate 2003s pamtester: invoking pam_start(login, root, ...) 2003s pamtester: performing operation - authenticate 2003s Password: pamtester: Authentication failure 2003s + for alternative in "${alternative_pam_configs[@]}" 2003s + pam-auth-update --enable sss-smart-card-required 2003s + cat /etc/pam.d/common-auth 2003s + echo -n -e 123456 2003s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2003s pamtester: invoking pam_start(login, ubuntu, ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Root Tr Token: + echo -n -e 123456 2003s + runuser -u ubuntu -- pamtester -v login '' authenticate 2003s pamtester: invoking pam_start(login, , ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 2003s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2003s pamtester: invoking pam_start(login, ubuntu, ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 2003s + echo -n -e wrong123456 2003s + runuser -u ubuntu -- pamtester -v login '' authenticate 2003s pamtester: invoking pam_start(login, , ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 2003s + echo -n -e 123456 2003s + pamtester -v login root authenticate 2003s pamtester: invoking pam_start(login, root, ...) 2003s pamtester: performing operation - authenticate 2003s pamtester: Authentication service cannot retrieve authentication info 2003s + test_authentication login /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem 2003s + pam_service=login 2003s + certificate_config=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 2003s + ca_db=/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem 2003s + verification_options= 2003s + mkdir -p -m 700 /etc/sssd 2003s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 2003s + cat 2003s + chmod 600 /etc/sssd/sssd.conf 2003s + for path_pair in "${softhsm2_conf_paths[@]}" 2003s + IFS=: 2003s + read -r -a path 2003s + user=ubuntu 2003s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 2003s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 2003s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 2003s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 2003s + runuser -u ubuntu -- softhsm2-util --show-slots 2003s + grep 'Test Organization' 2003s + for path_pair in "${softhsm2_conf_paths[@]}" 2003s + IFS=: 2003s + read -r -a path 2003s + user=root 2003s + path=/etc/softhsm/softhsm2.conf 2003s ++ dirname /etc/softhsm/softhsm2.conf 2003s + runuser -u root -- mkdir -p /etc/softhsm 2003s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 2003s + runuser -u root -- softhsm2-util --show-slots 2003s + grep 'Test Organization' 2003s + systemctl restart sssd 2003s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 2003s + for alternative in "${alternative_pam_configs[@]}" 2003s + pam-auth-update --enable sss-smart-card-optional 2003s + cat /etc/pam.d/common-auth 2003s + echo -n -e 123456 2003s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2003s pamtester: invoking pam_start(login, ubuntu, ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Sub Int Token: + echo -n -e 123456 2003s + runuser -u ubuntu -- pamtester -v login '' authenticate 2003s pamtester: invoking pam_start(login, , ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 2003s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2003s pamtester: invoking pam_start(login, ubuntu, ...) 2003s pamtester: performing operation - authenticate 2003s PIN for Test Organization Sub Int Token: Password: # 2003s # /etc/pam.d/common-auth - authentication settings common to all services 2003s # 2003s # This file is included from other service-specific PAM config files, 2003s # and should contain a list of the authentication modules that define 2003s # the central authentication scheme for use on the system 2003s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 2003s # traditional Unix authentication mechanisms. 2003s # 2003s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 2003s # To take advantage of this, it is recommended that you configure any 2003s # local modules either before or after the default block, and use 2003s # pam-auth-update to manage selection of other modules. See 2003s # pam-auth-update(8) for details. 2003s 2003s # here are the per-package modules (the "Primary" block) 2003s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 2003s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 2003s auth [success=1 default=ignore] pam_sss.so use_first_pass 2003s # here's the fallback if no module succeeds 2003s auth requisite pam_deny.so 2003s # prime the stack with a positive return value if there isn't one already; 2003s # this avoids us returning an error just because nothing sets a success code 2003s # since the modules above will each just jump around 2003s auth required pam_permit.so 2003s # and here are more per-package modules (the "Additional" block) 2003s auth optional pam_cap.so 2003s # end of pam-auth-update config 2003s pamtester: successfully authenticated 2003s pamtester: successfully authenticated 2003s Using CA DB '/tmp/sssd-softhsm2-certs-IqeMuY/test-full-chain-CA.pem' with verification options: '' 2003s Label: Test Organization Sub Int Token 2003s Label: Test Organization Sub Int Token 2003s # 2003s # /etc/pam.d/common-auth - authentication settings common to all services 2003s # 2003s # This file is included from other service-specific PAM config files, 2003s # and should contain a list of the authentication modules that define 2003s # the central authentication scheme for use on the system 2003s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 2003s # traditional Unix authentication mechanisms. 2003s # 2003s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 2003s # To take advantage of this, it is recommended that you configure any 2003s # local modules either before or after the default block, and use 2003s # pam-auth-update to manage selection of other modules. See 2003s # pam-auth-update(8) for details. 2003s 2003s # here are the per-package modules (the "Primary" block) 2003s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 2003s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 2003s auth [success=1 default=ignore] pam_sss.so use_first_pass 2003s # here's the fallback if no module succeeds 2003s auth requisite pam_deny.so 2003s # prime the stack with a positive return value if there isn't one already; 2003s # this avoids us returning an error just because nothing sets a success code 2003s # since the modules above will each just jump around 2003s auth required pam_permit.so 2003s # and here are more per-package modules (the "Additional" block) 2003s auth optional pam_cap.so 2003s # end of pam-auth-update config 2003s pamtester: successfully authenticated 2003s pamtester: successfully authenticated 2005s pamtester: Authentication failure 2006s + echo -n -e wrong123456 2006s + runuser -u ubuntu -- pamtester -v login '' authenticate 2006s pamtester: invoking pam_start(login, , ...) 2006s pamtester: performing operation - authenticate 2018s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 2018s PAM configuration 2018s ----------------- 2018s 2018s Incompatible PAM profiles selected. 2018s 2018s The following PAM profiles cannot be used together: 2018s 2018s SSS required smart card authentication, SSS optional smart card 2018s authentication 2018s 2018s Please select a different set of modules to enable. 2018s 2018s + pamtester -v login root authenticate 2018s + echo -n -e 123456 2018s pamtester: invoking pam_start(login, root, ...) 2018s pamtester: performing operation - authenticate 2018s Password: pamtester: Authentication failure 2018s + for alternative in "${alternative_pam_configs[@]}" 2018s + pam-auth-update --enable sss-smart-card-required 2018s + cat /etc/pam.d/common-auth 2018s + echo -n -e 123456 2018s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2018s pamtester: invoking pam_start(login, ubuntu, ...) 2018s pamtester: performing operation - authenticate 2018s PIN for Test Organization Sub Int Token: + echo -n -e 123456 2018s + runuser -u ubuntu -- pamtester -v login '' authenticate 2018s pamtester: invoking pam_start(login, , ...) 2018s pamtester: performing operation - authenticate 2018s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 2018s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2018s pamtester: invoking pam_start(login, ubuntu, ...) 2018s pamtester: performing operation - authenticate 2018s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 2018s + echo -n -e wrong123456 2018s + runuser -u ubuntu -- pamtester -v login '' authenticate 2018s pamtester: invoking pam_start(login, , ...) 2018s pamtester: performing operation - authenticate 2018s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 2018s + echo -n -e 123456 2018s + pamtester -v login root authenticate 2018s pamtester: invoking pam_start(login, root, ...) 2018s pamtester: performing operation - authenticate 2018s # 2018s # /etc/pam.d/common-auth - authentication settings common to all services 2018s # 2018s # This file is included from other service-specific PAM config files, 2018s # and should contain a list of the authentication modules that define 2018s # the central authentication scheme for use on the system 2018s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 2018s # traditional Unix authentication mechanisms. 2018s # 2018s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 2018s # To take advantage of this, it is recommended that you configure any 2018s # local modules either before or after the default block, and use 2018s # pam-auth-update to manage selection of other modules. See 2018s # pam-auth-update(8) for details. 2018s 2018s # here are the per-package modules (the "Primary" block) 2018s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 2018s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 2018s auth [success=1 default=ignore] pam_sss.so use_first_pass 2018s # here's the fallback if no module succeeds 2018s auth requisite pam_deny.so 2018s # prime the stack with a positive return value if there isn't one already; 2018s # this avoids us returning an error just because nothing sets a success code 2018s # since the modules above will each just jump around 2018s auth required pam_permit.so 2018s # and here are more per-package modules (the "Additional" block) 2018s auth optional pam_cap.so 2018s # end of pam-auth-update config 2018s pamtester: successfully authenticated 2018s pamtester: successfully authenticated 2021s pamtester: Authentication service cannot retrieve authentication info 2021s + test_authentication login /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem partial_chain 2021s + pam_service=login 2021s + certificate_config=/tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 2021s + ca_db=/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem 2021s + verification_options=partial_chain 2021s + mkdir -p -m 700 /etc/sssd 2021s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 2021s + cat 2021s + chmod 600 /etc/sssd/sssd.conf 2021s + for path_pair in "${softhsm2_conf_paths[@]}" 2021s Using CA DB '/tmp/sssd-softhsm2-certs-IqeMuY/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 2021s + IFS=: 2021s + read -r -a path 2021s + user=ubuntu 2021s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 2021s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 2021s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 2021s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 2021s + runuser -u ubuntu -- softhsm2-util --show-slots 2021s + grep 'Test Organization' 2021s + for path_pair in "${softhsm2_conf_paths[@]}" 2021s + IFS=: 2021s + read -r -a path 2021s + user=root 2021s + path=/etc/softhsm/softhsm2.conf 2021s ++ dirname /etc/softhsm/softhsm2.conf 2021s Label: Test Organization Sub Int Token 2021s + runuser -u root -- mkdir -p /etc/softhsm 2021s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-IqeMuY/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 2021s + runuser -u root -- softhsm2-util --show-slots 2021s + grep 'Test Organization' 2021s + systemctl restart sssd 2021s Label: Test Organization Sub Int Token 2021s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 2021s + for alternative in "${alternative_pam_configs[@]}" 2021s + pam-auth-update --enable sss-smart-card-optional 2022s + cat /etc/pam.d/common-auth 2022s # 2022s # /etc/pam.d/common-auth - authentication settings common to all services 2022s # 2022s # This file is included from other service-specific PAM config files, 2022s # and should contain a list of the authentication modules that define 2022s # the central authentication scheme for use on the system 2022s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 2022s # traditional Unix authentication mechanisms. 2022s # 2022s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 2022s # To take advantage of this, it is recommended that you configure any 2022s # local modules either before or after the default block, and use 2022s # pam-auth-update to manage selection of other modules. See 2022s # pam-auth-update(8) for details. 2022s 2022s # here are the per-package modules (the "Primary" block) 2022s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 2022s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 2022s auth [success=1 default=ignore] pam_sss.so use_first_pass 2022s # here's the fallback if no module succeeds 2022s auth requisite pam_deny.so 2022s # prime the stack with a positive return value if there isn't one already; 2022s # this avoids us returning an error just because nothing sets a success code 2022s # since the modules above will each just jump around 2022s auth required pam_permit.so 2022s # and here are more per-package modules (the "Additional" block) 2022s auth optional pam_cap.so 2022s # end of pam-auth-update config 2022s + echo -n -e 123456 2022s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2022s pamtester: invoking pam_start(login, ubuntu, ...) 2022s pamtester: performing operation - authenticate 2022s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 2022s + echo -n -e 123456 2022s + runuser -u ubuntu -- pamtester -v login '' authenticate 2022s pamtester: invoking pam_start(login, , ...) 2022s pamtester: performing operation - authenticate 2022s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 2022s + echo -n -e wrong123456 2022s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2022s pamtester: invoking pam_start(login, ubuntu, ...) 2022s pamtester: performing operation - authenticate 2035s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 2035s PAM configuration 2035s ----------------- 2035s 2035s Incompatible PAM profiles selected. 2035s 2035s The following PAM profiles cannot be used together: 2035s 2035s SSS required smart card authentication, SSS optional smart card 2035s authentication 2035s 2035s Please select a different set of modules to enable. 2035s 2035s + echo -n -e wrong123456 2035s + runuser -u ubuntu -- pamtester -v login '' authenticate 2035s pamtester: invoking pam_start(login, , ...) 2035s pamtester: performing operation - authenticate 2035s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 2035s + echo -n -e 123456 2035s + pamtester -v login root authenticate 2035s pamtester: invoking pam_start(login, root, ...) 2035s pamtester: performing operation - authenticate 2035s Password: pamtester: Authentication failure 2035s + for alternative in "${alternative_pam_configs[@]}" 2035s + pam-auth-update --enable sss-smart-card-required 2035s + cat /etc/pam.d/common-auth 2035s + echo -n -e 123456 2035s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2035s pamtester: invoking pam_start(login, ubuntu, ...) 2035s pamtester: performing operation - authenticate 2035s PIN for Test Organization Sub Int Token: + echo -n -e 123456 2035s + runuser -u ubuntu -- pamtester -v login '' authenticate 2035s pamtester: invoking pam_start(login, , ...) 2035s pamtester: performing operation - authenticate 2035s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 2035s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 2035s pamtester: invoking pam_start(login, ubuntu, ...) 2035s pamtester: performing operation - authenticate 2035s PIN for Test Organization Sub Int Token: # 2035s # /etc/pam.d/common-auth - authentication settings common to all services 2035s # 2035s # This file is included from other service-specific PAM config files, 2035s # and should contain a list of the authentication modules that define 2035s # the central authentication scheme for use on the system 2035s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 2035s # traditional Unix authentication mechanisms. 2035s # 2035s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 2035s # To take advantage of this, it is recommended that you configure any 2035s # local modules either before or after the default block, and use 2035s # pam-auth-update to manage selection of other modules. See 2035s # pam-auth-update(8) for details. 2035s 2035s # here are the per-package modules (the "Primary" block) 2035s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 2035s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 2035s auth [success=1 default=ignore] pam_sss.so use_first_pass 2035s # here's the fallback if no module succeeds 2035s auth requisite pam_deny.so 2035s # prime the stack with a positive return value if there isn't one already; 2035s # this avoids us returning an error just because nothing sets a success code 2035s # since the modules above will each just jump around 2035s auth required pam_permit.so 2035s # and here are more per-package modules (the "Additional" block) 2035s auth optional pam_cap.so 2035s # end of pam-auth-update config 2035s pamtester: successfully authenticated 2035s pamtester: successfully authenticated 2035s pamtester: Authentication failure 2035s + echo -n -e wrong123456 2035s + runuser -u ubuntu -- pamtester -v login '' authenticate 2035s pamtester: invoking pam_start(login, , ...) 2035s pamtester: performing operation - authenticate 2040s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 2040s + echo -n -e 123456 2040s + pamtester -v login root authenticate 2040s pamtester: invoking pam_start(login, root, ...) 2040s pamtester: performing operation - authenticate 2041s pamtester: Authentication service cannot retrieve authentication info 2041s + handle_exit 2041s + exit_code=0 2041s + restore_changes 2041s + for path in "${restore_paths[@]}" 2041s + local original_path 2041s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-XJfvuY /tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm/softhsm2.conf 2041s + original_path=/etc/softhsm/softhsm2.conf 2041s + rm /etc/softhsm/softhsm2.conf 2041s + mv /tmp/sssd-softhsm2-backups-XJfvuY//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 2041s + for path in "${delete_paths[@]}" 2041s + rm -f /etc/sssd/sssd.conf 2041s + for path in "${delete_paths[@]}" 2041s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 2041s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 2041s + '[' -e /etc/sssd/sssd.conf ']' 2041s + systemctl stop sssd 2041s + '[' -e /etc/softhsm/softhsm2.conf ']' 2041s + chmod 600 /etc/softhsm/softhsm2.conf 2041s + rm -rf /tmp/sssd-softhsm2-certs-IqeMuY 2041s + '[' 0 = 0 ']' 2041s + rm -rf /tmp/sssd-softhsm2-backups-XJfvuY 2041s Script completed successfully! 2041s + set +x 2041s autopkgtest [00:05:17]: test sssd-smart-card-pam-auth-configs: -----------------------] 2041s sssd-smart-card-pam-auth-configs PASS 2041s autopkgtest [00:05:17]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 2042s autopkgtest [00:05:18]: @@@@@@@@@@@@@@@@@@@@ summary 2042s ldap-user-group-ldap-auth PASS 2042s ldap-user-group-krb5-auth PASS 2042s sssd-softhism2-certificates-tests.sh PASS 2042s sssd-smart-card-pam-auth-configs PASS 2053s Creating nova instance adt-noble-amd64-sssd-20240409-233116-juju-7f2275-prod-proposed-migration-environment-2-054a5a3e-155c-46fe-a4f9-ffe3ef72e509 from image adt/ubuntu-noble-amd64-server-20240409.img (UUID 3fc5ec4a-a752-4d16-a177-712062b74bd0)... 2053s Creating nova instance adt-noble-amd64-sssd-20240409-233116-juju-7f2275-prod-proposed-migration-environment-2-054a5a3e-155c-46fe-a4f9-ffe3ef72e509 from image adt/ubuntu-noble-amd64-server-20240409.img (UUID 3fc5ec4a-a752-4d16-a177-712062b74bd0)...