I have implemented a command-line tool for testing and XML scripting interactions with PKCS #11 providers (https://github.com/frankmorgner/pkcs11-test).
In my CI pipeline, I'm testing it by running the PKCS#11 3.1/3.2 conformance tests against SoftHSM:
- run: target/release/pkcs11-test --module ${{ matrix.softhsm }} src/test-cases/pkcs11-v3.1/softhsm-2.6.1/init.xml
- run: target/release/pkcs11-test --module ${{ matrix.softhsm }} src/test-cases/pkcs11-v3.1/softhsm-2.6.1/AUTH-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/BL-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/CERT-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/EXT-M-1-31.xml
- run: cat src/test-cases/pkcs11-v3.2/softhsm-2.6.1/AUTH-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/BL-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/CERT-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/EXT-M-1-32.xml | target/release/pkcs11-test --module ${{ matrix.softhsm }}
The tests currently are very limited and SoftHSM only differs in terms of the static identifiers that the official PKCS #11 profiles are requiring. That's why I'm currently running an adapted version of the tests with dynamic identifiers compatible with SoftHSM.
I think the tool makes running integration tests a little easier (including initialisation) since you don't need compiled code to access PKCS #11 anymore. And in particular, checking the official conformance tests in YOUR CI pipeline may also be interesting for SoftHSM.
I have implemented a command-line tool for testing and XML scripting interactions with PKCS #11 providers (https://github.com/frankmorgner/pkcs11-test).
In my CI pipeline, I'm testing it by running the PKCS#11 3.1/3.2 conformance tests against SoftHSM:
The tests currently are very limited and SoftHSM only differs in terms of the static identifiers that the official PKCS #11 profiles are requiring. That's why I'm currently running an adapted version of the tests with dynamic identifiers compatible with SoftHSM.
I think the tool makes running integration tests a little easier (including initialisation) since you don't need compiled code to access PKCS #11 anymore. And in particular, checking the official conformance tests in YOUR CI pipeline may also be interesting for SoftHSM.