From 5d8b54715803b34b238896454dd7f75a38f94a14 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Tue, 19 Oct 2021 20:11:48 +0200
Subject: [PATCH] Build and run card-functionality tests against two JavaCard
 images (SmartPGP and YubiKey NEO)

---
 .gitlab-ci.yml                                | 85 +++++++++++++++++++
 .../docker/Dockerfile.cardtest.smartpgp       | 27 ++++++
 .../docker/Dockerfile.cardtest.ykneo          | 27 ++++++
 card-functionality/docker/run.sh              | 13 +++
 card-functionality/docker/test-smartpgp.toml  | 18 ++++
 card-functionality/docker/test-ykneo.toml     | 11 +++
 6 files changed, 181 insertions(+)
 create mode 100644 card-functionality/docker/Dockerfile.cardtest.smartpgp
 create mode 100644 card-functionality/docker/Dockerfile.cardtest.ykneo
 create mode 100644 card-functionality/docker/run.sh
 create mode 100644 card-functionality/docker/test-smartpgp.toml
 create mode 100644 card-functionality/docker/test-ykneo.toml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b314eed..84b0327 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,13 @@
 # SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
 # SPDX-License-Identifier: CC0-1.0
 
+stages:
+  - build
+  - test
+  - docker-build
+  - docker-test
+  - deploy
+
 reuse:
   image:
     name: fsfe/reuse:latest
@@ -35,3 +42,81 @@ cargo-fmt:
   script:
     - rustup component add rustfmt
     - cargo fmt -- --check
+
+build_cardtest_smartpgp:
+  stage: docker-build
+  image: docker:stable
+
+  variables:
+    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-smartpgp:latest
+    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-smartpgp:$CI_COMMIT_SHA
+  services:
+    - docker:stable-dind
+  before_script:
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - docker pull $IMAGE_LATEST || true
+    - docker build -f card-functionality/docker/Dockerfile.cardtest.smartpgp --cache-from $IMAGE_LATEST -t $IMAGE_SHA -t $IMAGE_LATEST .
+    - docker push $IMAGE_SHA
+    - docker push $IMAGE_LATEST
+  needs: []
+
+build_cardtest_ykneo:
+  stage: docker-build
+  image: docker:stable
+
+  variables:
+    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-ykneo:latest
+    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-ykneo:$CI_COMMIT_SHA
+  services:
+    - docker:stable-dind
+  before_script:
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - docker pull $IMAGE_LATEST || true
+    - docker build -f card-functionality/docker/Dockerfile.cardtest.ykneo --cache-from $IMAGE_LATEST -t $IMAGE_SHA -t $IMAGE_LATEST .
+    - docker push $IMAGE_SHA
+    - docker push $IMAGE_LATEST
+  needs: []
+
+run_cardtest_smartpgp_import:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
+
+  script:
+    - cd /
+    - sh run.sh import
+  needs: ["build_cardtest_smartpgp"]
+
+run_cardtest_smartpgp_keygen:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
+
+  script:
+    - cd /
+    - sh run.sh keygen
+
+  # run after import test - running tests in parallel on the same card fails
+  needs: ["run_cardtest_smartpgp_import"]
+
+run_cardtest_ykneo_import:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
+
+  script:
+    - cd /
+    - sh run.sh import
+  needs: ["build_cardtest_ykneo"]
+
+run_cardtest_ykneo_keygen:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
+
+  script:
+    - cd /
+    - sh run.sh keygen
+
+  # run after import test - running tests in parallel on the same card fails
+  needs: ["run_cardtest_ykneo_import"]
diff --git a/card-functionality/docker/Dockerfile.cardtest.smartpgp b/card-functionality/docker/Dockerfile.cardtest.smartpgp
new file mode 100644
index 0000000..29ff11f
--- /dev/null
+++ b/card-functionality/docker/Dockerfile.cardtest.smartpgp
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+FROM registry.gitlab.com/hkos/openpgp-card-images/smartpgp
+
+USER root
+
+RUN useradd -ms /bin/bash ocard \
+ && apt update -y -qq \
+ && apt install -y -qq cargo rustc nettle-dev libclang-dev
+
+USER ocard
+WORKDIR /home/ocard
+
+RUN git clone https://gitlab.com/hkos/openpgp-card \
+ && cd openpgp-card/card-functionality \
+ && cargo build \
+ && true
+
+COPY card-functionality/docker/test-smartpgp.toml openpgp-card/card-functionality/config/test-cards.toml
+
+USER root
+WORKDIR /
+COPY card-functionality/docker/run.sh .
+
+ENV bin import
+CMD /bin/sh /run.sh ${bin}
diff --git a/card-functionality/docker/Dockerfile.cardtest.ykneo b/card-functionality/docker/Dockerfile.cardtest.ykneo
new file mode 100644
index 0000000..67ba628
--- /dev/null
+++ b/card-functionality/docker/Dockerfile.cardtest.ykneo
@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+FROM registry.gitlab.com/hkos/openpgp-card-images/ykneo
+
+USER root
+
+RUN useradd -ms /bin/bash ocard \
+ && apt update -y -qq \
+ && apt install -y -qq cargo rustc nettle-dev libclang-dev
+
+USER ocard
+WORKDIR /home/ocard
+
+RUN git clone https://gitlab.com/hkos/openpgp-card \
+ && cd openpgp-card/card-functionality \
+ && cargo build \
+ && true
+
+COPY card-functionality/docker/test-ykneo.toml openpgp-card/card-functionality/config/test-cards.toml
+
+USER root
+WORKDIR /
+COPY card-functionality/docker/run.sh .
+
+ENV bin import
+CMD /bin/sh /run.sh ${bin}
diff --git a/card-functionality/docker/run.sh b/card-functionality/docker/run.sh
new file mode 100644
index 0000000..97662c4
--- /dev/null
+++ b/card-functionality/docker/run.sh
@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+# Run pcscd (as root)
+/etc/init.d/pcscd start
+
+# Run the javacard applet (as jcardsim)
+su - -c "sh /home/jcardsim/run-card.sh" jcardsim
+
+# Run the openpgp-card test code (as ocard).
+# This uses $1 as the name of the binary to run.
+su - -c "cd openpgp-card/card-functionality/ && cargo run --bin $1" ocard
+
diff --git a/card-functionality/docker/test-smartpgp.toml b/card-functionality/docker/test-smartpgp.toml
new file mode 100644
index 0000000..614e770
--- /dev/null
+++ b/card-functionality/docker/test-smartpgp.toml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+[card.smartpgp]
+backend.pcsc = "FFFF:00001234"
+config.keygen = [
+    "RSA2k/17", "RSA3k/17", "RSA4k/17",
+    "NIST256", "NIST384", "NIST521"
+]
+config.import = [
+    "data/rsa2k.sec",
+    "data/rsa3k.sec",
+    "data/rsa4k.sec",
+    "data/nist256.sec",
+    "data/nist384.sec",
+    "data/nist521.sec"
+]
+
diff --git a/card-functionality/docker/test-ykneo.toml b/card-functionality/docker/test-ykneo.toml
new file mode 100644
index 0000000..24c13f3
--- /dev/null
+++ b/card-functionality/docker/test-ykneo.toml
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+[card.ykneo]
+backend.pcsc = "0006:11112222"
+config.keygen = [
+    "RSA2k/17",
+]
+config.import = [
+    "data/rsa2k.sec",
+]