Fix PKCS#11 token slot and object label issues

“sahmad154” · “sahmad154” · commit affa5879d308 · 2026-02-10T07:23:04.000Z
- Use --free for token initialization (SoftHSM assigns slots dynamically)
- Fix object labels to match test expectations:
  - rdkclient (cert) and rdkclient-key (key) at ID 0x01
  - rdkclient-p12-key (key) at ID 0x2c for P12 patch testing
- Import script already handles dynamic slot lookup correctly
- Aligns with ssa-cpc and rdkfwupdater test configurations
diff --git a/native-platform/scripts/import-certs-to-pkcs11.sh b/native-platform/scripts/import-certs-to-pkcs11.sh
@@ -57,7 +57,7 @@ pkcs11-tool --module "$PKCS11_MODULE" \
     --write-object "$CLIENT_CERT" \
     --type cert \
     --id 01 \
-    --label "RDK_CLIENT_CERT" || echo "Certificate import warning (may already exist)"
+    --label "rdkclient" || echo "Certificate import warning (may already exist)"
 
 # Import private key to PKCS#11 at slot 0x01
 pkcs11-tool --module "$PKCS11_MODULE" \
@@ -66,7 +66,7 @@ pkcs11-tool --module "$PKCS11_MODULE" \
     --write-object "$CLIENT_KEY" \
     --type privkey \
     --id 01 \
-    --label "RDK_CLIENT_KEY" || echo "Key import warning (may already exist)"
+    --label "rdkclient-key" || echo "Key import warning (may already exist)"
 
 echo "[import-certs-to-pkcs11] ✓ client certificate imported to slot 0x01"
 
@@ -84,7 +84,7 @@ if [ -f "$CERT_DIR/reference.p12" ]; then
         --write-object "$CLIENT_KEY" \
         --type privkey \
         --id 2c \
-        --label "RDK_REFERENCE_KEY" || echo "Reference key import warning (may already exist)"
+        --label "rdkclient-p12-key" || echo "Reference key import warning (may already exist)"
     
     echo "[import-certs-to-pkcs11] ✓ Real private key imported to slot 0x2c (for reference.p12 with sentinel key)"
 fi
diff --git a/native-platform/scripts/init-pkcs11-tokens.sh b/native-platform/scripts/init-pkcs11-tokens.sh
@@ -24,10 +24,10 @@ if softhsm2-util --show-slots 2>/dev/null | grep -q "$TOKEN_LABEL"; then
     exit 0
 fi
 
-# Initialize token at slot 0x01
-echo "[init-pkcs11-tokens] Creating token '$TOKEN_LABEL' at slot 0x01..."
+# Initialize token at slot 0 (fixed slot for consistent PKCS#11 URIs)
+echo "[init-pkcs11-tokens] Creating token '$TOKEN_LABEL' at slot 0..."
 softhsm2-util --init-token \
-    --slot 0x01 \
+    --slot 0 \
     --label "$TOKEN_LABEL" \
     --so-pin "$SO_PIN" \
     --pin "$USER_PIN"
