diff options
| author | sonmi%netscape.com <devnull@localhost> | 2001-02-28 23:35:21 +0000 |
|---|---|---|
| committer | sonmi%netscape.com <devnull@localhost> | 2001-02-28 23:35:21 +0000 |
| commit | 912b8dc7944f3e66f0e44c9e6c759734e6b4226d (patch) | |
| tree | 160fd64ead559ceddc812b038180ee34701d4710 | |
| parent | e4838af6135b8bbe6a80b1c99fd3ebcc724231d4 (diff) | |
| download | nss-hg-912b8dc7944f3e66f0e44c9e6c759734e6b4226d.tar.gz | |
restructuring of NSS QA
| -rw-r--r-- | security/nss/tests/tools/tools.sh | 406 |
1 files changed, 162 insertions, 244 deletions
diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index bd0717213..e3be51bc3 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -1,250 +1,168 @@ #! /bin/sh # -# This is just a quick script so we can still run our testcases. -# Longer term we need a scriptable test environment.. +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. # -. ../common/init.sh -CURDIR=`pwd` - -TOOLSDIR=${HOSTDIR}/tools -CADIR=${TOOLSDIR}/cadir -CERTDIR=${TOOLSDIR}/certdir -COPYDIR=${TOOLSDIR}/copydir -if [ ${OS_ARCH} = "WINNT" ]; then -ROOTMODULE=${LIBPATH}/nssckbi.dll -else -ROOTMODULE=${LIBPATH}/libnssckbi.so -fi - -echo "<HTML><BODY>" >> ${RESULTS} - -SONMI_DEBUG=ON #we see starnge problems on hpux 64 - save all output - # for now - -#temporary files -if [ -n "$SONMI_DEBUG" -a "$SONMI_DEBUG" = "ON" ] -then - TMP=${TOOLSDIR} - PWFILE=${TMP}/tests.pw - CERTSCRIPT=${TMP}/tests_certs - MODSCRIPT=${TMP}/tests_mod - MODLIST=${TMP}/tests_modlist - SIGNSCRIPT=${TMP}/tests_sign - NOISE_FILE=${TMP}/tests_noise - CERTUTILOUT=${TMP}/certutil_out - - TEMPFILES="" -else - TMP=${TMP-/tmp} - PWFILE=${TMP}/tests.pw.$$ - CERTSCRIPT=${TMP}/tests_certs.$$ - MODSCRIPT=${TMP}/tests_mod.$$ - MODLIST=${TMP}/tests_modlist.$$ - SIGNSCRIPT=${TMP}/tests_sign.$$ - NOISE_FILE=${TMP}/tests_noise.$$ - CERTUTILOUT=${TMP}/certutil_out.$$ - - TEMPFILES="${PWFILE} ${CERTSCRIPT} ${MODSCRIPT} ${MODLIST} ${SIGNSCRIPT} ${NOISE_FILE} ${CERTUTILOUT}" - # - # should also try to kill any running server - # - trap "rm -f ${TEMPFILES}; exit" 2 3 -fi - -mkdir -p ${TOOLSDIR} -mkdir -p ${CADIR} -mkdir -p ${CERTDIR} -mkdir -p ${COPYDIR} -cd ${CADIR} - -rm ${CERTUTILOUT} 2>/dev/null - -# Generate noise for our CA cert. # -# NOTE: these keys are only suitable for testing, as this whole thing bypasses -# the entropy gathering. Don't use this method to generate keys and certs for -# product use or deployment. +######################################################################## # -ps -efl > ${NOISE_FILE} 2>&1 -ps aux >> ${NOISE_FILE} 2>&1 -netstat >> ${NOISE_FILE} 2>&1 -date >> ${NOISE_FILE} 2>&1 - +# mozilla/security/nss/tests/tools/tools.sh # -# build the TEMP CA used for testing purposes -# -echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS} -echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS} -echo "********************** Creating a CA Certificate **********************" -echo nss > ${PWFILE} -echo " certutil -N -d ${CADIR} -f ${PWFILE} " -certutil -N -d ${CADIR} -f ${PWFILE} 2>&1 - -echo initialized -echo 5 > ${CERTSCRIPT} -echo 9 >> ${CERTSCRIPT} -echo n >> ${CERTSCRIPT} -echo y >> ${CERTSCRIPT} -echo 3 >> ${CERTSCRIPT} -echo n >> ${CERTSCRIPT} -echo 5 >> ${CERTSCRIPT} -echo 6 >> ${CERTSCRIPT} -echo 7 >> ${CERTSCRIPT} -echo 9 >> ${CERTSCRIPT} -echo n >> ${CERTSCRIPT} -echo "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} " -certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} 2>&1 -if [ $? -ne 0 ]; then - echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi -echo " certutil -L -n \"TestCA\" -r -d ${CADIR} > root.cert" -certutil -L -n "TestCA" -r -d ${CADIR} > root.cert 2>${CERTUTILOUT} -if [ $? -ne 0 ]; then - CERTFAILED=${CERTFAILED-"Export Root"} -fi -cat ${CERTUTILOUT} -rm ${CERTUTILOUT} 2>/dev/null - -echo " certutil -N -d ${COPYDIR} -f ${PWFILE} " -echo "**************** Creating Client CA Issued Certificates ****************" -echo " certutil -N -d ${CERTDIR} -f ${PWFILE} " -certutil -N -d ${CERTDIR} -f ${PWFILE} 2>&1 -netstat >> ${NOISE_FILE} 2>&1 -date >> ${NOISE_FILE} 2>&1 -cd ${CERTDIR} -echo "Import the root CA" -echo " certutil -A -n \"TestCA\" -t \"TC,TC,TC\" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert " -certutil -A -n "TestCA" -t "TC,TC,TC" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert 2>&1 -if [ $? -ne 0 ]; then - CERTFAILED=${CERTFAILED-"Import Root"} -fi -echo "Generate a Certificate request" -echo " certutil -R -s \"CN=Alice, E=alice@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -d ${CERTDIR} -f ${PWFILE} -z ${NOISE_FILE} -o req " -certutil -R -s "CN=Alice, E=alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -d ${CERTDIR} -f ${PWFILE} -z ${NOISE_FILE} -o req 2>&1 -if [ $? -ne 0 ]; then - CERTFAILED=${CERTFAILED-"Generate Request"} -fi -echo "Sign the Certificate request" -echo "certutil -C -c \"TestCA\" -m 3 -v 60 -d ${CADIR} -f ${PWFILE} -i req -o alice.cert " -certutil -C -c "TestCA" -m 3 -v 60 -d ${CADIR} -i req -o alice.cert -f ${PWFILE} 2>&1 -if [ $? -ne 0 ]; then - CERTFAILED=${CERTFAILED-"Sign Alice's Cert"} -fi -echo "Import the new Cert" -echo "certutil -A -n \"Alice\" -t \"u,u,u\" -d ${CERTDIR} -f ${PWFILE} -i alice.cert " -certutil -A -n "Alice" -t "u,u,u" -d ${CERTDIR} -f ${PWFILE} -i alice.cert 2>&1 -if [ $? -ne 0 ]; then - CERTFAILED=${CERTFAILED-"Import Alice's cert"} -fi -if [ -n "${CERTFAILED}" ]; then - echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -cd ${TOOLSDIR} - -echo "Load the root cert module" -echo "" > ${MODSCRIPT} -echo "modutil -add \"Builtin Object Token\" -libfile ${ROOTMODULE} -dbdir ${CERTDIR}" -modutil -add "Builtin Object Token" -libfile ${ROOTMODULE} -dbdir ${CERTDIR} < ${MODSCRIPT} 2>&1 -if [ $? -ne 0 ]; then - MODFAILED=${MODFAILED-"Load Builtin Root Module"} -fi -if [ -n "${MODFAILED}" ]; then - echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi -echo "Listing roots from builtin module" -echo "certutil -L -d ${CERTDIR} -h all | grep \"Builtin Object Token:\"" -certutil -L -d ${CERTDIR} -h all | grep "Builtin Object Token:" > ${MODLIST} -if [ -s ${MODLIST} ]; then - echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS} -fi - -echo "Export cert and key" -echo "pk12util -o alice.p12 -n \"Alice\" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE}" -pk12util -o alice.p12 -n "Alice" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE} 2>&1 -if [ $? -ne 0 ]; then - P12FAILED=${P12FAILED-"Export cert and key"} -fi -if [ -n "${P12FAILED}" ]; then - echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -echo "Import cert and key" -echo "pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE}" -pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE} 2>&1 -if [ $? -ne 0 ]; then - P12FAILED=${P12FAILED-"Import cert and key"} -fi -if [ -n "${P12FAILED}" ]; then - echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=red>Failed ($P12FAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -echo "Create objsign cert" -echo "signtool -G \"objectsigner\" -d ${CERTDIR} -p \"nss\"" -echo "y" > ${SIGNSCRIPT} -echo "TEST" >> ${SIGNSCRIPT} -echo "MOZ" >> ${SIGNSCRIPT} -echo "NSS" >> ${SIGNSCRIPT} -echo "NY" >> ${SIGNSCRIPT} -echo "US" >> ${SIGNSCRIPT} -echo "liz" >> ${SIGNSCRIPT} -echo "liz@moz.org" >> ${SIGNSCRIPT} -signtool -G "objsigner" -d ${CERTDIR} -p "nss" < ${SIGNSCRIPT} 2>&1 - -echo "Sign files in a directory" -mkdir -p ${TOOLSDIR}/html -cp ${CURDIR}/sign*.html ${TOOLSDIR}/html -echo "signtool -Z nojs.jar -d ${CERTDIR} -p \"nss\" -k objsigner ${TOOLSDIR}/html" -signtool -Z nojs.jar -d ${CERTDIR} -p "nss" -k objsigner ${TOOLSDIR}/html -if [ $? -ne 0 ]; then - SIGNFAILED=${SIGNFAILED-"Sign files in directory"} -fi -if [ -n "${SIGNFAILED}" ]; then - echo "<TR><TD>Signing a set of files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Signing a set of files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -echo "signtool -w nojs.jar -d ${CERTDIR}" -signtool -w nojs.jar -d ${CERTDIR} -if [ $? -ne 0 ]; then - SIGNFAILED=${SIGNFAILED-"Show files in jar"} -fi -if [ -n "${SIGNFAILED}" ]; then - echo "<TR><TD>Listing signed files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Listing signed files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -echo "signtool -w nojs.jar -d ${CERTDIR}" -signtool -w nojs.jar -d ${CERTDIR} -if [ $? -ne 0 ]; then - SIGNFAILED=${SIGNFAILED-"Check signer"} -fi -if [ -n "${SIGNFAILED}" ]; then - echo "<TR><TD>Show who signed jar</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS} -else - echo "<TR><TD>Show who signed jar</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} -fi - -echo "</TABLE><BR>" >> ${RESULTS} - -if [ "$SONMI_DEBUG" != "ON" -a -n "$TEMPFILES" ] -then - rm -f ${TEMPFILES} -fi -cd ${CURDIR} - -echo "</BODY></HTML>" >> ${RESULTS} +# Script to test basic functionallity of NSS tools +# +# needs to work on all Unix and Windows platforms +# +# tests implemented: +# pk12util +# signtool +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +######################################################################## + +############################## tools_init ############################## +# local shell function to initialize this script +######################################################################## +tools_init() +{ + SCRIPTNAME=tools.sh # sourced - $0 would point to all.sh + + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it + fi + + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then + cd ../common + . init.sh + fi + if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here + cd ../cert + . cert.sh + fi + SCRIPTNAME=tools.sh + html_head "Tools Tests" + + grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || { + Exit 15 "Fatal - S/MIME of cert.sh needs to pass first" + } + + TOOLSDIR=${HOSTDIR}/tools + COPYDIR=${TOOLSDIR}/copydir + + R_TOOLSDIR=../tools + R_COPYDIR=../tools/copydir + + SIGNSCRIPT=${TMP}/tests_sign.$$ + + TEMPFILES="${TEMPFILES} ${SIGNSCRIPT}" + + mkdir -p ${TOOLSDIR} + mkdir -p ${COPYDIR} + mkdir -p ${TOOLSDIR}/html + cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html + + cd ${TOOLSDIR} +} + +############################## tools_p12 ############################### +# local shell function to test basic functionality of pk12util +######################################################################## +tools_p12() +{ + echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${R_ALICEDIR} -k ${R_PWFILE} \\" + echo " -w ${R_PWFILE}" + pk12util -o Alice.p12 -n "Alice" -d ${R_ALICEDIR} -k ${R_PWFILE} \ + -w ${R_PWFILE} 2>&1 + html_msg $? 0 "Exporting Alice's email cert & key (pk12util -o)" + + echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------" + echo "pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + html_msg $? 0 "Importing Alice's email cert & key (pk12util -i)" +} + +############################## tools_sign ############################## +# local shell function to test basic functionality of signtool +######################################################################## +tools_sign() +{ + echo "$SCRIPTNAME: Create objsign cert -------------------------------" + echo "signtool -G \"objectsigner\" -d ${R_ALICEDIR} -p \"nss\"" + echo "y" > ${SIGNSCRIPT} + echo "TEST" >> ${SIGNSCRIPT} + echo "MOZ" >> ${SIGNSCRIPT} + echo "NSS" >> ${SIGNSCRIPT} + echo "NY" >> ${SIGNSCRIPT} + echo "US" >> ${SIGNSCRIPT} + echo "liz" >> ${SIGNSCRIPT} + echo "liz@moz.org" >> ${SIGNSCRIPT} + signtool -G "objsigner" -d ${R_ALICEDIR} -p "nss" < ${SIGNSCRIPT} 2>&1 + + echo "$SCRIPTNAME: Signing a set of files ----------------------------" + echo "signtool -Z nojs.jar -d ${R_ALICEDIR} -p \"nss\" -k objsigner \\" + echo " ${R_TOOLSDIR}/html" + signtool -Z nojs.jar -d ${R_ALICEDIR} -p "nss" -k objsigner ${R_TOOLSDIR}/html + html_msg $? 0 "Signing a set of files (signtool -Z)" + + echo "$SCRIPTNAME: Listing signed files in jar ----------------------" + echo "signtool -w nojs.jar -d ${R_ALICEDIR}" + signtool -w nojs.jar -d ${R_ALICEDIR} + html_msg $? 0 "Listing signed files in jar (signtool -w)" + + echo "$SCRIPTNAME: Show who signed jar ------------------------------" + echo "signtool -w nojs.jar -d ${R_ALICEDIR}" + signtool -w nojs.jar -d ${R_ALICEDIR} + html_msg $? 0 "Show who signed jar (signtool -w)" +} + +############################## tools_cleanup ########################### +# local shell function to finish this script (no exit since it might be +# sourced) +######################################################################## +tools_cleanup() +{ + html "</TABLE><BR>" + cd ${QADIR} + . common/cleanup.sh +} + +################## main ################################################# + +tools_init +tools_p12 +tools_sign +tools_cleanup + + |