diff options
author | slavomir.katuscak%sun.com <devnull@localhost> | 2007-07-25 11:55:50 +0000 |
---|---|---|
committer | slavomir.katuscak%sun.com <devnull@localhost> | 2007-07-25 11:55:50 +0000 |
commit | aa31ebb2e3df539cdca56fac340a8e477c8da6dd (patch) | |
tree | 488562b1257950aa18944536da6299cf036d7e0b | |
parent | b261c2393354348f873327297df6957896c88ea4 (diff) | |
download | nss-hg-aa31ebb2e3df539cdca56fac340a8e477c8da6dd.tar.gz |
Bug 382775: Fixed certutil -F, added certutil -D. r=nelson, sr=julien
-rwxr-xr-x | security/nss/tests/fips/fips.sh | 79 |
1 files changed, 71 insertions, 8 deletions
diff --git a/security/nss/tests/fips/fips.sh b/security/nss/tests/fips/fips.sh index cef4dbfee..004cb5ace 100755 --- a/security/nss/tests/fips/fips.sh +++ b/security/nss/tests/fips/fips.sh @@ -138,19 +138,33 @@ fips_140() echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" - certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." + certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1` + ret=$? + echo "${certs}" + if [ ${ret} -eq 0 ]; then + echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null + ret=$? + fi + html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." + echo "$SCRIPTNAME: Delete the certificate and key from the FIPS module" echo "certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -D)" "." - + html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -F)" "." echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" - certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." + certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1` + ret=$? + echo "${certs}" + if [ ${ret} -eq 0 ]; then + echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null + if [ $? -eq 0 ]; then + ret=255 + fi + fi + html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: List the FIPS module keys." echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" @@ -159,6 +173,7 @@ fips_140() # our delete succeded. html_msg $? 255 "List the FIPS module keys (certutil -K)" "." + echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file" echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 @@ -166,14 +181,62 @@ fips_140() echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" - certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." + certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1` + ret=$? + echo "${certs}" + if [ ${ret} -eq 0 ]; then + echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null + ret=$? + fi + html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." + + echo "$SCRIPTNAME: List the FIPS module keys --------------------------" + echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" + certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 + html_msg $? 0 "List the FIPS module keys (certutil -K)" "." + + + echo "$SCRIPTNAME: Delete the certificate from the FIPS module" + echo "certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK}" + certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK} 2>&1 + html_msg $? 0 "Delete the certificate from the FIPS module (certutil -D)" "." + + echo "$SCRIPTNAME: List the FIPS module certificates -----------------" + echo "certutil -d ${P_R_FIPSDIR} -L" + certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1` + ret=$? + echo "${certs}" + if [ ${ret} -eq 0 ]; then + echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null + if [ $? -eq 0 ]; then + ret=255 + fi + fi + html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." + + + echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file" + echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" + pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 + html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "." + + echo "$SCRIPTNAME: List the FIPS module certificates -----------------" + echo "certutil -d ${P_R_FIPSDIR} -L" + certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1` + ret=$? + echo "${certs}" + if [ ${ret} -eq 0 ]; then + echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null + ret=$? + fi + html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: List the FIPS module keys --------------------------" echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 html_msg $? 0 "List the FIPS module keys (certutil -K)" "." + echo "$SCRIPTNAME: Run PK11MODE in FIPSMODE -----------------" echo "pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}" pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE} 2>&1 |