diff options
author | sonmi%netscape.com <devnull@localhost> | 2001-02-21 23:56:14 +0000 |
---|---|---|
committer | sonmi%netscape.com <devnull@localhost> | 2001-02-21 23:56:14 +0000 |
commit | b7cedbecd7f5a8477a872ef533033d274bd6dc76 (patch) | |
tree | cf3371707788e092abd849f67ad05c628a7a0b94 /security/nss | |
parent | dbd0989f24000b0a31a1f3354c86abb54b394e95 (diff) | |
download | nss-hg-b7cedbecd7f5a8477a872ef533033d274bd6dc76.tar.gz |
new script to do the certificate portion of the nss QA
Diffstat (limited to 'security/nss')
-rwxr-xr-x | security/nss/tests/cert/cert.sh | 291 |
1 files changed, 291 insertions, 0 deletions
diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh new file mode 100755 index 000000000..c8a0b8bf0 --- /dev/null +++ b/security/nss/tests/cert/cert.sh @@ -0,0 +1,291 @@ +#! /bin/sh + +######################################################################## +# +# mozilla/security/nss/tests/cert/cert.sh +# +# Certificate generating and handeling for NSS QA, can be included +# multiple times from all.sh and the individual scripts +# +# needs to work on all Unix and Windows platforms +# +# included from (don't expect this to be up to date) +# -------------------------------------------------- +# all.sh +# ssl.sh +# smime.sh +# tools.sh +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +# FIXME - Netscape - NSS +######################################################################## + +if [ -z "${INIT_SOURCED}" ] ; then + . ../common/init.sh +fi + +TEMPFILES="${PWFILE} ${CERTSCRIPT} ${NOISE_FILE}" + +trap "rm -f ${TEMPFILES}; Exit $0 Signal_caught" 2 3 + +certlog() ###################### write the cert_status file +{ + echo $* >>${CERT_LOG_FILE} +} + +html() ######################### write the results.html file +{ + echo $* >>${RESULTS} +} + +################################ noise ################################## +# Generate noise for our certs +# +# NOTE: these keys are only suitable for testing, as this whole thing bypasses +# the entropy gathering. Don't use this method to generate keys and certs for +# product use or deployment. +######################################################################### +noise() +{ + netstat >> ${NOISE_FILE} 2>&1 + date >> ${NOISE_FILE} 2>&1 +} + +################################ certu ################################# +# local shell function to call certutil, also: writes action and options to +# stdout, sets variable RET and writes results to the html file results +######################################################################## +certu() +{ + echo "$SCRIPTNAME: ${CU_ACTION}" + + if [ -n "${CU_SUBJECT}" ]; then + #the subject of the cert contains blanks, and the shell + #will strip the quotes off the string, if called otherwise... + echo "certutil -s \"${CU_SUBJECT}\" $*" + certutil -s "${CU_SUBJECT}" $* + CU_SUBJECT="" + else + echo "certutil $*" + certutil $* + fi + RET=$? + if [ "$RET" -ne 0 ]; then + CERTFAILED=$RET + html "<TR><TD>${CU_ACTION} ($RET) $CU_FAILED" + certlog "ERROR: ${CU_ACTION} failed $RET" + else + html "<TR><TD>${CU_ACTION}$CU_PASSED" + fi + return $RET +} + +################################ init_cert ############################# +# local shell function to initialize creation of client and server certs +######################################################################## +init_cert() +{ + CERTDIR="$1" + CERTNAME="$2" + CERTSERIAL="$3" + + if [ ! -d "${CERTDIR}" ]; then + mkdir -p "${CERTDIR}" + else + echo "WARNING - ${CERTDIR} exists" + fi + cd "${CERTDIR}" + + noise +} + +################################ create_cert ########################### +# local shell function to create client certs +# initialize DB, import +# root cert +# generate request +# sign request +# import Cert +# +######################################################################## +create_cert() +{ + init_cert "$1" "$2" "$3" + + CU_ACTION="Initializing ${CERTNAME}'s Cert DB" + certu -N -d "${CERTDIR}" -f "${PWFILE}" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import Root CA for $CERTNAME" + certu -A -n "TestCA" -t "TC,TC,TC" -f "${PWFILE}" -d "${CERTDIR}" -i "${CADIR}/root.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Generate Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -o req 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Sign ${CERTNAME}'s Request" + certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${CADIR}" -i req -o "${CERTNAME}.cert" -f "${PWFILE}" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import $CERTNAME's Cert" + certu -A -n "$CERTNAME" -t "u,u,u" -d "${CERTDIR}" -f "${PWFILE}" -i "${CERTNAME}.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + certlog "SUCCESS: $CERTNAME's Cert Created" + return 0 +} + +################## main ################################################# + +certlog "started" +html "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" +html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" + +################## Generate noise for our CA cert. ###################### +# NOTE: these keys are only suitable for testing, as this whole thing bypasses +# the entropy gathering. Don't use this method to generate keys and certs for +# product use or deployment. +# +ps -efl > ${NOISE_FILE} 2>&1 +ps aux >> ${NOISE_FILE} 2>&1 +noise + +################# Temp. Certificate Authority (CA) ####################### +# +# build the TEMP CA used for testing purposes +# +################# Creating a CA Certificate ############################## +# +echo "********************** Creating a CA Certificate **********************" + +if [ ! -d "${CADIR}" ]; then + mkdir -p "${CADIR}" +fi +cd ${CADIR} + +echo nss > ${PWFILE} + +CU_ACTION="Creating CA Cert DB" +certu -N -d ${CADIR} -f ${PWFILE} 2>&1 +if [ "$RET" -ne 0 ]; then + exit 3 #with errorcode +fi + +################# Generating Certscript ################################# +# +echo "$SCRIPTNAME: Certificate initialized, generating script" + +echo 5 > ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo y >> ${CERTSCRIPT} +echo 3 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} +echo 5 >> ${CERTSCRIPT} +echo 6 >> ${CERTSCRIPT} +echo 7 >> ${CERTSCRIPT} +echo 9 >> ${CERTSCRIPT} +echo n >> ${CERTSCRIPT} + +################# Creating CA Cert ###################################### +# +CU_ACTION="Creating CA Cert" +CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" +certu -S -n "TestCA" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} 2>&1 +if [ "$RET" -ne 0 ]; then + exit 1 #with errorcode +fi + +################# Exporting Root Cert ################################### +# +CU_ACTION="Exporting Root Cert" +certu -L -n "TestCA" -r -d ${CADIR} -o ${CADIR}/root.cert +if [ "$RET" -ne 0 ]; then + exit 2 #with errorcode +fi + +################# Creating Certificates for S/MIME tests ################ +# +CERTFAILED=0 +echo "**************** Creating Client CA Issued Certificates ****************" + +create_cert ${ALICEDIR} "Alice" 3 +create_cert ${BOBDIR} "Bob" 4 + +echo "**************** Creating Dave's Certificate ****************" +init_cert "${DAVEDIR}" Dave 5 +cp ${CADIR}/*.db . + +######################################################################### +# +CU_ACTION="Creating ${CERTNAME}'s Server Cert" +CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" +certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1 + +CU_ACTION="Export Dave's Cert" +certu -L -n "Dave" -r -d ${DAVEDIR} -o Dave.cert + +################# Importing Certificates for S/MIME tests ############### +# +echo "**************** Importing Certificates *********************" +CU_ACTION="Import Alices's cert into Bob's db" +certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${ALICEDIR}/Alice.cert 2>&1 + +CU_ACTION="Import Bob's cert into Alice's db" +certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${BOBDIR}/Bob.cert 2>&1 + +CU_ACTION="Import Dave's cert into Alice's DB" +certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1 + +CU_ACTION="Import Dave's cert into Bob's DB" +certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1 + +if [ "$CERTFAILED" != 0 ] ; then + certlog "ERROR: SMIME failed $RET" +else + certlog "SUCCESS: SMIME passed" +fi + +################# Creating Certs for SSL test ########################### +# +CERTFAILED=0 +echo "**************** Creating Client CA Issued Certificates ****************" +create_cert ${CLIENTDIR} "TestUser" 6 + +echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****" +init_cert ${SERVERDIR} "${HOST}.${DOMSUF}" 1 +cp ${CADIR}/*.db . +CU_ACTION="Creating ${CERTNAME}'s Server Cert" +CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" +certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1 +#certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1 +if [ "$CERTFAILED" != 0 ] ; then + certlog "ERROR: SSL failed $RET" +else + certlog "SUCCESS: SSL passed" +fi +certlog "finished" + +echo "</TABLE><BR>" >> ${RESULTS} + +rm -f ${TEMPFILES} + +# we will probably need mor for the tools +# tools.sh: generates an alice cert in a "Cert" directory +# FIXME, for now use ALICEDIR and see if this works... |