diff options
author | cvs2hg <devnull@localhost> | 2007-03-05 18:53:42 +0000 |
---|---|---|
committer | cvs2hg <devnull@localhost> | 2007-03-05 18:53:42 +0000 |
commit | 539096d1c392daf724ee9c66569e9a6343377a72 (patch) | |
tree | b21f091976b75a17843b88f474bbfa4ffa9e4f4e /security | |
parent | 4923041d96400c395932189162bf17d06f32689a (diff) | |
download | nss-hg-539096d1c392daf724ee9c66569e9a6343377a72.tar.gz |
fixup commit for branch 'NSS_3_11_BRANCH'
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/tests/iopr/cert_iopr.sh | 420 | ||||
-rw-r--r-- | security/nss/tests/iopr/ocsp_iopr.sh | 218 | ||||
-rw-r--r-- | security/nss/tests/iopr/ssl_iopr.sh | 666 | ||||
-rw-r--r-- | security/nss/tests/ocsp/ocsp.sh | 82 |
4 files changed, 1386 insertions, 0 deletions
diff --git a/security/nss/tests/iopr/cert_iopr.sh b/security/nss/tests/iopr/cert_iopr.sh new file mode 100644 index 000000000..f3e4f6b48 --- /dev/null +++ b/security/nss/tests/iopr/cert_iopr.sh @@ -0,0 +1,420 @@ +#! /bin/sh +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +######################################################################## +# +# mozilla/security/nss/tests/iopr/cert_iopr.sh +# +# Certificate generating and handeling for NSS interoperability QA. This file +# is included from cert.sh +# +# needs to work on all Unix and Windows platforms +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +# FIXME - Netscape - NSS +######################################################################## + +IOPR_CERT_SOURCED=1 + +######################################################################## +# function wraps calls to pk12util, also: writes action and options +# to stdout. +# Params are the same as to pk12util. +# Returns pk12util status +# +pk12u() +{ + echo "${CU_ACTION} --------------------------" + + echo "pk12util $@" + pk12util $@ + RET=$? + + return $RET +} + +######################################################################## +# Initializes nss db directory and files if they don't exists +# Params: +# $1 - directory location +# +createDBDir() { + trgDir=$1 + + if [ -z "`ls $trgDir | grep db`" ]; then + CU_ACTION="Initializing DB at $dir" + certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + fi +} +######################################################################## +# takes care of downloading config, cert and crl files from remote +# location. +# Params: +# $1 - name of the host file will be downloaded from +# $2 - path to the file as it appeared in url +# $3 - target directory the file will be saved at. +# Returns tstclnt status. +# +download_file() { + host=$1 + filePath=$2 + trgDir=$3 + + file=$trgDir/`basename $filePath` + + createDBDir $trgDir || return $RET + +# echo wget -O $file http://${host}${filePath} +# wget -O $file http://${host}${filePath} +# ret=$? + + req=$file.$$ + echo "GET $filePath HTTP/1.0" > $req + echo >> $req + + tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \ + -w ${R_PWFILE} -o < $req > $file + ret=$? + rm -f $_tmp; + return $ret +} + +######################################################################## +# Uses pk12util, certutil of cerlutil to import files to an nss db located +# at <dir>(the value of $1 parameter). Chooses a utility to use based on +# a file extension. Initializing a db if it does not exists. +# Params: +# $1 - db location directory +# $2 - file name to import +# $3 - nick name an object in the file will be associated with +# $4 - trust arguments +# Returns status of import +# +importFile() { + dir=$1\ + file=$2 + certName=$3 + certTrust=$4 + + [ ! -d $dir ] && mkdir -p $dir; + + createDBDir $dir || return $RET + + case `basename $file | sed 's/^.*\.//'` in + p12) + CU_ACTION="Importing p12 $file to DB at $dir" + pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr + [ $? -ne 0 ] && return 1 + CU_ACTION="Modifying trust for cert $certName at $dir" + certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" + return $? + ;; + + crl) + CU_ACTION="Importing crl $file to DB at $dir" + crlu -d ${dir} -I -n TestCA -i $file + return $? + ;; + + crt | cert) + CU_ACTION="Importing cert $certName with trust $certTrust to $dir" + certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \ + -i "$file" + return $? + ;; + + *) + echo "Unknown file extension: $file:" + return 1 + ;; + esac +} + + +######################################################################### +# Downloads and installs test certs and crl from a remote webserver. +# Generates server cert for reverse testing if reverse test run is turned on. +# Params: +# $1 - host name to download files from. +# $2 - directory at which CA cert will be installed and used for +# signing a server cert. +# $3 - path to a config file in webserver context. +# $4 - ssl server db location +# $5 - ssl client db location +# $5 - ocsp client db location +# +# Returns 0 upon success, otherwise, failed command error code. +# +download_install_certs() { + host=$1 + caDir=$2 + confPath=$3 + sslServerDir=$4 + sslClientDir=$5 + ocspClientDir=$6 + + [ ! -d "$caDir" ] && mkdir -p $caDir; + + #======================================================= + # Getting config file + # + download_file $host "$confPath/iopr_server.cfg" $caDir + RET=$? + if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then + html_failed "<TR><TD>Fail to download website config file(ws: $host)" + return 1 + fi + + . $caDir/iopr_server.cfg + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to source config file(ws: $host)" + return $RET + fi + + #======================================================= + # Getting CA file + # + + #----------------- !!!WARNING!!! ----------------------- + # Do NOT copy this scenario. CA should never accompany its + # cert with the private key when deliver cert to a customer. + #----------------- !!!WARNING!!! ----------------------- + + download_file $host $certDir/$caCertName.p12 $caDir + RET=$? + if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then + html_failed "<TR><TD>Fail to download $caCertName cert(ws: $host)" + return 1 + fi + tmpFiles="$caDir/$caCertName.p12" + + importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C" + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import $caCertName cert to CA DB(ws: $host)" + return $RET + fi + + CU_ACTION="Exporting Root CA cert(ws: $host)" + certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert + if [ "$RET" -ne 0 ]; then + Exit 7 "Fatal - failed to export $caCertName cert" + fi + + #======================================================= + # Check what tests we want to run + # + doSslTests=0; doOcspTests=0 + # XXX remove "_new" from variables below + [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1 + [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1 + + if [ $doSslTests -eq 1 ]; then + if [ "$reverseRunCGIScript" ]; then + [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir; + #======================================================= + # Import CA cert to server DB + # + importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \ + "TC,C,C" + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import server-client-CA cert to \ + server DB(ws: $host)" + return $RET + fi + + #======================================================= + # Creating server cert + # + CERTNAME=$HOSTADDR + + CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \ + L=Mountain View, ST=California, C=US" + certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\ + -o $sslServerDir/req 2>&1 + tmpFiles="$tmpFiles $sslServerDir/req" + + + CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)" + certu -C -c "$caCertName" -m `date +"%s"` -v 60 -d "${caDir}" \ + -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \ + -f "${R_PWFILE}" 2>&1 + + importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",," + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import $CERTNAME cert to server\ + DB(ws: $host)" + return $RET + fi + tmpFiles="$tmpFiles $caDir/$CERTNAME.cert" + + #======================================================= + # Download and import CA crl to server DB + # + download_file $host "$certDir/$caCrlName.crl" $sslServerDir + RET=$? + if [ $? -ne 0 ]; then + html_failed "<TR><TD>Fail to download $caCertName crl\ + (ws: $host)" + return $RET + fi + tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl" + + importFile $sslServerDir $sslServerDir/TestCA.crl + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import TestCA crt to server\ + DB(ws: $host)" + return $RET + fi + fi # if [ "$reverseRunCGIScript" ] + + [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir; + #======================================================= + # Import CA cert to ssl client DB + # + importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \ + "TC,C,C" + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import server-client-CA cert to \ + server DB(ws: $host)" + return $RET + fi + fi + + if [ $doOcspTests -eq 1 ]; then + [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir; + #======================================================= + # Import CA cert to ocsp client DB + # + importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \ + "TC,C,C" + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import server-client-CA cert to \ + server DB(ws: $host)" + return $RET + fi + fi + + #======================================================= + # Import client certs to client DB + # + for fileName in $downloadFiles; do + certName=`echo $fileName | sed 's/\..*//'` + + if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then + clientDir=$ocspClientDir + elif [ $doSslTests -eq 1 ]; then + clientDir=$sslClientDir + else + continue + fi + + download_file $host "$certDir/$fileName" $clientDir + RET=$? + if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then + html_failed "<TR><TD>Fail to download $certName cert(ws: $host)" + return $RET + fi + tmpFiles="$tmpFiles $clientDir/$fileName" + + importFile $clientDir $clientDir/$fileName $certName ",," + RET=$? + if [ $RET -ne 0 ]; then + html_failed "<TR><TD>Fail to import $certName cert to client DB\ + (ws: $host)" + return $RET + fi + done + + rm -f $tmpFiles + + return 0 +} + + +######################################################################### +# Initial point for downloading config, cert, crl files for multiple hosts +# involved in interoperability testing. Called from nss/tests/cert/cert.sh +# It will only proceed with downloading if environment variable +# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space. +# +# Returns 1 if interoperability testing is off, 0 otherwise. +# +cert_iopr_setup() { + + if [ "$IOPR" -ne 1 ]; then + return 1 + fi + num=1 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '` + while [ "$IOPR_HOST_PARAM" ]; do + IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` + IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` + [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443 + IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'` + [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr" + + echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\ + $IOPR_CONF_PATH" + + download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \ + ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \ + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \ + ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} + if [ $? -ne 0 ]; then + echo "wsFlags=\"NOIOPR $wsParam\"" >> \ + ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg + fi + num=`expr $num + 1` + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + done + + return 0 +} diff --git a/security/nss/tests/iopr/ocsp_iopr.sh b/security/nss/tests/iopr/ocsp_iopr.sh new file mode 100644 index 000000000..2aadb06e4 --- /dev/null +++ b/security/nss/tests/iopr/ocsp_iopr.sh @@ -0,0 +1,218 @@ +#! /bin/sh +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +######################################################################## +# +# mozilla/security/nss/tests/iopr/ocsp_iopr.sh +# +# NSS SSL interoperability QA. This file is included from ssl.sh +# +# needs to work on all Unix and Windows platforms +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +# FIXME - Netscape - NSS +######################################################################## +IOPR_OCSP_SOURCED=1 + +######################################################################## +# The funtion works with variables defined in interoperability +# configuration file that gets downloaded from a webserver. +# The function sets test parameters defind for a particular type +# of testing. +# +# No return value +# +setTestParam() { + type=$1 + testParam=`eval 'echo $'${type}Param` + testDescription=`eval 'echo $'${type}Descr` + testProto=`eval 'echo $'${type}Proto` + testPort=`eval 'echo $'${type}Port` + testResponder=`eval 'echo $'${type}ResponderCert` + testValidCertNames=`eval 'echo $'${type}ValidCertNames` + testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames` + testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames` +} + +######################################################################## +# The funtion checks status of a cert using ocspclnt. +# Params: +# dbDir - nss cert db location +# cert - cert in question +# respUrl - responder url is available +# defRespCert - trusted responder cert +# +# Return values: +# 0 - test passed, 1 - otherwise. +# +ocsp_get_cert_status() { + dbDir=$1 + cert=$2 + respUrl=$3 + defRespCert=$4 + + if [ -n "$respUrl" -o -n "$defRespCert" ]; then + if [ -z "$respUrl" -o -z "$defRespCert" ]; then + html_failed "<TR><TD>Incorrect test params" + return 1 + fi + clntParam="-l $respUrl -t $defRespCert" + fi + + outFile=$dbDir/ocsptest.out.$$ + echo "ocspclnt -d $dbDir -S $cert $clntParam" + ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1 + ret=$? + echo "ocspclnt output:" + cat $outFile + [ -z "`grep succeeded $outFile`" ] && ret=1 + + rm -f $outFile + return $ret +} + +######################################################################## +# The funtion checks status of a cert using ocspclnt. +# Params: +# testType - type of the test based on type of used responder +# servName - FQDM of the responder server +# dbDir - nss cert db location +# +# No return value +# +ocsp_iopr() { + testType=$1 + servName=$2 + dbDir=$3 + + setTestParam $testType + if [ "`echo $testParam | grep NOCOV`" != "" ]; then + echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ + "run by server configuration" + return 0 + fi + + html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \ + "Test Type: $testDescription" + + if [ -n "$testResponder" ]; then + responderUrl="$testProto://$servName:$testPort" + else + responderUrl="" + fi + + for certName in $testValidCertNames; do + ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" + html_msg $? 0 "Getting status of a valid cert ($certName)" \ + "produced a returncode of $ret, expected is 0." + done + + for certName in $testRevokedCertNames; do + ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" + html_msg $? 1 "Getting status of a unvalid cert ($certName)" \ + "produced a returncode of $ret, expected is 1." + done + + for certName in $testStatUnknownCertNames; do + ocsp_get_cert_status $dbDir $certName "$responderUrl" "$testResponder" + html_msg $? 1 "Getting status of a cert with unknown status " \ + "($certName) produced a returncode of $ret, expected is 1." + done +} + + +##################################################################### +# Initial point for running ocsp test againt multiple hosts involved in +# interoperability testing. Called from nss/tests/ocsp/ocsp.sh +# It will only proceed with test run for a specific host if environment variable +# IOPR_HOSTADDR_LIST was set, had the host name in the list +# and all needed file were successfully downloaded and installed for the host. +# +# Returns 1 if interoperability testing is off, 0 otherwise. +# +ocsp_iopr_run() { + NO_ECC_CERTS=1 # disable ECC for interoperability tests + + if [ "$IOPR" -ne 1 ]; then + return 1 + fi + cd ${CLIENTDIR} + + num=1 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + while [ "$IOPR_HOST_PARAM" ]; do + IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` + IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` + [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 + + . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg + RES=$? + + num=`expr $num + 1` + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + + if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then + continue + fi + + #======================================================= + # Check what server is configured to run ssl tests + # + [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue; + + # Testing directories defined by webserver. + echo "Testing ocsp interoperability. + Client: local(tstclnt). + Responder: remote($IOPR_HOSTADDR)" + + for ocspTestType in ${supportedTests_new}; do + if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then + continue + fi + ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \ + ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} + done + echo "================================================" + echo "Done testing ocsp interoperability with $IOPR_HOSTADDR" + done + NO_ECC_CERTS=0 + return 0 +} + diff --git a/security/nss/tests/iopr/ssl_iopr.sh b/security/nss/tests/iopr/ssl_iopr.sh new file mode 100644 index 000000000..f8c97185c --- /dev/null +++ b/security/nss/tests/iopr/ssl_iopr.sh @@ -0,0 +1,666 @@ +#! /bin/sh +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +######################################################################## +# +# mozilla/security/nss/tests/iopr/ssl_iopr.sh +# +# NSS SSL interoperability QA. This file is included from ssl.sh +# +# needs to work on all Unix and Windows platforms +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +# FIXME - Netscape - NSS +######################################################################## +IOPR_SSL_SOURCED=1 + +######################################################################## +# The functions works with variables defined in interoperability +# configuration file that was downloaded from a webserver. +# It tries to find unrevoked cert based on value of variable +# "SslClntValidCertName" defined in the configuration file. +# Params NONE. +# Returns 0 if found, 1 otherwise. +# +setValidCert() { + testUser=$SslClntValidCertName + [ -z "$testUser" ] && return 1 + return 0 +} + +######################################################################## +# The funtions works with variables defined in interoperability +# configuration file that was downloaded from a webserver. +# The function sets port, url, param and description test parameters +# that was defind for a particular type of testing. +# Params: +# $1 - supported types of testing. Currently have maximum +# of two: forward and reverse. But more can be defined. +# No return value +# +setTestParam() { + type=$1 + sslPort=`eval 'echo $'${type}Port` + sslUrl=`eval 'echo $'${type}Url` + testParam=`eval 'echo $'${type}Param` + testDescription=`eval 'echo $'${type}Descr` + [ -z "$sslPort" ] && sslPort=443 + [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html" + [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html" +} + + +####################################################################### +# local shell function to perform SSL Cipher Suite Coverage tests +# in interoperability mode. Tests run against web server by using nss +# test client +# Params: +# $1 - supported type of testing. +# $2 - testing host +# $3 - nss db location +# No return value +# +ssl_iopr_cov_ext_server() +{ + testType=$1 + host=$2 + dbDir=$3 + + setTestParam $testType + if [ "`echo $testParam | grep NOCOV`" != "" ]; then + echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \ + "run by server configuration" + return 0 + fi + + html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \ + "$BYPASS_STRING $NORM_EXT): $testDescription" + + setValidCert; ret=$? + if [ $ret -ne 0 ]; then + html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" + return $ret + fi + + SSL_REQ_FILE=${TMP}/sslreq.dat.$$ + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE + echo >> $SSL_REQ_FILE + + while read ecc tls param testname therest; do + [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \ + "$ecc" = "ECC" ] && continue; + + echo "$SCRIPTNAME: running $testname ----------------------------" + TLS_FLAG=-T + if [ "$tls" = "TLS" ]; then + TLS_FLAG="" + fi + + resFile=${TMP}/$HOST.tmpRes.$$ + rm $resFile 2>/dev/null + + echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\" + echo " -n $testUser -w nss ${CLIEN_OPTIONS} -f \\" + echo " -d ${dbDir} < ${SSL_REQ_FILE} > $resFile" + + tstclnt -w nss -p ${sslPort} -h ${host} -c ${param} \ + ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -w nss \ + -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 + ret=$? + grep "ACCESS=OK" $resFile + test $? -eq 0 -a $ret -eq 0 + ret=$? + [ $ret -ne 0 ] && cat ${TMP}/$HOST.tmp.$$ + rm -f $resFile 2>/dev/null + html_msg $ret 0 "${testname}" + done < ${SSLCOV} + rm -f $SSL_REQ_FILE 2>/dev/null + + html "</TABLE><BR>" +} + +####################################################################### +# local shell function to perform SSL Client Authentication tests +# in interoperability mode. Tests run against web server by using nss +# test client +# Params: +# $1 - supported type of testing. +# $2 - testing host +# $3 - nss db location +# No return value +# +ssl_iopr_auth_ext_server() +{ + testType=$1 + host=$2 + dbDir=$3 + + setTestParam $testType + if [ "`echo $testParam | grep NOAUTH`" != "" ]; then + echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \ + "run by server configuration" + return 0 + fi + + html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): + $testDescription" + + setValidCert;ret=$? + if [ $ret -ne 0 ]; then + html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" + return $ret + fi + + SSL_REQ_FILE=${TMP}/sslreq.dat.$$ + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE + echo >> $SSL_REQ_FILE + + SSLAUTH_TMP=${TMP}/authin.tl.tmp + grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP} + + while read ecc value sparam cparam testname; do + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; + + cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` + + echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\" + echo " -d ${dbDir} < ${SSL_REQ_FILE}" + + resFile=${TMP}/$HOST.tmp.$$ + rm $rsFile 2>/dev/null + + tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ + -d ${dbDir} < ${SSL_REQ_FILE} >$resFile 2>&1 + ret=$? + grep "ACCESS=OK" $resFile + test $? -eq 0 -a $ret -eq 0 + ret=$? + [ $ret -ne 0 ] && cat $resFile + rm $resFile 2>/dev/null + + html_msg $ret $value "${testname}. Client params: $cparam"\ + "produced a returncode of $ret, expected is $value" + done < ${SSLAUTH_TMP} + rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} + + html "</TABLE><BR>" +} + +######################################################################## +# local shell function to perform SSL interoperability test with/out +# revoked certs tests. Tests run against web server by using nss +# test client +# Params: +# $1 - supported type of testing. +# $2 - testing host +# $3 - nss db location +# No return value +# +ssl_iopr_crl_ext_server() +{ + testType=$1 + host=$2 + dbDir=$3 + + setTestParam $testType + if [ "`echo $testParam | grep NOCRL`" != "" ]; then + echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \ + "run by server configuration" + return 0 + fi + + html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription" + + SSL_REQ_FILE=${TMP}/sslreq.dat.$$ + echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE + echo >> $SSL_REQ_FILE + + SSLAUTH_TMP=${TMP}/authin.tl.tmp + grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \ + grep -v none > ${SSLAUTH_TMP} + + while read ecc value sparam _cparam testname; do + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; + + rev_modvalue=254 + for testUser in $SslClntValidCertName $SslClntRevokedCertName; do + cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" ` + + echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\" + echo " -f -d ${dbDir} ${cparam} < ${SSL_REQ_FILE}" + resFile=${TMP}/$HOST.tmp.$$ + rm -f $resFile 2>/dev/null + tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \ + -d ${dbDir} < ${SSL_REQ_FILE} \ + > $resFile 2>&1 + ret=$? + grep "ACCESS=OK" $resFile + test $? -eq 0 -a $ret -eq 0 + ret=$? + [ $ret -ne 0 ] && ret=$rev_modvalue; + [ $ret -ne 0 ] && cat $resFile + rm -f $resFile 2>/dev/null + + if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then + modvalue=$rev_modvalue + testAddMsg="revoked" + else + testAddMsg="not revoked" + modvalue=$value + fi + html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ + "produced a returncode of $ret, expected is $modvalue" + done + done < ${SSLAUTH_TMP} + rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE} + + html "</TABLE><BR>" +} + + +######################################################################## +# local shell function to perform SSL Cipher Coverage tests of nss server +# by invoking remote test client on web server side. +# Invoked only if reverse testing is supported by web server. +# Params: +# $1 - remote web server host +# $2 - open port to connect to invoke CGI script +# $3 - host where selfserv is running(name of the host nss tests +# are running) +# $4 - port where selfserv is running +# $5 - selfserv nss db location +# No return value +# +ssl_iopr_cov_ext_client() +{ + host=$1 + port=$2 + sslHost=$3 + sslPort=$4 + serDbDir=$5 + + html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" + + setValidCert + ret=$? + if [ $res -ne 0 ]; then + html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" + return $ret + fi + + # P_R_SERVERDIR switch require for selfserv to work. + # Will be restored after test + OR_P_R_SERVERDIR=$P_R_SERVERDIR + P_R_SERVERDIR=$serDbDir + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR + P_R_CLIENTDIR=$serDbDir + testname="" + sparam="-vvvc ABCDEFcdefgijklmnvyz" + # Launch the server + start_selfserv + + while read ecc tls param cipher therest; do + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; + echo "============= Beginning of the test ====================" + echo + + is_selfserv_alive + + TEST_IN=${TMP}/${HOST}_IN.tmp.$$ + TEST_OUT=${TMP}/$HOST.tmp.$$ + rm -f $TEST_IN $TEST_OUT 2>/dev/null + + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN + echo >> $TEST_IN + + echo "------- Request ----------------------" + cat $TEST_IN + echo "------- Command ----------------------" + echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h $host \< $TEST_IN \>\> $TEST_OUT + + tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h $host <$TEST_IN > $TEST_OUT + + echo "------- Server output Begin ----------" + cat $TEST_OUT + echo "------- Server output End ----------" + + echo "Checking for errors in log file..." + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null + if [ $? -eq 0 ]; then + grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null + if [ $? -eq 0 ]; then + echo "Skiping test: no support for the cipher $cipher on server side" + continue + fi + + grep -i "SERVER ERROR:" $TEST_OUT + ret=$? + if [ $ret -eq 0 ]; then + echo "Found problems. Reseting exit code to failure." + + ret=1 + else + ret=0 + fi + else + echo "Script was not executed. Reseting exit code to failure." + ret=11 + fi + + html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \ + " produced a returncode of $ret, expected is 0" + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null + done < ${SSLCOV} + kill_selfserv + + P_R_SERVERDIR=$OR_P_R_SERVERDIR + + rm -f ${TEST_IN} ${TEST_OUT} + html "</TABLE><BR>" +} + +######################################################################## +# local shell function to perform SSL Authentication tests of nss server +# by invoking remove test client on web server side +# Invoked only if reverse testing is supported by web server. +# Params: +# $1 - remote web server host +# $2 - open port to connect to invoke CGI script +# $3 - host where selfserv is running(name of the host nss tests +# are running) +# $4 - port where selfserv is running +# $5 - selfserv nss db location +# No return value +# +ssl_iopr_auth_ext_client() +{ + host=$1 + port=$2 + sslHost=$3 + sslPort=$4 + serDbDir=$5 + + html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" + + setValidCert + ret=$? + if [ $res -ne 0 ]; then + html_failed "<TR><TD>Fail to find valid test cert(ws: $host)" + return $ret + fi + + OR_P_R_SERVERDIR=$P_R_SERVERDIR + P_R_SERVERDIR=${serDbDir} + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR + P_R_CLIENTDIR=$serDbDir + + SSLAUTH_TMP=${TMP}/authin.tl.tmp + + grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} + + while read ecc value sparam cparam testname; do + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; + + echo "Server params: $sparam" + sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz" + start_selfserv + + TEST_IN=${TMP}/$HOST_IN.tmp.$$ + TEST_OUT=${TMP}/$HOST.tmp.$$ + rm -f $TEST_IN $TEST_OUT 2>/dev/null + + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN + echo >> $TEST_IN + + echo "------- Request ----------------------" + cat $TEST_IN + echo "------- Command ----------------------" + echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h $host \< $TEST_IN \>\> $TEST_OUT + + tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h $host <$TEST_IN > $TEST_OUT + + echo "------- Server output Begin ----------" + cat $TEST_OUT + echo "------- Server output End ----------" + + echo "Checking for errors in log file..." + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null + if [ $? -eq 0 ]; then + echo "Checking for error in log file..." + grep -i "SERVER ERROR:" $TEST_OUT + ret=$? + if [ $ret -eq 0 ]; then + echo "Found problems. Reseting exit code to failure." + ret=1 + else + ret=0 + fi + else + echo "Script was not executed. Reseting exit code to failure." + ret=11 + fi + + html_msg $ret $value "${testname}. Server params: $sparam"\ + "produced a returncode of $ret, expected is $value" + kill_selfserv + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null + done < ${SSLAUTH_TMP} + P_R_SERVERDIR=$OR_P_R_SERVERDIR + + rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT} + html "</TABLE><BR>" +} + +######################################################################### +# local shell function to perform SSL CRL testing of nss server +# by invoking remote test client on web server side +# Invoked only if reverse testing is supported by web server. +# Params: +# $1 - remote web server host +# $2 - open port to connect to invoke CGI script +# $3 - host where selfserv is running(name of the host nss tests +# are running) +# $4 - port where selfserv is running +# $5 - selfserv nss db location +# No return value +# +ssl_iopr_crl_ext_client() +{ + host=$1 + port=$2 + sslHost=$3 + sslPort=$4 + serDbDir=$5 + + html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT" + + OR_P_R_SERVERDIR=$P_R_SERVERDIR + P_R_SERVERDIR=${serDbDir} + OR_P_R_CLIENTDIR=$P_R_CLIENTDIR + P_R_CLIENTDIR=$serDbDir + + SSLAUTH_TMP=${TMP}/authin.tl.tmp + grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP} + + while read ecc value sparam _cparam testname; do + [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue; + sparam="$sparam -vvvc ABCDEFcdefgijklmnvyz" + start_selfserv + + for testUser in $SslClntValidCertName $SslClntRevokedCertName; do + + is_selfserv_alive + + TEST_IN=${TMP}/${HOST}_IN.tmp.$$ + TEST_OUT=${TMP}/$HOST.tmp.$$ + rm -f $TEST_IN $TEST_OUT 2>/dev/null + + echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN + echo >> $TEST_IN + + echo "------- Request ----------------------" + cat $TEST_IN + echo "------- Command ----------------------" + echo tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h ${host} \< $TEST_IN \>\> $TEST_OUT + + tstclnt -d $serDbDir -w ${R_PWFILE} -o -p $port \ + -h ${host} <$TEST_IN > $TEST_OUT + echo "------- Request ----------------------" + cat $TEST_IN + echo "------- Server output Begin ----------" + cat $TEST_OUT + echo "------- Server output End ----------" + + echo "Checking for errors in log file..." + grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null + if [ $? -eq 0 ]; then + grep -i "SERVER ERROR:" $TEST_OUT + ret=$? + if [ $ret -eq 0 ]; then + echo "Found problems. Reseting exit code to failure." + ret=1 + else + ret=0 + fi + else + echo "Script was not executed. Reseting exit code to failure." + ret=11 + fi + + if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then + modvalue=1 + testAddMsg="revoked" + else + testAddMsg="not revoked" + modvalue=0 + fi + + html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \ + "produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)" + rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null + done + kill_selfserv + done < ${SSLAUTH_TMP} + P_R_SERVERDIR=$OR_P_R_SERVERDIR + + rm -f ${SSLAUTH_TMP} + html "</TABLE><BR>" +} + +##################################################################### +# Initial point for running ssl test againt multiple hosts involved in +# interoperability testing. Called from nss/tests/ssl/ssl.sh +# It will only proceed with test run for a specific host if environment variable +# IOPR_HOSTADDR_LIST was set, had the host name in the list +# and all needed file were successfully downloaded and installed for the host. +# +# Returns 1 if interoperability testing is off, 0 otherwise. +# +ssl_iopr_run() { + NO_ECC_CERTS=1 # disable ECC for interoperability tests + + if [ "$IOPR" -ne 1 ]; then + return 1 + fi + cd ${CLIENTDIR} + + num=1 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + while [ "$IOPR_HOST_PARAM" ]; do + IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'` + IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'` + [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443 + + . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg + RES=$? + + if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then + num=`expr $num + 1` + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + continue + fi + + #======================================================= + # Check if server is capable to run ssl tests + # + [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue; + + # Testing directories defined by webserver. + echo "Testing ssl interoperability. + Client: local(tstclnt). + Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)" + + for sslTestType in ${supportedTests_new}; do + if [ -z "`echo $sslTestType | grep -i ssl`" ]; then + continue + fi + ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \ + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} + ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \ + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} + ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \ + ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} + done + + + # Testing selfserv with client located at the webserver. + echo "Testing ssl interoperability. + Client: remote($IOPR_HOSTADDR:$PORT) + Server: local(selfserv)" + ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} + ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} + ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \ + ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} + echo "================================================" + echo "Done testing interoperability with $IOPR_HOSTADDR" + num=`expr $num + 1` + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` + done + NO_ECC_CERTS=0 + return 0 +} + diff --git a/security/nss/tests/ocsp/ocsp.sh b/security/nss/tests/ocsp/ocsp.sh new file mode 100644 index 000000000..8efe737a7 --- /dev/null +++ b/security/nss/tests/ocsp/ocsp.sh @@ -0,0 +1,82 @@ +#! /bin/sh +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +######################################################################## +# +# mozilla/security/nss/tests/ocsp/ocsp.sh +# +# Script to test NSS OCSP +# +# needs to work on all Unix and Windows platforms +# +# special strings +# --------------- +# FIXME ... known problems, search for this string +# NOTE .... unexpected behavior +# +######################################################################## + +############################## ssl_init ################################ +# local shell function to initialize this script +######################################################################## +ocsp_init() +{ + SCRIPTNAME=ocsp.sh # sourced - $0 would point to all.sh + + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it + fi + + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then + cd ../common + . ./init.sh + fi + if [ -z "${IOPR_OCSP_SOURCED}" ]; then + . ../iopr/ocsp_iopr.sh + fi + if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here + cd ../cert + . ./cert.sh + fi + SCRIPTNAME=ocsp.sh + echo "$SCRIPTNAME: OCSP tests ===============================" + + cd ${CLIENTDIR} +} + +################## main ################################################# +ocsp_init +ocsp_iopr_run |