diff options
Diffstat (limited to 'security/nss/tests/merge/merge.sh')
| -rwxr-xr-x | security/nss/tests/merge/merge.sh | 272 |
1 files changed, 0 insertions, 272 deletions
diff --git a/security/nss/tests/merge/merge.sh b/security/nss/tests/merge/merge.sh deleted file mode 100755 index f3955080e..000000000 --- a/security/nss/tests/merge/merge.sh +++ /dev/null @@ -1,272 +0,0 @@ -#! /bin/bash -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -######################################################################## -# -# mozilla/security/nss/tests/merge/merge.sh -# -# Script to test NSS merge -# -# needs to work on all Unix and Windows platforms -# -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior -# -######################################################################## - -############################## merge_init ############################## -# local shell function to initialize this script -######################################################################## -merge_init() -{ - SCRIPTNAME=merge.sh # sourced - $0 would point to all.sh - HAS_EXPLICIT_DB=0 - if [ ! -z "${NSS_DEFAULT_DB_TYPE}" ]; then - HAS_EXPLICIT_DB=1 - fi - - - if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for - CLEANUP="${SCRIPTNAME}" # cleaning this script will do it - fi - - if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then - cd ../common - . ./init.sh - fi - if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here - cd ${QADIR}/cert - . ./cert.sh - fi - - if [ ! -d ${HOSTDIR}/SDR ]; then - cd ${QADIR}/sdr - . ./sdr.sh - fi - SCRIPTNAME=merge.sh - - html_head "Merge Tests" - - # need the SSL & SMIME directories from cert.sh - grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || { - Exit 11 "Fatal - S/MIME of cert.sh needs to pass first" - } - grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || { - Exit 8 "Fatal - SSL of cert.sh needs to pass first" - } - - #temporary files for SDR tests - VALUE1=$HOSTDIR/tests.v1.$$ - VALUE3=$HOSTDIR/tests.v3.$$ - - # local directories used in this test. - MERGEDIR=${HOSTDIR}/merge - R_MERGEDIR=../merge - D_MERGE="merge.$version" - # SDR not initialized in common/init - P_R_SDR=../SDR - D_SDR="SDR.$version" - mkdir -p ${MERGEDIR} - - PROFILE=. - if [ -n "${MULTIACCESS_DBM}" ]; then - PROFILE="multiaccess:${D_MERGE}" - P_R_SDR="multiaccess:${D_SDR}" - fi - - cd ${MERGEDIR} - - # clear out any existing databases, potentially from a previous run. - rm -f *.db - - # copy alicedir over as a seed database. - cp ${R_ALICEDIR}/* . - # copy the smime text samples - cp ${QADIR}/smime/*.txt . - - # create a set of conflicting names. - CONFLICT1DIR=conflict1 - CONFLICT2DIR=conflict2 - mkdir ${CONFLICT1DIR} - mkdir ${CONFLICT2DIR} - # in the upgrade mode (dbm->sql), make sure our test databases - # are dbm databases. - if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then - save=${NSS_DEFAULT_DB_TYPE} - NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE - fi - - certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE} - certutil -N -d ${CONFLICT2DIR} -f ${R_PWFILE} - certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser41.cert -d ${CONFLICT1DIR} - certutil -A -n "Alice #1" -t ,, -i ${R_CADIR}/TestUser42.cert -d ${CONFLICT1DIR} - certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser43.cert -d ${CONFLICT1DIR} - certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser44.cert -d ${CONFLICT2DIR} - certutil -A -n "Alice #1" -t ,, -i ${R_CADIR}/TestUser45.cert -d ${CONFLICT2DIR} - certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser46.cert -d ${CONFLICT2DIR} - if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then - NSS_DEFAULT_DB_TYPE=${save}; export NSS_DEFAULT_DB_TYPE - fi - - # - # allow all the tests to run in standalone mode. - # in standalone mode, TEST_MODE is not set. - # if NSS_DEFAULT_DB_TYPE is dbm, then test merge with dbm - # if NSS_DEFAULT_DB_TYPE is sql, then test merge with sql - # if NSS_DEFAULT_DB_TYPE is not set, then test database upgrade merge - # from dbm databases (created above) into a new sql db. - if [ -z "${TEST_MODE}" ] && [ ${HAS_EXPLICIT_DB} -eq 0 ]; then - echo "*** Using Standalone Upgrade DB mode" - NSS_DEFAULT_DB_TYPE=sql; export NSS_DEFAULT_DB_TYPE - echo certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - ${BINDIR}/certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - TEST_MODE=UPGRADE_DB - - fi - -} - -# -# this allows us to run this test for both merge and upgrade-merge cases. -# merge_cmd takes the potential upgrade-id and the rest of the certutil -# arguments. -# -merge_cmd() -{ - MERGE_CMD=--merge - if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then - MERGE_CMD="--upgrade-merge --upgrade-token-name OldDB --upgrade-id ${1}" - fi - shift - echo certutil ${MERGE_CMD} $* - ${PROFTOOL} ${BINDIR}/certutil ${MERGE_CMD} $* -} - - -merge_main() -{ - # first create a local sdr key and encrypt some data with it - # This will cause a colision with the SDR key in ../SDR. - echo "$SCRIPTNAME: Creating an SDR key & Encrypt" - echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}" - ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE} - html_msg $? 0 "Creating SDR Key" - - # Now merge in Dave - # Dave's cert is already in alicedir, but his key isn't. This will make - # sure we are updating the keys and CKA_ID's on the certificate properly. - MERGE_ID=dave - echo "$SCRIPTNAME: Merging in Key for Existing user" - merge_cmd dave --source-dir ${P_R_DAVEDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - html_msg $? 0 "Merging Dave" - - # Merge in server - # contains a CRL and new user certs - MERGE_ID=server - echo "$SCRIPTNAME: Merging in new user " - merge_cmd server --source-dir ${P_R_SERVERDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - html_msg $? 0 "Merging server" - - # Merge in ext_client - # contains a new certificate chain and additional trust flags - MERGE_ID=ext_client - echo "$SCRIPTNAME: Merging in new chain " - merge_cmd ext_client --source-dir ${P_R_EXT_CLIENTDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - html_msg $? 0 "Merging ext_client" - - # Merge conflicting nicknames in conflict1dir - # contains several certificates with nicknames that conflict with the target - # database - MERGE_ID=conflict1 - echo "$SCRIPTNAME: Merging in conflicting nicknames 1" - merge_cmd conflict1 --source-dir ${CONFLICT1DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - - html_msg $? 0 "Merging conflicting nicknames 1" - - # Merge conflicting nicknames in conflict2dir - # contains several certificates with nicknames that conflict with the target - # database - MERGE_ID=conflict2 - echo "$SCRIPTNAME: Merging in conflicting nicknames 1" - merge_cmd conflict2 --source-dir ${CONFLICT2DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - html_msg $? 0 "Merging conflicting nicknames 2" - - # Make sure conflicted names were properly sorted out. - echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #4)" - certutil -L -n "Alice #4" -d ${PROFILE} - html_msg $? 0 "Verify nicknames were deconflicted (Alice #4)" - - # Make sure conflicted names were properly sorted out. - echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #100)" - certutil -L -n "Alice #100" -d ${PROFILE} - html_msg $? 0 "Verify nicknames were deconflicted (Alice #100)" - - # Merge in SDR - # contains a secret SDR key - MERGE_ID=SDR - echo "$SCRIPTNAME: Merging in SDR " - merge_cmd sdr --source-dir ${P_R_SDR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE} - html_msg $? 0 "Merging SDR" - - # insert a listing of the database into the log for diagonic purposes - ${BINDIR}/certutil -L -d ${PROFILE} - ${BINDIR}/crlutil -L -d ${PROFILE} - - # Make sure we can decrypt with our original SDR key generated above - echo "$SCRIPTNAME: Decrypt - With Original SDR Key" - echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}" - ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE} - html_msg $? 0 "Decrypt - Value 3" - - # Make sure we can decrypt with our the SDR key merged in from ../SDR - echo "$SCRIPTNAME: Decrypt - With Merged SDR Key" - echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}" - ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE} - html_msg $? 0 "Decrypt - Value 1" - - # Make sure we can sign with merge certificate - echo "$SCRIPTNAME: Signing with merged key ------------------" - echo "cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig" - ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig - html_msg $? 0 "Create Detached Signature Dave" "." - - echo "cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} " - ${PROFTOOL} ${BINDIR}/cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} - html_msg $? 0 "Verifying Dave's Detached Signature" - - # Make sure that trust objects were properly merged - echo "$SCRIPTNAME: verifying merged cert ------------------" - echo "certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}" - ${PROFTOOL} ${BINDIR}/certutil -V -n ExtendedSSLUser -u C -d ${PROFILE} - html_msg $? 0 "Verifying ExtendedSSL User Cert" - - # Make sure that the crl got properly copied in - echo "$SCRIPTNAME: verifying merged crl ------------------" - echo "crlutil -L -n TestCA -d ${PROFILE}" - ${PROFTOOL} ${BINDIR}/crlutil -L -n TestCA -d ${PROFILE} - html_msg $? 0 "Verifying TestCA CRL" - -} - -############################## smime_cleanup ########################### -# local shell function to finish this script (no exit since it might be -# sourced) -######################################################################## -merge_cleanup() -{ - html "</TABLE><BR>" - cd ${QADIR} - . common/cleanup.sh -} - -################## main ################################################# - -merge_init -merge_main -merge_cleanup - |