diff options
Diffstat (limited to 'security/nss/tests/run_niscc.sh')
-rwxr-xr-x | security/nss/tests/run_niscc.sh | 978 |
1 files changed, 0 insertions, 978 deletions
diff --git a/security/nss/tests/run_niscc.sh b/security/nss/tests/run_niscc.sh deleted file mode 100755 index 3cb109cc7..000000000 --- a/security/nss/tests/run_niscc.sh +++ /dev/null @@ -1,978 +0,0 @@ -#!/bin/bash -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -# -# PRIOR TO RUNNING THIS SCRIPT -# you should adjust MAIL_COMMAND and QA_LIST -# -# External dependencies: -# - install the NISCC test files, e.g. at /niscc (readonly OK) -# - libfaketimeMT because the test certificates have expired -# - build environment for building NSS -# - gdb to analyze core files -# - a command line mail tool (e.g. mailx) -# - openssl to combine input PEM files into pkcs#12 -# - curl for obtaining version information from the web -# - -################################################################################ -# Print script usage -################################################################################ -usage() -{ - cat << EOF -Usage: $0 [options] - -Test NSS library against NISCC SMIME and TLS testcases. - -Options: - -h, --help print this help message and exit - -v, --verbose enable extra verbose output - --niscc-home DIR use NISCC testcases from directory DIR (default /niscc) - --host HOST use host HOST (default '127.0.0.1') - --threads X set thread number to X (max. 10, default 10) - --out DIR set DIR as output directory (default '/out') - --mail ADDRESS send mail with test result to ADDRESS - --nss DIR set NSS directory to DIR (default '~/cvs/nss') - --nss-hack DIR set hacked NSS directory to DIR (default '~/cvs/nss_hack') - --log-store store all the logs (only summary by default) - --no-build-test don't pull and build tested NSS - --no-build-hack don't pull and build hacked NSS - --test-system test system installed NSS - --date DATE use DATE in log archive name and outgoing email - --libfaketime path.so use faketime library with LD_PRELOAD=path.so - --smallset test only a very small subset - -All options are optional. -All options (and possibly more) can be also set through environment variables. -Commandline options have higher priority than environment variables. -For more information please refer to the source code of this script. - -For a successfull run the script NEEDS the core file pattern to be 'core.*', -e.g. 'core.%t'. You can check the current pattern in -'/proc/sys/kernel/core_pattern'. Otherwise the test will be unable to detect -any failures and will pass every time. - -It is recommended to use hacked and tested binaries in a location, where their -absolute path is max. 80 characters. If their path is longer and a core file is -generated, its properties may be incomplete. - -Return value of the script indicates how many failures it experienced. - -EOF - exit $1 -} - -################################################################################ -# Process command-line arguments -################################################################################ -process_args() -{ - HELP="false" - args=`getopt -u -l "niscc-home:,host:,threads:,out:,verbose,mail:,nss:,nss-hack:,log-store,no-build-test,no-build-hack,help,test-system,date:,libfaketime:,smallset" -- "hv" $*` - [ "$?" != "0" ] && usage 1 - set -- $args - for i; do - case "$i" in - -v|--verbose) - shift - VERBOSE="-v" - ;; - --niscc-home) - shift - NISCC_HOME="$1" - shift - ;; - --host) - shift - HOST="$1" - shift - ;; - --threads) - shift - THREADS="$1" - shift - ;; - --out) - shift - TEST_OUTPUT="$1" - shift - ;; - --mail) - shift - USE_MAIL="true" - QA_LIST="$1" - shift - ;; - --nss) - shift - LOCALDIST="$1" - shift - ;; - --nss-hack) - shift - NSS_HACK="$1" - shift - ;; - --log-store) - shift - LOG_STORE="true" - ;; - --no-build-test) - shift - NO_BUILD_TEST="true" - ;; - --no-build-hack) - shift - NO_BUILD_HACK="true" - ;; - -h|--help) - shift - HELP="true" - ;; - --test-system) - shift - TEST_SYSTEM="true" - ;; - --date) - shift - DATE="$1" - shift - ;; - --libfaketime) - shift - FAKETIMELIB="$1" - shift - ;; - --smallset) - shift - SMALLSET="true" - ;; - --) - ;; - *) - ;; - esac - done - [ $HELP = "true" ] && usage 0 -} - -################################################################################ -# Create and set needed and useful environment variables -################################################################################ -create_environment() -{ - # Base location of NISCC testcases - export NISCC_HOME=${NISCC_HOME:-/niscc} - - # Base location of NSS - export CVS=${CVS:-"$HOME/cvs"} - - # NSS being tested - export LOCALDIST=${LOCALDIST:-"${CVS}/nss"} - - # Hacked NSS - built with "NISCC_TEST=1" - export NSS_HACK=${NSS_HACK:-"${CVS}/nss_hack"} - - # Hostname of the testmachine - export HOST=${HOST:-127.0.0.1} - - # Whether to store logfiles - export LOG_STORE=${LOG_STORE:-"false"} - - # Whether to mail the summary - export USE_MAIL=${USE_MAIL:-"false"} - - # How to mail summary - export MAIL_COMMAND=${MAIL_COMMAND:-"mailx -S smtp=smtp://your.smtp.server:25 -r your+niscc@email.address"} - - # List of mail addresses where to send summary - export QA_LIST=${QA_LIST:-"result@recipient.address"} - - # Whether to use 64b build - export USE_64=${USE_64:-1} - - # Directory where to write all the output data (around 650MiB for each run) - export TEST_OUTPUT=${TEST_OUTPUT:-"$HOME/out"} - - # How many threads to use in selfserv and strsclnt (max. 10) - export THREADS=${THREADS:-10} - - # If true, do not build tthe tested version of NSS - export NO_BUILD_TEST=${NO_BUILD_TEST:-"false"} - - # If true, do not build the special NSS version for NISCC - export NO_BUILD_HACK=${NO_BUILD_HACK:-"false"} - - # If true, do not rebuild client and server directories - export NO_SETUP=${NO_SETUP:-"false"} - - # Location of NISCC SSL/TLS testcases - export TEST=${TEST:-"${NISCC_HOME}/NISCC_SSL_testcases"} - - # If true, then be extra verbose - export VERBOSE=${VERBOSE:-""} - - # If true, test the system installed NSS - export TEST_SYSTEM=${TEST_SYSTEM:-"false"} - [ "$TEST_SYSTEM" = "true" ] && export NO_BUILD_TEST="true" - - [ ! -z "$VERBOSE" ] && set -xv - - # Real date for naming of archives (system date must be 2002-11-18 .. 2007-11-18 due to certificate validity - DATE=${DATE:-`date`} - export DATE=`date -d "$DATE" +%Y%m%d` - - FAKETIMELIB=${FAKETIMELIB:-""} - export DATE=`date -d "$DATE" +%Y%m%d` - - # Whether to test only a very small subset - export SMALLSET=${SMALLSET:-"false"} - - # Create output dir if it doesn't exist - mkdir -p ${TEST_OUTPUT} -} - -################################################################################ -# Do a cvs pull of NSS -################################################################################ -cvs_pull() -{ - # Tested NSS - by default using current CVS HEAD - if [ "$NO_BUILD_TEST" = "false" ]; then - echo "cloning NSS sources to be tested from CVS" - [ ! -d "$LOCALDIST" ] && mkdir -p "$LOCALDIST" - cd "$LOCALDIST" - cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r HEAD NSPR &>> $TEST_OUTPUT/nisccBuildLog - cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r HEAD NSS &>> $TEST_OUTPUT/nisccBuildLog - #find . -exec touch {} \; - fi - - # Hacked NSS - by default using some RTM version. - # Do not use HEAD for hacked NSS - it needs to be stable and bug-free - if [ "$NO_BUILD_HACK" = "false" ]; then - echo "cloning NSS sources for a hacked build from CVS" - [ ! -d "$NSS_HACK" ] && mkdir -p "$NSS_HACK" - cd "$NSS_HACK" - NSPR_TAG=`curl http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/nsprpub/TAG-INFO | head -1 | awk '{print $1}'` - NSS_TAG=`curl http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/TAG-INFO | head -1 | awk '{print $1}'` - cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r $NSPR_TAG NSPR &>> $TEST_OUTPUT/nisccBuildLogHack - cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -r $NSS_TAG NSS &>> $TEST_OUTPUT/nisccBuildLogHack - #find . -exec touch {} \; - fi -} - -################################################################################ -# Build NSS after setting make variable NISCC_TEST -################################################################################ -build_NSS() -{ - # Tested NSS - if [ "$NO_BUILD_TEST" = "false" ]; then - echo "building NSS to be tested" - cd "$LOCALDIST" - unset NISCC_TEST - cd mozilla/security/nss - gmake nss_clean_all &>> $TEST_OUTPUT/nisccBuildLog - gmake nss_build_all &>> $TEST_OUTPUT/nisccBuildLog - fi - - # Hacked NSS - if [ "$NO_BUILD_HACK" = "false" ]; then - echo "building hacked NSS" - cd "$NSS_HACK" - export NISCC_TEST=1 - cd mozilla/security/nss - gmake nss_clean_all &>> $TEST_OUTPUT/nisccBuildLogHack - gmake nss_build_all &>> $TEST_OUTPUT/nisccBuildLogHack - fi - - unset NISCC_TEST -} - -################################################################################ -# Set build dir, bin and lib directories -################################################################################ -init() -{ - # Enable useful core files to be generated in case of crash - ulimit -c unlimited - - # Pattern of core files, they should be created in current directory - echo "core_pattern $(cat /proc/sys/kernel/core_pattern)" > "$TEST_OUTPUT/nisccLog00" - - # gmake is needed in the path for this suite to run - echo "PATH $PATH" >> "$TEST_OUTPUT/nisccLog00" - - # Find out hacked NSS version - DISTTYPE=`cd "$NSS_HACK/mozilla/security/nss/tests/common"; gmake objdir_name` - echo "NSS_HACK DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00" - export HACKBIN="$NSS_HACK/mozilla/dist/$DISTTYPE/bin" - export HACKLIB="$NSS_HACK/mozilla/dist/$DISTTYPE/lib" - - if [ "$TEST_SYSTEM" = "false" ]; then - # Find out nss version - DISTTYPE=`cd "$LOCALDIST/mozilla/security/nss/tests/common"; gmake objdir_name` - echo "NSS DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00" - export TESTBIN="$LOCALDIST/mozilla/dist/$DISTTYPE/bin" - export TESTLIB="$LOCALDIST/mozilla/dist/$DISTTYPE/lib" - export TESTTOOLS="$TESTBIN" - else - # Using system installed NSS - echo "USING SYSTEM NSS" >> "$TEST_OUTPUT/nisccLog00" - export TESTBIN="/usr/bin" - if [ `uname -m` = "x86_64" ]; then - export TESTLIB="/usr/lib64" - export TESTTOOLS="/usr/lib64/nss/unsupported-tools" - else - export TESTLIB="/usr/lib" - export TESTTOOLS="/usr/lib/nss/unsupported-tools" - fi - fi - - # Verify NISCC_TEST was set in the proper library - if strings "$HACKLIB/libssl3.so" | grep NISCC_TEST > /dev/null 2>&1; then - echo "$HACKLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00" - else - echo "$HACKLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00" - fi - - if strings "$TESTLIB/libssl3.so" | grep NISCC_TEST > /dev/null 2>&1; then - echo "$TESTLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00" - else - echo "$TESTLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00" - fi -} - -################################################################################ -# Setup simple client and server directory -################################################################################ -ssl_setup_dirs_simple() -{ - [ "$NO_SETUP" = "true" ] && return - - echo "Setting up working directories for SSL simple tests" - - CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client" - SERVER="$TEST_OUTPUT/niscc_ssl/simple_server" - - # Generate .p12 files - openssl pkcs12 -export -inkey "$TEST/client_key.pem" -in "$TEST/client_crt.pem" -out "$TEST_OUTPUT/client_crt.p12" -passout pass:testtest1 -name "client_crt" - openssl pkcs12 -export -inkey "$TEST/server_key.pem" -in "$TEST/server_crt.pem" -out "$TEST_OUTPUT/server_crt.p12" -passout pass:testtest1 -name "server_crt" - - # Setup simple client directory - rm -rf "$CLIENT" - mkdir -p "$CLIENT" - echo test > "$CLIENT/password-is-test.txt" - export LD_LIBRARY_PATH="$TESTLIB" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca -i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - - # File containg message used for terminating the server - echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt" - echo "" >> "$CLIENT/stop.txt" - - # Setup simple server directory - rm -rf "$SERVER" - mkdir -p "$SERVER" - echo test > "$SERVER/password-is-test.txt" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca -i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - - unset LD_LIBRARY_PATH -} - -################################################################################ -# Setup resigned client and server directory -################################################################################ -ssl_setup_dirs_resigned() -{ - [ "$NO_SETUP" = "true" ] && return - - echo "Setting up working directories for SSL resigned tests" - - CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client" - SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server" - - # Setup resigned client directory - rm -rf "$CLIENT" - mkdir -p "$CLIENT" - echo test > "$CLIENT/password-is-test.txt" - export LD_LIBRARY_PATH="$TESTLIB" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca -i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - - echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt" - echo "" >> "$CLIENT/stop.txt" - - # Setup resigned server directory - rm -rf "$SERVER" - mkdir -p "$SERVER" - echo test > "$SERVER/password-is-test.txt" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca -i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1 - - unset LD_LIBRARY_PATH -} - -################################################################################ -# NISCC SMIME tests -################################################################################ -niscc_smime() -{ - cd "$TEST_OUTPUT" - DATA="$NISCC_HOME/NISCC_SMIME_testcases" - - [ ! -d niscc_smime ] && mkdir -p niscc_smime - - export SMIME_CERT_DB_DIR=envDB - export NSS_STRICT_SHUTDOWN=1 - export NSS_DISABLE_ARENA_FREE_LIST=1 - export LD_LIBRARY_PATH="$TESTLIB" - - # Generate .p12 files - openssl pkcs12 -export -inkey "$DATA/Client.key" -in "$DATA/Client.crt" -out Client.p12 -passout pass:testtest1 &>/dev/null - openssl pkcs12 -export -inkey "$DATA/CA.key" -in "$DATA/CA.crt" -out CA.p12 -passout pass:testtest1 &>/dev/null - - # Generate envDB if needed - if [ ! -d "$SMIME_CERT_DB_DIR" ]; then - mkdir -p "$SMIME_CERT_DB_DIR" - echo testtest1 > password-is-testtest1.txt - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "./$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt > /dev/null 2>&1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt -i "$DATA/CA.crt" -n CA -t "TC,C," - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt -i "$DATA/Client.crt" -n Client -t "TC,C," - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i ./CA.p12 -d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt -W testtest1 - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/pk12util" -i ./Client.p12 -d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt -W testtest1 - fi - - # if p7m-ed-m-files.txt does not exist, then generate it. - [ -f "$DATA/p7m-ed-m-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-ed-m-files.txt" > p7m-ed-m-files.txt - export P7M_ED_M_FILES=p7m-ed-m-files.txt - if [ "$SMALLSET" = "true" ]; then - [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0* -type f -print | head -10 >> "$P7M_ED_M_FILES" - else - [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0* -type f -print >> "$P7M_ED_M_FILES" - fi - - # Test "p7m-ed-m*" testcases - echo "Testing SMIME enveloped data testcases" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -p testtest1 -b -i "$P7M_ED_M_FILES" > niscc_smime/p7m-ed-m-results.txt 2>&1 - - export SMIME_CERT_DB_DIR=sigDB - # Generate sigDB if needed - if [ ! -d "$SMIME_CERT_DB_DIR" ]; then - mkdir -p "$SMIME_CERT_DB_DIR" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -N -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/CA.crt" -n CA -t "TC,C," - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/Client.crt" -n Client -t "TC,C," - fi - - # if p7m-sd-dt-files.txt does not exist, then generate it. - [ -f "$DATA/p7m-sd-dt-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-dt-files.txt" > p7m-sd-dt-files.txt - export P7M_SD_DT_FILES=p7m-sd-dt-files.txt - if [ "$SMALLSET" = "true" ]; then - [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-[cm]-* -type f -print | head -10 >> "$P7M_SD_DT_FILES" - else - [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-[cm]-* -type f -print >> "$P7M_SD_DT_FILES" - fi - - [ ! -f detached.txt ] && touch detached.txt - - # Test "p7m-sd-dt*" testcases - echo "Testing SMIME detached signed data testcases" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -c detached.txt -b -i "$P7M_SD_DT_FILES" > niscc_smime/p7m-sd-dt-results.txt 2>&1 - - # if p7m-sd-op-files.txt does not exist, then generate it. - [ -f "$DATA/p7m-sd-op-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-op-files.txt" > p7m-sd-op-files.txt - export P7M_SD_OP_FILES=p7m-sd-op-files.txt - if [ "$SMALLSET" = "true" ]; then - [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-[cm]-* -type f -print | head -10 >> "$P7M_SD_OP_FILES" - else - [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-[cm]-* -type f -print >> "$P7M_SD_OP_FILES" - fi - - # Test "p7m-sd-op*" testcases - echo "Testing SMIME opaque signed data testcases" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -b -i "$P7M_SD_OP_FILES" > niscc_smime/p7m-sd-op-results.txt 2>&1 - - unset LD_LIBRARY_PATH -} - -################################################################################ -# Set env variables for NISCC SSL tests -################################################################################ -niscc_ssl_init() -{ - export NSS_STRICT_SHUTDOWN=1 - export NSS_DISABLE_ARENA_FREE_LIST=1 - cd "$TEST_OUTPUT" -} - -force_crash() -{ - echo "int main(int argc, char *argv[]) { int *i; i = (int*)(void*)1; *i = 1; }" > "$TEST_OUTPUT/crashme.c" - gcc -g -o "$TEST_OUTPUT/crashme" "$TEST_OUTPUT/crashme.c" - "$TEST_OUTPUT/crashme" -} - -################################################################################ -# Do simple client auth tests -# Use an altered client against the server -################################################################################ -ssl_simple_client_auth() -{ - echo "Testing SSL simple client auth testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server" - export PORT=8443 - export START_AT=1 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=10 - else - export STOP_AT=106160 - fi - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog01" 2>&1 & - - export NISCC_TEST="$TEST/simple_client" - export LD_LIBRARY_PATH="$HACKLIB" - - for START in `seq $START_AT $THREADS $STOP_AT`; do - START_AT=$START \ - STOP_AT=$(($START+$THREADS)) \ - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt -p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog02" 2>&1 - done - - unset NISCC_TEST - echo "starting tstclnt to shutdown simple client selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog02" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Do simple server auth tests -# Use an altered server against the client -################################################################################ -ssl_simple_server_auth() -{ - echo "Testing SSL simple server auth testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server" - export PORT=8444 - export START_AT=00000001 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=00000010 - else - export STOP_AT=00106167 - fi - export LD_LIBRARY_PATH="$HACKLIB" - export NISCC_TEST="$TEST/simple_server" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog03" 2>&1 & - - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - for START in `seq $START_AT $THREADS $STOP_AT`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog04" 2>&1 - done - - echo "starting tstclnt to shutdown simple server selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog04" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Do simple rootCA tests -# Use an altered server against the client -################################################################################ -ssl_simple_rootca() -{ - echo "Testing SSL simple rootCA testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server" - export PORT=8445 - export START_AT=1 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=10 - else - export STOP_AT=106190 - fi - export LD_LIBRARY_PATH="$HACKLIB" - export NISCC_TEST="$TEST/simple_rootca" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog05" 2>&1 & - - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - for START in `seq $START_AT $THREADS $STOP_AT`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog06" 2>&1 - done - - echo "starting tstclnt to shutdown simple rootca selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog06" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Do resigned client auth tests -# Use an altered client against the server -################################################################################ -ssl_resigned_client_auth() -{ - echo "Testing SSL resigned client auth testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server" - export PORT=8446 - export START_AT=0 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=9 - else - export STOP_AT=99981 - fi - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog07" 2>&1 & - - export NISCC_TEST="$TEST/resigned_client" - export LD_LIBRARY_PATH="$HACKLIB" - - for START in `seq $START_AT $THREADS $STOP_AT`; do - START_AT=$START \ - STOP_AT=$(($START+$THREADS)) \ - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt -p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog08" 2>&1 - done - - unset NISCC_TEST - echo "starting tstclnt to shutdown resigned client selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog08" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Do resigned server auth tests -# Use an altered server against the client -################################################################################ -ssl_resigned_server_auth() -{ - echo "Testing SSL resigned server auth testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server" - export PORT=8447 - export START_AT=0 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=9 - else - export STOP_AT=100068 - fi - export LD_LIBRARY_PATH="$HACKLIB" - export NISCC_TEST="$TEST/resigned_server" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog09" 2>&1 & - - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - for START in `seq $START_AT $THREADS $STOP_AT`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog10" 2>&1 - done - - echo "starting tstclnt to shutdown resigned server selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog10" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Do resigned rootCA tests -# Use an altered server against the client -################################################################################ -ssl_resigned_rootca() -{ - echo "Testing SSL resigned rootCA testcases" - export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client" - export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server" - export PORT=8448 - export START_AT=0 - if [ "$SMALLSET" = "true" ]; then - export STOP_AT=9 - else - export STOP_AT=99959 - fi - export LD_LIBRARY_PATH="$HACKLIB" - export NISCC_TEST="$TEST/resigned_rootca" - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog11" 2>&1 & - - unset NISCC_TEST - export LD_LIBRARY_PATH="$TESTLIB" - for START in `seq $START_AT $THREADS $STOP_AT`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog12" 2>&1 - done - - echo "starting tstclnt to shutdown resigned rootca selfserv process" - for i in `seq 5`; do - LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \ - "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog12" 2>&1 - done - - unset LD_LIBRARY_PATH - - sleep 1 -} - -################################################################################ -# Email the test logfile, and if core found, notify of failure -################################################################################ -mail_testLog() -{ - pushd "$TEST_OUTPUT" - - # remove mozilla nss build false positives and core stored in previous runs - find . -name "core*" -print | grep -v coreconf | grep -v core_watch | grep -v archive >> crashLog - export SIZE=`cat crashLog | wc -l` - - [ "$USE_MAIL" = "false" ] && return - - # mail text - MT=mailText - rm -f $MT - - if [ "$SIZE" -ne 1 ]; then - echo "### FAILED ###" >> $MT - echo "### Exactly one crash is expected." >> $MT - echo "### Zero means: crash detection is broken, fix the script!" >> $MT - echo "### > 1 means: robustness test failure, fix the bug! (check the logs)" >> $MT - cat crashLog >> nisccLogSummary - SUBJ="FAILED: NISCC TESTS (check file: crashLog)" - else - echo ":) PASSED :)" >> $MT - SUBJ="PASSED: NISCC tests" - fi - - echo "Date used during test run: $DATE" >> $MT - - echo "Count of lines in files:" >> $MT - wc -l crashLog nisccBuildLog nisccBuildLogHack nisccLog[0-9]* p7m-* |grep -vw total >> $MT - NUM=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "success/passed"` - echo "Number of times the SSL tests reported success/passed (low expected): $NUM" >> $MT - NUM=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "problem|failed|error"` - echo "Number of times the SSL tests reported problem/failed/error (high expected): $NUM" >> $MT - NUM=`cat niscc_smime/p7m*results.txt | egrep -ic "success/passed"` - echo "Number of times the S/MIME tests reported success/passed (low expected): $NUM" >> $MT - NUM=`cat niscc_smime/p7m*results.txt | egrep -ic "problem|failed|error"` - echo "Number of times the S/MIME tests reported problem/failed/error (high expected): $NUM" >> $MT - echo "==== tail of nisccBuildLog ====" >> $MT - tail -20 nisccBuildLog >> $MT - echo "===============================" >> $MT - echo "==== tail of nisccBuildLogHack ====" >> $MT - tail -20 nisccBuildLogHack >> $MT - echo "===================================" >> $MT - - #NUM=`` - #echo "Number of : $NUM" >> $MT - - cat $MT | $MAIL_COMMAND -s "$SUBJ" $QA_LIST - - popd -} - -################################################################################ -# Summarize all logs -################################################################################ -log_summary() -{ - echo "Summarizing all logs" - # Move old logs - [ -f "$TEST_OUTPUT/nisccLogSummary" ] && mv nisccLogSummary nisccLogSummary.old - [ -f "$TEST_OUTPUT/crashLog" ] && mv crashLog crashLog.old - - for a in $TEST_OUTPUT/nisccLog[0-9]*; do - echo ================================== "$a" - grep -v using "$a" | sort | uniq -c | sort -b -n +0 -1 - done > $TEST_OUTPUT/nisccLogSummary - - for a in $TEST_OUTPUT/niscc_smime/p7m-*-results.txt; do - echo ================================== "$a" - grep -v using "$a" | sort | uniq -c | sort -b -n +0 -1 - done >> $TEST_OUTPUT/nisccLogSummary -} - -################################################################################ -# Process core files -################################################################################ -core_process() -{ - echo "Processing core files" - cd "$TEST_OUTPUT" - - for CORE in `cat crashLog`; do - FILE=`file "$CORE" | sed "s/.* from '//" | sed "s/'.*//"` - BINARY=`strings "$CORE" | grep "^${FILE}" | tail -1` - gdb "$BINARY" "$CORE" << EOF_GDB > "$CORE.details" -where -quit -EOF_GDB - done -} - -################################################################################ -# Move the old log files to save them, delete extra log files -################################################################################ -move_files() -{ - echo "Moving and deleting log files" - cd "$TEST_OUTPUT" - - rm -rf TRASH - mkdir TRASH - - if [ "$LOG_STORE" = "true" ]; then - BRANCH=`echo $LOCALDIST | sed "s:.*/\(security.*\)/builds/.*:\1:"` - if [ "$BRANCH" = "$LOCALDIST" ]; then - ARCHIVE="$TEST_OUTPUT/archive" - else - ARCHIVE="$TEST_OUTPUT/archive/$BRANCH" - fi - - # Check for archive directory - if [ ! -d "$ARCHIVE" ]; then - mkdir -p "$ARCHIVE" - fi - - # Determine next log storage point - slot=`ls -1 "$ARCHIVE" | grep $DATE | wc -l` - slot=`expr $slot + 1` - location="$ARCHIVE/$DATE.$slot" - mkdir -p "$location" - - # Archive the logs - mv nisccBuildLog "$location" 2> /dev/null - mv nisccBuildLogHack "$location" 2> /dev/null - mv nisccLogSummary "$location" - mv nisccLog* "$location" - mv niscc_smime/p7m-ed-m-results.txt "$location" - mv niscc_smime/p7m-sd-dt-results.txt "$location" - mv niscc_smime/p7m-sd-op-results.txt "$location" - - # Archive any core files produced - for core in `cat "$TEST_OUTPUT/crashLog"`; do - mv "$core" "$location" - mv "$core.details" "$location" - done - mv crashLog "$location" - else - # Logs not stored => summaries, crashlog and corefiles not moved, other logs deleted - mv nisccLog00 nisccLog01 nisccLog02 nisccLog03 nisccLog04 nisccLog05 nisccLog06 nisccLog07 nisccLog08 nisccLog09 nisccLog10 nisccLog11 nisccLog12 TRASH/ - mv niscc_smime/p7m-ed-m-results.txt niscc_smime/p7m-sd-dt-results.txt niscc_smime/p7m-sd-op-results.txt TRASH/ - fi - mv envDB sigDB niscc_smime niscc_ssl TRASH/ - mv CA.p12 Client.p12 client_crt.p12 server_crt.p12 TRASH/ - mv p7m-ed-m-files.txt p7m-sd-dt-files.txt p7m-sd-op-files.txt password-is-testtest1.txt detached.txt TRASH/ - mv crashme.c crashme TRASH/ -} - -################################################################################ -# Main -################################################################################ -process_args $* -create_environment -cvs_pull -build_NSS -init -niscc_smime -niscc_ssl_init -force_crash -ssl_setup_dirs_simple - ssl_simple_client_auth - ssl_simple_server_auth - ssl_simple_rootca -ssl_setup_dirs_resigned - ssl_resigned_client_auth - ssl_resigned_server_auth - ssl_resigned_rootca -# no idea what these commented-out lines are supposed to be! -#ssl_setup_dirs_update -# ssl_update_server_auth der -# ssl_update_client_auth der -# ssl_update_server_auth resigned-der -# ssl_update_client_auth resigned-der -log_summary -mail_testLog -core_process -move_files -exit $SIZE |