#! /bin/bash # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. ######################################################################## # # mozilla/security/nss/tests/common/init.sh # # initialization for NSS QA, can be included multiple times # from all.sh and the individual scripts # # variables, utilities and shellfunctions global to NSS QA # needs to work on all Unix and Windows platforms # # included from # ------------- # all.sh # ssl.sh # sdr.sh # cipher.sh # perf.sh # cert.sh # smime.sh # tools.sh # fips.sh # # special strings # --------------- # FIXME ... known problems, search for this string # NOTE .... unexpected behavior # # NOTE: # ----- # Unlike the old QA this is based on files sourcing each other # This is done to save time, since a great portion of time is lost # in calling and sourcing the same things multiple times over the # network. Also, this way all scripts have all shell function available # and a completely common environment # ######################################################################## NSS_STRICT_SHUTDOWN=1 export NSS_STRICT_SHUTDOWN # Init directories based on HOSTDIR variable if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then init_directories() { TMP=${HOSTDIR} #TMP=${TMP-/tmp} TEMP=${TMP} TMPDIR=${TMP} CADIR=${HOSTDIR}/CA SERVERDIR=${HOSTDIR}/server CLIENTDIR=${HOSTDIR}/client ALICEDIR=${HOSTDIR}/alicedir BOBDIR=${HOSTDIR}/bobdir DAVEDIR=${HOSTDIR}/dave EVEDIR=${HOSTDIR}/eve FIPSDIR=${HOSTDIR}/fips DBPASSDIR=${HOSTDIR}/dbpass ECCURVES_DIR=${HOSTDIR}/eccurves DISTRUSTDIR=${HOSTDIR}/distrust SERVER_CADIR=${HOSTDIR}/serverCA CLIENT_CADIR=${HOSTDIR}/clientCA EXT_SERVERDIR=${HOSTDIR}/ext_server EXT_CLIENTDIR=${HOSTDIR}/ext_client IOPR_CADIR=${HOSTDIR}/CA_iopr IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions STAPLINGDIR=${HOSTDIR}/stapling SSLGTESTDIR=${HOSTDIR}/ssl_gtests GTESTDIR=${HOSTDIR}/gtests PWFILE=${HOSTDIR}/tests.pw NOISE_FILE=${HOSTDIR}/tests_noise CORELIST_FILE=${HOSTDIR}/clist FIPSPWFILE=${HOSTDIR}/tests.fipspw FIPSBADPWFILE=${HOSTDIR}/tests.fipsbadpw FIPSP12PWFILE=${HOSTDIR}/tests.fipsp12pw echo "fIps140" > ${FIPSPWFILE} echo "fips104" > ${FIPSBADPWFILE} echo "pKcs12fips140" > ${FIPSP12PWFILE} noise P_SERVER_CADIR=${SERVER_CADIR} P_CLIENT_CADIR=${CLIENT_CADIR} if [ -n "${MULTIACCESS_DBM}" ]; then P_SERVER_CADIR="multiaccess:${D_SERVER_CA}" P_CLIENT_CADIR="multiaccess:${D_CLIENT_CA}" fi # a new log file, short - fast to search, mostly for tools to # see if their portion of the cert has succeeded, also for me - CERT_LOG_FILE=${HOSTDIR}/cert.log #the output.log is so crowded... TEMPFILES=foobar # keep "${PWFILE} ${NOISE_FILE}" around export HOSTDIR } # Generate noise file noise() { # NOTE: these keys are only suitable for testing, as this whole thing # bypasses the entropy gathering. Don't use this method to generate # keys and certs for product use or deployment. ps -efl > ${NOISE_FILE} 2>&1 ps aux >> ${NOISE_FILE} 2>&1 date >> ${NOISE_FILE} 2>&1 } # Print selected environment variable (used for backup) env_backup() { echo "HOSTDIR=\"${HOSTDIR}\"" echo "TABLE_ARGS=" echo "NSS_TEST_DISABLE_CRL=${NSS_TEST_DISABLE_CRL}" echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\"" echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\"" echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}" echo "export NSS_DEFAULT_DB_TYPE" echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}" echo "export NSS_ENABLE_PKIX_VERIFY" echo "init_directories" } # Exit shellfunction to clean up at exit (error, regular or signal) Exit() { if [ -n "$1" ] ; then echo "$SCRIPTNAME: Exit: $* - FAILED" html_failed "$*" fi echo "
" >> ${RESULTS} if [ -n "${SERVERPID}" -a -f "${SERVERPID}" ]; then ${KILL} `cat ${SERVERPID}` fi cd ${QADIR} . common/cleanup.sh case $1 in [0-4][0-9]|[0-9]) exit $1; ;; *) exit 1 ;; esac } detect_core() { [ ! -f $CORELIST_FILE ] && touch $CORELIST_FILE mv $CORELIST_FILE ${CORELIST_FILE}.old coreStr=`find $HOSTDIR -type f -name '*core*'` res=0 if [ -n "$coreStr" ]; then sum $coreStr > $CORELIST_FILE res=`cat $CORELIST_FILE ${CORELIST_FILE}.old | sort | uniq -u | wc -l` fi return $res } #html functions to give the resultfiles a consistant look html() ######################### write the results.html file { # 3 functions so we can put targets in the output.log easier echo $* >>${RESULTS} } increase_msg_id() { MSG_ID=`cat ${MSG_ID_FILE}` MSG_ID=`expr ${MSG_ID} + 1` echo ${MSG_ID} > ${MSG_ID_FILE} } html_passed_ignore_core() { increase_msg_id html "#${MSG_ID}: $1 ${HTML_PASSED}" echo "${SCRIPTNAME}: #${MSG_ID}: $* - PASSED" } html_passed() { html_detect_core "$@" || return html_passed_ignore_core "$@" } html_failed_ignore_core() { increase_msg_id html "#${MSG_ID}: $1 ${HTML_FAILED}" echo "${SCRIPTNAME}: #${MSG_ID}: $* - FAILED" } html_failed() { html_detect_core "$@" || return html_failed_ignore_core "$@" || return } html_unknown_ignore_core() { increase_msg_id html "#${MSG_ID}: $1 ${HTML_UNKNOWN}" echo "${SCRIPTNAME}: #${MSG_ID}: $* - UNKNOWN" } html_unknown() { html_detect_core "$@" || return increase_msg_id html "#${MSG_ID}: $1 ${HTML_UNKNOWN}" echo "${SCRIPTNAME}: #${MSG_ID}: $* - UNKNOWN" } html_detect_core() { detect_core if [ $? -ne 0 ]; then increase_msg_id html "#${MSG_ID}: $* ${HTML_FAILED_CORE}" echo "${SCRIPTNAME}: #${MSG_ID}: $* - Core file is detected - FAILED" return 1 fi return 0 } html_head() { html "" html "" echo "$SCRIPTNAME: $* ===============================" } html_msg() { if [ $1 -ne $2 ] ; then html_failed "$3" "$4" else html_passed "$3" "$4" fi } HTML_FAILED='' HTML_FAILED_CORE='' HTML_PASSED='' HTML_UNKNOWN='' TABLE_ARGS= #directory name init SCRIPTNAME=init.sh mozilla_root=`(cd ../../..; pwd)` MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root} qadir=`(cd ..; pwd)` QADIR=${QADIR-$qadir} common=${QADIR}/common COMMON=${TEST_COMMON-$common} export COMMON DIST=${DIST-${MOZILLA_ROOT}/dist} TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security} # Allow for override options from a config file if [ -n "${OBJDIR}" -a -f ${DIST}/${OBJDIR}/platform.cfg ]; then . ${DIST}/${OBJDIR}/platform.cfg fi # only need make if we don't already have certain variables set if [ -z "${OBJDIR}" -o -z "${OS_ARCH}" -o -z "${DLL_PREFIX}" -o -z "${DLL_SUFFIX}" ]; then MAKE=gmake $MAKE -v >/dev/null 2>&1 || MAKE=make $MAKE -v >/dev/null 2>&1 || { echo "You are missing make."; exit 5; } MAKE="$MAKE --no-print-directory" fi if [ "${OBJDIR}" = "" ]; then if [ -f ${DIST}/latest ]; then OBJDIR=$(cat ${DIST}/latest) else OBJDIR=`($MAKE -s -C $COMMON objdir_name)` fi fi if [ "${OS_ARCH}" = "" ]; then OS_ARCH=`(cd $COMMON; $MAKE os_arch)` fi if [ "${DLL_PREFIX}" = "" ]; then DLL_PREFIX=`(cd $COMMON; $MAKE dll_prefix)` fi if [ "${DLL_SUFFIX}" = "" ]; then DLL_SUFFIX=`(cd $COMMON; $MAKE dll_suffix)` fi OS_NAME=`uname -s | sed -e "s/-[0-9]*\.[0-9]*//" | sed -e "s/-WOW64//"` BINDIR="${DIST}/${OBJDIR}/bin" # Pathnames constructed from ${TESTDIR} are passed to NSS tools # such as certutil, which don't understand Cygwin pathnames. # So we need to convert ${TESTDIR} to a Windows pathname (with # regular slashes). if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then TESTDIR=`cygpath -m ${TESTDIR}` QADIR=`cygpath -m ${QADIR}` fi # Same problem with MSYS/Mingw, except we need to start over with pwd -W if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then mingw_mozilla_root=`(cd ../../..; pwd -W)` MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root} TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security} fi # Same problem with MSYS/Mingw, except we need to start over with pwd -W if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then mingw_mozilla_root=`(cd ../../..; pwd -W)` MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root} TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security} fi echo testdir is $TESTDIR #in case of backward comp. tests the calling scripts set the #PATH and LD_LIBRARY_PATH and do not want them to be changed if [ -z "${DON_T_SET_PATHS}" -o "${DON_T_SET_PATHS}" != "TRUE" ] ; then if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" != "CYGWIN_NT" -a "$OS_NAME" != "MINGW32_NT" ]; then PATH=.\;${DIST}/${OBJDIR}/bin\;${DIST}/${OBJDIR}/lib\;$PATH PATH=`perl ../path_uniq -d ';' "$PATH"` elif [ "${OS_ARCH}" = "Android" ]; then # android doesn't have perl, skip the uniq step PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH else PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:/bin:/usr/bin:$PATH # added /bin and /usr/bin in the beginning so a local perl will # be used PATH=`perl ../path_uniq -d ':' "$PATH"` fi LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$LD_LIBRARY_PATH SHLIB_PATH=${DIST}/${OBJDIR}/lib:$SHLIB_PATH LIBPATH=${DIST}/${OBJDIR}/lib:$LIBPATH DYLD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$DYLD_LIBRARY_PATH fi if [ ! -d "${TESTDIR}" ]; then echo "$SCRIPTNAME init: Creating ${TESTDIR}" mkdir -p ${TESTDIR} fi #HOST and DOMSUF are needed for the server cert DOMAINNAME=`which domainname` if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then DOMSUF=`domainname` fi case $HOST in *\.*) if [ -z "${DOMSUF}" ]; then DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"` fi HOST=`echo $HOST | sed -e "s/\..*//"` ;; ?*) ;; *) HOST=`uname -n` case $HOST in *\.*) if [ -z "${DOMSUF}" ]; then DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"` fi HOST=`echo $HOST | sed -e "s/\..*//"` ;; ?*) ;; *) echo "$SCRIPTNAME: Fatal HOST environment variable is not defined." exit 1 #does not need to be Exit, very early in script ;; esac ;; esac if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined." exit 1 #does not need to be Exit, very early in script fi #HOSTADDR was a workaround for the dist. stress test, and is probably #not needed anymore (purpose: be able to use IP address for the server #cert instead of PC name which was not in the DNS because of dyn IP address if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then if [ -z "${DOMSUF}" ]; then HOSTADDR=${HOST} else HOSTADDR=${HOST}.${DOMSUF} fi else HOSTADDR=${IP_ADDRESS} fi #if running remote side of the distributed stress test we need to use #the files that the server side gives us... if [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then for w in `ls -rtd ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null | sed -e "s/.*${HOST}.//"` ; do version=$w done HOSTDIR=${TESTDIR}/${HOST}.$version echo "$SCRIPTNAME init: HOSTDIR $HOSTDIR" echo $HOSTDIR if [ ! -d $HOSTDIR ] ; then echo "$SCRIPTNAME: Fatal: Remote side of dist. stress test " echo " - server HOSTDIR $HOSTDIR does not exist" exit 1 #does not need to be Exit, very early in script fi fi #find the HOSTDIR, where the results are supposed to go if [ -n "${HOSTDIR}" ]; then version=`echo $HOSTDIR | sed -e "s/.*${HOST}.//"` else if [ -f "${TESTDIR}/${HOST}" ]; then version=`cat ${TESTDIR}/${HOST}` else version=1 fi #file has a tendency to disappear, messing up the rest of QA - #workaround to find the next higher number if version file is not there if [ -z "${version}" ]; then # for some strange reason this file # gets truncated at times... Windos for w in `ls -d ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null | sort -t '.' -n | sed -e "s/.*${HOST}.//"` ; do version=`expr $w + 1` done if [ -z "${version}" ]; then version=1 fi fi expr $version + 1 > ${TESTDIR}/${HOST} HOSTDIR=${TESTDIR}/${HOST}'.'$version mkdir -p ${HOSTDIR} fi #result and log file and filename init, if [ -z "${LOGFILE}" ]; then LOGFILE=${HOSTDIR}/output.log fi if [ ! -f "${LOGFILE}" ]; then touch ${LOGFILE} fi if [ -z "${RESULTS}" ]; then RESULTS=${HOSTDIR}/results.html fi if [ ! -f "${RESULTS}" ]; then cp ${COMMON}/results_header.html ${RESULTS} html "

Platform: ${OBJDIR}
" html "Test Run: ${HOST}.$version

" html "${BC_ACTION}" html "

" html "" echo "********************************************" | tee -a ${LOGFILE} echo " Platform: ${OBJDIR}" | tee -a ${LOGFILE} echo " Results: ${HOST}.$version" | tee -a ${LOGFILE} echo "********************************************" | tee -a ${LOGFILE} echo "$BC_ACTION" | tee -a ${LOGFILE} #if running remote side of the distributed stress test # let the user know who it is... elif [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then echo "********************************************" | tee -a ${LOGFILE} echo " Platform: ${OBJDIR}" | tee -a ${LOGFILE} echo " Results: ${HOST}.$version" | tee -a ${LOGFILE} echo " remote side of distributed stress test " | tee -a ${LOGFILE} echo " `uname -n -s`" | tee -a ${LOGFILE} echo "********************************************" | tee -a ${LOGFILE} fi echo "$SCRIPTNAME init: Testing PATH $PATH against LIB $LD_LIBRARY_PATH" |\ tee -a ${LOGFILE} KILL="kill" if [ `uname -s` = "SunOS" ]; then PS="/usr/5bin/ps" else PS="ps" fi #found 3 rsh's so far that do not work as expected - cygnus mks6 #(restricted sh) and mks 7 - if it is not in c:/winnt/system32 it #needs to be set in the environ.ksh if [ -z "$RSH" ]; then if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then RSH=/cygdrive/c/winnt/system32/rsh elif [ "${OS_ARCH}" = "WINNT" ]; then RSH=c:/winnt/system32/rsh else RSH=rsh fi fi #more filename and directoryname init CURDIR=`pwd` CU_ACTION='Unknown certutil action' # would like to preserve some tmp files, also easier to see if there # are "leftovers" - another possibility ${HOSTDIR}/tmp init_directories FIPSCERTNICK="FIPS_PUB_140_Test_Certificate" # domains to handle ipc based access to databases D_CA="TestCA.$version" D_ALICE="Alice.$version" D_BOB="Bob.$version" D_DAVE="Dave.$version" D_EVE="Eve.$version" D_SERVER_CA="ServerCA.$version" D_CLIENT_CA="ClientCA.$version" D_SERVER="Server.$version" D_CLIENT="Client.$version" D_FIPS="FIPS.$version" D_DBPASS="DBPASS.$version" D_ECCURVES="ECCURVES.$version" D_EXT_SERVER="ExtendedServer.$version" D_EXT_CLIENT="ExtendedClient.$version" D_CERT_EXTENSTIONS="CertExtensions.$version" D_DISTRUST="Distrust.$version" # we need relative pathnames of these files abd directories, since our # tools can't handle the unix style absolut pathnames on cygnus R_CADIR=../CA R_SERVERDIR=../server R_CLIENTDIR=../client R_IOPR_CADIR=../CA_iopr R_IOPR_SSL_SERVERDIR=../server_ssl_iopr R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr R_ALICEDIR=../alicedir R_BOBDIR=../bobdir R_DAVEDIR=../dave R_EVEDIR=../eve R_EXT_SERVERDIR=../ext_server R_EXT_CLIENTDIR=../ext_client R_CERT_EXT=../cert_extensions R_STAPLINGDIR=../stapling R_SSLGTESTDIR=../ssl_gtests R_GTESTDIR=../gtests # # profiles are either paths or domains depending on the setting of # MULTIACCESS_DBM # P_R_CADIR=${R_CADIR} P_R_ALICEDIR=${R_ALICEDIR} P_R_BOBDIR=${R_BOBDIR} P_R_DAVEDIR=${R_DAVEDIR} P_R_EVEDIR=${R_EVEDIR} P_R_SERVERDIR=${R_SERVERDIR} P_R_CLIENTDIR=${R_CLIENTDIR} P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR} P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR} if [ -n "${MULTIACCESS_DBM}" ]; then P_R_CADIR="multiaccess:${D_CA}" P_R_ALICEDIR="multiaccess:${D_ALICE}" P_R_BOBDIR="multiaccess:${D_BOB}" P_R_DAVEDIR="multiaccess:${D_DAVE}" P_R_EVEDIR="multiaccess:${D_EVE}" P_R_SERVERDIR="multiaccess:${D_SERVER}" P_R_CLIENTDIR="multiaccess:${D_CLIENT}" P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}" P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}" fi R_PWFILE=../tests.pw R_NOISE_FILE=../tests_noise R_FIPSPWFILE=../tests.fipspw R_FIPSBADPWFILE=../tests.fipsbadpw R_FIPSP12PWFILE=../tests.fipsp12pw trap "Exit $0 Signal_caught" 2 3 export PATH LD_LIBRARY_PATH SHLIB_PATH LIBPATH DYLD_LIBRARY_PATH export DOMSUF HOSTADDR export KILL PS export MOZILLA_ROOT DIST TESTDIR OBJDIR QADIR export LOGFILE SCRIPTNAME #used for the distributed stress test, the server generates certificates #from GLOB_MIN_CERT to GLOB_MAX_CERT # NOTE - this variable actually gets initialized by directly by the # ssl_dist_stress.shs sl_ds_init() before init is called - need to change # in both places. speaking of data encapsulatioN... if [ -z "$GLOB_MIN_CERT" ] ; then GLOB_MIN_CERT=0 fi if [ -z "$GLOB_MAX_CERT" ] ; then GLOB_MAX_CERT=200 fi if [ -z "$MIN_CERT" ] ; then MIN_CERT=$GLOB_MIN_CERT fi if [ -z "$MAX_CERT" ] ; then MAX_CERT=$GLOB_MAX_CERT fi ################################################# # CRL SSL testing constatnts # CRL_GRP_1_BEGIN=40 CRL_GRP_1_RANGE=3 UNREVOKED_CERT_GRP_1=41 CRL_GRP_2_BEGIN=43 CRL_GRP_2_RANGE=6 UNREVOKED_CERT_GRP_2=46 CRL_GRP_3_BEGIN=49 CRL_GRP_3_RANGE=4 UNREVOKED_CERT_GRP_3=51 TOTAL_CRL_RANGE=`expr ${CRL_GRP_1_RANGE} + ${CRL_GRP_2_RANGE} + \ ${CRL_GRP_3_RANGE}` TOTAL_GRP_NUM=3 RELOAD_CRL=1 NSS_DEFAULT_DB_TYPE="dbm" export NSS_DEFAULT_DB_TYPE MSG_ID_FILE="${HOSTDIR}/id" MSG_ID=0 echo ${MSG_ID} > ${MSG_ID_FILE} ################################################# # Interoperability testing constatnts # # if suite is setup for testing, IOPR_HOSTADDR_LIST should have # at least one host name(FQDN) # Example IOPR_HOSTADDR_LIST="goa1.SFBay.Sun.COM" if [ -z "`echo ${IOPR_HOSTADDR_LIST} | grep '[A-Za-z]'`" ]; then IOPR=0 else IOPR=1 fi ################################################# if [ "${OS_ARCH}" != "WINNT" -a "${OS_ARCH}" != "Android" ]; then ulimit -c unlimited fi SCRIPTNAME=$0 INIT_SOURCED=TRUE #whatever one does - NEVER export this one please fi
$*
Test CaseResult
Failed
Failed Core
Passed
Unknown