restructuring of NSS QA

2001-02-28 23:35:21 +00:00 · 2001-02-28 23:35:21 +00:00 · a5f4cb28ec
--- a/security/nss/tests/tools/tools.sh
+++ b/security/nss/tests/tools/tools.sh
@ -1,250 +1,168 @@
 #! /bin/sh  
 #
-# This is just a quick script so we can still run our testcases.
-# Longer term we need a scriptable test environment..
-#
-. ../common/init.sh
-CURDIR=`pwd`
-
-TOOLSDIR=${HOSTDIR}/tools
-CADIR=${TOOLSDIR}/cadir
-CERTDIR=${TOOLSDIR}/certdir
-COPYDIR=${TOOLSDIR}/copydir
-if [ ${OS_ARCH} = "WINNT" ]; then
-ROOTMODULE=${LIBPATH}/nssckbi.dll
-else
-ROOTMODULE=${LIBPATH}/libnssckbi.so
-fi
-
-echo "<HTML><BODY>" >> ${RESULTS}
-
-SONMI_DEBUG=ON	#we see starnge problems on hpux 64 - save all output
-		# for now
-
-#temporary files
-if [ -n "$SONMI_DEBUG" -a "$SONMI_DEBUG" = "ON" ]
-then
-	TMP=${TOOLSDIR}
-	PWFILE=${TMP}/tests.pw
-	CERTSCRIPT=${TMP}/tests_certs
-	MODSCRIPT=${TMP}/tests_mod
-	MODLIST=${TMP}/tests_modlist
-	SIGNSCRIPT=${TMP}/tests_sign
-	NOISE_FILE=${TMP}/tests_noise
-	CERTUTILOUT=${TMP}/certutil_out
-
-	TEMPFILES=""
-else
-	TMP=${TMP-/tmp}
-	PWFILE=${TMP}/tests.pw.$$
-	CERTSCRIPT=${TMP}/tests_certs.$$
-	MODSCRIPT=${TMP}/tests_mod.$$
-	MODLIST=${TMP}/tests_modlist.$$
-	SIGNSCRIPT=${TMP}/tests_sign.$$
-	NOISE_FILE=${TMP}/tests_noise.$$
-	CERTUTILOUT=${TMP}/certutil_out.$$
-
-	TEMPFILES="${PWFILE} ${CERTSCRIPT} ${MODSCRIPT} ${MODLIST} ${SIGNSCRIPT} ${NOISE_FILE} ${CERTUTILOUT}"
-	#
-	# should also try to kill any running server
-	#
-	trap "rm -f ${TEMPFILES};  exit"  2 3
-fi
-
-mkdir -p ${TOOLSDIR}
-mkdir -p ${CADIR}
-mkdir -p ${CERTDIR}
-mkdir -p ${COPYDIR}
-cd ${CADIR}
-
-rm ${CERTUTILOUT} 2>/dev/null
-
-# Generate noise for our CA cert.
-#
-# NOTE: these keys are only suitable for testing, as this whole thing bypasses
-# the entropy gathering. Don't use this method to generate keys and certs for
-# product use or deployment.
-#
-ps -efl > ${NOISE_FILE} 2>&1
-ps aux >> ${NOISE_FILE} 2>&1
-netstat >> ${NOISE_FILE} 2>&1
-date >> ${NOISE_FILE} 2>&1
-
-#
-# build the TEMP CA used for testing purposes
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
 # 
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS}
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
-echo "********************** Creating a CA Certificate **********************"
-echo nss > ${PWFILE}
-echo "   certutil -N -d ${CADIR} -f ${PWFILE} " 
-certutil -N -d ${CADIR} -f ${PWFILE}  2>&1
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+#
+########################################################################
+#
+# mozilla/security/nss/tests/tools/tools.sh
+#
+# Script to test basic functionallity of NSS tools 
+#
+# needs to work on all Unix and Windows platforms
+#
+# tests implemented:
+#    pk12util
+#    signtool
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################

-echo initialized
-echo 5 > ${CERTSCRIPT}
-echo 9 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo y >> ${CERTSCRIPT}
-echo 3 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo 5 >> ${CERTSCRIPT}
-echo 6 >> ${CERTSCRIPT}
-echo 7 >> ${CERTSCRIPT}
-echo 9 >> ${CERTSCRIPT}
-echo n >> ${CERTSCRIPT}
-echo    "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} " 
-certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT}  2>&1
-if [ $? -ne 0 ]; then
-    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-echo "   certutil -L -n \"TestCA\" -r -d ${CADIR} > root.cert"
-certutil -L -n "TestCA" -r -d ${CADIR} > root.cert 2>${CERTUTILOUT}
-if [ $? -ne 0 ]; then
-   CERTFAILED=${CERTFAILED-"Export Root"}
-fi
-cat ${CERTUTILOUT}
-rm ${CERTUTILOUT} 2>/dev/null
+############################## tools_init ##############################
+# local shell function to initialize this script 
+########################################################################
+tools_init()
+{
+  SCRIPTNAME=tools.sh      # sourced - $0 would point to all.sh

-echo "   certutil -N -d ${COPYDIR} -f ${PWFILE} "
-echo "**************** Creating Client CA Issued Certificates ****************"
-echo "   certutil -N -d ${CERTDIR} -f ${PWFILE} "
-certutil -N -d ${CERTDIR} -f ${PWFILE}  2>&1
-netstat >> ${NOISE_FILE} 2>&1
-date >> ${NOISE_FILE} 2>&1
-cd ${CERTDIR}
-echo "Import the root CA"
-echo "   certutil -A -n \"TestCA\" -t \"TC,TC,TC\" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert "
-certutil -A -n "TestCA" -t "TC,TC,TC" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert  2>&1
-if [ $? -ne 0 ]; then
-   CERTFAILED=${CERTFAILED-"Import Root"}
-fi
-echo "Generate a Certificate request"
-echo  "  certutil -R -s \"CN=Alice, E=alice@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -d ${CERTDIR}  -f ${PWFILE} -z ${NOISE_FILE} -o req "
-certutil -R -s "CN=Alice, E=alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -d ${CERTDIR}  -f ${PWFILE} -z ${NOISE_FILE} -o req  2>&1
-if [ $? -ne 0 ]; then
-   CERTFAILED=${CERTFAILED-"Generate Request"}
-fi
-echo "Sign the Certificate request"
-echo  "certutil -C -c \"TestCA\" -m 3 -v 60 -d ${CADIR} -f ${PWFILE} -i req -o alice.cert "
-certutil -C -c "TestCA" -m 3 -v 60 -d ${CADIR} -i req -o alice.cert -f ${PWFILE}  2>&1
-if [ $? -ne 0 ]; then
-   CERTFAILED=${CERTFAILED-"Sign Alice's Cert"}
-fi
-echo "Import the new Cert"
-echo "certutil -A -n \"Alice\" -t \"u,u,u\" -d ${CERTDIR} -f ${PWFILE} -i alice.cert "
-certutil -A -n "Alice" -t "u,u,u" -d ${CERTDIR} -f ${PWFILE} -i alice.cert  2>&1
-if [ $? -ne 0 ]; then
-   CERTFAILED=${CERTFAILED-"Import Alice's cert"}
-fi
-if [ -n "${CERTFAILED}" ]; then
-    echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi

-cd ${TOOLSDIR}
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . cert.sh
+  fi
+  SCRIPTNAME=tools.sh
+  html_head "Tools Tests"

-echo "Load the root cert module"
-echo "" > ${MODSCRIPT}
-echo "modutil -add \"Builtin Object Token\" -libfile ${ROOTMODULE} -dbdir ${CERTDIR}"
-modutil -add "Builtin Object Token" -libfile ${ROOTMODULE} -dbdir ${CERTDIR} < ${MODSCRIPT} 2>&1
-if [ $? -ne 0 ]; then
-   MODFAILED=${MODFAILED-"Load Builtin Root Module"}
-fi
-if [ -n "${MODFAILED}" ]; then
-    echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
-echo "Listing roots from builtin module"
-echo "certutil -L -d ${CERTDIR} -h all | grep \"Builtin Object Token:\""
-certutil -L -d ${CERTDIR} -h all | grep "Builtin Object Token:" > ${MODLIST}
-if [ -s ${MODLIST} ]; then
-    echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
-fi
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
+  }

-echo "Export cert and key"
-echo "pk12util -o alice.p12 -n \"Alice\" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE}"
-pk12util -o alice.p12 -n "Alice" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE} 2>&1
-if [ $? -ne 0 ]; then
-   P12FAILED=${P12FAILED-"Export cert and key"}
-fi
-if [ -n "${P12FAILED}" ]; then
-    echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  TOOLSDIR=${HOSTDIR}/tools
+  COPYDIR=${TOOLSDIR}/copydir

-echo "Import cert and key"
-echo "pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE}"
-pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE} 2>&1
-if [ $? -ne 0 ]; then
-   P12FAILED=${P12FAILED-"Import cert and key"}
-fi
-if [ -n "${P12FAILED}" ]; then
-    echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=red>Failed ($P12FAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  R_TOOLSDIR=../tools
+  R_COPYDIR=../tools/copydir

-echo "Create objsign cert"
-echo "signtool -G \"objectsigner\" -d ${CERTDIR} -p \"nss\""
-echo "y"    > ${SIGNSCRIPT}
-echo "TEST" >> ${SIGNSCRIPT}
-echo "MOZ"  >> ${SIGNSCRIPT}
-echo "NSS"  >> ${SIGNSCRIPT}
-echo "NY"   >> ${SIGNSCRIPT}
-echo "US"   >> ${SIGNSCRIPT}
-echo "liz"  >> ${SIGNSCRIPT}
-echo "liz@moz.org" >> ${SIGNSCRIPT}
-signtool -G "objsigner" -d ${CERTDIR} -p "nss" < ${SIGNSCRIPT} 2>&1
+  SIGNSCRIPT=${TMP}/tests_sign.$$

-echo "Sign files in a directory"
-mkdir -p ${TOOLSDIR}/html
-cp ${CURDIR}/sign*.html ${TOOLSDIR}/html
-echo "signtool -Z nojs.jar -d ${CERTDIR} -p \"nss\" -k objsigner ${TOOLSDIR}/html"
-signtool -Z nojs.jar -d ${CERTDIR} -p "nss" -k objsigner ${TOOLSDIR}/html
-if [ $? -ne 0 ]; then
-   SIGNFAILED=${SIGNFAILED-"Sign files in directory"}
-fi
-if [ -n "${SIGNFAILED}" ]; then
-    echo "<TR><TD>Signing a set of files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Signing a set of files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  TEMPFILES="${TEMPFILES} ${SIGNSCRIPT}"

-echo "signtool -w nojs.jar -d ${CERTDIR}"
-signtool -w nojs.jar -d ${CERTDIR}
-if [ $? -ne 0 ]; then
-   SIGNFAILED=${SIGNFAILED-"Show files in jar"}
-fi
-if [ -n "${SIGNFAILED}" ]; then
-    echo "<TR><TD>Listing signed files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Listing signed files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  mkdir -p ${TOOLSDIR}
+  mkdir -p ${COPYDIR}
+  mkdir -p ${TOOLSDIR}/html
+  cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html

-echo "signtool -w nojs.jar -d ${CERTDIR}"
-signtool -w nojs.jar -d ${CERTDIR}
-if [ $? -ne 0 ]; then
-   SIGNFAILED=${SIGNFAILED-"Check signer"}
-fi
-if [ -n "${SIGNFAILED}" ]; then
-    echo "<TR><TD>Show who signed jar</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
-else
-    echo "<TR><TD>Show who signed jar</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
-fi
+  cd ${TOOLSDIR}
+}

-echo "</TABLE><BR>" >> ${RESULTS}
+############################## tools_p12 ###############################
+# local shell function to test basic functionality of pk12util
+########################################################################
+tools_p12()
+{
+  echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------"
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${R_ALICEDIR} -k ${R_PWFILE} \\"
+  echo "         -w ${R_PWFILE}"
+  pk12util -o Alice.p12 -n "Alice" -d ${R_ALICEDIR} -k ${R_PWFILE} \
+           -w ${R_PWFILE} 2>&1 
+  html_msg $? 0 "Exporting Alice's email cert & key (pk12util -o)"
+
+  echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------"
+  echo "pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
+  pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
+  html_msg $? 0 "Importing Alice's email cert & key (pk12util -i)"
+}
+
+############################## tools_sign ##############################
+# local shell function to test basic functionality of signtool
+########################################################################
+tools_sign()
+{
+  echo "$SCRIPTNAME: Create objsign cert -------------------------------"
+  echo "signtool -G \"objectsigner\" -d ${R_ALICEDIR} -p \"nss\""
+  echo "y"    > ${SIGNSCRIPT}
+  echo "TEST" >> ${SIGNSCRIPT}
+  echo "MOZ"  >> ${SIGNSCRIPT}
+  echo "NSS"  >> ${SIGNSCRIPT}
+  echo "NY"   >> ${SIGNSCRIPT}
+  echo "US"   >> ${SIGNSCRIPT}
+  echo "liz"  >> ${SIGNSCRIPT}
+  echo "liz@moz.org" >> ${SIGNSCRIPT}
+  signtool -G "objsigner" -d ${R_ALICEDIR} -p "nss" < ${SIGNSCRIPT} 2>&1
+
+  echo "$SCRIPTNAME: Signing a set of files ----------------------------"
+  echo "signtool -Z nojs.jar -d ${R_ALICEDIR} -p \"nss\" -k objsigner \\"
+  echo "         ${R_TOOLSDIR}/html"
+  signtool -Z nojs.jar -d ${R_ALICEDIR} -p "nss" -k objsigner ${R_TOOLSDIR}/html
+  html_msg $? 0 "Signing a set of files (signtool -Z)"
+
+  echo "$SCRIPTNAME: Listing signed files in jar ----------------------"
+  echo "signtool -w nojs.jar -d ${R_ALICEDIR}"
+  signtool -w nojs.jar -d ${R_ALICEDIR}
+  html_msg $? 0 "Listing signed files in jar (signtool -w)"
+  
+  echo "$SCRIPTNAME: Show who signed jar ------------------------------"
+  echo "signtool -w nojs.jar -d ${R_ALICEDIR}"
+  signtool -w nojs.jar -d ${R_ALICEDIR}
+  html_msg $? 0 "Show who signed jar (signtool -w)"
+}
+
+############################## tools_cleanup ###########################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+tools_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+tools_init
+tools_p12
+tools_sign
+tools_cleanup

-if [ "$SONMI_DEBUG" != "ON"  -a -n "$TEMPFILES" ]
-then
-	rm -f ${TEMPFILES}
-fi
-cd ${CURDIR}

-echo "</BODY></HTML>" >> ${RESULTS}