restructuring of NSS QA

2001-02-28 23:35:21 +00:00 · 2001-02-28 23:35:21 +00:00 · a5f4cb28ec
--- a/security/nss/tests/tools/tools.sh
+++ b/security/nss/tests/tools/tools.sh
@ -1,250 +1,168 @@
 #! /bin/sh  
 #
-# This is just a quick script so we can still run our testcases.
+# The contents of this file are subject to the Mozilla Public
-# Longer term we need a scriptable test environment..
+# License Version 1.1 (the "License"); you may not use this file
-#
+# except in compliance with the License. You may obtain a copy of
-. ../common/init.sh
+# the License at http://www.mozilla.org/MPL/
 CURDIR=`pwd`
 TOOLSDIR=${HOSTDIR}/tools
 CADIR=${TOOLSDIR}/cadir
 CERTDIR=${TOOLSDIR}/certdir
 COPYDIR=${TOOLSDIR}/copydir
 if [ ${OS_ARCH} = "WINNT" ]; then
 ROOTMODULE=${LIBPATH}/nssckbi.dll
 else
 ROOTMODULE=${LIBPATH}/libnssckbi.so
 fi
 echo "<HTML><BODY>" >> ${RESULTS}
 SONMI_DEBUG=ON	#we see starnge problems on hpux 64 - save all output
 		# for now
 #temporary files
 if [ -n "$SONMI_DEBUG" -a "$SONMI_DEBUG" = "ON" ]
 then
 	TMP=${TOOLSDIR}
 	PWFILE=${TMP}/tests.pw
 	CERTSCRIPT=${TMP}/tests_certs
 	MODSCRIPT=${TMP}/tests_mod
 	MODLIST=${TMP}/tests_modlist
 	SIGNSCRIPT=${TMP}/tests_sign
 	NOISE_FILE=${TMP}/tests_noise
 	CERTUTILOUT=${TMP}/certutil_out
 	TEMPFILES=""
 else
 	TMP=${TMP-/tmp}
 	PWFILE=${TMP}/tests.pw.$$
 	CERTSCRIPT=${TMP}/tests_certs.$$
 	MODSCRIPT=${TMP}/tests_mod.$$
 	MODLIST=${TMP}/tests_modlist.$$
 	SIGNSCRIPT=${TMP}/tests_sign.$$
 	NOISE_FILE=${TMP}/tests_noise.$$
 	CERTUTILOUT=${TMP}/certutil_out.$$
 	TEMPFILES="${PWFILE} ${CERTSCRIPT} ${MODSCRIPT} ${MODLIST} ${SIGNSCRIPT} ${NOISE_FILE} ${CERTUTILOUT}"
 	#
 	# should also try to kill any running server
 	#
 	trap "rm -f ${TEMPFILES};  exit"  2 3
 fi
 mkdir -p ${TOOLSDIR}
 mkdir -p ${CADIR}
 mkdir -p ${CERTDIR}
 mkdir -p ${COPYDIR}
 cd ${CADIR}
 rm ${CERTUTILOUT} 2>/dev/null
 # Generate noise for our CA cert.
 #
 # NOTE: these keys are only suitable for testing, as this whole thing bypasses
 # the entropy gathering. Don't use this method to generate keys and certs for
 # product use or deployment.
 #
 ps -efl > ${NOISE_FILE} 2>&1
 ps aux >> ${NOISE_FILE} 2>&1
 netstat >> ${NOISE_FILE} 2>&1
 date >> ${NOISE_FILE} 2>&1
 #
 # build the TEMP CA used for testing purposes
 # 
-echo "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" >> ${RESULTS}
+# Software distributed under the License is distributed on an "AS
-echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULTS}
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-echo "********************** Creating a CA Certificate **********************"
+# implied. See the License for the specific language governing
-echo nss > ${PWFILE}
+# rights and limitations under the License.
-echo "   certutil -N -d ${CADIR} -f ${PWFILE} " 
+# 
-certutil -N -d ${CADIR} -f ${PWFILE}  2>&1
+# The Original Code is the Netscape security libraries.
 # 
 # The Initial Developer of the Original Code is Netscape
 # Communications Corporation.  Portions created by Netscape are 
 # Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 # Rights Reserved.
 # 
 # Contributor(s):
 # 
 # Alternatively, the contents of this file may be used under the
 # terms of the GNU General Public License Version 2 or later (the
 # "GPL"), in which case the provisions of the GPL are applicable 
 # instead of those above.  If you wish to allow use of your 
 # version of this file only under the terms of the GPL and not to
 # allow others to use your version of this file under the MPL,
 # indicate your decision by deleting the provisions above and
 # replace them with the notice and other provisions required by
 # the GPL.  If you do not delete the provisions above, a recipient
 # may use your version of this file under either the MPL or the
 # GPL.
 #
 #
 ########################################################################
 #
 # mozilla/security/nss/tests/tools/tools.sh
 #
 # Script to test basic functionallity of NSS tools 
 #
 # needs to work on all Unix and Windows platforms
 #
 # tests implemented:
 #    pk12util
 #    signtool
 #
 # special strings
 # ---------------
 #   FIXME ... known problems, search for this string
 #   NOTE .... unexpected behavior
 #
 ########################################################################
-echo initialized
+############################## tools_init ##############################
-echo 5 > ${CERTSCRIPT}
+# local shell function to initialize this script 
-echo 9 >> ${CERTSCRIPT}
+########################################################################
-echo n >> ${CERTSCRIPT}
+tools_init()
-echo y >> ${CERTSCRIPT}
+{
-echo 3 >> ${CERTSCRIPT}
+  SCRIPTNAME=tools.sh      # sourced - $0 would point to all.sh
 echo n >> ${CERTSCRIPT}
 echo 5 >> ${CERTSCRIPT}
 echo 6 >> ${CERTSCRIPT}
 echo 7 >> ${CERTSCRIPT}
 echo 9 >> ${CERTSCRIPT}
 echo n >> ${CERTSCRIPT}
 echo    "certutil -S -n \"TestCA\" -s \"CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US\" -t \"CTu,CTu,CTu\" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} " 
 certutil -S -n "TestCA" -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT}  2>&1
 if [ $? -ne 0 ]; then
    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=red>Failed</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Creating CA Cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
 echo "   certutil -L -n \"TestCA\" -r -d ${CADIR} > root.cert"
 certutil -L -n "TestCA" -r -d ${CADIR} > root.cert 2>${CERTUTILOUT}
 if [ $? -ne 0 ]; then
   CERTFAILED=${CERTFAILED-"Export Root"}
 fi
 cat ${CERTUTILOUT}
 rm ${CERTUTILOUT} 2>/dev/null
-echo "   certutil -N -d ${COPYDIR} -f ${PWFILE} "
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
-echo "**************** Creating Client CA Issued Certificates ****************"
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
-echo "   certutil -N -d ${CERTDIR} -f ${PWFILE} "
+  fi
 certutil -N -d ${CERTDIR} -f ${PWFILE}  2>&1
 netstat >> ${NOISE_FILE} 2>&1
 date >> ${NOISE_FILE} 2>&1
 cd ${CERTDIR}
 echo "Import the root CA"
 echo "   certutil -A -n \"TestCA\" -t \"TC,TC,TC\" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert "
 certutil -A -n "TestCA" -t "TC,TC,TC" -f ${PWFILE} -d ${CERTDIR} -i ${CADIR}/root.cert  2>&1
 if [ $? -ne 0 ]; then
   CERTFAILED=${CERTFAILED-"Import Root"}
 fi
 echo "Generate a Certificate request"
 echo  "  certutil -R -s \"CN=Alice, E=alice@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US\" -d ${CERTDIR}  -f ${PWFILE} -z ${NOISE_FILE} -o req "
 certutil -R -s "CN=Alice, E=alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -d ${CERTDIR}  -f ${PWFILE} -z ${NOISE_FILE} -o req  2>&1
 if [ $? -ne 0 ]; then
   CERTFAILED=${CERTFAILED-"Generate Request"}
 fi
 echo "Sign the Certificate request"
 echo  "certutil -C -c \"TestCA\" -m 3 -v 60 -d ${CADIR} -f ${PWFILE} -i req -o alice.cert "
 certutil -C -c "TestCA" -m 3 -v 60 -d ${CADIR} -i req -o alice.cert -f ${PWFILE}  2>&1
 if [ $? -ne 0 ]; then
   CERTFAILED=${CERTFAILED-"Sign Alice's Cert"}
 fi
 echo "Import the new Cert"
 echo "certutil -A -n \"Alice\" -t \"u,u,u\" -d ${CERTDIR} -f ${PWFILE} -i alice.cert "
 certutil -A -n "Alice" -t "u,u,u" -d ${CERTDIR} -f ${PWFILE} -i alice.cert  2>&1
 if [ $? -ne 0 ]; then
   CERTFAILED=${CERTFAILED-"Import Alice's cert"}
 fi
 if [ -n "${CERTFAILED}" ]; then
    echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Creating Alice's email cert</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-cd ${TOOLSDIR}
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
      cd ../common
      . init.sh
  fi
  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
      cd ../cert
      . cert.sh
  fi
  SCRIPTNAME=tools.sh
  html_head "Tools Tests"
-echo "Load the root cert module"
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
-echo "" > ${MODSCRIPT}
+      Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
-echo "modutil -add \"Builtin Object Token\" -libfile ${ROOTMODULE} -dbdir ${CERTDIR}"
+  }
 modutil -add "Builtin Object Token" -libfile ${ROOTMODULE} -dbdir ${CERTDIR} < ${MODSCRIPT} 2>&1
 if [ $? -ne 0 ]; then
   MODFAILED=${MODFAILED-"Load Builtin Root Module"}
 fi
 if [ -n "${MODFAILED}" ]; then
    echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Loading Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
 echo "Listing roots from builtin module"
 echo "certutil -L -d ${CERTDIR} -h all | grep \"Builtin Object Token:\""
 certutil -L -d ${CERTDIR} -h all | grep "Builtin Object Token:" > ${MODLIST}
 if [ -s ${MODLIST} ]; then
    echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Listing Builtin Root Module</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
 fi
-echo "Export cert and key"
+  TOOLSDIR=${HOSTDIR}/tools
-echo "pk12util -o alice.p12 -n \"Alice\" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE}"
+  COPYDIR=${TOOLSDIR}/copydir
 pk12util -o alice.p12 -n "Alice" -d ${CERTDIR} -k ${PWFILE} -w ${PWFILE} 2>&1
 if [ $? -ne 0 ]; then
   P12FAILED=${P12FAILED-"Export cert and key"}
 fi
 if [ -n "${P12FAILED}" ]; then
    echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=red>Failed ($CERTFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Exporting Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-echo "Import cert and key"
+  R_TOOLSDIR=../tools
-echo "pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE}"
+  R_COPYDIR=../tools/copydir
 pk12util -i alice.p12 -d ${COPYDIR} -k ${PWFILE} -w ${PWFILE} 2>&1
 if [ $? -ne 0 ]; then
   P12FAILED=${P12FAILED-"Import cert and key"}
 fi
 if [ -n "${P12FAILED}" ]; then
    echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=red>Failed ($P12FAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Importing Alice's email cert & key</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-echo "Create objsign cert"
+  SIGNSCRIPT=${TMP}/tests_sign.$$
 echo "signtool -G \"objectsigner\" -d ${CERTDIR} -p \"nss\""
 echo "y"    > ${SIGNSCRIPT}
 echo "TEST" >> ${SIGNSCRIPT}
 echo "MOZ"  >> ${SIGNSCRIPT}
 echo "NSS"  >> ${SIGNSCRIPT}
 echo "NY"   >> ${SIGNSCRIPT}
 echo "US"   >> ${SIGNSCRIPT}
 echo "liz"  >> ${SIGNSCRIPT}
 echo "liz@moz.org" >> ${SIGNSCRIPT}
 signtool -G "objsigner" -d ${CERTDIR} -p "nss" < ${SIGNSCRIPT} 2>&1
-echo "Sign files in a directory"
+  TEMPFILES="${TEMPFILES} ${SIGNSCRIPT}"
 mkdir -p ${TOOLSDIR}/html
 cp ${CURDIR}/sign*.html ${TOOLSDIR}/html
 echo "signtool -Z nojs.jar -d ${CERTDIR} -p \"nss\" -k objsigner ${TOOLSDIR}/html"
 signtool -Z nojs.jar -d ${CERTDIR} -p "nss" -k objsigner ${TOOLSDIR}/html
 if [ $? -ne 0 ]; then
   SIGNFAILED=${SIGNFAILED-"Sign files in directory"}
 fi
 if [ -n "${SIGNFAILED}" ]; then
    echo "<TR><TD>Signing a set of files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Signing a set of files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-echo "signtool -w nojs.jar -d ${CERTDIR}"
+  mkdir -p ${TOOLSDIR}
-signtool -w nojs.jar -d ${CERTDIR}
+  mkdir -p ${COPYDIR}
-if [ $? -ne 0 ]; then
+  mkdir -p ${TOOLSDIR}/html
-   SIGNFAILED=${SIGNFAILED-"Show files in jar"}
+  cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
 fi
 if [ -n "${SIGNFAILED}" ]; then
    echo "<TR><TD>Listing signed files</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Listing signed files</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-echo "signtool -w nojs.jar -d ${CERTDIR}"
+  cd ${TOOLSDIR}
-signtool -w nojs.jar -d ${CERTDIR}
+}
 if [ $? -ne 0 ]; then
   SIGNFAILED=${SIGNFAILED-"Check signer"}
 fi
 if [ -n "${SIGNFAILED}" ]; then
    echo "<TR><TD>Show who signed jar</TD><TD bgcolor=red>Failed ($SIGNFAILED)</TD><TR>" >> ${RESULTS}
 else
    echo "<TR><TD>Show who signed jar</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
 fi
-echo "</TABLE><BR>" >> ${RESULTS}
+############################## tools_p12 ###############################
 # local shell function to test basic functionality of pk12util
 ########################################################################
 tools_p12()
 {
  echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------"
  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${R_ALICEDIR} -k ${R_PWFILE} \\"
  echo "         -w ${R_PWFILE}"
  pk12util -o Alice.p12 -n "Alice" -d ${R_ALICEDIR} -k ${R_PWFILE} \
           -w ${R_PWFILE} 2>&1 
  html_msg $? 0 "Exporting Alice's email cert & key (pk12util -o)"
  echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------"
  echo "pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
  pk12util -i Alice.p12 -d ${R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
  html_msg $? 0 "Importing Alice's email cert & key (pk12util -i)"
 }
 ############################## tools_sign ##############################
 # local shell function to test basic functionality of signtool
 ########################################################################
 tools_sign()
 {
  echo "$SCRIPTNAME: Create objsign cert -------------------------------"
  echo "signtool -G \"objectsigner\" -d ${R_ALICEDIR} -p \"nss\""
  echo "y"    > ${SIGNSCRIPT}
  echo "TEST" >> ${SIGNSCRIPT}
  echo "MOZ"  >> ${SIGNSCRIPT}
  echo "NSS"  >> ${SIGNSCRIPT}
  echo "NY"   >> ${SIGNSCRIPT}
  echo "US"   >> ${SIGNSCRIPT}
  echo "liz"  >> ${SIGNSCRIPT}
  echo "liz@moz.org" >> ${SIGNSCRIPT}
  signtool -G "objsigner" -d ${R_ALICEDIR} -p "nss" < ${SIGNSCRIPT} 2>&1
  echo "$SCRIPTNAME: Signing a set of files ----------------------------"
  echo "signtool -Z nojs.jar -d ${R_ALICEDIR} -p \"nss\" -k objsigner \\"
  echo "         ${R_TOOLSDIR}/html"
  signtool -Z nojs.jar -d ${R_ALICEDIR} -p "nss" -k objsigner ${R_TOOLSDIR}/html
  html_msg $? 0 "Signing a set of files (signtool -Z)"
  echo "$SCRIPTNAME: Listing signed files in jar ----------------------"
  echo "signtool -w nojs.jar -d ${R_ALICEDIR}"
  signtool -w nojs.jar -d ${R_ALICEDIR}
  html_msg $? 0 "Listing signed files in jar (signtool -w)"
  echo "$SCRIPTNAME: Show who signed jar ------------------------------"
  echo "signtool -w nojs.jar -d ${R_ALICEDIR}"
  signtool -w nojs.jar -d ${R_ALICEDIR}
  html_msg $? 0 "Show who signed jar (signtool -w)"
 }
 ############################## tools_cleanup ###########################
 # local shell function to finish this script (no exit since it might be 
 # sourced)
 ########################################################################
 tools_cleanup()
 {
  html "</TABLE><BR>"
  cd ${QADIR}
  . common/cleanup.sh
 }
 ################## main #################################################
 tools_init
 tools_p12
 tools_sign
 tools_cleanup
 if [ "$SONMI_DEBUG" != "ON"  -a -n "$TEMPFILES" ]
 then
 	rm -f ${TEMPFILES}
 fi
 cd ${CURDIR}
 echo "</BODY></HTML>" >> ${RESULTS}