mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

restructuring of NSS QA

This commit is contained in:
sonmi%netscape.com 2001-03-01 00:40:38 +00:00
Родитель 9116da8583
Коммит e82d67c3ce
1 изменённых файлов: 237 добавлений и 166 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

403
security/nss/tests/cert/cert.sh
Просмотреть файл

@ -1,4 +1,36 @@
#! /bin/sh #! /bin/sh
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
######################################################################## ########################################################################
# #
@ -24,19 +56,35 @@
# FIXME - Netscape - NSS # FIXME - Netscape - NSS
######################################################################## ########################################################################
if [ -z "${INIT_SOURCED}" ] ; then ############################## cert_init ###############################
cd ../common # local shell function to initialize this script
. init.sh ########################################################################
fi cert_init()
SCRIPTNAME="cert.sh"
if [ -z "${CLEANUP}" ] ; then
CLEANUP="${SCRIPTNAME}"
fi
certlog() ###################### write the cert_status file
{ {
echo "$SCRIPTNAME $*" SCRIPTNAME="cert.sh"
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
fi
if [ -z "${INIT_SOURCED}" ] ; then
cd ../common
. init.sh
fi
SCRIPTNAME="cert.sh"
html_head "Certutil Tests"
################## Generate noise for our CA cert. ######################
# NOTE: these keys are only suitable for testing, as this whole thing
# bypasses the entropy gathering. Don't use this method to generate
# keys and certs for product use or deployment.
#
ps -efl > ${NOISE_FILE} 2>&1
ps aux >> ${NOISE_FILE} 2>&1
noise
}
cert_log() ###################### write the cert_status file
{
#echo "$SCRIPTNAME $*"
echo $* >>${CERT_LOG_FILE} echo $* >>${CERT_LOG_FILE}
} }
@ -59,33 +107,33 @@ noise()
######################################################################## ########################################################################
certu() certu()
{ {
echo "$SCRIPTNAME: ${CU_ACTION}" echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
if [ -n "${CU_SUBJECT}" ]; then if [ -n "${CU_SUBJECT}" ]; then
#the subject of the cert contains blanks, and the shell #the subject of the cert contains blanks, and the shell
#will strip the quotes off the string, if called otherwise... #will strip the quotes off the string, if called otherwise...
echo "certutil -s \"${CU_SUBJECT}\" $*" echo "certutil -s \"${CU_SUBJECT}\" $*"
certutil -s "${CU_SUBJECT}" $* certutil -s "${CU_SUBJECT}" $*
CU_SUBJECT="" CU_SUBJECT=""
else else
echo "certutil $*" echo "certutil $*"
certutil $* certutil $*
fi fi
RET=$? RET=$?
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
CERTFAILED=$RET CERTFAILED=$RET
html_failed "<TR><TD>${CU_ACTION} ($RET) " html_failed "<TR><TD>${CU_ACTION} ($RET) "
certlog "ERROR: ${CU_ACTION} failed $RET" cert_log "ERROR: ${CU_ACTION} failed $RET"
else else
html_passed "<TR><TD>${CU_ACTION}" html_passed "<TR><TD>${CU_ACTION}"
fi fi
return $RET return $RET
} }
################################ init_cert ############################# ############################# cert_init_cert ##########################
# local shell function to initialize creation of client and server certs # local shell function to initialize creation of client and server certs
######################################################################## ########################################################################
init_cert() cert_init_cert()
{ {
CERTDIR="$1" CERTDIR="$1"
CERTNAME="$2" CERTNAME="$2"
@ -94,14 +142,15 @@ init_cert()
if [ ! -d "${CERTDIR}" ]; then if [ ! -d "${CERTDIR}" ]; then
mkdir -p "${CERTDIR}" mkdir -p "${CERTDIR}"
else else
echo "WARNING - ${CERTDIR} exists" echo "$SCRIPTNAME: WARNING - ${CERTDIR} exists"
fi fi
cd "${CERTDIR}" cd "${CERTDIR}"
CERTDIR="."
noise noise
} }
################################ create_cert ########################### ############################# cert_create_cert #########################
# local shell function to create client certs # local shell function to create client certs
# initialize DB, import # initialize DB, import
# root cert # root cert
@ -110,182 +159,204 @@ init_cert()
# import Cert # import Cert
# #
######################################################################## ########################################################################
create_cert() cert_create_cert()
{ {
init_cert "$1" "$2" "$3" cert_init_cert "$1" "$2" "$3"
CU_ACTION="Initializing ${CERTNAME}'s Cert DB" CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
certu -N -d "${CERTDIR}" -f "${PWFILE}" 2>&1 certu -N -d "${CERTDIR}" -f "${R_PWFILE}" 2>&1
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
return $RET return $RET
fi fi
CU_ACTION="Import Root CA for $CERTNAME" CU_ACTION="Import Root CA for $CERTNAME"
certu -A -n "TestCA" -t "TC,TC,TC" -f "${PWFILE}" -d "${CERTDIR}" -i "${CADIR}/root.cert" 2>&1 certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${CERTDIR}" \
-i "${R_CADIR}/root.cert" 2>&1
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
return $RET return $RET
fi fi
CU_ACTION="Generate Cert Request for $CERTNAME" CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -o req 2>&1 certu -R -d "${CERTDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
return $RET return $RET
fi fi
CU_ACTION="Sign ${CERTNAME}'s Request" CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${CADIR}" -i req -o "${CERTNAME}.cert" -f "${PWFILE}" 2>&1 certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
return $RET return $RET
fi fi
CU_ACTION="Import $CERTNAME's Cert" CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t "u,u,u" -d "${CERTDIR}" -f "${PWFILE}" -i "${CERTNAME}.cert" 2>&1 certu -A -n "$CERTNAME" -t "u,u,u" -d "${CERTDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
if [ "$RET" -ne 0 ]; then if [ "$RET" -ne 0 ]; then
return $RET return $RET
fi fi
certlog "SUCCESS: $CERTNAME's Cert Created" cert_log "SUCCESS: $CERTNAME's Cert Created"
return 0 return 0
} }
################################# cert_CA ################################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
##########################################################################
cert_CA()
{
echo "$SCRIPTNAME: Creating a CA Certificate =========================="
if [ ! -d "${CADIR}" ]; then
mkdir -p "${CADIR}"
fi
cd ${CADIR}
echo nss > ${PWFILE}
CU_ACTION="Creating CA Cert DB"
certu -N -d . -f ${R_PWFILE} 2>&1
if [ "$RET" -ne 0 ]; then
Exit 5 "Fatal - failed to create CA"
fi
################# Generating Certscript #################################
#
echo "$SCRIPTNAME: Certificate initialized, generating script ----------"
echo 5 > ${CERTSCRIPT}
echo 9 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
echo y >> ${CERTSCRIPT}
echo 3 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
echo 5 >> ${CERTSCRIPT}
echo 6 >> ${CERTSCRIPT}
echo 7 >> ${CERTSCRIPT}
echo 9 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
################# Creating CA Cert ######################################
#
CU_ACTION="Creating CA Cert"
CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -S -n "TestCA" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 \
-f ${R_PWFILE} -z ${R_NOISE_FILE} < ${CERTSCRIPT} 2>&1
if [ "$RET" -ne 0 ]; then
Exit 6 "Fatal - failed to create CA cert"
fi
################# Exporting Root Cert ###################################
#
CU_ACTION="Exporting Root Cert"
certu -L -n "TestCA" -r -d . -o root.cert
if [ "$RET" -ne 0 ]; then
Exit 7 "Fatal - failed to export root cert"
fi
}
############################## cert_smime_client #############################
# local shell function to create client Certificates for S/MIME tests
##############################################################################
cert_smime_client()
{
CERTFAILED=0
echo "$SCRIPTNAME: Creating Client CA Issued Certificates =============="
cert_create_cert ${ALICEDIR} "Alice" 3
cert_create_cert ${BOBDIR} "Bob" 4
echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
cert_init_cert "${DAVEDIR}" Dave 5
cp ${CADIR}/*.db .
#########################################################################
#
cd ${CERTDIR}
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" -d . \
-f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
CU_ACTION="Export Dave's Cert"
cd ${DAVEDIR}
certu -L -n "Dave" -r -d . -o Dave.cert
################# Importing Certificates for S/MIME tests ###############
#
echo "$SCRIPTNAME: Importing Certificates =============================="
CU_ACTION="Import Alices's cert into Bob's db"
certu -E -t "u,u,u" -d ${R_BOBDIR} -f ${R_PWFILE} \
-i ${R_ALICEDIR}/Alice.cert 2>&1
CU_ACTION="Import Bob's cert into Alice's db"
certu -E -t "u,u,u" -d ${R_ALICEDIR} -f ${R_PWFILE} \
-i ${R_BOBDIR}/Bob.cert 2>&1
CU_ACTION="Import Dave's cert into Alice's DB"
certu -E -t "u,u,u" -d ${R_ALICEDIR} -f ${R_PWFILE} \
-i ${R_DAVEDIR}/Dave.cert 2>&1
CU_ACTION="Import Dave's cert into Bob's DB"
certu -E -t "u,u,u" -d ${R_BOBDIR} -f ${R_PWFILE} \
-i ${R_DAVEDIR}/Dave.cert 2>&1
if [ "$CERTFAILED" != 0 ] ; then
cert_log "ERROR: SMIME failed $RET"
else
cert_log "SUCCESS: SMIME passed"
fi
}
############################## cert_ssl ################################
# local shell function to create client + server certs for SSL test
########################################################################
cert_ssl()
{
################# Creating Certs for SSL test ###########################
#
CERTFAILED=0
echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
cert_create_cert ${CLIENTDIR} "TestUser" 6
echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
echo " ${HOST}.${DOMSUF} ------------------------------------"
cert_init_cert ${SERVERDIR} "${HOST}.${DOMSUF}" 1
cp ${CADIR}/*.db .
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d . -f "${R_PWFILE}" \
-z "${R_NOISE_FILE}" -v 60 2>&1
#FIXME - certdir or serverdir????
#certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -m "$CERTSERIAL" \
# -d "${CERTDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
if [ "$CERTFAILED" != 0 ] ; then
cert_log "ERROR: SSL failed $RET"
else
cert_log "SUCCESS: SSL passed"
fi
}
############################## cert_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
cert_cleanup()
{
cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
html "</TABLE><BR>"
cd ${QADIR}
. common/cleanup.sh
}
################## main ################################################# ################## main #################################################
certlog "********************** running $SCRIPTNAME **********************" cert_init
html "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>" cert_CA
html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" cert_smime_client
cert_ssl
################## Generate noise for our CA cert. ###################### cert_cleanup
# NOTE: these keys are only suitable for testing, as this whole thing bypasses
# the entropy gathering. Don't use this method to generate keys and certs for
# product use or deployment.
#
ps -efl > ${NOISE_FILE} 2>&1
ps aux >> ${NOISE_FILE} 2>&1
noise
################# Temp. Certificate Authority (CA) #######################
#
# build the TEMP CA used for testing purposes
#
################# Creating a CA Certificate ##############################
#
echo "********************** Creating a CA Certificate **********************"
if [ ! -d "${CADIR}" ]; then
mkdir -p "${CADIR}"
fi
cd ${CADIR}
echo nss > ${PWFILE}
CU_ACTION="Creating CA Cert DB"
certu -N -d ${CADIR} -f ${PWFILE} 2>&1
if [ "$RET" -ne 0 ]; then
exit 3 #with errorcode
fi
################# Generating Certscript #################################
#
echo "$SCRIPTNAME: Certificate initialized, generating script"
echo 5 > ${CERTSCRIPT}
echo 9 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
echo y >> ${CERTSCRIPT}
echo 3 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
echo 5 >> ${CERTSCRIPT}
echo 6 >> ${CERTSCRIPT}
echo 7 >> ${CERTSCRIPT}
echo 9 >> ${CERTSCRIPT}
echo n >> ${CERTSCRIPT}
################# Creating CA Cert ######################################
#
CU_ACTION="Creating CA Cert"
CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -S -n "TestCA" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} 2>&1
if [ "$RET" -ne 0 ]; then
exit 1 #with errorcode
fi
################# Exporting Root Cert ###################################
#
CU_ACTION="Exporting Root Cert"
certu -L -n "TestCA" -r -d ${CADIR} -o ${CADIR}/root.cert
if [ "$RET" -ne 0 ]; then
exit 2 #with errorcode
fi
################# Creating Certificates for S/MIME tests ################
#
CERTFAILED=0
echo "**************** Creating Client CA Issued Certificates ****************"
create_cert ${ALICEDIR} "Alice" 3
create_cert ${BOBDIR} "Bob" 4
echo "**************** Creating Dave's Certificate ****************"
init_cert "${DAVEDIR}" Dave 5
cp ${CADIR}/*.db .
#########################################################################
#
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
CU_ACTION="Export Dave's Cert"
certu -L -n "Dave" -r -d ${DAVEDIR} -o Dave.cert
################# Importing Certificates for S/MIME tests ###############
#
echo "**************** Importing Certificates *********************"
CU_ACTION="Import Alices's cert into Bob's db"
certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${ALICEDIR}/Alice.cert 2>&1
CU_ACTION="Import Bob's cert into Alice's db"
certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${BOBDIR}/Bob.cert 2>&1
CU_ACTION="Import Dave's cert into Alice's DB"
certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1
CU_ACTION="Import Dave's cert into Bob's DB"
certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1
if [ "$CERTFAILED" != 0 ] ; then
certlog "ERROR: SMIME failed $RET"
else
certlog "SUCCESS: SMIME passed"
fi
################# Creating Certs for SSL test ###########################
#
CERTFAILED=0
echo "**************** Creating Client CA Issued Certificates ****************"
create_cert ${CLIENTDIR} "TestUser" 6
echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****"
init_cert ${SERVERDIR} "${HOST}.${DOMSUF}" 1
cp ${CADIR}/*.db .
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
#certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
if [ "$CERTFAILED" != 0 ] ; then
certlog "ERROR: SSL failed $RET"
else
certlog "SUCCESS: SSL passed"
fi
certlog "********************** finished $SCRIPTNAME **********************"
html "</TABLE><BR>"
cd ${CURDIR}
. ../common/cleanup.sh
# we will probably need mor for the tools
# tools.sh: generates an alice cert in a "Cert" directory
# FIXME, for now use ALICEDIR and see if this works...