mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

restructuring of NSS QA

This commit is contained in:
sonmi%netscape.com 2001-03-01 00:40:38 +00:00
Родитель 9116da8583
Коммит e82d67c3ce
1 изменённых файлов: 237 добавлений и 166 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

229
security/nss/tests/cert/cert.sh
Просмотреть файл

@ -1,4 +1,36 @@
#! /bin/sh
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
########################################################################
#
@ -24,19 +56,35 @@
# FIXME - Netscape - NSS
########################################################################
############################## cert_init ###############################
# local shell function to initialize this script
########################################################################
cert_init()
{
SCRIPTNAME="cert.sh"
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
fi
if [ -z "${INIT_SOURCED}" ] ; then
cd ../common
. init.sh
fi
SCRIPTNAME="cert.sh"
if [ -z "${CLEANUP}" ] ; then
CLEANUP="${SCRIPTNAME}"
fi
html_head "Certutil Tests"
################## Generate noise for our CA cert. ######################
# NOTE: these keys are only suitable for testing, as this whole thing
# bypasses the entropy gathering. Don't use this method to generate
# keys and certs for product use or deployment.
#
ps -efl > ${NOISE_FILE} 2>&1
ps aux >> ${NOISE_FILE} 2>&1
noise
}
certlog() ###################### write the cert_status file
cert_log() ###################### write the cert_status file
{
echo "$SCRIPTNAME $*"
#echo "$SCRIPTNAME $*"
echo $* >>${CERT_LOG_FILE}
}
@ -59,7 +107,7 @@ noise()
########################################################################
certu()
{
echo "$SCRIPTNAME: ${CU_ACTION}"
echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
if [ -n "${CU_SUBJECT}" ]; then
#the subject of the cert contains blanks, and the shell
@ -75,17 +123,17 @@ certu()
if [ "$RET" -ne 0 ]; then
CERTFAILED=$RET
html_failed "<TR><TD>${CU_ACTION} ($RET) "
certlog "ERROR: ${CU_ACTION} failed $RET"
cert_log "ERROR: ${CU_ACTION} failed $RET"
else
html_passed "<TR><TD>${CU_ACTION}"
fi
return $RET
}
################################ init_cert #############################
############################# cert_init_cert ##########################
# local shell function to initialize creation of client and server certs
########################################################################
init_cert()
cert_init_cert()
{
CERTDIR="$1"
CERTNAME="$2"
@ -94,14 +142,15 @@ init_cert()
if [ ! -d "${CERTDIR}" ]; then
mkdir -p "${CERTDIR}"
else
echo "WARNING - ${CERTDIR} exists"
echo "$SCRIPTNAME: WARNING - ${CERTDIR} exists"
fi
cd "${CERTDIR}"
CERTDIR="."
noise
}
################################ create_cert ###########################
############################# cert_create_cert #########################
# local shell function to create client certs
# initialize DB, import
# root cert
@ -110,67 +159,55 @@ init_cert()
# import Cert
#
########################################################################
create_cert()
cert_create_cert()
{
init_cert "$1" "$2" "$3"
cert_init_cert "$1" "$2" "$3"
CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
certu -N -d "${CERTDIR}" -f "${PWFILE}" 2>&1
certu -N -d "${CERTDIR}" -f "${R_PWFILE}" 2>&1
if [ "$RET" -ne 0 ]; then
return $RET
fi
CU_ACTION="Import Root CA for $CERTNAME"
certu -A -n "TestCA" -t "TC,TC,TC" -f "${PWFILE}" -d "${CERTDIR}" -i "${CADIR}/root.cert" 2>&1
certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${CERTDIR}" \
-i "${R_CADIR}/root.cert" 2>&1
if [ "$RET" -ne 0 ]; then
return $RET
fi
CU_ACTION="Generate Cert Request for $CERTNAME"
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -R -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -o req 2>&1
certu -R -d "${CERTDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
if [ "$RET" -ne 0 ]; then
return $RET
fi
CU_ACTION="Sign ${CERTNAME}'s Request"
certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${CADIR}" -i req -o "${CERTNAME}.cert" -f "${PWFILE}" 2>&1
certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${R_CADIR}" \
-i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
if [ "$RET" -ne 0 ]; then
return $RET
fi
CU_ACTION="Import $CERTNAME's Cert"
certu -A -n "$CERTNAME" -t "u,u,u" -d "${CERTDIR}" -f "${PWFILE}" -i "${CERTNAME}.cert" 2>&1
certu -A -n "$CERTNAME" -t "u,u,u" -d "${CERTDIR}" -f "${R_PWFILE}" \
-i "${CERTNAME}.cert" 2>&1
if [ "$RET" -ne 0 ]; then
return $RET
fi
certlog "SUCCESS: $CERTNAME's Cert Created"
cert_log "SUCCESS: $CERTNAME's Cert Created"
return 0
}
################## main #################################################
certlog "********************** running $SCRIPTNAME **********************"
html "<TABLE BORDER=1><TR><TH COLSPAN=3>Certutil Tests</TH></TR>"
html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>"
################## Generate noise for our CA cert. ######################
# NOTE: these keys are only suitable for testing, as this whole thing bypasses
# the entropy gathering. Don't use this method to generate keys and certs for
# product use or deployment.
#
ps -efl > ${NOISE_FILE} 2>&1
ps aux >> ${NOISE_FILE} 2>&1
noise
################# Temp. Certificate Authority (CA) #######################
#
# build the TEMP CA used for testing purposes
#
################# Creating a CA Certificate ##############################
#
echo "********************** Creating a CA Certificate **********************"
################################# cert_CA ################################
# local shell function to build the Temp. Certificate Authority (CA)
# used for testing purposes, creating a CA Certificate and a root cert
##########################################################################
cert_CA()
{
echo "$SCRIPTNAME: Creating a CA Certificate =========================="
if [ ! -d "${CADIR}" ]; then
mkdir -p "${CADIR}"
@ -180,14 +217,14 @@ cd ${CADIR}
echo nss > ${PWFILE}
CU_ACTION="Creating CA Cert DB"
certu -N -d ${CADIR} -f ${PWFILE} 2>&1
certu -N -d . -f ${R_PWFILE} 2>&1
if [ "$RET" -ne 0 ]; then
exit 3 #with errorcode
Exit 5 "Fatal - failed to create CA"
fi
################# Generating Certscript #################################
#
echo "$SCRIPTNAME: Certificate initialized, generating script"
echo "$SCRIPTNAME: Certificate initialized, generating script ----------"
echo 5 > ${CERTSCRIPT}
echo 9 >> ${CERTSCRIPT}
@ -205,87 +242,121 @@ echo n >> ${CERTSCRIPT}
#
CU_ACTION="Creating CA Cert"
CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
certu -S -n "TestCA" -t "CTu,CTu,CTu" -v 60 -x -d ${CADIR} -1 -2 -5 -f ${PWFILE} -z ${NOISE_FILE} < ${CERTSCRIPT} 2>&1
certu -S -n "TestCA" -t "CTu,CTu,CTu" -v 60 -x -d . -1 -2 -5 \
-f ${R_PWFILE} -z ${R_NOISE_FILE} < ${CERTSCRIPT} 2>&1
if [ "$RET" -ne 0 ]; then
exit 1 #with errorcode
Exit 6 "Fatal - failed to create CA cert"
fi
################# Exporting Root Cert ###################################
#
CU_ACTION="Exporting Root Cert"
certu -L -n "TestCA" -r -d ${CADIR} -o ${CADIR}/root.cert
certu -L -n "TestCA" -r -d . -o root.cert
if [ "$RET" -ne 0 ]; then
exit 2 #with errorcode
Exit 7 "Fatal - failed to export root cert"
fi
}
################# Creating Certificates for S/MIME tests ################
#
############################## cert_smime_client #############################
# local shell function to create client Certificates for S/MIME tests
##############################################################################
cert_smime_client()
{
CERTFAILED=0
echo "**************** Creating Client CA Issued Certificates ****************"
echo "$SCRIPTNAME: Creating Client CA Issued Certificates =============="
create_cert ${ALICEDIR} "Alice" 3
create_cert ${BOBDIR} "Bob" 4
cert_create_cert ${ALICEDIR} "Alice" 3
cert_create_cert ${BOBDIR} "Bob" 4
echo "**************** Creating Dave's Certificate ****************"
init_cert "${DAVEDIR}" Dave 5
echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
cert_init_cert "${DAVEDIR}" Dave 5
cp ${CADIR}/*.db .
#########################################################################
#
cd ${CERTDIR}
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" -d . \
-f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
CU_ACTION="Export Dave's Cert"
certu -L -n "Dave" -r -d ${DAVEDIR} -o Dave.cert
cd ${DAVEDIR}
certu -L -n "Dave" -r -d . -o Dave.cert
################# Importing Certificates for S/MIME tests ###############
#
echo "**************** Importing Certificates *********************"
echo "$SCRIPTNAME: Importing Certificates =============================="
CU_ACTION="Import Alices's cert into Bob's db"
certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${ALICEDIR}/Alice.cert 2>&1
certu -E -t "u,u,u" -d ${R_BOBDIR} -f ${R_PWFILE} \
-i ${R_ALICEDIR}/Alice.cert 2>&1
CU_ACTION="Import Bob's cert into Alice's db"
certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${BOBDIR}/Bob.cert 2>&1
certu -E -t "u,u,u" -d ${R_ALICEDIR} -f ${R_PWFILE} \
-i ${R_BOBDIR}/Bob.cert 2>&1
CU_ACTION="Import Dave's cert into Alice's DB"
certu -E -t "u,u,u" -d ${ALICEDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1
certu -E -t "u,u,u" -d ${R_ALICEDIR} -f ${R_PWFILE} \
-i ${R_DAVEDIR}/Dave.cert 2>&1
CU_ACTION="Import Dave's cert into Bob's DB"
certu -E -t "u,u,u" -d ${BOBDIR} -f ${PWFILE} -i ${DAVEDIR}/Dave.cert 2>&1
certu -E -t "u,u,u" -d ${R_BOBDIR} -f ${R_PWFILE} \
-i ${R_DAVEDIR}/Dave.cert 2>&1
if [ "$CERTFAILED" != 0 ] ; then
certlog "ERROR: SMIME failed $RET"
cert_log "ERROR: SMIME failed $RET"
else
certlog "SUCCESS: SMIME passed"
cert_log "SUCCESS: SMIME passed"
fi
}
############################## cert_ssl ################################
# local shell function to create client + server certs for SSL test
########################################################################
cert_ssl()
{
################# Creating Certs for SSL test ###########################
#
CERTFAILED=0
echo "**************** Creating Client CA Issued Certificates ****************"
create_cert ${CLIENTDIR} "TestUser" 6
echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
cert_create_cert ${CLIENTDIR} "TestUser" 6
echo "***** Creating Server CA Issued Certificate for ${HOST}.${DOMSUF} *****"
init_cert ${SERVERDIR} "${HOST}.${DOMSUF}" 1
echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
echo " ${HOST}.${DOMSUF} ------------------------------------"
cert_init_cert ${SERVERDIR} "${HOST}.${DOMSUF}" 1
cp ${CADIR}/*.db .
CU_ACTION="Creating ${CERTNAME}'s Server Cert"
CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
#certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -m "$CERTSERIAL" -d "${CERTDIR}" -f "${PWFILE}" -z "${NOISE_FILE}" -v 60 2>&1
certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d . -f "${R_PWFILE}" \
-z "${R_NOISE_FILE}" -v 60 2>&1
#FIXME - certdir or serverdir????
#certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -m "$CERTSERIAL" \
# -d "${CERTDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
if [ "$CERTFAILED" != 0 ] ; then
certlog "ERROR: SSL failed $RET"
cert_log "ERROR: SSL failed $RET"
else
certlog "SUCCESS: SSL passed"
cert_log "SUCCESS: SSL passed"
fi
}
certlog "********************** finished $SCRIPTNAME **********************"
############################## cert_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
cert_cleanup()
{
cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
html "</TABLE><BR>"
cd ${QADIR}
. common/cleanup.sh
}
cd ${CURDIR}
. ../common/cleanup.sh
################## main #################################################
# we will probably need mor for the tools
# tools.sh: generates an alice cert in a "Cert" directory
# FIXME, for now use ALICEDIR and see if this works...
cert_init
cert_CA
cert_smime_client
cert_ssl
cert_cleanup