mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

380065 update to Sunpkcs11 config and Mozilla-JSS test r=self JSS test change only

This commit is contained in:
glen.beasley%sun.com 2007-08-22 23:32:28 +00:00
Родитель c9860176c0
Коммит 2f625ebc31
5 изменённых файлов: 249 добавлений и 157 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
security/jss/org/mozilla/jss/tests/GenerateTestCert.java
Просмотреть файл

@ -262,7 +262,6 @@ public class GenerateTestCert {
"\n\t" + caCertNick +
"\n\t" + serverCertNick +
"\n\t" + clientCertNick);
System.out.println("Exiting main()");
permCerts = cm.getPermCerts();
if ( (originalPermCerts + 3) != permCerts.length) {
@ -275,22 +274,23 @@ public class GenerateTestCert {
" database: " + permCerts.length);
}
/* ensure certificate does not already exists */
/* ensure certificates exists */
certs = cm.findCertsByNickname(caCertNick);
if (certs.length == 0) {
System.out.println(caCertNick + " already exists!");
System.out.println(caCertNick + " should exist!");
System.exit(1);
};
certs = cm.findCertsByNickname(serverCertNick);
if (certs.length == 0) {
System.out.println(serverCertNick + " already exists!");
System.out.println(serverCertNick + " should exist!");
System.exit(1);
};
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length == 0) {
System.out.println(clientCertNick + " already exists!");
System.out.println(clientCertNick + " should exist!");
System.exit(1);
};
System.out.println("Exiting GenerateTestCert");
} catch(Exception e) {
e.printStackTrace();

18
security/jss/org/mozilla/jss/tests/JSSE_SSLServer.java
Просмотреть файл

@ -160,9 +160,9 @@ public class JSSE_SSLServer {
}
if (args.length >= 7 && args.length >=8 ) {
if ((args[5].equalsIgnoreCase("Mozilla-JSS"))) {
if (args.length >= 8) {
pwFile = args[7];
}
if (args.length >= 8) {
pwFile = args[7];
}
System.out.println("Initializing " + args[5]);
CryptoManager.InitializationValues vals = new
@ -174,11 +174,15 @@ public class JSSE_SSLServer {
new FilePasswordCallback(pwFile) );
} else if (args[5].equalsIgnoreCase("Sunpkcs11")) {
nssConfig = args[6];
System.out.println("Initializing " + args[5] + "-NSS");
Provider nss = new sun.security.pkcs11.SunPKCS11(nssConfig);
Security.insertProviderAt(nss, 1);
System.out.println("Initialized " + args[5] + "-NSS");
System.out.println("Initializing " + args[5] + "-NSS");
Provider nss = null;
nss = new sun.security.pkcs11.SunPKCS11(nssConfig);
System.out.println("inserting provider?");
Security.insertProviderAt(nss, 1);
System.out.println("Initialized " + args[5] + "-NSS");
} else {
//use default
}

211
security/jss/org/mozilla/jss/tests/JSS_SelfServClient.java
Просмотреть файл

@ -62,14 +62,14 @@ import java.util.*;
*
* Start the server:
*
* java -cp ./jss4.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords localhost
* false 2921 bypassoff verboseoff
* java -cp ./jss4.jar org.mozilla.jss.tests.JSS_SelfServServer . passwords
* localhost false 2921 bypassoff verboseoff
*
* Start the client with 4 threads using ciphersuite 0x33.
* Look at the file Constant.java for the ciphersuites values.
*
* java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33
* . localhost 2921 bypassoff verboseoff JSS Client_RSA
* java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 2 0x33
* . localhost 2921 bypassoff verboseoff JSS Client_RSA
*
* If you envoke the client with a ciphersuite value -1
* then all current JSS ciphersuites will be tested fox X number of
@ -77,7 +77,7 @@ import java.util.*;
* will closed all client SSLSockets and then tell the server to
* shutdown. This case is for the nightly automated tests.
*
* java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1
* java -cp jss4.jar org.mozilla.jss.tests.JSS_SelfServClient 4 -1
* . passwords localhost 2921 bypassoff verboseoff JSS
*/
@ -169,7 +169,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
initJSS();
boolean cipherSuites = true;
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
//
for (int i = 0; i < ciphers.length; i++) {
@ -178,22 +178,22 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (Constants.cipher.cipherToString(ciphers[i]) == null) {
cipherSuites = false;
System.out.println("JSS does not support ciphersuite: " +
Integer.toHexString(ciphers[i]));
Integer.toHexString(ciphers[i]));
}
}
if (!cipherSuites) {
System.out.println("ERROR: NSS has implemented " +
"ciphersuites that JSS does not support!\n");
"ciphersuites that JSS does not support!\n");
System.out.println("see http://mxr.mozilla.org/security/" +
"source/security/nss/lib/ssl/sslproto.h");
"source/security/nss/lib/ssl/sslproto.h");
System.out.println("Update org/mozilla/jss/ssl/" +
"SSLSocket.java");
"SSLSocket.java");
System.out.println("Update org/mozilla/jss/tests/" +
"Constants.java");
"Constants.java");
System.out.println("NSS implemented Ciphersuites " +
"missing from JSS");
"missing from JSS");
}
return cipherSuites;
}
@ -219,7 +219,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
public void configureCipherSuites(String server) {
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
boolean testCipher;
for (int i = 0; i < ciphers.length; ++i) {
@ -229,12 +229,12 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
System.out.print(ciphersuite);
}
if (server.equalsIgnoreCase("JSS")) {
//For JSS SSLServer don'te test
//For JSS SSLServer don'te test
if (ciphersuite.contains("_DHE_") ||
ciphersuite.contains("SSL2") ||
//Need to figure out why _ECDH_RSA ciphersuites don't work
(ciphersuite.contains("RSA") &&
ciphersuite.contains("_ECDH_")) ) {
ciphersuite.contains("SSL2") ||
//Need to figure out why _ECDH_RSA don't work
(ciphersuite.contains("RSA") &&
ciphersuite.contains("_ECDH_")) ) {
if (bVerbose) System.out.print(" -");
testCipher = false;
}
@ -242,15 +242,40 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (server.equalsIgnoreCase("JSSE")) {
//For JSSE SSLServers don't test
if (ciphersuite.contains("SSL2_") ||
ciphersuite.contains("_ECDHE_") ||
ciphersuite.contains("_ECDH_") ||
ciphersuite.contains("_CAMELLIA_")||
ciphersuite.contains("_DHE_DSS_") ||
ciphersuite.contains("_EXPORT1024_") ||
ciphersuite.contains("_RSA_FIPS_") ||
ciphersuite.contains("EXPORT_WITH_RC2") ||
ciphersuite.contains("_ECDSA_") ||
ciphersuite.contains("_256_") ) {
ciphersuite.contains("_ECDHE_") ||
ciphersuite.contains("_ECDH_") ||
ciphersuite.contains("_CAMELLIA_")||
ciphersuite.contains("_DHE_DSS_") ||
ciphersuite.contains("_EXPORT1024_") ||
ciphersuite.contains("_RSA_FIPS_") ||
ciphersuite.contains("EXPORT_WITH_RC2") ||
ciphersuite.contains("_ECDSA_") ||
ciphersuite.contains("_256_") ) {
if (bVerbose) System.out.print(" -");
testCipher = false;
}
}
if (server.equalsIgnoreCase("Mozilla-JSS")) {
//For JSSE Mozilla-JSS SSLServers don't test
if (ciphersuite.contains("SSL2_") ||
ciphersuite.contains("_ECDHE_") ||
ciphersuite.contains("_ECDH_") ||
ciphersuite.contains("_CAMELLIA_")||
ciphersuite.contains("_DHE_DSS_") ||
ciphersuite.contains("_EXPORT1024_") ||
ciphersuite.contains("_RSA_FIPS_") ||
ciphersuite.contains("EXPORT_WITH_RC2") ||
ciphersuite.contains("_ECDSA_") ||
ciphersuite.contains(
"SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA") ||
ciphersuite.contains(
"SSL3_RSA_WITH_3DES_EDE_CBC_SHA") ||
ciphersuite.contains(
"SSL3_DHE_RSA_WITH_DES_CBC_SHA") ||
ciphersuite.contains("SSL3_RSA_WITH_DES_CBC_SHA") ||
ciphersuite.contains(
"SSL3_RSA_EXPORT_WITH_RC4_40_MD5") ||
ciphersuite.contains("_256_") ) {
if (bVerbose) System.out.print(" -");
testCipher = false;
}
@ -277,7 +302,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (bVerbose) System.out.print("\n");
if(bVerbose) System.out.println("\nTesting " + ciphersToTest.size() +
" ciphersuites.");
" ciphersuites.");
}
/**
@ -305,13 +330,13 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
initJSS();
int ciphers[] =
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites();
ciphersuiteTested = Constants.cipher.cipherToString(aCipher);
if (bVerbose || !bTestCiphers) {
System.out.println("Testing " + Integer.toHexString(aCipher) +
" " + ciphersuiteTested);
" " + ciphersuiteTested);
}
if (ciphersuiteTested != null) {
@ -324,7 +349,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
try {
if (cm.FIPSEnabled() && !SSLSocket.isFipsCipherSuite(aCipher)) {
System.out.println("You are trying to test a non FIPS " +
"ciphersuite when FIPS is enabled!");
"ciphersuite when FIPS is enabled!");
System.exit(1);
}
} catch (SocketException ex) {
@ -400,7 +425,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
certs = cm.findCertsByNickname(clientCertNick);
if (certs.length == 0) {
System.out.println("unable to find cert nickname: " +
clientCertNick);
clientCertNick);
System.exit(1);
}
} catch (TokenException ex) {
@ -454,7 +479,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
private String ciphersuite;
public readWriteThread(ThreadGroup tgOb,
String tName, String cs, SSLSocket sock) {
String tName, String cs, SSLSocket sock) {
super(tgOb, tName);
if (bVerbose) {
System.out.println("New thread: " + this);
@ -472,9 +497,9 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
InputStream is = clientSock.getInputStream();
OutputStream os = clientSock.getOutputStream();
BufferedReader bir = new BufferedReader(
new InputStreamReader(is));
new InputStreamReader(is));
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(os)));
new OutputStreamWriter(os)));
while (true) {
outputLine = ciphersuite + ":" + socketID + "\n";
@ -486,7 +511,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
inputLine = bir.readLine();
if (bVerbose) {
System.out.println("Received: " + inputLine +
" on Client-" + socketID);
" on Client-" + socketID);
}
Thread.sleep(50);
}
@ -496,9 +521,9 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
e.printStackTrace();
} catch (IOException e) {
if ((e.getMessage().equalsIgnoreCase(
"SocketException cannot read on socket")) ||
(e.getMessage().equalsIgnoreCase(
"Socket has been closed, and cannot be reused.")) ) {
"SocketException cannot read on socket")) ||
(e.getMessage().equalsIgnoreCase(
"Socket has been closed, and cannot be reused.")) ) {
//System.out.println("SSLSocket "
// + socketID + " has been closed.");
} else e.printStackTrace();
@ -515,7 +540,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
try {
CryptoManager.InitializationValues vals = new
CryptoManager.InitializationValues(fCertDbPath);
CryptoManager.InitializationValues(fCertDbPath);
CryptoManager.initialize(vals);
cm = CryptoManager.getInstance();
@ -564,11 +589,11 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
try {
SSLSocket s = null;
if (bVerbose) System.out.println("Sending shutdown message " +
"to server.");
"to server.");
if (aWorkingCipher == 0) {
System.out.println("no ciphersuite was able to connect to " +
"the server!");
"the server!");
System.exit(1);
}
setCipher(aWorkingCipher);
@ -576,7 +601,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (s == null) throw new IOException("Unable to connect to server");
OutputStream os = s.getOutputStream();
PrintWriter out = new PrintWriter(new BufferedWriter(
new OutputStreamWriter(os)));
new OutputStreamWriter(os)));
out.println("shutdown");
out.flush();
out.close();
@ -607,12 +632,24 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
System.out.println("Waiting till all threads are dead");
int i = 0;
while (socketThreads.activeCount() > 0) {
Thread.currentThread().sleep(10);
System.out.println("ActiveCount" + socketThreads.activeCount());
//This loop should always exit but it has the potential
//to hang the QA tests so...
if (i == 1000) { // 1000 x 10
System.out.println("It is taking too long for the " +
"threads to die. Exiting the program");
System.out.println("Time taken: " +
(System.currentTimeMillis() - start) +
" Millieseconds");
System.exit(1);
}
i++;
}
System.out.println("All threads are dead. Time taken: " +
(System.currentTimeMillis() - start));
(System.currentTimeMillis() - start) + " Milliseconds.");
} catch (IOException ex) {
ex.printStackTrace();
System.exit(1);
@ -637,26 +674,26 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
System.out.println("client about to connect...");
String hostAddr =
InetAddress.getByName(serverHost).getHostAddress();
InetAddress.getByName(serverHost).getHostAddress();
if ( bVerbose )
System.out.println("the host " + serverHost +
" and the address " + hostAddr);
" and the address " + hostAddr);
if (TestCertCallBack) {
if ( bVerbose )
System.out.println("calling approvalCallBack");
sock = new SSLSocket(InetAddress.getByName(hostAddr),
port,
null,
0,
new TestCertificateApprovalCallback(),
null);
port,
null,
0,
new TestCertificateApprovalCallback(),
null);
} else {
if ( bVerbose )
System.out.println("NOT calling approvalCallBack");
sock = new SSLSocket(InetAddress.getByName(hostAddr),
port);
port);
}
if (clientCertNick.equalsIgnoreCase("default")) {
@ -683,7 +720,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
sock.addHandshakeCompletedListener(
new HandshakeListener("client",this));
new HandshakeListener("client",this));
sock.forceHandshake();
sock.setSoTimeout(10*1000);
@ -711,25 +748,25 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
public void outputCipherResults() {
String banner = new String
("\n----------------------------------------------------------\n");
("\n-------------------------------------------------------\n");
System.out.println(banner);
System.out.println("JSS has " +
System.out.println("JSS has " +
org.mozilla.jss.ssl.SSLSocket.getImplementedCipherSuites().length +
" ciphersuites and " +
ciphersToTest.size() + " were configured and tested.");
" ciphersuites and " +
ciphersToTest.size() + " were configured and tested.");
if (ciphersToTest.size() == h_ciphers.size()) {
System.out.println("All " + ciphersToTest.size() +
" configured ciphersuites tested Successfully!\n");
}
" configured ciphersuites tested Successfully!\n");
}
if (!h_ciphers.isEmpty()) {
if (!f_ciphers.isEmpty()) {
System.out.println(banner);
System.out.println(h_ciphers.size() +
" ciphersuites successfully connected to the "+
"server\n");
" ciphersuites successfully connected to the "+
"server\n");
}
Iterator iter = h_ciphers.iterator();
while (iter.hasNext()) {
@ -739,7 +776,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
if (bFipsMode) {
System.out.println("Note: ciphersuites that have the prefix " +
"\"SSL\" or \"SSL3\" were used in TLS mode.");
"\"SSL\" or \"SSL3\" were used in TLS mode.");
}
if (ciphersToTest.size()
@ -749,8 +786,8 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (!f_ciphers.isEmpty()) {
System.out.println(banner);
System.out.println(f_ciphers.size() +
" ciphersuites that did not connect to the "+
"server\n\n");
" ciphersuites that did not connect to the "+
"server\n\n");
Iterator iter = f_ciphers.iterator();
while (iter.hasNext()) {
System.out.println((String) iter.next());
@ -776,7 +813,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (sock != null) {
String threadName = new String(sockID + "-" + i);
readWriteThread rwThread = new readWriteThread(socketThreads,
threadName, ciphersuiteTested, sock);
threadName, ciphersuiteTested, sock);
rwThread.start();
if (i == 1) {
h_ciphers.add(ciphersuiteTested);
@ -791,7 +828,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if ( bVerbose ) {
System.out.println("Active thread count: " +
socketThreads.activeCount());
socketThreads.activeCount());
System.out.println("Total threads created: " + getSockTotal());
}
}
@ -800,7 +837,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
* SSL Handshake Listeren implementation.
*/
public class HandshakeListener
implements SSLHandshakeCompletedListener {
implements SSLHandshakeCompletedListener {
private String who;
private JSS_SelfServClient boss;
public HandshakeListener(String who, JSS_SelfServClient boss) {
@ -863,21 +900,21 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
ex.printStackTrace();
}
String usage = "\nUSAGE:\n" +
"java org.mozilla.jss.tests.JSS_SelfServClient" +
" [# sockets] [JSS cipher hex code \"0xC013\" value or -1] " +
"\n\nOptional:\n" +
"[certdb path] [password file] [server host] [server port]" +
"[bypass] [verbose] [server = JSS or JSSE] [ClientCert]";
"java org.mozilla.jss.tests.JSS_SelfServClient" +
" [# sockets] [JSS cipher hex code \"0xC013\" value or -1] " +
"\n\nOptional:\n" +
"[certdb path] [password file] [server host] [server port]" +
"[bypass] [verbose] [server = JSS or JSSE] [ClientCert]";
try {
if (args.length <= 0 ||
args[0].toLowerCase().equals("-h")) {
args[0].toLowerCase().equals("-h")) {
System.out.println(usage);
System.exit(1);
} else {
numOfThreads = new Integer(args[0]).intValue();
System.out.println("Number of Threads to create: "
+ numOfThreads);
+ numOfThreads);
}
if (args.length >= 2) {
if (args[1].startsWith("0x") || args[1].startsWith("0X")) {
@ -899,7 +936,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
testport = new Integer(args[5]).intValue();
}
if ((args.length >= 7) &&
args[6].equalsIgnoreCase("bypass")== true) {
args[6].equalsIgnoreCase("bypass")== true) {
bBypassPKCS11 = true;
}
if ((args.length >= 8) && args[7].equalsIgnoreCase("verbose")
@ -910,10 +947,10 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (args.length >= 9) {
server = args[8].toUpperCase();
}
}
if (args.length >=10) {
certnick = (String)args[9];
System.out.println("certnickname: " + certnick);
certnick = (String)args[9];
System.out.println("certnickname: " + certnick);
}
@ -923,7 +960,7 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
System.out.println("Client connecting to server: " + testhost +
":" + testport);
":" + testport);
JSS_SelfServClient jssTest = new JSS_SelfServClient();
try {
@ -968,14 +1005,14 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
if (jssTest.getSockTotal() == 0 ) {
System.out.println("No SSLSockets created check your " +
"configuration.");
"configuration.");
System.exit(1);
}
// choose how to exit the program
System.out.println(jssTest.getSockTotal() + " SSLSockets created.");
System.out.println("Each created SSLSocket is reading/writing to" +
" the SSLServer.");
" the SSLServer.");
if (jssTest.getTestCiphers()) {
try {
@ -992,14 +1029,14 @@ public class JSS_SelfServClient implements ConstantsBase, Constants {
}
System.out.println("You can choose to exit the program enter:" +
"\n\t\'A\' to abort with out closing the sockets." +
"\n\t\'C\' to close all client sockets (server will not quit)" +
"\n\tor any other letter to close all sockets and tell the" +
"server to quit.");
"\n\t\'A\' to abort with out closing the sockets." +
"\n\t\'C\' to close all client sockets (server will not quit)" +
"\n\tor any other letter to close all sockets and tell the" +
"server to quit.");
try {
BufferedReader stdin = new BufferedReader(new
InputStreamReader(System.in));
InputStreamReader(System.in));
String p = stdin.readLine();
if (p.equalsIgnoreCase("a")) {
System.out.println("Aborting with out closing SSLSockets.");

7
security/jss/org/mozilla/jss/tests/ListCerts.java
Просмотреть файл

@ -48,6 +48,8 @@ import org.mozilla.jss.crypto.*;
import org.mozilla.jss.pkix.cert.Certificate;
import org.mozilla.jss.pkix.cert.CertificateInfo;
import org.mozilla.jss.pkix.cert.Extension;
import java.security.Security;
import java.security.Provider;
public class ListCerts {
@ -67,7 +69,10 @@ public class ListCerts {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] certs = cm.findCertsByNickname(nickname);
Provider[] providers = Security.getProviders();
for ( int i=0; i < providers.length; i++ ) {
System.out.println("Provider "+i+": "+providers[i].getName());
}
System.out.println(certs.length + " certs found with this nickname.");
for(int i=0; i < certs.length; i++) {

160
security/jss/org/mozilla/jss/tests/all.pl
Просмотреть файл

@ -37,7 +37,6 @@
use Socket;
my $java;
# dist <dist_dir>
# release <java release dir> <nss release dir> <nspr release dir>
@ -57,6 +56,7 @@ sub usage {
$| = 1;
# Global variables
my $java = "";
my $testdir = "";
my $testrun = 0;
my $testpass = 0;
@ -148,8 +148,6 @@ sub setup_vars {
$jss_rel_dir = "$dist_dir/../classes$dbg_suffix/org";
$jss_classpath = "$dist_dir/../xpclass$jar_dbg_suffix.jar";
# Test directory = $DIST_DIR
# make it absolute path
} elsif( $$argv[0] eq "auto" ) {
my $dist_dir = `make dist_dir`;
my $obj_dir = `make obj_dir`;
@ -279,7 +277,7 @@ sub setup_vars {
sub updateCertSN() {
# $certSN = certificate serial number (first = 100). Stored in $test_dir/cert-SN
# $certSN = certificate serial number (first = 100). Stored in $testdir/cert-SN
$certSN_file = $testdir ."/" . "cert-SN";
if ( -f $certSN_file) {
open (CERT_SN, "< $certSN_file") || die "couldn't open " . $certSN_file . " for read";
@ -310,31 +308,63 @@ sub outputEnv {
print "testdir=$testdir\n";
print "serverPort=$serverPort\n";
print "LIB_SUFFIX=$lib_suffix\n";
print "osname=$osname\n";
print "java version:";
print "osname=$osname\n";
print "which perl=";
system ("which perl");
system ("$java -version");
}
sub createpkcs11_cfg {
$configfile = $testdir . "/" . "nsspkcs11.cfg";
$keystore = $testdir . "/" . "keystore";
if ( -f $configfile ) {
print "configfile all ready exists";
return;
}
my $nsslibdir = $nss_lib_dir;
my $tdir = $testdir;
#On windows make sure the path starts with c:
if ($osname =~ /_NT/i) {
if ($nsslibdir =~ /\/c\//i) {
substr($nsslibdir, 0, 2, 'c:');
}
if ($tdir =~ /\/c\//i) {
substr($tdir, 0, 2, 'c:');
}
}
#the test for java 1.5 relies on the JAVA_HOME path to have the version
#this is the case for all the build machines and tinderboxes.
if ( $java =~ /1.5/i) {
# java 5
#http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
open (CONFIG, "> $configfile") || die "couldn't open " . $configfile . " for write";
print CONFIG "name=NSS\n";
if ($lib_suffix eq ".jnilib") {
print CONFIG "library=" . $dist_dir . "/lib/libsoftokn3.dylib\n";
print CONFIG "library=" . $nsslibdir . "/libsoftokn3.dylib\n";
} else {
print CONFIG "library=" . $dist_dir . "/lib/libsoftokn3$lib_suffix\n";
print CONFIG "library=" . $nsslibdir . "/libsoftokn3$lib_suffix\n";
}
print CONFIG "nssArgs=\"configdir=\'". $testdir . "\' ";
print CONFIG "nssArgs=\"configdir=\'". $tdir . "\' ";
print CONFIG "certPrefix=\'\' keyPrefix=\'\' secmod=\'secmod.db\'\"\n";
print CONFIG "slot=2\n";
close (CONFIG);
} else {
# java 6
# http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html
# note some OS can read the 1.5 configuration but not all can.
open (CONFIG, "> $configfile") || die "couldn't open " . $configfile . " for write";
print CONFIG "name=NSS\n";
print CONFIG "nssLibraryDirectory=" . "$nsslibdir\n";
print CONFIG "nssSecmodDirectory=$tdir\n";
print CONFIG "nssDbMode=readWrite\n";
print CONFIG "nssModule=keystore\n";
close (CONFIG);
}
print "nsspkcs11=$configfile\n";
}
@ -416,98 +446,98 @@ my $serverCommand;
$testname = "Setup DBs";
$command = "$java org.mozilla.jss.tests.SetupDBs $testdir $pwfile";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known ECDSA cert pair";
$command = "$java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/EC CA_ECDSA Server_ECDSA Client_ECDSA";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known DSS cert pair";
$command = "$java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-1/DSA CA_DSS Server_DSS Client_DSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SetupDBs $testdir $pwfile";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known RSA cert pair";
$command = "$java org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/RSA CA_RSA Server_RSA Client_RSA";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/RSA CA_RSA Server_RSA Client_RSA";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known ECDSA cert pair";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/EC CA_ECDSA Server_ECDSA Client_ECDSA";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known DSS cert pair";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-1/DSA CA_DSS Server_DSS Client_DSS";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 rsa.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/rsa.pfx -n CA_RSA -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 dss.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/dss.pfx -n CA_DSS -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 ecdsa.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/ecdsa.pfx -n CA_ECDSA -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 dss.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/dss.pfx -n CA_DSS -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
#$testname = "Convert nss db to Java keystore";
#$command = "$java org.mozilla.jss.tests.NSS2JKS $keystore $dbPwd $configfile $dbPwd";
#$command = "$java -cp $jss_classpath org.mozilla.jss.tests.NSS2JKS $keystore $dbPwd $configfile $dbPwd";
#run_test($testname, $command);
$testname = "List CA certs";
$command = "$java org.mozilla.jss.tests.ListCACerts $testdir";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.ListCACerts $testdir";
run_test($testname, $command);
updateCertSN();
$serverPort = checkPort($serverPort);
$testname = "SSLClientAuth bypass off";
$command = "$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
run_test($testname, $command);
updateCertSN();
$serverPort=$serverPort+1;
$serverPort = checkPort($serverPort);
$testname = "SSLClientAuth bypass on";
$command = "$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort bypass $certSN";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort bypass $certSN";
run_test($testname, $command);
$serverPort=$serverPort+1;
$testname = "Key Generation";
$command = "$java org.mozilla.jss.tests.TestKeyGen $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.TestKeyGen $testdir $pwfile";
run_test($testname, $command);
$testname = "Key Factory";
$command = "$java org.mozilla.jss.tests.KeyFactoryTest $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.KeyFactoryTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Digest";
$command = "$java org.mozilla.jss.tests.DigestTest $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.DigestTest $testdir $pwfile";
run_test($testname, $command);
$testname = "HMAC ";
$command = "$java org.mozilla.jss.tests.HMACTest $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HMACTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Mozilla-JSS JCA Signature ";
$command = "$java org.mozilla.jss.tests.JCASigTest $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCASigTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Secret Decoder Ring";
$command = "$java org.mozilla.jss.tests.TestSDR $testdir $pwfile";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.TestSDR $testdir $pwfile";
run_test($testname, $command);
$testname = "List cert by certnick";
$command = "$java org.mozilla.jss.tests.ListCerts $testdir Server_RSA";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.ListCerts $testdir Server_RSA";
run_test($testname, $command);
$testname = "Verify cert by certnick";
$command = "$java org.mozilla.jss.tests.VerifyCert $testdir $pwfile Server_RSA";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.VerifyCert $testdir $pwfile Server_RSA";
run_test($testname, $command);
$testname = "Secret Key Generation";
$command = "$java org.mozilla.jss.tests.SymKeyGen $testdir";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SymKeyGen $testdir";
run_test($testname, $command);
$testname = "Mozilla-JSS Secret Key Generation";
$command = "$java org.mozilla.jss.tests.JCASymKeyGen $testdir";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCASymKeyGen $testdir";
run_test($testname, $command);
@ -519,53 +549,69 @@ run_test($testname, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass Off";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassoff $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass On";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypass $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSS Server with Bypass Off and JSSE client";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassOff $java";
$command = "$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSS Server with Bypass On and JSSE client";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypass $java";
$command = "$java org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
run_ssl_test($testname, $serverCommand, $command);
if ($osname =~ /HP/) {
print "don't run the JSSE Server tests on HP.\n";
print "Java 5 on HP does not have SunPKCS11 class\n";
} else {
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using default provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx default $configfile $pwfile $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using default provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx default $configfile $pwfile $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
if ($osname =~ /win/i || $osname =~ /_NT/i) {
print "don't run the Sunpkcs11-NSS tests on windows for now.\n";
} else {
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff JSSE";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using Mozilla-JSS provider and JSS client with Bypass Off";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Mozilla-JSS $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff Mozilla-JSS";
run_ssl_test($testname, $serverCommand, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSSE Server using Mozilla-JSS provider and JSS client with Bypass ON";
$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Mozilla-JSS $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypass verboseoff Mozilla-JSS";
run_ssl_test($testname, $serverCommand, $command);
}
#
@ -573,34 +619,34 @@ run_ssl_test($testname, $serverCommand, $command);
#
$testname = "Enable FipsMODE";
$command = "$java org.mozilla.jss.tests.FipsTest $testdir enable";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir enable";
run_test($testname, $command);
$testname = "Enable FipsMODE";
$command = "$java org.mozilla.jss.tests.FipsTest $testdir chkfips";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir chkfips";
run_test($testname, $command);
updateCertSN();
$testname = "SSLClientAuth FIPSMODE";
$serverPort = checkPort(++$serverPort);
$command = "$java org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
run_test($testname, $command);
$serverPort=$serverPort+1;
$testname = "SSL Ciphersuite JSS Server and JSS client both with Bypass Off";
$serverCommand = "./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort bypassoff $java";
$command = "$java org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort bypassOff verboseoff JSS";
run_ssl_test($testname, $serverCommand, $command);
$testname = "Disable FipsMODE";
$command = "$java org.mozilla.jss.tests.FipsTest $testdir disable";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir disable";
run_test($testname, $command);
#
# Test for JSS jar and library revision
#
$testname = "Check JSS jar version";
$command = "$java org.mozilla.jss.tests.JSSPackageTest $testdir";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSPackageTest $testdir";
run_test($testname, $command);
my $LIB = "$lib_jss"."4"."$lib_suffix";