summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/common
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/common')
-rw-r--r--security/nss/tests/common/certsetup.sh57
-rw-r--r--security/nss/tests/common/init.sh49
2 files changed, 80 insertions, 26 deletions
diff --git a/security/nss/tests/common/certsetup.sh b/security/nss/tests/common/certsetup.sh
new file mode 100644
index 000000000..2b5cef840
--- /dev/null
+++ b/security/nss/tests/common/certsetup.sh
@@ -0,0 +1,57 @@
+# Generate input to certutil
+certscript() {
+ ca=n
+ while [ $# -gt 0 ]; do
+ case $1 in
+ sign) echo 0 ;;
+ kex) echo 2 ;;
+ ca) echo 5;echo 6;ca=y ;;
+ esac; shift
+ done;
+ echo 9
+ echo n
+ echo $ca
+ echo
+ echo n
+}
+
+# $1: name
+# $2: type
+# $3+: usages: sign or kex
+make_cert() {
+ name=$1
+ type=$2
+
+ # defaults
+ type_args=()
+ trust=',,'
+ sign=(-x)
+ sighash=(-Z SHA256)
+
+ case $type in
+ dsa) type_args=(-g 1024) ;;
+ rsa) type_args=(-g 1024) ;;
+ rsa2048) type_args=(-g 2048);type=rsa ;;
+ rsa8192) type_args=(-g 8192);type=rsa ;;
+ rsapss) type_args=(-g 1024 --pss);type=rsa ;;
+ rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;;
+ rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;;
+ rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;;
+ p256) type_args=(-q nistp256);type=ec ;;
+ p384) type_args=(-q secp384r1);type=ec ;;
+ p521) type_args=(-q secp521r1);type=ec ;;
+ rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;;
+ rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;;
+ rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;;
+ rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;;
+ rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;;
+ ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;;
+ esac
+ shift 2
+ counter=$(($counter + 1))
+ certscript $@ | ${BINDIR}/certutil -S \
+ -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
+ -n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \
+ -w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2
+ html_msg $? 0 "create certificate: $@"
+}
diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh
index 933551e83..2896f1321 100644
--- a/security/nss/tests/common/init.sh
+++ b/security/nss/tests/common/init.sh
@@ -356,40 +356,34 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
#HOST and DOMSUF are needed for the server cert
- DOMAINNAME=`which domainname`
- if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then
+ if [ -z "$DOMSUF" ] && hash domainname 2>/dev/null; then
DOMSUF=`domainname`
fi
+ # hostname -d and domainname both return (none) if hostname doesn't
+ # include a dot. Pretend we didn't get an answer.
+ if [ "$DOMSUF" = "(none)" ]; then
+ DOMSUF=
+ fi
- case $HOST in
+ if [ -z "$HOST" ]; then
+ HOST=`uname -n`
+ fi
+ case "$HOST" in
*\.*)
- if [ -z "${DOMSUF}" ]; then
- DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
+ if [ -z "$DOMSUF" ]; then
+ DOMSUF="${HOST#*.}"
fi
- HOST=`echo $HOST | sed -e "s/\..*//"`
+ HOST="${HOST%%.*}"
;;
?*)
;;
*)
- HOST=`uname -n`
- case $HOST in
- *\.*)
- if [ -z "${DOMSUF}" ]; then
- DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
- fi
- HOST=`echo $HOST | sed -e "s/\..*//"`
- ;;
- ?*)
- ;;
- *)
- echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
- exit 1 #does not need to be Exit, very early in script
- ;;
- esac
+ echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
+ exit 1 #does not need to be Exit, very early in script
;;
esac
- if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then
+ if [ -z "$DOMSUF" -a "$OS_ARCH" != "Android" ]; then
echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined."
exit 1 #does not need to be Exit, very early in script
fi
@@ -397,8 +391,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
#HOSTADDR was a workaround for the dist. stress test, and is probably
#not needed anymore (purpose: be able to use IP address for the server
#cert instead of PC name which was not in the DNS because of dyn IP address
- if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then
- if [ -z "${DOMSUF}" ]; then
+ if [ "$USE_IP" != "TRUE" ] ; then
+ if [ -z "$DOMSUF" ]; then
HOSTADDR=${HOST}
else
HOSTADDR=${HOST}.${DOMSUF}
@@ -543,8 +537,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
D_DISTRUST="Distrust.$version"
D_RSAPSS="RSAPSS.$version"
- # we need relative pathnames of these files abd directories, since our
- # tools can't handle the unix style absolut pathnames on cygnus
+ # we need relative pathnames of these files and directories, since our
+ # tools can't handle the unix style absolute pathnames on cygnus
R_CADIR=../CA
R_SERVERDIR=../server
@@ -565,6 +559,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
R_NOLOGINDIR=../nologin
R_SSLGTESTDIR=../ssl_gtests
R_GTESTDIR=../gtests
+ R_RSAPSSDIR=../rsapss
#
# profiles are either paths or domains depending on the setting of
@@ -581,6 +576,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR}
+ P_R_RSAPSSDIR=${R_RSAPSSDIR}
if [ -n "${MULTIACCESS_DBM}" ]; then
P_R_CADIR="multiaccess:${D_CA}"
P_R_ALICEDIR="multiaccess:${D_ALICE}"
@@ -593,6 +589,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
+ P_R_RSAPSSDIR="multiaccess:${D_RSAPSS}"
fi
R_PWFILE=../tests.pw