diff options
Diffstat (limited to 'security/nss/tests/common')
-rw-r--r-- | security/nss/tests/common/certsetup.sh | 57 | ||||
-rw-r--r-- | security/nss/tests/common/init.sh | 49 |
2 files changed, 80 insertions, 26 deletions
diff --git a/security/nss/tests/common/certsetup.sh b/security/nss/tests/common/certsetup.sh new file mode 100644 index 000000000..2b5cef840 --- /dev/null +++ b/security/nss/tests/common/certsetup.sh @@ -0,0 +1,57 @@ +# Generate input to certutil +certscript() { + ca=n + while [ $# -gt 0 ]; do + case $1 in + sign) echo 0 ;; + kex) echo 2 ;; + ca) echo 5;echo 6;ca=y ;; + esac; shift + done; + echo 9 + echo n + echo $ca + echo + echo n +} + +# $1: name +# $2: type +# $3+: usages: sign or kex +make_cert() { + name=$1 + type=$2 + + # defaults + type_args=() + trust=',,' + sign=(-x) + sighash=(-Z SHA256) + + case $type in + dsa) type_args=(-g 1024) ;; + rsa) type_args=(-g 1024) ;; + rsa2048) type_args=(-g 2048);type=rsa ;; + rsa8192) type_args=(-g 8192);type=rsa ;; + rsapss) type_args=(-g 1024 --pss);type=rsa ;; + rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;; + rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;; + rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;; + p256) type_args=(-q nistp256);type=ec ;; + p384) type_args=(-q secp384r1);type=ec ;; + p521) type_args=(-q secp521r1);type=ec ;; + rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;; + rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;; + rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;; + rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;; + rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;; + ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;; + esac + shift 2 + counter=$(($counter + 1)) + certscript $@ | ${BINDIR}/certutil -S \ + -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \ + -n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \ + -w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2 + html_msg $? 0 "create certificate: $@" +} diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index 933551e83..2896f1321 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -356,40 +356,34 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then #HOST and DOMSUF are needed for the server cert - DOMAINNAME=`which domainname` - if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then + if [ -z "$DOMSUF" ] && hash domainname 2>/dev/null; then DOMSUF=`domainname` fi + # hostname -d and domainname both return (none) if hostname doesn't + # include a dot. Pretend we didn't get an answer. + if [ "$DOMSUF" = "(none)" ]; then + DOMSUF= + fi - case $HOST in + if [ -z "$HOST" ]; then + HOST=`uname -n` + fi + case "$HOST" in *\.*) - if [ -z "${DOMSUF}" ]; then - DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"` + if [ -z "$DOMSUF" ]; then + DOMSUF="${HOST#*.}" fi - HOST=`echo $HOST | sed -e "s/\..*//"` + HOST="${HOST%%.*}" ;; ?*) ;; *) - HOST=`uname -n` - case $HOST in - *\.*) - if [ -z "${DOMSUF}" ]; then - DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"` - fi - HOST=`echo $HOST | sed -e "s/\..*//"` - ;; - ?*) - ;; - *) - echo "$SCRIPTNAME: Fatal HOST environment variable is not defined." - exit 1 #does not need to be Exit, very early in script - ;; - esac + echo "$SCRIPTNAME: Fatal HOST environment variable is not defined." + exit 1 #does not need to be Exit, very early in script ;; esac - if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then + if [ -z "$DOMSUF" -a "$OS_ARCH" != "Android" ]; then echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined." exit 1 #does not need to be Exit, very early in script fi @@ -397,8 +391,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then #HOSTADDR was a workaround for the dist. stress test, and is probably #not needed anymore (purpose: be able to use IP address for the server #cert instead of PC name which was not in the DNS because of dyn IP address - if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then - if [ -z "${DOMSUF}" ]; then + if [ "$USE_IP" != "TRUE" ] ; then + if [ -z "$DOMSUF" ]; then HOSTADDR=${HOST} else HOSTADDR=${HOST}.${DOMSUF} @@ -543,8 +537,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then D_DISTRUST="Distrust.$version" D_RSAPSS="RSAPSS.$version" - # we need relative pathnames of these files abd directories, since our - # tools can't handle the unix style absolut pathnames on cygnus + # we need relative pathnames of these files and directories, since our + # tools can't handle the unix style absolute pathnames on cygnus R_CADIR=../CA R_SERVERDIR=../server @@ -565,6 +559,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then R_NOLOGINDIR=../nologin R_SSLGTESTDIR=../ssl_gtests R_GTESTDIR=../gtests + R_RSAPSSDIR=../rsapss # # profiles are either paths or domains depending on the setting of @@ -581,6 +576,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR} P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR} P_R_IMPLICIT_INIT_DIR=${R_IMPLICIT_INIT_DIR} + P_R_RSAPSSDIR=${R_RSAPSSDIR} if [ -n "${MULTIACCESS_DBM}" ]; then P_R_CADIR="multiaccess:${D_CA}" P_R_ALICEDIR="multiaccess:${D_ALICE}" @@ -593,6 +589,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}" P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}" P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}" + P_R_RSAPSSDIR="multiaccess:${D_RSAPSS}" fi R_PWFILE=../tests.pw |