summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/iopr/ocsp_iopr.sh
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/iopr/ocsp_iopr.sh')
-rw-r--r--security/nss/tests/iopr/ocsp_iopr.sh231
1 files changed, 231 insertions, 0 deletions
diff --git a/security/nss/tests/iopr/ocsp_iopr.sh b/security/nss/tests/iopr/ocsp_iopr.sh
new file mode 100644
index 000000000..dcc6e1ffb
--- /dev/null
+++ b/security/nss/tests/iopr/ocsp_iopr.sh
@@ -0,0 +1,231 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/ocsp_iopr.sh
+#
+# NSS SSL interoperability QA. This file is included from ssl.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+# FIXME ... known problems, search for this string
+# NOTE .... unexpected behavior
+########################################################################
+IOPR_OCSP_SOURCED=1
+
+########################################################################
+# The funtion works with variables defined in interoperability
+# configuration file that gets downloaded from a webserver.
+# The function sets test parameters defind for a particular type
+# of testing.
+#
+# No return value
+#
+setTestParam() {
+ type=$1
+ testParam=`eval 'echo $'${type}Param`
+ testDescription=`eval 'echo $'${type}Descr`
+ testProto=`eval 'echo $'${type}Proto`
+ testPort=`eval 'echo $'${type}Port`
+ testResponder=`eval 'echo $'${type}ResponderCert`
+ testValidCertNames=`eval 'echo $'${type}ValidCertNames`
+ testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
+ testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
+}
+
+########################################################################
+# The funtion checks status of a cert using ocspclnt.
+# Params:
+# dbDir - nss cert db location
+# cert - cert in question
+# respUrl - responder url is available
+# defRespCert - trusted responder cert
+#
+# Return values:
+# 0 - test passed, 1 - otherwise.
+#
+ocsp_get_cert_status() {
+ dbDir=$1
+ cert=$2
+ respUrl=$3
+ defRespCert=$4
+
+ if [ -n "$respUrl" -o -n "$defRespCert" ]; then
+ if [ -z "$respUrl" -o -z "$defRespCert" ]; then
+ html_failed "Incorrect test params"
+ return 1
+ fi
+ clntParam="-l $respUrl -t $defRespCert"
+ fi
+
+ if [ -z "${MEMLEAK_DBG}" ]; then
+ outFile=$dbDir/ocsptest.out.$$
+ echo "ocspclnt -d $dbDir -S $cert $clntParam"
+ ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
+ ret=$?
+ echo "ocspclnt output:"
+ cat $outFile
+ [ -z "`grep succeeded $outFile`" ] && ret=1
+
+ rm -f $outFile
+ return $ret
+ fi
+
+ OCSP_ATTR="-d $dbDir -S $cert $clntParam"
+ ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
+}
+
+########################################################################
+# The funtion checks status of a cert using ocspclnt.
+# Params:
+# testType - type of the test based on type of used responder
+# servName - FQDM of the responder server
+# dbDir - nss cert db location
+#
+# No return value
+#
+ocsp_iopr() {
+ testType=$1
+ servName=$2
+ dbDir=$3
+
+ setTestParam $testType
+ if [ "`echo $testParam | grep NOCOV`" != "" ]; then
+ echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
+ "run by server configuration"
+ return 0
+ fi
+
+ if [ -z "${MEMLEAK_DBG}" ]; then
+ html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
+ "Test Type: $testDescription"
+ fi
+
+ if [ -n "$testResponder" ]; then
+ responderUrl="$testProto://$servName:$testPort"
+ else
+ responderUrl=""
+ fi
+
+ if [ -z "${MEMLEAK_DBG}" ]; then
+ for certName in $testValidCertNames; do
+ ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+ "$testResponder"
+ html_msg $? 0 "Getting status of a valid cert ($certName)" \
+ "produced a returncode of $ret, expected is 0."
+ done
+
+ for certName in $testRevokedCertNames; do
+ ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+ "$testResponder"
+ html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
+ "produced a returncode of $ret, expected is 1."
+ done
+
+ for certName in $testStatUnknownCertNames; do
+ ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+ "$testResponder"
+ html_msg $? 1 "Getting status of a cert with unknown status " \
+ "($certName) produced a returncode of $ret, expected is 1."
+ done
+ else
+ for certName in $testValidCertNames $testRevokedCertNames \
+ $testStatUnknownCertName; do
+ ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+ "$testResponder"
+ done
+ fi
+}
+
+#####################################################################
+# Initial point for running ocsp test againt multiple hosts involved in
+# interoperability testing. Called from nss/tests/ocsp/ocsp.sh
+# It will only proceed with test run for a specific host if environment variable
+# IOPR_HOSTADDR_LIST was set, had the host name in the list
+# and all needed file were successfully downloaded and installed for the host.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise.
+#
+ocsp_iopr_run() {
+ NO_ECC_CERTS=1 # disable ECC for interoperability tests
+
+ if [ "$IOPR" -ne 1 ]; then
+ return 1
+ fi
+ cd ${CLIENTDIR}
+
+ if [ -n "${MEMLEAK_DBG}" ]; then
+ html_head "Memory leak checking - IOPR"
+ fi
+
+ num=1
+ IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+ while [ "$IOPR_HOST_PARAM" ]; do
+ IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+ IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+ [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
+
+ . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+ RES=$?
+
+ num=`expr $num + 1`
+ IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+
+ if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
+ continue
+ fi
+
+ #=======================================================
+ # Check what server is configured to run ssl tests
+ #
+ [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
+
+ # Testing directories defined by webserver.
+ if [ -n "${MEMLEAK_DBG}" ]; then
+ LOGNAME=iopr-${IOPR_HOSTADDR}
+ LOGFILE=${LOGDIR}/${LOGNAME}.log
+ fi
+
+ # Testing directories defined by webserver.
+ echo "Testing ocsp interoperability.
+ Client: local(tstclnt).
+ Responder: remote($IOPR_HOSTADDR)"
+
+ for ocspTestType in ${supportedTests_new}; do
+ if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
+ continue
+ fi
+ if [ -n "${MEMLEAK_DBG}" ]; then
+ ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
+ ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
+ else
+ ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
+ ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
+ fi
+ done
+
+ if [ -n "${MEMLEAK_DBG}" ]; then
+ log_parse
+ ret=$?
+ html_msg ${ret} 0 "${LOGNAME}" \
+ "produced a returncode of $ret, expected is 0"
+ fi
+
+ echo "================================================"
+ echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
+ done
+
+ if [ -n "${MEMLEAK_DBG}" ]; then
+ html "</TABLE><BR>"
+ fi
+
+ NO_ECC_CERTS=0
+ return 0
+}
+