summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/merge
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/merge')
-rwxr-xr-xsecurity/nss/tests/merge/merge.sh277
1 files changed, 277 insertions, 0 deletions
diff --git a/security/nss/tests/merge/merge.sh b/security/nss/tests/merge/merge.sh
new file mode 100755
index 000000000..1929b12c8
--- /dev/null
+++ b/security/nss/tests/merge/merge.sh
@@ -0,0 +1,277 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/merge/merge.sh
+#
+# Script to test NSS merge
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+# FIXME ... known problems, search for this string
+# NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## merge_init ##############################
+# local shell function to initialize this script
+########################################################################
+merge_init()
+{
+ SCRIPTNAME=merge.sh # sourced - $0 would point to all.sh
+ HAS_EXPLICIT_DB=0
+ if [ ! -z "${NSS_DEFAULT_DB_TYPE}" ]; then
+ HAS_EXPLICIT_DB=1
+ fi
+
+
+ if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
+ CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
+ fi
+
+ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+ cd ../common
+ . ./init.sh
+ fi
+ if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
+ cd ${QADIR}/cert
+ . ./cert.sh
+ fi
+
+ if [ ! -d ${HOSTDIR}/SDR ]; then
+ cd ${QADIR}/sdr
+ . ./sdr.sh
+ fi
+ SCRIPTNAME=merge.sh
+
+ html_head "Merge Tests"
+
+ # need the SSL & SMIME directories from cert.sh
+ grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+ Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
+ }
+ grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
+ Exit 8 "Fatal - SSL of cert.sh needs to pass first"
+ }
+
+ #temporary files for SDR tests
+ VALUE1=$HOSTDIR/tests.v1.$$
+ VALUE3=$HOSTDIR/tests.v3.$$
+
+ # local directories used in this test.
+ MERGEDIR=${HOSTDIR}/merge
+ R_MERGEDIR=../merge
+ D_MERGE="merge.$version"
+ # SDR not initialized in common/init
+ P_R_SDR=../SDR
+ D_SDR="SDR.$version"
+ mkdir -p ${MERGEDIR}
+
+ PROFILE=.
+ if [ -n "${MULTIACCESS_DBM}" ]; then
+ PROFILE="multiaccess:${D_MERGE}"
+ P_R_SDR="multiaccess:${D_SDR}"
+ fi
+
+ cd ${MERGEDIR}
+
+ # clear out any existing databases, potentially from a previous run.
+ rm -f *.db
+
+ # copy alicedir over as a seed database.
+ cp ${R_ALICEDIR}/* .
+ # copy the smime text samples
+ cp ${QADIR}/smime/*.txt .
+
+ # create a set of conflicting names.
+ CONFLICT1DIR=conflict1
+ CONFLICT2DIR=conflict2
+ mkdir ${CONFLICT1DIR}
+ mkdir ${CONFLICT2DIR}
+ # in the upgrade mode (dbm->sql), make sure our test databases
+ # are dbm databases.
+ if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+ save=${NSS_DEFAULT_DB_TYPE}
+ NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
+ fi
+
+ certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
+ certutil -N -d ${CONFLICT2DIR} -f ${R_PWFILE}
+ certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser41.cert -d ${CONFLICT1DIR}
+ # modify CONFLICTDIR potentially corrupting the database
+ certutil -A -n "Alice #1" -t C,, -i ${R_CADIR}/TestUser42.cert -d ${CONFLICT1DIR} -f ${R_PWFILE}
+ certutil -M -n "Alice #1" -t ,, -d ${CONFLICT1DIR} -f ${R_PWFILE}
+ certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser43.cert -d ${CONFLICT1DIR}
+ certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser44.cert -d ${CONFLICT2DIR}
+ certutil -A -n "Alice #1" -t ,, -i ${R_CADIR}/TestUser45.cert -d ${CONFLICT2DIR}
+ certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser46.cert -d ${CONFLICT2DIR}
+ if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+ NSS_DEFAULT_DB_TYPE=${save}; export NSS_DEFAULT_DB_TYPE
+ fi
+
+ #
+ # allow all the tests to run in standalone mode.
+ # in standalone mode, TEST_MODE is not set.
+ # if NSS_DEFAULT_DB_TYPE is dbm, then test merge with dbm
+ # if NSS_DEFAULT_DB_TYPE is sql, then test merge with sql
+ # if NSS_DEFAULT_DB_TYPE is not set, then test database upgrade merge
+ # from dbm databases (created above) into a new sql db.
+ if [ -z "${TEST_MODE}" ] && [ ${HAS_EXPLICIT_DB} -eq 0 ]; then
+ echo "*** Using Standalone Upgrade DB mode"
+ NSS_DEFAULT_DB_TYPE=sql; export NSS_DEFAULT_DB_TYPE
+ echo certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ ${BINDIR}/certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ TEST_MODE=UPGRADE_DB
+
+ fi
+
+}
+
+#
+# this allows us to run this test for both merge and upgrade-merge cases.
+# merge_cmd takes the potential upgrade-id and the rest of the certutil
+# arguments.
+#
+merge_cmd()
+{
+ MERGE_CMD=--merge
+ if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+ MERGE_CMD="--upgrade-merge --upgrade-token-name OldDB --upgrade-id ${1}"
+ fi
+ shift
+ echo certutil ${MERGE_CMD} $*
+ ${PROFTOOL} ${BINDIR}/certutil ${MERGE_CMD} $*
+}
+
+
+merge_main()
+{
+ # first create a local sdr key and encrypt some data with it
+ # This will cause a colision with the SDR key in ../SDR.
+ echo "$SCRIPTNAME: Creating an SDR key & Encrypt"
+ echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}"
+ ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}
+ html_msg $? 0 "Creating SDR Key"
+
+ # Now merge in Dave
+ # Dave's cert is already in alicedir, but his key isn't. This will make
+ # sure we are updating the keys and CKA_ID's on the certificate properly.
+ MERGE_ID=dave
+ echo "$SCRIPTNAME: Merging in Key for Existing user"
+ merge_cmd dave --source-dir ${P_R_DAVEDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ html_msg $? 0 "Merging Dave"
+
+ # Merge in server
+ # contains a CRL and new user certs
+ MERGE_ID=server
+ echo "$SCRIPTNAME: Merging in new user "
+ merge_cmd server --source-dir ${P_R_SERVERDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ html_msg $? 0 "Merging server"
+
+ # Merge in ext_client
+ # contains a new certificate chain and additional trust flags
+ MERGE_ID=ext_client
+ echo "$SCRIPTNAME: Merging in new chain "
+ merge_cmd ext_client --source-dir ${P_R_EXT_CLIENTDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ html_msg $? 0 "Merging ext_client"
+
+ # Merge conflicting nicknames in conflict1dir
+ # contains several certificates with nicknames that conflict with the target
+ # database
+ MERGE_ID=conflict1
+ echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
+ merge_cmd conflict1 --source-dir ${CONFLICT1DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+
+ html_msg $? 0 "Merging conflicting nicknames 1"
+
+ # Merge conflicting nicknames in conflict2dir
+ # contains several certificates with nicknames that conflict with the target
+ # database
+ MERGE_ID=conflict2
+ echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
+ merge_cmd conflict2 --source-dir ${CONFLICT2DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ html_msg $? 0 "Merging conflicting nicknames 2"
+
+ # Make sure conflicted names were properly sorted out.
+ echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #4)"
+ certutil -L -n "Alice #4" -d ${PROFILE}
+ html_msg $? 0 "Verify nicknames were deconflicted (Alice #4)"
+
+ # Make sure conflicted names were properly sorted out.
+ echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #100)"
+ certutil -L -n "Alice #100" -d ${PROFILE}
+ html_msg $? 0 "Verify nicknames were deconflicted (Alice #100)"
+
+ # Merge in SDR
+ # contains a secret SDR key
+ MERGE_ID=SDR
+ echo "$SCRIPTNAME: Merging in SDR "
+ merge_cmd sdr --source-dir ${P_R_SDR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+ html_msg $? 0 "Merging SDR"
+
+ # insert a listing of the database into the log for diagonic purposes
+ ${BINDIR}/certutil -L -d ${PROFILE}
+ ${BINDIR}/crlutil -L -d ${PROFILE}
+
+ # Make sure we can decrypt with our original SDR key generated above
+ echo "$SCRIPTNAME: Decrypt - With Original SDR Key"
+ echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}"
+ ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}
+ html_msg $? 0 "Decrypt - Value 3"
+
+ # Make sure we can decrypt with our the SDR key merged in from ../SDR
+ echo "$SCRIPTNAME: Decrypt - With Merged SDR Key"
+ echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}"
+ ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}
+ html_msg $? 0 "Decrypt - Value 1"
+
+ # Make sure we can sign with merge certificate
+ echo "$SCRIPTNAME: Signing with merged key ------------------"
+ echo "cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig"
+ ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig
+ html_msg $? 0 "Create Detached Signature Dave" "."
+
+ echo "cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} "
+ ${PROFTOOL} ${BINDIR}/cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE}
+ html_msg $? 0 "Verifying Dave's Detached Signature"
+
+ # Make sure that trust objects were properly merged
+ echo "$SCRIPTNAME: verifying merged cert ------------------"
+ echo "certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}"
+ ${PROFTOOL} ${BINDIR}/certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}
+ html_msg $? 0 "Verifying ExtendedSSL User Cert"
+
+ # Make sure that the crl got properly copied in
+ echo "$SCRIPTNAME: verifying merged crl ------------------"
+ echo "crlutil -L -n TestCA -d ${PROFILE}"
+ ${PROFTOOL} ${BINDIR}/crlutil -L -n TestCA -d ${PROFILE}
+ html_msg $? 0 "Verifying TestCA CRL"
+
+}
+
+############################## smime_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+merge_cleanup()
+{
+ html "</TABLE><BR>"
+ cd ${QADIR}
+ . common/cleanup.sh
+}
+
+################## main #################################################
+
+merge_init
+merge_main
+echo "TEST_MODE=${TEST_MODE}"
+echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
+merge_cleanup
+
+