Add m-esr52 at 52.6.0

1 files changed, 405 insertions, 0 deletions

diff --git a/security/nss/tests/iopr/cert_iopr.sh b/security/nss/tests/iopr/cert_iopr.sh
new file mode 100644
index 000000000..bb1bf047c
--- /dev/null
+++ b/security/nss/tests/iopr/cert_iopr.sh
@@ -0,0 +1,405 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/cert_iopr.sh
+#
+# Certificate generating and handeling for NSS interoperability QA. This file
+# is included from cert.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+
+IOPR_CERT_SOURCED=1
+
+########################################################################
+# function wraps calls to pk12util, also: writes action and options
+# to stdout. 
+# Params are the same as to pk12util.
+# Returns pk12util status
+#
+pk12u()
+{
+    echo "${CU_ACTION} --------------------------"
+
+    echo "pk12util $@"
+    ${BINDIR}/pk12util $@
+    RET=$?
+
+    return $RET
+}
+
+########################################################################
+# Initializes nss db directory and files if they don't exists
+# Params:
+#      $1 - directory location
+#
+createDBDir() {
+    trgDir=$1
+
+    if [ -z "`ls $trgDir | grep db`" ]; then
+        trgDir=`cd ${trgDir}; pwd`
+        if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+			trgDir=`cygpath -m ${trgDir}`
+        fi
+
+        CU_ACTION="Initializing DB at ${trgDir}"
+        certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
+        if [ "$RET" -ne 0 ]; then
+            return $RET
+        fi
+
+        CU_ACTION="Loading root cert module to Cert DB at ${trgDir}"
+        modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${trgDir}" 2>&1
+        if [ "$RET" -ne 0 ]; then
+            return $RET
+        fi
+    fi
+}
+########################################################################
+# takes care of downloading config, cert and crl files from remote
+# location. 
+# Params:
+#      $1 - name of the host file will be downloaded from
+#      $2 - path to the file as it appeared in url
+#      $3 - target directory the file will be saved at.
+# Returns tstclnt status.
+#
+download_file() {
+    host=$1
+    filePath=$2
+    trgDir=$3
+
+    file=$trgDir/`basename $filePath`
+
+    createDBDir $trgDir || return $RET
+
+#    echo wget -O $file http://${host}${filePath}
+#    wget -O $file http://${host}${filePath}
+#    ret=$?
+
+    req=$file.$$
+    echo "GET $filePath HTTP/1.0" > $req
+    echo >> $req
+
+    echo ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
+        -v -w ${R_PWFILE} -o 
+    ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
+        -v -w ${R_PWFILE} -o < $req > $file
+    ret=$?
+    rm -f $_tmp;
+    return $ret
+}
+
+########################################################################
+# Uses pk12util, certutil of cerlutil to import files to an nss db located
+# at <dir>(the value of $1 parameter). Chooses a utility to use based on
+# a file extension. Initializing a db if it does not exists.
+# Params:
+#      $1 - db location directory
+#      $2 - file name to import
+#      $3 - nick name an object in the file will be associated with
+#      $4 - trust arguments 
+# Returns status of import
+#      
+importFile() {
+    dir=$1\
+    file=$2
+    certName=$3
+    certTrust=$4
+
+    [ ! -d $dir ] && mkdir -p $dir;
+
+    createDBDir $dir || return $RET
+            
+    case `basename $file | sed 's/^.*\.//'` in
+        p12)
+            CU_ACTION="Importing p12 $file to DB at $dir"
+            pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
+            [ $? -ne 0 ] && return 1
+            CU_ACTION="Modifying trust for cert $certName at $dir"
+            certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
+            return $?
+            ;;
+        
+        crl) 
+            CU_ACTION="Importing crl $file to DB at $dir"
+            crlu -d ${dir} -I -n TestCA -i $file
+            return $?
+            ;;
+
+        crt | cert)
+            CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
+            certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
+                -i "$file"
+            return $?
+            ;;
+
+        *)
+            echo "Unknown file extension: $file:"
+            return 1
+            ;;
+    esac
+}
+
+
+#########################################################################
+# Downloads and installs test certs and crl from a remote webserver.
+# Generates server cert for reverse testing if reverse test run is turned on.
+# Params:
+#      $1 - host name to download files from.
+#      $2 - directory at which CA cert will be installed and used for
+#           signing a server cert.
+#      $3 - path to a config file in webserver context.
+#      $4 - ssl server db location
+#      $5 - ssl client db location
+#      $5 - ocsp client db location
+#
+# Returns 0 upon success, otherwise, failed command error code.
+#
+download_install_certs() {
+    host=$1
+    caDir=$2
+    confPath=$3
+    sslServerDir=$4
+    sslClientDir=$5
+    ocspClientDir=$6
+
+    [ ! -d "$caDir" ] && mkdir -p $caDir;
+
+    #=======================================================
+    # Getting config file
+    #
+    download_file $host "$confPath/iopr_server.cfg" $caDir
+    RET=$?
+    if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
+        html_failed "Fail to download website config file(ws: $host)" 
+        return 1
+    fi
+
+    . $caDir/iopr_server.cfg
+    RET=$?
+    if [ $RET -ne 0 ]; then
+        html_failed "Fail to source config file(ws: $host)" 
+        return $RET
+    fi
+
+    #=======================================================
+    # Getting CA file
+    #
+
+    #----------------- !!!WARNING!!! -----------------------
+    # Do NOT copy this scenario. CA should never accompany its
+    # cert with the private key when deliver cert to a customer.
+    #----------------- !!!WARNING!!! -----------------------
+
+    download_file $host $certDir/$caCertName.p12 $caDir
+    RET=$?
+    if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
+        html_failed "Fail to download $caCertName cert(ws: $host)" 
+        return 1
+    fi
+    tmpFiles="$caDir/$caCertName.p12"
+
+    importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
+    RET=$?
+    if [ $RET -ne 0 ]; then
+        html_failed "Fail to import $caCertName cert to CA DB(ws: $host)" 
+        return $RET
+    fi
+
+    CU_ACTION="Exporting Root CA cert(ws: $host)"
+    certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert 
+    if [ "$RET" -ne 0 ]; then
+        Exit 7 "Fatal - failed to export $caCertName cert"
+    fi
+
+    #=======================================================
+    # Check what tests we want to run
+    #
+    doSslTests=0; doOcspTests=0
+    # XXX remove "_new" from variables below
+    [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
+    [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
+
+    if [ $doSslTests -eq 1 ]; then
+        if [ "$reverseRunCGIScript" ]; then
+            [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
+            #=======================================================
+            # Import CA cert to server DB
+            #
+            importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
+                        "TC,C,C"
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import server-client-CA cert to \
+                             server DB(ws: $host)" 
+                return $RET
+            fi
+            
+            #=======================================================
+            # Creating server cert
+            #
+            CERTNAME=$HOSTADDR
+            
+            CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
+            CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
+                        L=Mountain View, ST=California, C=US"
+            certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
+                -o $sslServerDir/req 2>&1
+            tmpFiles="$tmpFiles $sslServerDir/req"
+
+            # NOTE:
+            # For possible time synchronization problems (bug 444308) we generate
+            # certificates valid also some time in past (-w -1)
+
+            CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
+            certu -C -c "$caCertName" -m `date +"%s"` -v 60 -w -1 \
+                -d "${caDir}" \
+                -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
+                -f "${R_PWFILE}" 2>&1
+            
+            importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import $CERTNAME cert to server\
+                             DB(ws: $host)" 
+                return $RET
+            fi
+            tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
+            
+            #=======================================================
+            # Download and import CA crl to server DB
+            #
+            download_file $host "$certDir/$caCrlName.crl" $sslServerDir
+            RET=$?
+            if [ $? -ne 0 ]; then
+                html_failed "Fail to download $caCertName crl\
+                             (ws: $host)" 
+                return $RET
+            fi
+            tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
+            
+            importFile $sslServerDir $sslServerDir/TestCA.crl
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import TestCA crt to server\
+                             DB(ws: $host)" 
+                return $RET
+            fi
+        fi # if [ "$reverseRunCGIScript" ]
+        
+        [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
+        #=======================================================
+        # Import CA cert to ssl client DB
+        #
+        importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
+                   "TC,C,C"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import server-client-CA cert to \
+                         server DB(ws: $host)" 
+            return $RET
+        fi
+    fi
+
+    if [ $doOcspTests -eq 1 ]; then
+        [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
+        #=======================================================
+        # Import CA cert to ocsp client DB
+        #
+        importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
+                   "TC,C,C"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import server-client-CA cert to \
+                         server DB(ws: $host)" 
+            return $RET
+        fi
+    fi
+
+    #=======================================================
+    # Import client certs to client DB
+    #
+    for fileName in $downloadFiles; do
+        certName=`echo $fileName | sed 's/\..*//'`
+
+        if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
+            clientDir=$ocspClientDir
+        elif [ $doSslTests -eq 1 ]; then
+            clientDir=$sslClientDir
+        else
+            continue
+        fi
+
+        download_file $host "$certDir/$fileName" $clientDir
+        RET=$?
+        if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
+            html_failed "Fail to download $certName cert(ws: $host)" 
+            return $RET
+        fi
+        tmpFiles="$tmpFiles $clientDir/$fileName"
+        
+        importFile $clientDir $clientDir/$fileName $certName ",,"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import $certName cert to client DB\
+                        (ws: $host)" 
+            return $RET
+        fi
+    done
+
+    rm -f $tmpFiles
+
+    return 0
+}
+
+
+#########################################################################
+# Initial point for downloading config, cert, crl files for multiple hosts
+# involved in interoperability testing. Called from nss/tests/cert/cert.sh
+# It will only proceed with downloading if environment variable 
+# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise. 
+#
+cert_iopr_setup() {
+
+    if [ "$IOPR" -ne 1 ]; then
+        return 1
+    fi
+    num=1
+    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
+    while [ "$IOPR_HOST_PARAM" ]; do
+        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+        IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+        [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
+        IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
+        [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
+        
+        echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
+              $IOPR_CONF_PATH"
+        
+        download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
+            ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
+            ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
+            ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
+        if [ $? -ne 0 ]; then
+            echo "wsFlags=\"NOIOPR $wsParam\"" >> \
+                ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+        fi
+        num=`expr $num + 1`
+        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+    done
+    
+    return 0
+}