search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import 1.9b4 NSS tag from cvs
[mozilla-nss.git] / security / nss / tests / iopr / cert_iopr.sh
blob8d5bea620cc9533601d36c1225caf720149a8851
1 #! /bin/sh
2 #
3 # ***** BEGIN LICENSE BLOCK *****
4 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 #
6 # The contents of this file are subject to the Mozilla Public License Version
7 # 1.1 (the "License"); you may not use this file except in compliance with
8 # the License. You may obtain a copy of the License at
9 # http://www.mozilla.org/MPL/
10 #
11 # Software distributed under the License is distributed on an "AS IS" basis,
12 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 # for the specific language governing rights and limitations under the
14 # License.
15 #
16 # The Original Code is the Netscape security libraries.
17 #
18 # The Initial Developer of the Original Code is
19 # Netscape Communications Corporation.
20 # Portions created by the Initial Developer are Copyright (C) 1994-2000
21 # the Initial Developer. All Rights Reserved.
22 #
23 # Alternatively, the contents of this file may be used under the terms of
24 # either the GNU General Public License Version 2 or later (the "GPL"), or
25 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 # in which case the provisions of the GPL or the LGPL are applicable instead
27 # of those above. If you wish to allow use of your version of this file only
28 # under the terms of either the GPL or the LGPL, and not to allow others to
29 # use your version of this file under the terms of the MPL, indicate your
30 # decision by deleting the provisions above and replace them with the notice
31 # and other provisions required by the GPL or the LGPL. If you do not delete
32 # the provisions above, a recipient may use your version of this file under
33 # the terms of any one of the MPL, the GPL or the LGPL.
34 #
35 # ***** END LICENSE BLOCK *****
36
37 ########################################################################
38 #
39 # mozilla/security/nss/tests/iopr/cert_iopr.sh
40 #
41 # Certificate generating and handeling for NSS interoperability QA. This file
42 # is included from cert.sh
43 #
44 # needs to work on all Unix and Windows platforms
45 #
46 # special strings
47 # ---------------
48 # FIXME ... known problems, search for this string
49 # NOTE .... unexpected behavior
50 #
51 # FIXME - Netscape - NSS
52 ########################################################################
53
54 IOPR_CERT_SOURCED=1
55
56 ########################################################################
57 # function wraps calls to pk12util, also: writes action and options
58 # to stdout.
59 # Params are the same as to pk12util.
60 # Returns pk12util status
61 #
62 pk12u()
63 {
64 echo "${CU_ACTION} --------------------------"
65
66 echo "pk12util $@"
67 ${BINDIR}/pk12util $@
68 RET=$?
69
70 return $RET
71 }
72
73 ########################################################################
74 # Initializes nss db directory and files if they don't exists
75 # Params:
76 # $1 - directory location
77 #
78 createDBDir() {
79 trgDir=$1
80
81 if [ -z "`ls $trgDir | grep db`" ]; then
82 trgDir=`cd ${trgDir}; pwd`
83 if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
84 trgDir=`cygpath -m ${trgDir}`
85 fi
86
87 CU_ACTION="Initializing DB at ${trgDir}"
88 certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
89 if [ "$RET" -ne 0 ]; then
90 return $RET
91 fi
92
93 CU_ACTION="Loading root cert module to Cert DB at ${trgDir}"
94 modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${trgDir}" 2>&1
95 if [ "$RET" -ne 0 ]; then
96 return $RET
97 fi
98 fi
99 }
100 ########################################################################
101 # takes care of downloading config, cert and crl files from remote
102 # location.
103 # Params:
104 # $1 - name of the host file will be downloaded from
105 # $2 - path to the file as it appeared in url
106 # $3 - target directory the file will be saved at.
107 # Returns tstclnt status.
108 #
109 download_file() {
110 host=$1
111 filePath=$2
112 trgDir=$3
113
114 file=$trgDir/`basename $filePath`
115
116 createDBDir $trgDir || return $RET
117
118 # echo wget -O $file http://${host}${filePath}
119 # wget -O $file http://${host}${filePath}
120 # ret=$?
121
122 req=$file.$$
123 echo "GET $filePath HTTP/1.0" > $req
124 echo >> $req
125
126 ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
127 -w ${R_PWFILE} -o < $req > $file
128 ret=$?
129 rm -f $_tmp;
130 return $ret
131 }
132
133 ########################################################################
134 # Uses pk12util, certutil of cerlutil to import files to an nss db located
135 # at <dir>(the value of $1 parameter). Chooses a utility to use based on
136 # a file extension. Initializing a db if it does not exists.
137 # Params:
138 # $1 - db location directory
139 # $2 - file name to import
140 # $3 - nick name an object in the file will be associated with
141 # $4 - trust arguments
142 # Returns status of import
143 #
144 importFile() {
145 dir=$1\
146 file=$2
147 certName=$3
148 certTrust=$4
149
150 [ ! -d $dir ] && mkdir -p $dir;
151
152 createDBDir $dir || return $RET
153
154 case `basename $file | sed 's/^.*\.//'` in
155 p12)
156 CU_ACTION="Importing p12 $file to DB at $dir"
157 pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
158 [ $? -ne 0 ] && return 1
159 CU_ACTION="Modifying trust for cert $certName at $dir"
160 certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
161 return $?
162 ;;
163
164 crl)
165 CU_ACTION="Importing crl $file to DB at $dir"
166 crlu -d ${dir} -I -n TestCA -i $file
167 return $?
168 ;;
169
170 crt | cert)
171 CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
172 certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
173 -i "$file"
174 return $?
175 ;;
176
177 *)
178 echo "Unknown file extension: $file:"
179 return 1
180 ;;
181 esac
182 }
183
184
185 #########################################################################
186 # Downloads and installs test certs and crl from a remote webserver.
187 # Generates server cert for reverse testing if reverse test run is turned on.
188 # Params:
189 # $1 - host name to download files from.
190 # $2 - directory at which CA cert will be installed and used for
191 # signing a server cert.
192 # $3 - path to a config file in webserver context.
193 # $4 - ssl server db location
194 # $5 - ssl client db location
195 # $5 - ocsp client db location
196 #
197 # Returns 0 upon success, otherwise, failed command error code.
198 #
199 download_install_certs() {
200 host=$1
201 caDir=$2
202 confPath=$3
203 sslServerDir=$4
204 sslClientDir=$5
205 ocspClientDir=$6
206
207 [ ! -d "$caDir" ] && mkdir -p $caDir;
208
209 #=======================================================
210 # Getting config file
211 #
212 download_file $host "$confPath/iopr_server.cfg" $caDir
213 RET=$?
214 if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
215 html_failed "Fail to download website config file(ws: $host)"
216 return 1
217 fi
218
219 . $caDir/iopr_server.cfg
220 RET=$?
221 if [ $RET -ne 0 ]; then
222 html_failed "Fail to source config file(ws: $host)"
223 return $RET
224 fi
225
226 #=======================================================
227 # Getting CA file
228 #
229
230 #----------------- !!!WARNING!!! -----------------------
231 # Do NOT copy this scenario. CA should never accompany its
232 # cert with the private key when deliver cert to a customer.
233 #----------------- !!!WARNING!!! -----------------------
234
235 download_file $host $certDir/$caCertName.p12 $caDir
236 RET=$?
237 if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
238 html_failed "Fail to download $caCertName cert(ws: $host)"
239 return 1
240 fi
241 tmpFiles="$caDir/$caCertName.p12"
242
243 importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
244 RET=$?
245 if [ $RET -ne 0 ]; then
246 html_failed "Fail to import $caCertName cert to CA DB(ws: $host)"
247 return $RET
248 fi
249
250 CU_ACTION="Exporting Root CA cert(ws: $host)"
251 certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert
252 if [ "$RET" -ne 0 ]; then
253 Exit 7 "Fatal - failed to export $caCertName cert"
254 fi
255
256 #=======================================================
257 # Check what tests we want to run
258 #
259 doSslTests=0; doOcspTests=0
260 # XXX remove "_new" from variables below
261 [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
262 [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
263
264 if [ $doSslTests -eq 1 ]; then
265 if [ "$reverseRunCGIScript" ]; then
266 [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
267 #=======================================================
268 # Import CA cert to server DB
269 #
270 importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
271 "TC,C,C"
272 RET=$?
273 if [ $RET -ne 0 ]; then
274 html_failed "Fail to import server-client-CA cert to \
275 server DB(ws: $host)"
276 return $RET
277 fi
278
279 #=======================================================
280 # Creating server cert
281 #
282 CERTNAME=$HOSTADDR
283
284 CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
285 CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
286 L=Mountain View, ST=California, C=US"
287 certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
288 -o $sslServerDir/req 2>&1
289 tmpFiles="$tmpFiles $sslServerDir/req"
290
291
292 CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
293 certu -C -c "$caCertName" -m `date +"%s"` -v 60 -d "${caDir}" \
294 -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
295 -f "${R_PWFILE}" 2>&1
296
297 importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
298 RET=$?
299 if [ $RET -ne 0 ]; then
300 html_failed "Fail to import $CERTNAME cert to server\
301 DB(ws: $host)"
302 return $RET
303 fi
304 tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
305
306 #=======================================================
307 # Download and import CA crl to server DB
308 #
309 download_file $host "$certDir/$caCrlName.crl" $sslServerDir
310 RET=$?
311 if [ $? -ne 0 ]; then
312 html_failed "Fail to download $caCertName crl\
313 (ws: $host)"
314 return $RET
315 fi
316 tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
317
318 importFile $sslServerDir $sslServerDir/TestCA.crl
319 RET=$?
320 if [ $RET -ne 0 ]; then
321 html_failed "Fail to import TestCA crt to server\
322 DB(ws: $host)"
323 return $RET
324 fi
325 fi # if [ "$reverseRunCGIScript" ]
326
327 [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
328 #=======================================================
329 # Import CA cert to ssl client DB
330 #
331 importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
332 "TC,C,C"
333 RET=$?
334 if [ $RET -ne 0 ]; then
335 html_failed "Fail to import server-client-CA cert to \
336 server DB(ws: $host)"
337 return $RET
338 fi
339 fi
340
341 if [ $doOcspTests -eq 1 ]; then
342 [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
343 #=======================================================
344 # Import CA cert to ocsp client DB
345 #
346 importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
347 "TC,C,C"
348 RET=$?
349 if [ $RET -ne 0 ]; then
350 html_failed "Fail to import server-client-CA cert to \
351 server DB(ws: $host)"
352 return $RET
353 fi
354 fi
355
356 #=======================================================
357 # Import client certs to client DB
358 #
359 for fileName in $downloadFiles; do
360 certName=`echo $fileName | sed 's/\..*//'`
361
362 if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
363 clientDir=$ocspClientDir
364 elif [ $doSslTests -eq 1 ]; then
365 clientDir=$sslClientDir
366 else
367 continue
368 fi
369
370 download_file $host "$certDir/$fileName" $clientDir
371 RET=$?
372 if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
373 html_failed "Fail to download $certName cert(ws: $host)"
374 return $RET
375 fi
376 tmpFiles="$tmpFiles $clientDir/$fileName"
377
378 importFile $clientDir $clientDir/$fileName $certName ",,"
379 RET=$?
380 if [ $RET -ne 0 ]; then
381 html_failed "Fail to import $certName cert to client DB\
382 (ws: $host)"
383 return $RET
384 fi
385 done
386
387 rm -f $tmpFiles
388
389 return 0
390 }
391
392
393 #########################################################################
394 # Initial point for downloading config, cert, crl files for multiple hosts
395 # involved in interoperability testing. Called from nss/tests/cert/cert.sh
396 # It will only proceed with downloading if environment variable
397 # IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
398 #
399 # Returns 1 if interoperability testing is off, 0 otherwise.
400 #
401 cert_iopr_setup() {
402
403 if [ "$IOPR" -ne 1 ]; then
404 return 1
405 fi
406 num=1
407 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
408 while [ "$IOPR_HOST_PARAM" ]; do
409 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
410 IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
411 [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
412 IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
413 [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
414
415 echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
416 $IOPR_CONF_PATH"
417
418 download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
419 ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
420 ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
421 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
422 if [ $? -ne 0 ]; then
423 echo "wsFlags=\"NOIOPR $wsParam\"" >> \
424 ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
425 fi
426 num=`expr $num + 1`
427 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
428 done
429
430 return 0
431 }
Mozilla NSS module