search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import 1.9b4 NSS tag from cvs
[mozilla-nss.git] / security / nss / tests / iopr / ocsp_iopr.sh
blobbf1c6e5bb50a439741437389dbecdfcf2d683a51
1 #! /bin/sh
2 #
3 # ***** BEGIN LICENSE BLOCK *****
4 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 #
6 # The contents of this file are subject to the Mozilla Public License Version
7 # 1.1 (the "License"); you may not use this file except in compliance with
8 # the License. You may obtain a copy of the License at
9 # http://www.mozilla.org/MPL/
10 #
11 # Software distributed under the License is distributed on an "AS IS" basis,
12 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 # for the specific language governing rights and limitations under the
14 # License.
15 #
16 # The Original Code is the Netscape security libraries.
17 #
18 # The Initial Developer of the Original Code is
19 # Netscape Communications Corporation.
20 # Portions created by the Initial Developer are Copyright (C) 1994-2000
21 # the Initial Developer. All Rights Reserved.
22 #
23 # Alternatively, the contents of this file may be used under the terms of
24 # either the GNU General Public License Version 2 or later (the "GPL"), or
25 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 # in which case the provisions of the GPL or the LGPL are applicable instead
27 # of those above. If you wish to allow use of your version of this file only
28 # under the terms of either the GPL or the LGPL, and not to allow others to
29 # use your version of this file under the terms of the MPL, indicate your
30 # decision by deleting the provisions above and replace them with the notice
31 # and other provisions required by the GPL or the LGPL. If you do not delete
32 # the provisions above, a recipient may use your version of this file under
33 # the terms of any one of the MPL, the GPL or the LGPL.
34 #
35 # ***** END LICENSE BLOCK *****
36
37 ########################################################################
38 #
39 # mozilla/security/nss/tests/iopr/ocsp_iopr.sh
40 #
41 # NSS SSL interoperability QA. This file is included from ssl.sh
42 #
43 # needs to work on all Unix and Windows platforms
44 #
45 # special strings
46 # ---------------
47 # FIXME ... known problems, search for this string
48 # NOTE .... unexpected behavior
49 #
50 # FIXME - Netscape - NSS
51 ########################################################################
52 IOPR_OCSP_SOURCED=1
53
54 ########################################################################
55 # The funtion works with variables defined in interoperability
56 # configuration file that gets downloaded from a webserver.
57 # The function sets test parameters defind for a particular type
58 # of testing.
59 #
60 # No return value
61 #
62 setTestParam() {
63 type=$1
64 testParam=`eval 'echo $'${type}Param`
65 testDescription=`eval 'echo $'${type}Descr`
66 testProto=`eval 'echo $'${type}Proto`
67 testPort=`eval 'echo $'${type}Port`
68 testResponder=`eval 'echo $'${type}ResponderCert`
69 testValidCertNames=`eval 'echo $'${type}ValidCertNames`
70 testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
71 testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
72 }
73
74 ########################################################################
75 # The funtion checks status of a cert using ocspclnt.
76 # Params:
77 # dbDir - nss cert db location
78 # cert - cert in question
79 # respUrl - responder url is available
80 # defRespCert - trusted responder cert
81 #
82 # Return values:
83 # 0 - test passed, 1 - otherwise.
84 #
85 ocsp_get_cert_status() {
86 dbDir=$1
87 cert=$2
88 respUrl=$3
89 defRespCert=$4
90
91 if [ -n "$respUrl" -o -n "$defRespCert" ]; then
92 if [ -z "$respUrl" -o -z "$defRespCert" ]; then
93 html_failed "Incorrect test params"
94 return 1
95 fi
96 clntParam="-l $respUrl -t $defRespCert"
97 fi
98
99 if [ -z "${MEMLEAK_DBG}" ]; then
100 outFile=$dbDir/ocsptest.out.$$
101 echo "ocspclnt -d $dbDir -S $cert $clntParam"
102 ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
103 ret=$?
104 echo "ocspclnt output:"
105 cat $outFile
106 [ -z "`grep succeeded $outFile`" ] && ret=1
107
108 rm -f $outFile
109 return $ret
110 fi
111
112 OCSP_ATTR="-d $dbDir -S $cert $clntParam"
113 ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
114 }
115
116 ########################################################################
117 # The funtion checks status of a cert using ocspclnt.
118 # Params:
119 # testType - type of the test based on type of used responder
120 # servName - FQDM of the responder server
121 # dbDir - nss cert db location
122 #
123 # No return value
124 #
125 ocsp_iopr() {
126 testType=$1
127 servName=$2
128 dbDir=$3
129
130 setTestParam $testType
131 if [ "`echo $testParam | grep NOCOV`" != "" ]; then
132 echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
133 "run by server configuration"
134 return 0
135 fi
136
137 if [ -z "${MEMLEAK_DBG}" ]; then
138 html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
139 "Test Type: $testDescription"
140 fi
141
142 if [ -n "$testResponder" ]; then
143 responderUrl="$testProto://$servName:$testPort"
144 else
145 responderUrl=""
146 fi
147
148 if [ -z "${MEMLEAK_DBG}" ]; then
149 for certName in $testValidCertNames; do
150 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
151 "$testResponder"
152 html_msg $? 0 "Getting status of a valid cert ($certName)" \
153 "produced a returncode of $ret, expected is 0."
154 done
155
156 for certName in $testRevokedCertNames; do
157 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
158 "$testResponder"
159 html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
160 "produced a returncode of $ret, expected is 1."
161 done
162
163 for certName in $testStatUnknownCertNames; do
164 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
165 "$testResponder"
166 html_msg $? 1 "Getting status of a cert with unknown status " \
167 "($certName) produced a returncode of $ret, expected is 1."
168 done
169 else
170 for certName in $testValidCertNames $testRevokedCertNames \
171 $testStatUnknownCertName; do
172 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
173 "$testResponder"
174 done
175 fi
176 }
177
178 #####################################################################
179 # Initial point for running ocsp test againt multiple hosts involved in
180 # interoperability testing. Called from nss/tests/ocsp/ocsp.sh
181 # It will only proceed with test run for a specific host if environment variable
182 # IOPR_HOSTADDR_LIST was set, had the host name in the list
183 # and all needed file were successfully downloaded and installed for the host.
184 #
185 # Returns 1 if interoperability testing is off, 0 otherwise.
186 #
187 ocsp_iopr_run() {
188 NO_ECC_CERTS=1 # disable ECC for interoperability tests
189
190 if [ "$IOPR" -ne 1 ]; then
191 return 1
192 fi
193 cd ${CLIENTDIR}
194
195 if [ -n "${MEMLEAK_DBG}" ]; then
196 html_head "Memory leak checking - IOPR"
197 fi
198
199 num=1
200 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
201 while [ "$IOPR_HOST_PARAM" ]; do
202 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
203 IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
204 [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
205
206 . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
207 RES=$?
208
209 num=`expr $num + 1`
210 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
211
212 if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
213 continue
214 fi
215
216 #=======================================================
217 # Check what server is configured to run ssl tests
218 #
219 [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
220
221 # Testing directories defined by webserver.
222 if [ -n "${MEMLEAK_DBG}" ]; then
223 LOGNAME=iopr-${IOPR_HOSTADDR}
224 LOGFILE=${LOGDIR}/${LOGNAME}.log
225 fi
226
227 # Testing directories defined by webserver.
228 echo "Testing ocsp interoperability.
229 Client: local(tstclnt).
230 Responder: remote($IOPR_HOSTADDR)"
231
232 for ocspTestType in ${supportedTests_new}; do
233 if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
234 continue
235 fi
236 if [ -n "${MEMLEAK_DBG}" ]; then
237 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
238 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
239 else
240 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
241 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
242 fi
243 done
244
245 if [ -n "${MEMLEAK_DBG}" ]; then
246 log_parse
247 ret=$?
248 html_msg ${ret} 0 "${LOGNAME}" \
249 "produced a returncode of $ret, expected is 0"
250 fi
251
252 echo "================================================"
253 echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
254 done
255
256 if [ -n "${MEMLEAK_DBG}" ]; then
257 html "</TABLE><BR>"
258 fi
259
260 NO_ECC_CERTS=0
261 return 0
262 }
263
Mozilla NSS module