The Tor Browser / annotate

security/nss/tests/iopr/ocsp_iopr.sh@b8a032363ba2 (annotated)

security/nss/tests/iopr/ocsp_iopr.sh

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 #! /bin/bash
michael@0 2 #
michael@0 3 # This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 # License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0 6
michael@0 7 ########################################################################
michael@0 8 #
michael@0 9 # mozilla/security/nss/tests/iopr/ocsp_iopr.sh
michael@0 10 #
michael@0 11 # NSS SSL interoperability QA. This file is included from ssl.sh
michael@0 12 #
michael@0 13 # needs to work on all Unix and Windows platforms
michael@0 14 #
michael@0 15 # special strings
michael@0 16 # ---------------
michael@0 17 # FIXME ... known problems, search for this string
michael@0 18 # NOTE .... unexpected behavior
michael@0 19 ########################################################################
michael@0 20 IOPR_OCSP_SOURCED=1
michael@0 21
michael@0 22 ########################################################################
michael@0 23 # The funtion works with variables defined in interoperability
michael@0 24 # configuration file that gets downloaded from a webserver.
michael@0 25 # The function sets test parameters defind for a particular type
michael@0 26 # of testing.
michael@0 27 #
michael@0 28 # No return value
michael@0 29 #
michael@0 30 setTestParam() {
michael@0 31 type=$1
michael@0 32 testParam=`eval 'echo $'${type}Param`
michael@0 33 testDescription=`eval 'echo $'${type}Descr`
michael@0 34 testProto=`eval 'echo $'${type}Proto`
michael@0 35 testPort=`eval 'echo $'${type}Port`
michael@0 36 testResponder=`eval 'echo $'${type}ResponderCert`
michael@0 37 testValidCertNames=`eval 'echo $'${type}ValidCertNames`
michael@0 38 testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
michael@0 39 testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
michael@0 40 }
michael@0 41
michael@0 42 ########################################################################
michael@0 43 # The funtion checks status of a cert using ocspclnt.
michael@0 44 # Params:
michael@0 45 # dbDir - nss cert db location
michael@0 46 # cert - cert in question
michael@0 47 # respUrl - responder url is available
michael@0 48 # defRespCert - trusted responder cert
michael@0 49 #
michael@0 50 # Return values:
michael@0 51 # 0 - test passed, 1 - otherwise.
michael@0 52 #
michael@0 53 ocsp_get_cert_status() {
michael@0 54 dbDir=$1
michael@0 55 cert=$2
michael@0 56 respUrl=$3
michael@0 57 defRespCert=$4
michael@0 58
michael@0 59 if [ -n "$respUrl" -o -n "$defRespCert" ]; then
michael@0 60 if [ -z "$respUrl" -o -z "$defRespCert" ]; then
michael@0 61 html_failed "Incorrect test params"
michael@0 62 return 1
michael@0 63 fi
michael@0 64 clntParam="-l $respUrl -t $defRespCert"
michael@0 65 fi
michael@0 66
michael@0 67 if [ -z "${MEMLEAK_DBG}" ]; then
michael@0 68 outFile=$dbDir/ocsptest.out.$$
michael@0 69 echo "ocspclnt -d $dbDir -S $cert $clntParam"
michael@0 70 ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
michael@0 71 ret=$?
michael@0 72 echo "ocspclnt output:"
michael@0 73 cat $outFile
michael@0 74 [ -z "`grep succeeded $outFile`" ] && ret=1
michael@0 75
michael@0 76 rm -f $outFile
michael@0 77 return $ret
michael@0 78 fi
michael@0 79
michael@0 80 OCSP_ATTR="-d $dbDir -S $cert $clntParam"
michael@0 81 ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
michael@0 82 }
michael@0 83
michael@0 84 ########################################################################
michael@0 85 # The funtion checks status of a cert using ocspclnt.
michael@0 86 # Params:
michael@0 87 # testType - type of the test based on type of used responder
michael@0 88 # servName - FQDM of the responder server
michael@0 89 # dbDir - nss cert db location
michael@0 90 #
michael@0 91 # No return value
michael@0 92 #
michael@0 93 ocsp_iopr() {
michael@0 94 testType=$1
michael@0 95 servName=$2
michael@0 96 dbDir=$3
michael@0 97
michael@0 98 setTestParam $testType
michael@0 99 if [ "`echo $testParam | grep NOCOV`" != "" ]; then
michael@0 100 echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
michael@0 101 "run by server configuration"
michael@0 102 return 0
michael@0 103 fi
michael@0 104
michael@0 105 if [ -z "${MEMLEAK_DBG}" ]; then
michael@0 106 html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
michael@0 107 "Test Type: $testDescription"
michael@0 108 fi
michael@0 109
michael@0 110 if [ -n "$testResponder" ]; then
michael@0 111 responderUrl="$testProto://$servName:$testPort"
michael@0 112 else
michael@0 113 responderUrl=""
michael@0 114 fi
michael@0 115
michael@0 116 if [ -z "${MEMLEAK_DBG}" ]; then
michael@0 117 for certName in $testValidCertNames; do
michael@0 118 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0 119 "$testResponder"
michael@0 120 html_msg $? 0 "Getting status of a valid cert ($certName)" \
michael@0 121 "produced a returncode of $ret, expected is 0."
michael@0 122 done
michael@0 123
michael@0 124 for certName in $testRevokedCertNames; do
michael@0 125 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0 126 "$testResponder"
michael@0 127 html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
michael@0 128 "produced a returncode of $ret, expected is 1."
michael@0 129 done
michael@0 130
michael@0 131 for certName in $testStatUnknownCertNames; do
michael@0 132 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0 133 "$testResponder"
michael@0 134 html_msg $? 1 "Getting status of a cert with unknown status " \
michael@0 135 "($certName) produced a returncode of $ret, expected is 1."
michael@0 136 done
michael@0 137 else
michael@0 138 for certName in $testValidCertNames $testRevokedCertNames \
michael@0 139 $testStatUnknownCertName; do
michael@0 140 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0 141 "$testResponder"
michael@0 142 done
michael@0 143 fi
michael@0 144 }
michael@0 145
michael@0 146 #####################################################################
michael@0 147 # Initial point for running ocsp test againt multiple hosts involved in
michael@0 148 # interoperability testing. Called from nss/tests/ocsp/ocsp.sh
michael@0 149 # It will only proceed with test run for a specific host if environment variable
michael@0 150 # IOPR_HOSTADDR_LIST was set, had the host name in the list
michael@0 151 # and all needed file were successfully downloaded and installed for the host.
michael@0 152 #
michael@0 153 # Returns 1 if interoperability testing is off, 0 otherwise.
michael@0 154 #
michael@0 155 ocsp_iopr_run() {
michael@0 156 NO_ECC_CERTS=1 # disable ECC for interoperability tests
michael@0 157
michael@0 158 if [ "$IOPR" -ne 1 ]; then
michael@0 159 return 1
michael@0 160 fi
michael@0 161 cd ${CLIENTDIR}
michael@0 162
michael@0 163 if [ -n "${MEMLEAK_DBG}" ]; then
michael@0 164 html_head "Memory leak checking - IOPR"
michael@0 165 fi
michael@0 166
michael@0 167 num=1
michael@0 168 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0 169 while [ "$IOPR_HOST_PARAM" ]; do
michael@0 170 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
michael@0 171 IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
michael@0 172 [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
michael@0 173
michael@0 174 . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
michael@0 175 RES=$?
michael@0 176
michael@0 177 num=`expr $num + 1`
michael@0 178 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0 179
michael@0 180 if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
michael@0 181 continue
michael@0 182 fi
michael@0 183
michael@0 184 #=======================================================
michael@0 185 # Check what server is configured to run ssl tests
michael@0 186 #
michael@0 187 [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
michael@0 188
michael@0 189 # Testing directories defined by webserver.
michael@0 190 if [ -n "${MEMLEAK_DBG}" ]; then
michael@0 191 LOGNAME=iopr-${IOPR_HOSTADDR}
michael@0 192 LOGFILE=${LOGDIR}/${LOGNAME}.log
michael@0 193 fi
michael@0 194
michael@0 195 # Testing directories defined by webserver.
michael@0 196 echo "Testing ocsp interoperability.
michael@0 197 Client: local(tstclnt).
michael@0 198 Responder: remote($IOPR_HOSTADDR)"
michael@0 199
michael@0 200 for ocspTestType in ${supportedTests_new}; do
michael@0 201 if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
michael@0 202 continue
michael@0 203 fi
michael@0 204 if [ -n "${MEMLEAK_DBG}" ]; then
michael@0 205 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
michael@0 206 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
michael@0 207 else
michael@0 208 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
michael@0 209 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
michael@0 210 fi
michael@0 211 done
michael@0 212
michael@0 213 if [ -n "${MEMLEAK_DBG}" ]; then
michael@0 214 log_parse
michael@0 215 ret=$?
michael@0 216 html_msg ${ret} 0 "${LOGNAME}" \
michael@0 217 "produced a returncode of $ret, expected is 0"
michael@0 218 fi
michael@0 219
michael@0 220 echo "================================================"
michael@0 221 echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
michael@0 222 done
michael@0 223
michael@0 224 if [ -n "${MEMLEAK_DBG}" ]; then
michael@0 225 html "</TABLE><BR>"
michael@0 226 fi
michael@0 227
michael@0 228 NO_ECC_CERTS=0
michael@0 229 return 0
michael@0 230 }
michael@0 231

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial