The Tor Browser / file comparison

comparison: security/nss/tests/iopr/ocsp_iopr.sh

security/nss/tests/iopr/ocsp_iopr.sh

changeset 0
6474c204b198
equal deleted inserted replaced
-1:000000000000 0:a1ebcd0473d6
1 #! /bin/bash
2 #
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7 ########################################################################
8 #
9 # mozilla/security/nss/tests/iopr/ocsp_iopr.sh
10 #
11 # NSS SSL interoperability QA. This file is included from ssl.sh
12 #
13 # needs to work on all Unix and Windows platforms
14 #
15 # special strings
16 # ---------------
17 # FIXME ... known problems, search for this string
18 # NOTE .... unexpected behavior
19 ########################################################################
20 IOPR_OCSP_SOURCED=1
21
22 ########################################################################
23 # The funtion works with variables defined in interoperability
24 # configuration file that gets downloaded from a webserver.
25 # The function sets test parameters defind for a particular type
26 # of testing.
27 #
28 # No return value
29 #
30 setTestParam() {
31 type=$1
32 testParam=`eval 'echo $'${type}Param`
33 testDescription=`eval 'echo $'${type}Descr`
34 testProto=`eval 'echo $'${type}Proto`
35 testPort=`eval 'echo $'${type}Port`
36 testResponder=`eval 'echo $'${type}ResponderCert`
37 testValidCertNames=`eval 'echo $'${type}ValidCertNames`
38 testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
39 testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
40 }
41
42 ########################################################################
43 # The funtion checks status of a cert using ocspclnt.
44 # Params:
45 # dbDir - nss cert db location
46 # cert - cert in question
47 # respUrl - responder url is available
48 # defRespCert - trusted responder cert
49 #
50 # Return values:
51 # 0 - test passed, 1 - otherwise.
52 #
53 ocsp_get_cert_status() {
54 dbDir=$1
55 cert=$2
56 respUrl=$3
57 defRespCert=$4
58
59 if [ -n "$respUrl" -o -n "$defRespCert" ]; then
60 if [ -z "$respUrl" -o -z "$defRespCert" ]; then
61 html_failed "Incorrect test params"
62 return 1
63 fi
64 clntParam="-l $respUrl -t $defRespCert"
65 fi
66
67 if [ -z "${MEMLEAK_DBG}" ]; then
68 outFile=$dbDir/ocsptest.out.$$
69 echo "ocspclnt -d $dbDir -S $cert $clntParam"
70 ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
71 ret=$?
72 echo "ocspclnt output:"
73 cat $outFile
74 [ -z "`grep succeeded $outFile`" ] && ret=1
75
76 rm -f $outFile
77 return $ret
78 fi
79
80 OCSP_ATTR="-d $dbDir -S $cert $clntParam"
81 ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
82 }
83
84 ########################################################################
85 # The funtion checks status of a cert using ocspclnt.
86 # Params:
87 # testType - type of the test based on type of used responder
88 # servName - FQDM of the responder server
89 # dbDir - nss cert db location
90 #
91 # No return value
92 #
93 ocsp_iopr() {
94 testType=$1
95 servName=$2
96 dbDir=$3
97
98 setTestParam $testType
99 if [ "`echo $testParam | grep NOCOV`" != "" ]; then
100 echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
101 "run by server configuration"
102 return 0
103 fi
104
105 if [ -z "${MEMLEAK_DBG}" ]; then
106 html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
107 "Test Type: $testDescription"
108 fi
109
110 if [ -n "$testResponder" ]; then
111 responderUrl="$testProto://$servName:$testPort"
112 else
113 responderUrl=""
114 fi
115
116 if [ -z "${MEMLEAK_DBG}" ]; then
117 for certName in $testValidCertNames; do
118 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
119 "$testResponder"
120 html_msg $? 0 "Getting status of a valid cert ($certName)" \
121 "produced a returncode of $ret, expected is 0."
122 done
123
124 for certName in $testRevokedCertNames; do
125 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
126 "$testResponder"
127 html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
128 "produced a returncode of $ret, expected is 1."
129 done
130
131 for certName in $testStatUnknownCertNames; do
132 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
133 "$testResponder"
134 html_msg $? 1 "Getting status of a cert with unknown status " \
135 "($certName) produced a returncode of $ret, expected is 1."
136 done
137 else
138 for certName in $testValidCertNames $testRevokedCertNames \
139 $testStatUnknownCertName; do
140 ocsp_get_cert_status $dbDir $certName "$responderUrl" \
141 "$testResponder"
142 done
143 fi
144 }
145
146 #####################################################################
147 # Initial point for running ocsp test againt multiple hosts involved in
148 # interoperability testing. Called from nss/tests/ocsp/ocsp.sh
149 # It will only proceed with test run for a specific host if environment variable
150 # IOPR_HOSTADDR_LIST was set, had the host name in the list
151 # and all needed file were successfully downloaded and installed for the host.
152 #
153 # Returns 1 if interoperability testing is off, 0 otherwise.
154 #
155 ocsp_iopr_run() {
156 NO_ECC_CERTS=1 # disable ECC for interoperability tests
157
158 if [ "$IOPR" -ne 1 ]; then
159 return 1
160 fi
161 cd ${CLIENTDIR}
162
163 if [ -n "${MEMLEAK_DBG}" ]; then
164 html_head "Memory leak checking - IOPR"
165 fi
166
167 num=1
168 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
169 while [ "$IOPR_HOST_PARAM" ]; do
170 IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
171 IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
172 [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
173
174 . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
175 RES=$?
176
177 num=`expr $num + 1`
178 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
179
180 if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
181 continue
182 fi
183
184 #=======================================================
185 # Check what server is configured to run ssl tests
186 #
187 [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
188
189 # Testing directories defined by webserver.
190 if [ -n "${MEMLEAK_DBG}" ]; then
191 LOGNAME=iopr-${IOPR_HOSTADDR}
192 LOGFILE=${LOGDIR}/${LOGNAME}.log
193 fi
194
195 # Testing directories defined by webserver.
196 echo "Testing ocsp interoperability.
197 Client: local(tstclnt).
198 Responder: remote($IOPR_HOSTADDR)"
199
200 for ocspTestType in ${supportedTests_new}; do
201 if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
202 continue
203 fi
204 if [ -n "${MEMLEAK_DBG}" ]; then
205 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
206 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
207 else
208 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
209 ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
210 fi
211 done
212
213 if [ -n "${MEMLEAK_DBG}" ]; then
214 log_parse
215 ret=$?
216 html_msg ${ret} 0 "${LOGNAME}" \
217 "produced a returncode of $ret, expected is 0"
218 fi
219
220 echo "================================================"
221 echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
222 done
223
224 if [ -n "${MEMLEAK_DBG}" ]; then
225 html "</TABLE><BR>"
226 fi
227
228 NO_ECC_CERTS=0
229 return 0
230 }
231

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial