1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/dbtests/dbtests.sh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,252 @@
1.4 +#! /bin/bash
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +########################################################################
1.11 +#
1.12 +# mozilla/security/nss/tests/dbtest/dbtest.sh
1.13 +#
1.14 +# Certificate generating and handeling for NSS QA, can be included
1.15 +# multiple times from all.sh and the individual scripts
1.16 +#
1.17 +# needs to work on all Unix and Windows platforms
1.18 +#
1.19 +# included from (don't expect this to be up to date)
1.20 +# --------------------------------------------------
1.21 +# all.sh
1.22 +# ssl.sh
1.23 +# smime.sh
1.24 +# tools.sh
1.25 +#
1.26 +# special strings
1.27 +# ---------------
1.28 +# FIXME ... known problems, search for this string
1.29 +# NOTE .... unexpected behavior
1.30 +#
1.31 +# FIXME - Netscape - NSS
1.32 +########################################################################
1.33 +
1.34 +############################## dbtest_init ###############################
1.35 +# local shell function to initialize this script
1.36 +########################################################################
1.37 +dbtest_init()
1.38 +{
1.39 + SCRIPTNAME="dbtests.sh"
1.40 + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
1.41 + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
1.42 + fi
1.43 + if [ -z "${INIT_SOURCED}" ] ; then
1.44 + cd ../common
1.45 + . ./init.sh
1.46 + fi
1.47 + if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
1.48 + cd ../cert
1.49 + . ./cert.sh
1.50 + fi
1.51 +
1.52 + SCRIPTNAME="dbtests.sh"
1.53 + RONLY_DIR=${HOSTDIR}/ronlydir
1.54 + EMPTY_DIR=${HOSTDIR}/emptydir
1.55 + CONFLICT_DIR=${HOSTDIR}/conflictdir
1.56 +
1.57 + html_head "CERT and Key DB Tests"
1.58 +
1.59 +}
1.60 +
1.61 +############################## dbtest_cleanup ############################
1.62 +# local shell function to finish this script (no exit since it might be
1.63 +# sourced)
1.64 +########################################################################
1.65 +dbtest_cleanup()
1.66 +{
1.67 + html "</TABLE><BR>"
1.68 + cd ${QADIR}
1.69 + chmod a+rw $RONLY_DIR
1.70 + . common/cleanup.sh
1.71 +}
1.72 +
1.73 +Echo()
1.74 +{
1.75 + echo
1.76 + echo "---------------------------------------------------------------"
1.77 + echo "| $*"
1.78 + echo "---------------------------------------------------------------"
1.79 +}
1.80 +dbtest_main()
1.81 +{
1.82 + cd ${HOSTDIR}
1.83 +
1.84 +
1.85 + Echo "test opening the database read/write in a nonexisting directory"
1.86 + ${BINDIR}/certutil -L -X -d ./non_existent_dir
1.87 + ret=$?
1.88 + if [ $ret -ne 255 ]; then
1.89 + html_failed "Certutil succeeded in a nonexisting directory $ret"
1.90 + else
1.91 + html_passed "Certutil didn't work in a nonexisting dir $ret"
1.92 + fi
1.93 + ${BINDIR}/dbtest -r -d ./non_existent_dir
1.94 + ret=$?
1.95 + if [ $ret -ne 46 ]; then
1.96 + html_failed "Dbtest readonly succeeded in a nonexisting directory $ret"
1.97 + else
1.98 + html_passed "Dbtest readonly didn't work in a nonexisting dir $ret"
1.99 + fi
1.100 +
1.101 + Echo "test force opening the database in a nonexisting directory"
1.102 + ${BINDIR}/dbtest -f -d ./non_existent_dir
1.103 + ret=$?
1.104 + if [ $ret -ne 0 ]; then
1.105 + html_failed "Dbtest force failed in a nonexisting directory $ret"
1.106 + else
1.107 + html_passed "Dbtest force succeeded in a nonexisting dir $ret"
1.108 + fi
1.109 +
1.110 + Echo "test opening the database readonly in an empty directory"
1.111 + mkdir $EMPTY_DIR
1.112 + ${BINDIR}/tstclnt -h ${HOST} -d $EMPTY_DIR
1.113 + ret=$?
1.114 + if [ $ret -ne 1 ]; then
1.115 + html_failed "Tstclnt succeded in an empty directory $ret"
1.116 + else
1.117 + html_passed "Tstclnt didn't work in an empty dir $ret"
1.118 + fi
1.119 + ${BINDIR}/dbtest -r -d $EMPTY_DIR
1.120 + ret=$?
1.121 + if [ $ret -ne 46 ]; then
1.122 + html_failed "Dbtest readonly succeeded in an empty directory $ret"
1.123 + else
1.124 + html_passed "Dbtest readonly didn't work in an empty dir $ret"
1.125 + fi
1.126 + rm -rf $EMPTY_DIR/* 2>/dev/null
1.127 + ${BINDIR}/dbtest -i -d $EMPTY_DIR
1.128 + ret=$?
1.129 + if [ $ret -ne 0 ]; then
1.130 + html_failed "Dbtest logout after empty DB Init loses key $ret"
1.131 + else
1.132 + html_passed "Dbtest logout after empty DB Init has key"
1.133 + fi
1.134 + rm -rf $EMPTY_DIR/* 2>/dev/null
1.135 + ${BINDIR}/dbtest -i -p pass -d $EMPTY_DIR
1.136 + ret=$?
1.137 + if [ $ret -ne 0 ]; then
1.138 + html_failed "Dbtest password DB Init loses needlogin state $ret"
1.139 + else
1.140 + html_passed "Dbtest password DB Init maintains needlogin state"
1.141 + fi
1.142 + rm -rf $EMPTY_DIR/* 2>/dev/null
1.143 + ${BINDIR}/certutil -D -n xxxx -d $EMPTY_DIR #created DB
1.144 + ret=$?
1.145 + if [ $ret -ne 255 ]; then
1.146 + html_failed "Certutil succeeded in deleting a cert in an empty directory $ret"
1.147 + else
1.148 + html_passed "Certutil didn't work in an empty dir $ret"
1.149 + fi
1.150 + rm -rf $EMPTY_DIR/* 2>/dev/null
1.151 + Echo "test force opening the database readonly in a empty directory"
1.152 + ${BINDIR}/dbtest -r -f -d $EMPTY_DIR
1.153 + ret=$?
1.154 + if [ $ret -ne 0 ]; then
1.155 + html_failed "Dbtest force readonly failed in an empty directory $ret"
1.156 + else
1.157 + html_passed "Dbtest force readonly succeeded in an empty dir $ret"
1.158 + fi
1.159 +
1.160 + Echo "test opening the database r/w in a readonly directory"
1.161 + mkdir $RONLY_DIR
1.162 + cp -r ${CLIENTDIR}/* $RONLY_DIR
1.163 + chmod -w $RONLY_DIR $RONLY_DIR/*
1.164 +
1.165 + # On Mac OS X 10.1, if we do a "chmod -w" on files in an
1.166 + # NFS-mounted directory, it takes several seconds for the
1.167 + # first open to see the files are readonly, but subsequent
1.168 + # opens immediately see the files are readonly. As a
1.169 + # workaround we open the files once first. (Bug 185074)
1.170 + if [ "${OS_ARCH}" = "Darwin" ]; then
1.171 + cat $RONLY_DIR/* > /dev/null
1.172 + fi
1.173 +
1.174 + ${BINDIR}/dbtest -d $RONLY_DIR
1.175 + ret=$?
1.176 + if [ $ret -ne 46 ]; then
1.177 + html_failed "Dbtest r/w succeeded in an readonly directory $ret"
1.178 + else
1.179 + html_passed "Dbtest r/w didn't work in an readonly dir $ret"
1.180 + fi
1.181 + ${BINDIR}/certutil -D -n "TestUser" -d .
1.182 + ret=$?
1.183 + if [ $ret -ne 255 ]; then
1.184 + html_failed "Certutil succeeded in deleting a cert in an readonly directory $ret"
1.185 + else
1.186 + html_passed "Certutil didn't work in an readonly dir $ret"
1.187 + fi
1.188 +
1.189 + Echo "test opening the database ronly in a readonly directory"
1.190 +
1.191 + ${BINDIR}/dbtest -d $RONLY_DIR -r
1.192 + ret=$?
1.193 + if [ $ret -ne 0 ]; then
1.194 + html_failed "Dbtest readonly failed in a readonly directory $ret"
1.195 + else
1.196 + html_passed "Dbtest readonly succeeded in a readonly dir $ret"
1.197 + fi
1.198 +
1.199 + Echo "test force opening the database r/w in a readonly directory"
1.200 + ${BINDIR}/dbtest -d $RONLY_DIR -f
1.201 + ret=$?
1.202 + if [ $ret -ne 0 ]; then
1.203 + html_failed "Dbtest force failed in a readonly directory $ret"
1.204 + else
1.205 + html_passed "Dbtest force succeeded in a readonly dir $ret"
1.206 + fi
1.207 +
1.208 + Echo "ls -l $RONLY_DIR"
1.209 + ls -ld $RONLY_DIR $RONLY_DIR/*
1.210 +
1.211 + mkdir ${CONFLICT_DIR}
1.212 + Echo "test creating a new cert with a conflicting nickname"
1.213 + cd ${CONFLICT_DIR}
1.214 + pwd
1.215 + ${BINDIR}/certutil -N -d ${CONFLICT_DIR} -f ${R_PWFILE}
1.216 + ret=$?
1.217 + if [ $ret -ne 0 ]; then
1.218 + html_failed "Nicknane conflict test failed, couldn't create database $ret"
1.219 + else
1.220 + ${BINDIR}/certutil -A -n alice -t ,, -i ${R_ALICEDIR}/Alice.cert -d ${CONFLICT_DIR}
1.221 + ret=$?
1.222 + if [ $ret -ne 0 ]; then
1.223 + html_failed "Nicknane conflict test failed, couldn't import alice cert $ret"
1.224 + else
1.225 + ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
1.226 + ret=$?
1.227 + if [ $ret -eq 0 ]; then
1.228 + html_failed "Nicknane conflict test failed, could import conflict nickname $ret"
1.229 + else
1.230 + html_passed "Nicknane conflict test, could not import conflict nickname $ret"
1.231 + fi
1.232 + fi
1.233 + fi
1.234 +
1.235 + Echo "test importing an old cert to a conflicting nickname"
1.236 + # first, import the certificate
1.237 + ${BINDIR}/certutil -A -n bob -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
1.238 + # now import with a different nickname
1.239 + ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
1.240 + # the old one should still be there...
1.241 + ${BINDIR}/certutil -L -n bob -d ${CONFLICT_DIR}
1.242 + ret=$?
1.243 + if [ $ret -ne 0 ]; then
1.244 + html_failed "Nicknane conflict test-setting nickname conflict incorrectly worked"
1.245 + else
1.246 + html_passed "Nicknane conflict test-setting nickname conflict was correctly rejected"
1.247 + fi
1.248 +
1.249 +}
1.250 +
1.251 +################## main #################################################
1.252 +
1.253 +dbtest_init
1.254 +dbtest_main 2>&1
1.255 +dbtest_cleanup
