1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/iopr/ocsp_iopr.sh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,231 @@
1.4 +#! /bin/bash
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +########################################################################
1.11 +#
1.12 +# mozilla/security/nss/tests/iopr/ocsp_iopr.sh
1.13 +#
1.14 +# NSS SSL interoperability QA. This file is included from ssl.sh
1.15 +#
1.16 +# needs to work on all Unix and Windows platforms
1.17 +#
1.18 +# special strings
1.19 +# ---------------
1.20 +# FIXME ... known problems, search for this string
1.21 +# NOTE .... unexpected behavior
1.22 +########################################################################
1.23 +IOPR_OCSP_SOURCED=1
1.24 +
1.25 +########################################################################
1.26 +# The funtion works with variables defined in interoperability
1.27 +# configuration file that gets downloaded from a webserver.
1.28 +# The function sets test parameters defind for a particular type
1.29 +# of testing.
1.30 +#
1.31 +# No return value
1.32 +#
1.33 +setTestParam() {
1.34 + type=$1
1.35 + testParam=`eval 'echo $'${type}Param`
1.36 + testDescription=`eval 'echo $'${type}Descr`
1.37 + testProto=`eval 'echo $'${type}Proto`
1.38 + testPort=`eval 'echo $'${type}Port`
1.39 + testResponder=`eval 'echo $'${type}ResponderCert`
1.40 + testValidCertNames=`eval 'echo $'${type}ValidCertNames`
1.41 + testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
1.42 + testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
1.43 +}
1.44 +
1.45 +########################################################################
1.46 +# The funtion checks status of a cert using ocspclnt.
1.47 +# Params:
1.48 +# dbDir - nss cert db location
1.49 +# cert - cert in question
1.50 +# respUrl - responder url is available
1.51 +# defRespCert - trusted responder cert
1.52 +#
1.53 +# Return values:
1.54 +# 0 - test passed, 1 - otherwise.
1.55 +#
1.56 +ocsp_get_cert_status() {
1.57 + dbDir=$1
1.58 + cert=$2
1.59 + respUrl=$3
1.60 + defRespCert=$4
1.61 +
1.62 + if [ -n "$respUrl" -o -n "$defRespCert" ]; then
1.63 + if [ -z "$respUrl" -o -z "$defRespCert" ]; then
1.64 + html_failed "Incorrect test params"
1.65 + return 1
1.66 + fi
1.67 + clntParam="-l $respUrl -t $defRespCert"
1.68 + fi
1.69 +
1.70 + if [ -z "${MEMLEAK_DBG}" ]; then
1.71 + outFile=$dbDir/ocsptest.out.$$
1.72 + echo "ocspclnt -d $dbDir -S $cert $clntParam"
1.73 + ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
1.74 + ret=$?
1.75 + echo "ocspclnt output:"
1.76 + cat $outFile
1.77 + [ -z "`grep succeeded $outFile`" ] && ret=1
1.78 +
1.79 + rm -f $outFile
1.80 + return $ret
1.81 + fi
1.82 +
1.83 + OCSP_ATTR="-d $dbDir -S $cert $clntParam"
1.84 + ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
1.85 +}
1.86 +
1.87 +########################################################################
1.88 +# The funtion checks status of a cert using ocspclnt.
1.89 +# Params:
1.90 +# testType - type of the test based on type of used responder
1.91 +# servName - FQDM of the responder server
1.92 +# dbDir - nss cert db location
1.93 +#
1.94 +# No return value
1.95 +#
1.96 +ocsp_iopr() {
1.97 + testType=$1
1.98 + servName=$2
1.99 + dbDir=$3
1.100 +
1.101 + setTestParam $testType
1.102 + if [ "`echo $testParam | grep NOCOV`" != "" ]; then
1.103 + echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
1.104 + "run by server configuration"
1.105 + return 0
1.106 + fi
1.107 +
1.108 + if [ -z "${MEMLEAK_DBG}" ]; then
1.109 + html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
1.110 + "Test Type: $testDescription"
1.111 + fi
1.112 +
1.113 + if [ -n "$testResponder" ]; then
1.114 + responderUrl="$testProto://$servName:$testPort"
1.115 + else
1.116 + responderUrl=""
1.117 + fi
1.118 +
1.119 + if [ -z "${MEMLEAK_DBG}" ]; then
1.120 + for certName in $testValidCertNames; do
1.121 + ocsp_get_cert_status $dbDir $certName "$responderUrl" \
1.122 + "$testResponder"
1.123 + html_msg $? 0 "Getting status of a valid cert ($certName)" \
1.124 + "produced a returncode of $ret, expected is 0."
1.125 + done
1.126 +
1.127 + for certName in $testRevokedCertNames; do
1.128 + ocsp_get_cert_status $dbDir $certName "$responderUrl" \
1.129 + "$testResponder"
1.130 + html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
1.131 + "produced a returncode of $ret, expected is 1."
1.132 + done
1.133 +
1.134 + for certName in $testStatUnknownCertNames; do
1.135 + ocsp_get_cert_status $dbDir $certName "$responderUrl" \
1.136 + "$testResponder"
1.137 + html_msg $? 1 "Getting status of a cert with unknown status " \
1.138 + "($certName) produced a returncode of $ret, expected is 1."
1.139 + done
1.140 + else
1.141 + for certName in $testValidCertNames $testRevokedCertNames \
1.142 + $testStatUnknownCertName; do
1.143 + ocsp_get_cert_status $dbDir $certName "$responderUrl" \
1.144 + "$testResponder"
1.145 + done
1.146 + fi
1.147 +}
1.148 +
1.149 +#####################################################################
1.150 +# Initial point for running ocsp test againt multiple hosts involved in
1.151 +# interoperability testing. Called from nss/tests/ocsp/ocsp.sh
1.152 +# It will only proceed with test run for a specific host if environment variable
1.153 +# IOPR_HOSTADDR_LIST was set, had the host name in the list
1.154 +# and all needed file were successfully downloaded and installed for the host.
1.155 +#
1.156 +# Returns 1 if interoperability testing is off, 0 otherwise.
1.157 +#
1.158 +ocsp_iopr_run() {
1.159 + NO_ECC_CERTS=1 # disable ECC for interoperability tests
1.160 +
1.161 + if [ "$IOPR" -ne 1 ]; then
1.162 + return 1
1.163 + fi
1.164 + cd ${CLIENTDIR}
1.165 +
1.166 + if [ -n "${MEMLEAK_DBG}" ]; then
1.167 + html_head "Memory leak checking - IOPR"
1.168 + fi
1.169 +
1.170 + num=1
1.171 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
1.172 + while [ "$IOPR_HOST_PARAM" ]; do
1.173 + IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
1.174 + IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
1.175 + [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
1.176 +
1.177 + . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
1.178 + RES=$?
1.179 +
1.180 + num=`expr $num + 1`
1.181 + IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
1.182 +
1.183 + if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
1.184 + continue
1.185 + fi
1.186 +
1.187 + #=======================================================
1.188 + # Check what server is configured to run ssl tests
1.189 + #
1.190 + [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
1.191 +
1.192 + # Testing directories defined by webserver.
1.193 + if [ -n "${MEMLEAK_DBG}" ]; then
1.194 + LOGNAME=iopr-${IOPR_HOSTADDR}
1.195 + LOGFILE=${LOGDIR}/${LOGNAME}.log
1.196 + fi
1.197 +
1.198 + # Testing directories defined by webserver.
1.199 + echo "Testing ocsp interoperability.
1.200 + Client: local(tstclnt).
1.201 + Responder: remote($IOPR_HOSTADDR)"
1.202 +
1.203 + for ocspTestType in ${supportedTests_new}; do
1.204 + if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
1.205 + continue
1.206 + fi
1.207 + if [ -n "${MEMLEAK_DBG}" ]; then
1.208 + ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
1.209 + ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
1.210 + else
1.211 + ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
1.212 + ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
1.213 + fi
1.214 + done
1.215 +
1.216 + if [ -n "${MEMLEAK_DBG}" ]; then
1.217 + log_parse
1.218 + ret=$?
1.219 + html_msg ${ret} 0 "${LOGNAME}" \
1.220 + "produced a returncode of $ret, expected is 0"
1.221 + fi
1.222 +
1.223 + echo "================================================"
1.224 + echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
1.225 + done
1.226 +
1.227 + if [ -n "${MEMLEAK_DBG}" ]; then
1.228 + html "</TABLE><BR>"
1.229 + fi
1.230 +
1.231 + NO_ECC_CERTS=0
1.232 + return 0
1.233 +}
1.234 +
