The Tor Browser / file revision

security/nss/tests/iopr/ocsp_iopr.sh@b8a032363ba2

security/nss/tests/iopr/ocsp_iopr.sh

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 #! /bin/bash

     2 #

     3 # This Source Code Form is subject to the terms of the Mozilla Public

     4 # License, v. 2.0. If a copy of the MPL was not distributed with this

     5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

     6 

     7 ########################################################################

     8 #

     9 # mozilla/security/nss/tests/iopr/ocsp_iopr.sh

    10 #

    11 # NSS SSL interoperability QA. This file is included from ssl.sh

    12 #

    13 # needs to work on all Unix and Windows platforms

    14 #

    15 # special strings

    16 # ---------------

    17 #   FIXME ... known problems, search for this string

    18 #   NOTE .... unexpected behavior

    19 ########################################################################

    20 IOPR_OCSP_SOURCED=1

    21 

    22 ########################################################################

    23 # The funtion works with variables defined in interoperability 

    24 # configuration file that gets downloaded from a webserver.

    25 # The function sets test parameters defind for a particular type

    26 # of testing.

    27 #

    28 # No return value

    29 #

    30 setTestParam() {

    31     type=$1

    32     testParam=`eval 'echo $'${type}Param`

    33     testDescription=`eval 'echo $'${type}Descr`

    34     testProto=`eval 'echo $'${type}Proto`

    35     testPort=`eval 'echo $'${type}Port`

    36     testResponder=`eval 'echo $'${type}ResponderCert`

    37     testValidCertNames=`eval 'echo $'${type}ValidCertNames`

    38     testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`

    39     testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`

    40 }

    41 

    42 ########################################################################

    43 # The funtion checks status of a cert using ocspclnt.

    44 # Params:

    45 #    dbDir - nss cert db location

    46 #    cert - cert in question

    47 #    respUrl - responder url is available 

    48 #    defRespCert - trusted responder cert

    49 #

    50 # Return values:

    51 #    0 - test passed, 1 - otherwise.

    52 #

    53 ocsp_get_cert_status() {

    54     dbDir=$1

    55     cert=$2

    56     respUrl=$3

    57     defRespCert=$4

    58     

    59     if [ -n "$respUrl" -o -n "$defRespCert" ]; then

    60         if [ -z "$respUrl" -o -z "$defRespCert" ]; then

    61             html_failed "Incorrect test params" 

    62             return 1

    63         fi

    64         clntParam="-l $respUrl -t $defRespCert"

    65     fi

    66 

    67     if [ -z "${MEMLEAK_DBG}" ]; then

    68         outFile=$dbDir/ocsptest.out.$$

    69         echo "ocspclnt -d $dbDir -S $cert $clntParam"

    70         ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1

    71         ret=$?

    72         echo "ocspclnt output:"

    73         cat $outFile

    74         [ -z "`grep succeeded $outFile`" ] && ret=1

    75     

    76         rm -f $outFile

    77         return $ret

    78     fi

    79 

    80     OCSP_ATTR="-d $dbDir -S $cert $clntParam"

    81     ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}

    82 }

    83 

    84 ########################################################################

    85 # The funtion checks status of a cert using ocspclnt.

    86 # Params:

    87 #    testType - type of the test based on type of used responder

    88 #    servName - FQDM of the responder server

    89 #    dbDir - nss cert db location

    90 #

    91 # No return value

    92 #

    93 ocsp_iopr() {

    94     testType=$1

    95     servName=$2

    96     dbDir=$3

    97 

    98     setTestParam $testType

    99     if [ "`echo $testParam | grep NOCOV`" != "" ]; then

   100         echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \

   101             "run by server configuration"

   102         return 0

   103     fi

   104     

   105     if [ -z "${MEMLEAK_DBG}" ]; then

   106         html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \

   107             "Test Type: $testDescription"

   108     fi

   109 

   110     if [ -n "$testResponder" ]; then

   111         responderUrl="$testProto://$servName:$testPort"

   112     else

   113         responderUrl=""

   114     fi

   115 

   116     if [ -z "${MEMLEAK_DBG}" ]; then

   117         for certName in $testValidCertNames; do

   118             ocsp_get_cert_status $dbDir $certName "$responderUrl" \

   119                 "$testResponder"

   120             html_msg $? 0 "Getting status of a valid cert ($certName)" \

   121                 "produced a returncode of $ret, expected is 0."

   122         done

   123 

   124         for certName in $testRevokedCertNames; do

   125             ocsp_get_cert_status $dbDir $certName "$responderUrl" \

   126                 "$testResponder"

   127             html_msg $? 1 "Getting status of a unvalid cert ($certName)" \

   128                 "produced a returncode of $ret, expected is 1." 

   129         done

   130 

   131         for certName in $testStatUnknownCertNames; do

   132             ocsp_get_cert_status $dbDir $certName "$responderUrl" \

   133                 "$testResponder"

   134             html_msg $? 1 "Getting status of a cert with unknown status " \

   135                         "($certName) produced a returncode of $ret, expected is 1."

   136         done

   137     else

   138         for certName in $testValidCertNames $testRevokedCertNames \

   139             $testStatUnknownCertName; do

   140             ocsp_get_cert_status $dbDir $certName "$responderUrl" \

   141                 "$testResponder" 

   142         done

   143     fi

   144 }

   145   

   146 #####################################################################

   147 # Initial point for running ocsp test againt multiple hosts involved in

   148 # interoperability testing. Called from nss/tests/ocsp/ocsp.sh

   149 # It will only proceed with test run for a specific host if environment variable 

   150 # IOPR_HOSTADDR_LIST was set, had the host name in the list

   151 # and all needed file were successfully downloaded and installed for the host.

   152 #

   153 # Returns 1 if interoperability testing is off, 0 otherwise. 

   154 #

   155 ocsp_iopr_run() {

   156     NO_ECC_CERTS=1 # disable ECC for interoperability tests

   157 

   158     if [ "$IOPR" -ne 1 ]; then

   159         return 1

   160     fi

   161     cd ${CLIENTDIR}

   162 

   163     if [ -n "${MEMLEAK_DBG}" ]; then

   164         html_head "Memory leak checking - IOPR"

   165     fi

   166 

   167     num=1

   168     IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`

   169     while [ "$IOPR_HOST_PARAM" ]; do

   170         IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`

   171         IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`

   172         [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443

   173         

   174         . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg

   175         RES=$?

   176         

   177         num=`expr $num + 1`

   178         IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`

   179 

   180         if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then

   181             continue

   182         fi

   183         

   184         #=======================================================

   185         # Check what server is configured to run ssl tests

   186         #

   187         [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;

   188 

   189         # Testing directories defined by webserver.

   190         if [ -n "${MEMLEAK_DBG}" ]; then

   191             LOGNAME=iopr-${IOPR_HOSTADDR}

   192             LOGFILE=${LOGDIR}/${LOGNAME}.log

   193         fi

   194        

   195         # Testing directories defined by webserver.

   196         echo "Testing ocsp interoperability.

   197                 Client: local(tstclnt).

   198                 Responder: remote($IOPR_HOSTADDR)"

   199 

   200         for ocspTestType in ${supportedTests_new}; do

   201             if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then

   202                 continue

   203             fi

   204             if [ -n "${MEMLEAK_DBG}" ]; then

   205                 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \

   206                     ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}

   207             else

   208                 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \

   209                     ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}

   210             fi

   211         done

   212 

   213         if [ -n "${MEMLEAK_DBG}" ]; then

   214             log_parse

   215             ret=$?

   216             html_msg ${ret} 0 "${LOGNAME}" \

   217                 "produced a returncode of $ret, expected is 0"

   218         fi

   219 

   220         echo "================================================"

   221         echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"

   222     done

   223 

   224     if [ -n "${MEMLEAK_DBG}" ]; then

   225         html "</TABLE><BR>"

   226     fi

   227 

   228     NO_ECC_CERTS=0

   229     return 0

   230 }

   231

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial