michael@0: #! /bin/bash
michael@0: #
michael@0: # This Source Code Form is subject to the terms of the Mozilla Public
michael@0: # License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0: # file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0: 
michael@0: ########################################################################
michael@0: #
michael@0: # mozilla/security/nss/tests/iopr/ocsp_iopr.sh
michael@0: #
michael@0: # NSS SSL interoperability QA. This file is included from ssl.sh
michael@0: #
michael@0: # needs to work on all Unix and Windows platforms
michael@0: #
michael@0: # special strings
michael@0: # ---------------
michael@0: #   FIXME ... known problems, search for this string
michael@0: #   NOTE .... unexpected behavior
michael@0: ########################################################################
michael@0: IOPR_OCSP_SOURCED=1
michael@0: 
michael@0: ########################################################################
michael@0: # The funtion works with variables defined in interoperability 
michael@0: # configuration file that gets downloaded from a webserver.
michael@0: # The function sets test parameters defind for a particular type
michael@0: # of testing.
michael@0: #
michael@0: # No return value
michael@0: #
michael@0: setTestParam() {
michael@0:     type=$1
michael@0:     testParam=`eval 'echo $'${type}Param`
michael@0:     testDescription=`eval 'echo $'${type}Descr`
michael@0:     testProto=`eval 'echo $'${type}Proto`
michael@0:     testPort=`eval 'echo $'${type}Port`
michael@0:     testResponder=`eval 'echo $'${type}ResponderCert`
michael@0:     testValidCertNames=`eval 'echo $'${type}ValidCertNames`
michael@0:     testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
michael@0:     testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
michael@0: }
michael@0: 
michael@0: ########################################################################
michael@0: # The funtion checks status of a cert using ocspclnt.
michael@0: # Params:
michael@0: #    dbDir - nss cert db location
michael@0: #    cert - cert in question
michael@0: #    respUrl - responder url is available 
michael@0: #    defRespCert - trusted responder cert
michael@0: #
michael@0: # Return values:
michael@0: #    0 - test passed, 1 - otherwise.
michael@0: #
michael@0: ocsp_get_cert_status() {
michael@0:     dbDir=$1
michael@0:     cert=$2
michael@0:     respUrl=$3
michael@0:     defRespCert=$4
michael@0:     
michael@0:     if [ -n "$respUrl" -o -n "$defRespCert" ]; then
michael@0:         if [ -z "$respUrl" -o -z "$defRespCert" ]; then
michael@0:             html_failed "Incorrect test params" 
michael@0:             return 1
michael@0:         fi
michael@0:         clntParam="-l $respUrl -t $defRespCert"
michael@0:     fi
michael@0: 
michael@0:     if [ -z "${MEMLEAK_DBG}" ]; then
michael@0:         outFile=$dbDir/ocsptest.out.$$
michael@0:         echo "ocspclnt -d $dbDir -S $cert $clntParam"
michael@0:         ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
michael@0:         ret=$?
michael@0:         echo "ocspclnt output:"
michael@0:         cat $outFile
michael@0:         [ -z "`grep succeeded $outFile`" ] && ret=1
michael@0:     
michael@0:         rm -f $outFile
michael@0:         return $ret
michael@0:     fi
michael@0: 
michael@0:     OCSP_ATTR="-d $dbDir -S $cert $clntParam"
michael@0:     ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
michael@0: }
michael@0: 
michael@0: ########################################################################
michael@0: # The funtion checks status of a cert using ocspclnt.
michael@0: # Params:
michael@0: #    testType - type of the test based on type of used responder
michael@0: #    servName - FQDM of the responder server
michael@0: #    dbDir - nss cert db location
michael@0: #
michael@0: # No return value
michael@0: #
michael@0: ocsp_iopr() {
michael@0:     testType=$1
michael@0:     servName=$2
michael@0:     dbDir=$3
michael@0: 
michael@0:     setTestParam $testType
michael@0:     if [ "`echo $testParam | grep NOCOV`" != "" ]; then
michael@0:         echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
michael@0:             "run by server configuration"
michael@0:         return 0
michael@0:     fi
michael@0:     
michael@0:     if [ -z "${MEMLEAK_DBG}" ]; then
michael@0:         html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
michael@0:             "Test Type: $testDescription"
michael@0:     fi
michael@0: 
michael@0:     if [ -n "$testResponder" ]; then
michael@0:         responderUrl="$testProto://$servName:$testPort"
michael@0:     else
michael@0:         responderUrl=""
michael@0:     fi
michael@0: 
michael@0:     if [ -z "${MEMLEAK_DBG}" ]; then
michael@0:         for certName in $testValidCertNames; do
michael@0:             ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0:                 "$testResponder"
michael@0:             html_msg $? 0 "Getting status of a valid cert ($certName)" \
michael@0:                 "produced a returncode of $ret, expected is 0."
michael@0:         done
michael@0: 
michael@0:         for certName in $testRevokedCertNames; do
michael@0:             ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0:                 "$testResponder"
michael@0:             html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
michael@0:                 "produced a returncode of $ret, expected is 1." 
michael@0:         done
michael@0: 
michael@0:         for certName in $testStatUnknownCertNames; do
michael@0:             ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0:                 "$testResponder"
michael@0:             html_msg $? 1 "Getting status of a cert with unknown status " \
michael@0:                         "($certName) produced a returncode of $ret, expected is 1."
michael@0:         done
michael@0:     else
michael@0:         for certName in $testValidCertNames $testRevokedCertNames \
michael@0:             $testStatUnknownCertName; do
michael@0:             ocsp_get_cert_status $dbDir $certName "$responderUrl" \
michael@0:                 "$testResponder" 
michael@0:         done
michael@0:     fi
michael@0: }
michael@0:   
michael@0: #####################################################################
michael@0: # Initial point for running ocsp test againt multiple hosts involved in
michael@0: # interoperability testing. Called from nss/tests/ocsp/ocsp.sh
michael@0: # It will only proceed with test run for a specific host if environment variable 
michael@0: # IOPR_HOSTADDR_LIST was set, had the host name in the list
michael@0: # and all needed file were successfully downloaded and installed for the host.
michael@0: #
michael@0: # Returns 1 if interoperability testing is off, 0 otherwise. 
michael@0: #
michael@0: ocsp_iopr_run() {
michael@0:     NO_ECC_CERTS=1 # disable ECC for interoperability tests
michael@0: 
michael@0:     if [ "$IOPR" -ne 1 ]; then
michael@0:         return 1
michael@0:     fi
michael@0:     cd ${CLIENTDIR}
michael@0: 
michael@0:     if [ -n "${MEMLEAK_DBG}" ]; then
michael@0:         html_head "Memory leak checking - IOPR"
michael@0:     fi
michael@0: 
michael@0:     num=1
michael@0:     IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0:     while [ "$IOPR_HOST_PARAM" ]; do
michael@0:         IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
michael@0:         IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
michael@0:         [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
michael@0:         
michael@0:         . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
michael@0:         RES=$?
michael@0:         
michael@0:         num=`expr $num + 1`
michael@0:         IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
michael@0: 
michael@0:         if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
michael@0:             continue
michael@0:         fi
michael@0:         
michael@0:         #=======================================================
michael@0:         # Check what server is configured to run ssl tests
michael@0:         #
michael@0:         [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
michael@0: 
michael@0:         # Testing directories defined by webserver.
michael@0:         if [ -n "${MEMLEAK_DBG}" ]; then
michael@0:             LOGNAME=iopr-${IOPR_HOSTADDR}
michael@0:             LOGFILE=${LOGDIR}/${LOGNAME}.log
michael@0:         fi
michael@0:        
michael@0:         # Testing directories defined by webserver.
michael@0:         echo "Testing ocsp interoperability.
michael@0:                 Client: local(tstclnt).
michael@0:                 Responder: remote($IOPR_HOSTADDR)"
michael@0: 
michael@0:         for ocspTestType in ${supportedTests_new}; do
michael@0:             if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
michael@0:                 continue
michael@0:             fi
michael@0:             if [ -n "${MEMLEAK_DBG}" ]; then
michael@0:                 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
michael@0:                     ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
michael@0:             else
michael@0:                 ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
michael@0:                     ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
michael@0:             fi
michael@0:         done
michael@0: 
michael@0:         if [ -n "${MEMLEAK_DBG}" ]; then
michael@0:             log_parse
michael@0:             ret=$?
michael@0:             html_msg ${ret} 0 "${LOGNAME}" \
michael@0:                 "produced a returncode of $ret, expected is 0"
michael@0:         fi
michael@0: 
michael@0:         echo "================================================"
michael@0:         echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
michael@0:     done
michael@0: 
michael@0:     if [ -n "${MEMLEAK_DBG}" ]; then
michael@0:         html "</TABLE><BR>"
michael@0:     fi
michael@0: 
michael@0:     NO_ECC_CERTS=0
michael@0:     return 0
michael@0: }
michael@0: