|
Packit |
40b132 |
#! /bin/bash
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# mozilla/security/nss/tests/iopr/ocsp_iopr.sh
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# NSS SSL interoperability QA. This file is included from ssl.sh
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# needs to work on all Unix and Windows platforms
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# special strings
|
|
Packit |
40b132 |
# ---------------
|
|
Packit |
40b132 |
# FIXME ... known problems, search for this string
|
|
Packit |
40b132 |
# NOTE .... unexpected behavior
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
IOPR_OCSP_SOURCED=1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# The funtion works with variables defined in interoperability
|
|
Packit |
40b132 |
# configuration file that gets downloaded from a webserver.
|
|
Packit |
40b132 |
# The function sets test parameters defind for a particular type
|
|
Packit |
40b132 |
# of testing.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# No return value
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
setTestParam() {
|
|
Packit |
40b132 |
type=$1
|
|
Packit |
40b132 |
testParam=`eval 'echo $'${type}Param`
|
|
Packit |
40b132 |
testDescription=`eval 'echo $'${type}Descr`
|
|
Packit |
40b132 |
testProto=`eval 'echo $'${type}Proto`
|
|
Packit |
40b132 |
testPort=`eval 'echo $'${type}Port`
|
|
Packit |
40b132 |
testResponder=`eval 'echo $'${type}ResponderCert`
|
|
Packit |
40b132 |
testValidCertNames=`eval 'echo $'${type}ValidCertNames`
|
|
Packit |
40b132 |
testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
|
|
Packit |
40b132 |
testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# The funtion checks status of a cert using ocspclnt.
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# dbDir - nss cert db location
|
|
Packit |
40b132 |
# cert - cert in question
|
|
Packit |
40b132 |
# respUrl - responder url is available
|
|
Packit |
40b132 |
# defRespCert - trusted responder cert
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Return values:
|
|
Packit |
40b132 |
# 0 - test passed, 1 - otherwise.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
ocsp_get_cert_status() {
|
|
Packit |
40b132 |
dbDir=$1
|
|
Packit |
40b132 |
cert=$2
|
|
Packit |
40b132 |
respUrl=$3
|
|
Packit |
40b132 |
defRespCert=$4
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "$respUrl" -o -n "$defRespCert" ]; then
|
|
Packit |
40b132 |
if [ -z "$respUrl" -o -z "$defRespCert" ]; then
|
|
Packit |
40b132 |
html_failed "Incorrect test params"
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
clntParam="-l $respUrl -t $defRespCert"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
outFile=$dbDir/ocsptest.out.$$
|
|
Packit |
40b132 |
echo "ocspclnt -d $dbDir -S $cert $clntParam"
|
|
Packit |
40b132 |
${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
|
|
Packit |
40b132 |
ret=$?
|
|
Packit |
40b132 |
echo "ocspclnt output:"
|
|
Packit |
40b132 |
cat $outFile
|
|
Packit |
40b132 |
[ -z "`grep succeeded $outFile`" ] && ret=1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
rm -f $outFile
|
|
Packit |
40b132 |
return $ret
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
OCSP_ATTR="-d $dbDir -S $cert $clntParam"
|
|
Packit |
40b132 |
${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# The funtion checks status of a cert using ocspclnt.
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# testType - type of the test based on type of used responder
|
|
Packit |
40b132 |
# servName - FQDM of the responder server
|
|
Packit |
40b132 |
# dbDir - nss cert db location
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# No return value
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
ocsp_iopr() {
|
|
Packit |
40b132 |
testType=$1
|
|
Packit |
40b132 |
servName=$2
|
|
Packit |
40b132 |
dbDir=$3
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
setTestParam $testType
|
|
Packit |
40b132 |
if [ "`echo $testParam | grep NOCOV`" != "" ]; then
|
|
Packit |
40b132 |
echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
|
|
Packit |
40b132 |
"run by server configuration"
|
|
Packit |
40b132 |
return 0
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
html_head "OCSP testing with responder at $IOPR_HOSTADDR.
" \
|
|
Packit |
40b132 |
"Test Type: $testDescription"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "$testResponder" ]; then
|
|
Packit |
40b132 |
responderUrl="$testProto://$servName:$testPort"
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
responderUrl=""
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
for certName in $testValidCertNames; do
|
|
Packit |
40b132 |
ocsp_get_cert_status $dbDir $certName "$responderUrl" \
|
|
Packit |
40b132 |
"$testResponder"
|
|
Packit |
40b132 |
html_msg $? 0 "Getting status of a valid cert ($certName)" \
|
|
Packit |
40b132 |
"produced a returncode of $ret, expected is 0."
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
for certName in $testRevokedCertNames; do
|
|
Packit |
40b132 |
ocsp_get_cert_status $dbDir $certName "$responderUrl" \
|
|
Packit |
40b132 |
"$testResponder"
|
|
Packit |
40b132 |
html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
|
|
Packit |
40b132 |
"produced a returncode of $ret, expected is 1."
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
for certName in $testStatUnknownCertNames; do
|
|
Packit |
40b132 |
ocsp_get_cert_status $dbDir $certName "$responderUrl" \
|
|
Packit |
40b132 |
"$testResponder"
|
|
Packit |
40b132 |
html_msg $? 1 "Getting status of a cert with unknown status " \
|
|
Packit |
40b132 |
"($certName) produced a returncode of $ret, expected is 1."
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
for certName in $testValidCertNames $testRevokedCertNames \
|
|
Packit |
40b132 |
$testStatUnknownCertName; do
|
|
Packit |
40b132 |
ocsp_get_cert_status $dbDir $certName "$responderUrl" \
|
|
Packit |
40b132 |
"$testResponder"
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#####################################################################
|
|
Packit |
40b132 |
# Initial point for running ocsp test againt multiple hosts involved in
|
|
Packit |
40b132 |
# interoperability testing. Called from nss/tests/ocsp/ocsp.sh
|
|
Packit |
40b132 |
# It will only proceed with test run for a specific host if environment variable
|
|
Packit |
40b132 |
# IOPR_HOSTADDR_LIST was set, had the host name in the list
|
|
Packit |
40b132 |
# and all needed file were successfully downloaded and installed for the host.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Returns 1 if interoperability testing is off, 0 otherwise.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
ocsp_iopr_run() {
|
|
Packit |
40b132 |
NO_ECC_CERTS=1 # disable ECC for interoperability tests
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$IOPR" -ne 1 ]; then
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
cd ${CLIENTDIR}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
html_head "Memory leak checking - IOPR"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
num=1
|
|
Packit |
40b132 |
IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
|
|
Packit |
40b132 |
while [ "$IOPR_HOST_PARAM" ]; do
|
|
Packit |
40b132 |
IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
|
|
Packit |
40b132 |
IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
|
|
Packit |
40b132 |
[ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
. ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
|
|
Packit |
40b132 |
RES=$?
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
num=`expr $num + 1`
|
|
Packit |
40b132 |
IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
|
|
Packit |
40b132 |
continue
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Check what server is configured to run ssl tests
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
[ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
# Testing directories defined by webserver.
|
|
Packit |
40b132 |
if [ -n "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
LOGNAME=iopr-${IOPR_HOSTADDR}
|
|
Packit |
40b132 |
LOGFILE=${LOGDIR}/${LOGNAME}.log
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
# Testing directories defined by webserver.
|
|
Packit |
40b132 |
echo "Testing ocsp interoperability.
|
|
Packit |
40b132 |
Client: local(tstclnt).
|
|
Packit |
40b132 |
Responder: remote($IOPR_HOSTADDR)"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
for ocspTestType in ${supportedTests_new}; do
|
|
Packit |
40b132 |
if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
|
|
Packit |
40b132 |
continue
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
if [ -n "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
|
|
Packit |
40b132 |
${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
|
|
Packit |
40b132 |
${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
log_parse
|
|
Packit |
40b132 |
ret=$?
|
|
Packit |
40b132 |
html_msg ${ret} 0 "${LOGNAME}" \
|
|
Packit |
40b132 |
"produced a returncode of $ret, expected is 0"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo "================================================"
|
|
Packit |
40b132 |
echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "${MEMLEAK_DBG}" ]; then
|
|
Packit |
40b132 |
html "
"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
NO_ECC_CERTS=0
|
|
Packit |
40b132 |
return 0
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|