PageRenderTime 96ms CodeModel.GetById 17ms app.highlight 69ms RepoModel.GetById 1ms app.codeStats 1ms

/security/nss/tests/cert/cert.sh

http://github.com/zpao/v8monkey
Shell | 1509 lines | 1133 code | 155 blank | 221 comment | 125 complexity | 340be479f3f40930c01bddd082a68a62 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1#! /bin/bash
   2#
   3# ***** BEGIN LICENSE BLOCK *****
   4# Version: MPL 1.1/GPL 2.0/LGPL 2.1
   5#
   6# The contents of this file are subject to the Mozilla Public License Version
   7# 1.1 (the "License"); you may not use this file except in compliance with
   8# the License. You may obtain a copy of the License at
   9# http://www.mozilla.org/MPL/
  10#
  11# Software distributed under the License is distributed on an "AS IS" basis,
  12# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  13# for the specific language governing rights and limitations under the
  14# License.
  15#
  16# The Original Code is the Netscape security libraries.
  17#
  18# The Initial Developer of the Original Code is
  19# Netscape Communications Corporation.
  20# Portions created by the Initial Developer are Copyright (C) 1994-2009
  21# the Initial Developer. All Rights Reserved.
  22#
  23# Contributor(s):
  24#   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
  25#   Slavomir Katuscak <slavomir.katuscak@sun.com>, Sun Microsystems
  26#
  27# Alternatively, the contents of this file may be used under the terms of
  28# either the GNU General Public License Version 2 or later (the "GPL"), or
  29# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  30# in which case the provisions of the GPL or the LGPL are applicable instead
  31# of those above. If you wish to allow use of your version of this file only
  32# under the terms of either the GPL or the LGPL, and not to allow others to
  33# use your version of this file under the terms of the MPL, indicate your
  34# decision by deleting the provisions above and replace them with the notice
  35# and other provisions required by the GPL or the LGPL. If you do not delete
  36# the provisions above, a recipient may use your version of this file under
  37# the terms of any one of the MPL, the GPL or the LGPL.
  38#
  39# ***** END LICENSE BLOCK *****
  40
  41########################################################################
  42#
  43# mozilla/security/nss/tests/cert/rcert.sh
  44#
  45# Certificate generating and handeling for NSS QA, can be included 
  46# multiple times from all.sh and the individual scripts
  47#
  48# needs to work on all Unix and Windows platforms
  49#
  50# included from (don't expect this to be up to date)
  51# --------------------------------------------------
  52#   all.sh
  53#   ssl.sh
  54#   smime.sh
  55#   tools.sh
  56#
  57# special strings
  58# ---------------
  59#   FIXME ... known problems, search for this string
  60#   NOTE .... unexpected behavior
  61#
  62# FIXME - Netscape - NSS
  63########################################################################
  64
  65############################## cert_init ###############################
  66# local shell function to initialize this script
  67########################################################################
  68cert_init()
  69{
  70  SCRIPTNAME="cert.sh"
  71  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
  72      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
  73  fi
  74  if [ -z "${INIT_SOURCED}" ] ; then
  75      cd ../common
  76      . ./init.sh
  77  fi
  78  if [ -z "${IOPR_CERT_SOURCED}" ]; then
  79       . ../iopr/cert_iopr.sh
  80  fi
  81  SCRIPTNAME="cert.sh"
  82  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
  83  if [ -n "$NSS_ENABLE_ECC" ] ; then
  84      html_head "Certutil and Crlutil Tests with ECC"
  85  else
  86      html_head "Certutil and Crlutil Tests"
  87  fi
  88
  89  LIBDIR="${DIST}/${OBJDIR}/lib"
  90
  91  ROOTCERTSFILE=`ls -1 ${LIBDIR}/*nssckbi* | head -1`
  92  if [ ! "${ROOTCERTSFILE}" ] ; then
  93      html_failed "Looking for root certs module." 
  94      cert_log "ERROR: Root certs module not found."
  95      Exit 5 "Fatal - Root certs module not found."
  96  else
  97      html_passed "Looking for root certs module."
  98  fi
  99
 100  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
 101	ROOTCERTSFILE=`cygpath -m ${ROOTCERTSFILE}`
 102  fi
 103}
 104
 105cert_log() ######################    write the cert_status file
 106{
 107    echo "$SCRIPTNAME $*"
 108    echo $* >>${CERT_LOG_FILE}
 109}
 110
 111################################ certu #################################
 112# local shell function to call certutil, also: writes action and options to
 113# stdout, sets variable RET and writes results to the html file results
 114########################################################################
 115certu()
 116{
 117    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
 118    EXPECTED=${RETEXPECTED-0}
 119
 120    if [ -n "${CU_SUBJECT}" ]; then
 121        #the subject of the cert contains blanks, and the shell 
 122        #will strip the quotes off the string, if called otherwise...
 123        echo "certutil -s \"${CU_SUBJECT}\" $*"
 124        ${PROFTOOL} ${BINDIR}/certutil -s "${CU_SUBJECT}" $*
 125        RET=$?
 126        CU_SUBJECT=""
 127    else
 128        echo "certutil $*"
 129        ${PROFTOOL} ${BINDIR}/certutil $*
 130        RET=$?
 131    fi
 132    if [ "$RET" -ne "$EXPECTED" ]; then
 133        CERTFAILED=$RET
 134        html_failed "${CU_ACTION} ($RET=$EXPECTED) " 
 135        cert_log "ERROR: ${CU_ACTION} failed $RET"
 136    else
 137        html_passed "${CU_ACTION}"
 138    fi
 139
 140    return $RET
 141}
 142
 143################################ crlu #################################
 144# local shell function to call crlutil, also: writes action and options to
 145# stdout, sets variable RET and writes results to the html file results
 146########################################################################
 147crlu()
 148{
 149    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
 150    
 151    CRLUTIL="crlutil -q"
 152    echo "$CRLUTIL $*"
 153    ${PROFTOOL} ${BINDIR}/$CRLUTIL $*
 154    RET=$?
 155    if [ "$RET" -ne 0 ]; then
 156        CRLFAILED=$RET
 157        html_failed "${CU_ACTION} ($RET) " 
 158        cert_log "ERROR: ${CU_ACTION} failed $RET"
 159    else
 160        html_passed "${CU_ACTION}"
 161    fi
 162
 163    return $RET
 164}
 165
 166modu()
 167{
 168    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
 169
 170    MODUTIL="modutil"
 171    echo "$MODUTIL $*"
 172    # echo is used to press Enter expected by modutil
 173    echo | ${BINDIR}/$MODUTIL $*
 174    RET=$?
 175    if [ "$RET" -ne 0 ]; then
 176        MODFAILED=$RET
 177        html_failed "${CU_ACTION} ($RET) " 
 178        cert_log "ERROR: ${CU_ACTION} failed $RET"
 179    else
 180        html_passed "${CU_ACTION}"
 181    fi
 182
 183    return $RET
 184}
 185
 186############################# cert_init_cert ##########################
 187# local shell function to initialize creation of client and server certs
 188########################################################################
 189cert_init_cert()
 190{
 191    CERTDIR="$1"
 192    CERTNAME="$2"
 193    CERTSERIAL="$3"
 194    DOMAIN="$4"
 195
 196    if [ ! -d "${CERTDIR}" ]; then
 197        mkdir -p "${CERTDIR}"
 198    else
 199        echo "$SCRIPTNAME: WARNING - ${CERTDIR} exists"
 200    fi
 201    cd "${CERTDIR}"
 202    CERTDIR="."
 203
 204    PROFILEDIR=`cd ${CERTDIR}; pwd`
 205    if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
 206        PROFILEDIR=`cygpath -m ${PROFILEDIR}`
 207    fi
 208    if [ -n "${MULTIACCESS_DBM}" ]; then
 209	PROFILEDIR="multiaccess:${DOMAIN}"
 210    fi
 211
 212    noise
 213}
 214
 215############################# hw_acc #################################
 216# local shell function to add hw accelerator modules to the db
 217########################################################################
 218hw_acc()
 219{
 220    HW_ACC_RET=0
 221    HW_ACC_ERR=""
 222    if [ -n "$O_HWACC" -a "$O_HWACC" = ON -a -z "$USE_64" ] ; then
 223        echo "creating $CERTNAME s cert with hwaccelerator..."
 224        #case $ACCELERATOR in
 225        #rainbow)
 226
 227        echo "modutil -add rainbow -libfile /usr/lib/libcryptoki22.so "
 228        echo "         -dbdir ${PROFILEDIR} 2>&1 "
 229        echo | ${BINDIR}/modutil -add rainbow -libfile /usr/lib/libcryptoki22.so \
 230            -dbdir ${PROFILEDIR} 2>&1 
 231        if [ "$?" -ne 0 ]; then
 232            echo "modutil -add rainbow failed in `pwd`"
 233            HW_ACC_RET=1
 234            HW_ACC_ERR="modutil -add rainbow"
 235        fi
 236    
 237        echo "modutil -add ncipher "
 238        echo "         -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so "
 239        echo "         -dbdir ${PROFILEDIR} 2>&1 "
 240        echo | ${BINDIR}/modutil -add ncipher \
 241            -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so \
 242            -dbdir ${PROFILEDIR} 2>&1 
 243        if [ "$?" -ne 0 ]; then
 244            echo "modutil -add ncipher failed in `pwd`"
 245            HW_ACC_RET=`expr $HW_ACC_RET + 2`
 246            HW_ACC_ERR="$HW_ACC_ERR,modutil -add ncipher"
 247        fi
 248        if [ "$HW_ACC_RET" -ne 0 ]; then
 249            html_failed "Adding HW accelerators to certDB for ${CERTNAME} ($HW_ACC_RET) " 
 250        else
 251            html_passed "Adding HW accelerators to certDB for ${CERTNAME}"
 252        fi
 253
 254    fi
 255    return $HW_ACC_RET
 256}
 257
 258############################# cert_create_cert #########################
 259# local shell function to create client certs 
 260#     initialize DB, import
 261#     root cert
 262#     add cert to DB
 263########################################################################
 264cert_create_cert()
 265{
 266    cert_init_cert "$1" "$2" "$3" "$4"
 267
 268    CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
 269    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
 270    if [ "$RET" -ne 0 ]; then
 271        return $RET
 272    fi
 273
 274    CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB"
 275    modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1   
 276    if [ "$RET" -ne 0 ]; then
 277        return $RET
 278    fi
 279
 280    hw_acc
 281
 282    CU_ACTION="Import Root CA for $CERTNAME"
 283    certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 284          -i "${R_CADIR}/TestCA.ca.cert" 2>&1
 285    if [ "$RET" -ne 0 ]; then
 286        return $RET
 287    fi
 288
 289    if [ -n "$NSS_ENABLE_ECC" ] ; then
 290	CU_ACTION="Import EC Root CA for $CERTNAME"
 291	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
 292	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
 293	if [ "$RET" -ne 0 ]; then
 294            return $RET
 295	fi
 296    fi
 297
 298    cert_add_cert "$5"
 299    return $?
 300}
 301
 302############################# cert_add_cert ############################
 303# local shell function to add client certs to an existing CERT DB
 304#     generate request
 305#     sign request
 306#     import Cert
 307#
 308########################################################################
 309cert_add_cert()
 310{
 311    CU_ACTION="Generate Cert Request for $CERTNAME"
 312    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 313    certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
 314    if [ "$RET" -ne 0 ]; then
 315        return $RET
 316    fi
 317
 318    CU_ACTION="Sign ${CERTNAME}'s Request"
 319    certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
 320          -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
 321    if [ "$RET" -ne 0 ]; then
 322        return $RET
 323    fi
 324
 325    CU_ACTION="Import $CERTNAME's Cert"
 326    certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 327          -i "${CERTNAME}.cert" 2>&1
 328    if [ "$RET" -ne 0 ]; then
 329        return $RET
 330    fi
 331
 332    cert_log "SUCCESS: $CERTNAME's Cert Created"
 333
 334#
 335#   Generate and add EC cert
 336#
 337    if [ -n "$NSS_ENABLE_ECC" ] ; then
 338	CURVE="secp384r1"
 339	CU_ACTION="Generate EC Cert Request for $CERTNAME"
 340	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 341	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 342	    -z "${R_NOISE_FILE}" -o req  2>&1
 343	if [ "$RET" -ne 0 ]; then
 344            return $RET
 345	fi
 346
 347	CU_ACTION="Sign ${CERTNAME}'s EC Request"
 348	certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
 349            -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
 350	if [ "$RET" -ne 0 ]; then
 351            return $RET
 352	fi
 353
 354	CU_ACTION="Import $CERTNAME's EC Cert"
 355	certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 356	    -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 357	if [ "$RET" -ne 0 ]; then
 358            return $RET
 359	fi
 360	cert_log "SUCCESS: $CERTNAME's EC Cert Created"
 361
 362#    Generate EC certificate signed with RSA
 363	CU_ACTION="Generate mixed EC Cert Request for $CERTNAME"
 364	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 365	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 366	    -z "${R_NOISE_FILE}" -o req  2>&1
 367	if [ "$RET" -ne 0 ]; then
 368            return $RET
 369	fi
 370
 371	CU_ACTION="Sign ${CERTNAME}'s EC Request with RSA"
 372# Avoid conflicting serial numbers with TestCA issuer by keeping
 373# this set far away. A smaller number risks colliding with the
 374# extended ssl user certificates.
 375	NEWSERIAL=`expr ${CERTSERIAL} + 10000`
 376        certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \
 377            -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" "$1" 2>&1
 378	if [ "$RET" -ne 0 ]; then
 379            return $RET
 380	fi
 381
 382	CU_ACTION="Import $CERTNAME's mixed EC Cert"
 383	certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
 384	    -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
 385	if [ "$RET" -ne 0 ]; then
 386            return $RET
 387	fi
 388	cert_log "SUCCESS: $CERTNAME's mixed EC Cert Created"
 389    fi
 390
 391    return 0
 392}
 393
 394################################# cert_all_CA ################################
 395# local shell function to build the additional Temp. Certificate Authority (CA)
 396# used for the "real life" ssl test with 2 different CA's in the
 397# client and in the server's dir
 398##########################################################################
 399cert_all_CA()
 400{
 401    echo nss > ${PWFILE}
 402
 403    ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 404    cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
 405
 406    ALL_CU_SUBJECT="CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 407    cert_CA $SERVER_CADIR serverCA -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
 408    ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 409    cert_CA $SERVER_CADIR chain-1-serverCA "-c serverCA" "u,u,u" ${D_SERVER_CA} "3"
 410    ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
 411    cert_CA $SERVER_CADIR chain-2-serverCA "-c chain-1-serverCA" "u,u,u" ${D_SERVER_CA} "4"
 412
 413
 414
 415    ALL_CU_SUBJECT="CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 416    cert_CA $CLIENT_CADIR clientCA -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
 417    ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 418    cert_CA $CLIENT_CADIR chain-1-clientCA "-c clientCA" "u,u,u" ${D_CLIENT_CA} "6"
 419    ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 420    cert_CA $CLIENT_CADIR chain-2-clientCA "-c chain-1-clientCA" "u,u,u" ${D_CLIENT_CA} "7"
 421
 422    rm $CLIENT_CADIR/root.cert $SERVER_CADIR/root.cert
 423
 424    # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 425    # in the chain
 426
 427    if [ -n "$NSS_ENABLE_ECC" ] ; then
 428#
 429#       Create EC version of TestCA
 430	CA_CURVE="secp521r1"
 431	ALL_CU_SUBJECT="CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 432	cert_ec_CA $CADIR TestCA-ec -x "CTu,CTu,CTu" ${D_CA} "1" ${CA_CURVE}
 433#
 434#       Create EC versions of the intermediate CA certs
 435	ALL_CU_SUBJECT="CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 436	cert_ec_CA $SERVER_CADIR serverCA-ec -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" ${CA_CURVE}
 437	ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 438	cert_ec_CA $SERVER_CADIR chain-1-serverCA-ec "-c serverCA-ec" "u,u,u" ${D_SERVER_CA} "3" ${CA_CURVE}
 439	ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
 440	cert_ec_CA $SERVER_CADIR chain-2-serverCA-ec "-c chain-1-serverCA-ec" "u,u,u" ${D_SERVER_CA} "4" ${CA_CURVE}
 441
 442	ALL_CU_SUBJECT="CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 443	cert_ec_CA $CLIENT_CADIR clientCA-ec -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" ${CA_CURVE}
 444	ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 445	cert_ec_CA $CLIENT_CADIR chain-1-clientCA-ec "-c clientCA-ec" "u,u,u" ${D_CLIENT_CA} "6" ${CA_CURVE}
 446	ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
 447	cert_ec_CA $CLIENT_CADIR chain-2-clientCA-ec "-c chain-1-clientCA-ec" "u,u,u" ${D_CLIENT_CA} "7" ${CA_CURVE}
 448
 449	rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
 450#	ecroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
 451#	in the chain
 452
 453    fi
 454}
 455
 456################################# cert_CA ################################
 457# local shell function to build the Temp. Certificate Authority (CA)
 458# used for testing purposes, creating  a CA Certificate and a root cert
 459##########################################################################
 460cert_CA()
 461{
 462  CUR_CADIR=$1
 463  NICKNAME=$2
 464  SIGNER=$3
 465  TRUSTARG=$4
 466  DOMAIN=$5
 467  CERTSERIAL=$6
 468
 469  echo "$SCRIPTNAME: Creating a CA Certificate $NICKNAME =========================="
 470
 471  if [ ! -d "${CUR_CADIR}" ]; then
 472      mkdir -p "${CUR_CADIR}"
 473  fi
 474  cd ${CUR_CADIR}
 475  pwd
 476
 477  LPROFILE=`pwd`
 478  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
 479     LPROFILE=`cygpath -m ${LPROFILE}`
 480  fi
 481  if [ -n "${MULTIACCESS_DBM}" ]; then
 482	LPROFILE="multiaccess:${DOMAIN}"
 483  fi
 484
 485  if [ "$SIGNER" = "-x" ] ; then # self signed -> create DB
 486      CU_ACTION="Creating CA Cert DB"
 487      certu -N -d "${LPROFILE}" -f ${R_PWFILE} 2>&1
 488      if [ "$RET" -ne 0 ]; then
 489          Exit 5 "Fatal - failed to create CA $NICKNAME "
 490      fi
 491
 492      CU_ACTION="Loading root cert module to CA Cert DB"
 493      modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${LPROFILE}" 2>&1   
 494      if [ "$RET" -ne 0 ]; then
 495          return $RET
 496      fi
 497
 498      echo "$SCRIPTNAME: Certificate initialized ----------"
 499  fi
 500
 501
 502  ################# Creating CA Cert ######################################
 503  #
 504  CU_ACTION="Creating CA Cert $NICKNAME "
 505  CU_SUBJECT=$ALL_CU_SUBJECT
 506  certu -S -n $NICKNAME -t $TRUSTARG -v 600 $SIGNER -d ${LPROFILE} -1 -2 -5 \
 507        -f ${R_PWFILE} -z ${R_NOISE_FILE} -m $CERTSERIAL 2>&1 <<CERTSCRIPT
 5085
 5096
 5109
 511n
 512y
 513-1
 514n
 5155
 5166
 5177
 5189
 519n
 520CERTSCRIPT
 521
 522  if [ "$RET" -ne 0 ]; then
 523      echo "return value is $RET"
 524      Exit 6 "Fatal - failed to create CA cert"
 525  fi
 526
 527  ################# Exporting Root Cert ###################################
 528  #
 529  CU_ACTION="Exporting Root Cert"
 530  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o root.cert 
 531  if [ "$RET" -ne 0 ]; then
 532      Exit 7 "Fatal - failed to export root cert"
 533  fi
 534  cp root.cert ${NICKNAME}.ca.cert
 535}
 536
 537################################ cert_ec_CA ##############################
 538# local shell function to build the Temp. Certificate Authority (CA)
 539# used for testing purposes, creating  a CA Certificate and a root cert
 540# This is the ECC version of cert_CA.
 541##########################################################################
 542cert_ec_CA()
 543{
 544  CUR_CADIR=$1
 545  NICKNAME=$2
 546  SIGNER=$3
 547  TRUSTARG=$4
 548  DOMAIN=$5
 549  CERTSERIAL=$6
 550  CURVE=$7
 551
 552  echo "$SCRIPTNAME: Creating an EC CA Certificate $NICKNAME =========================="
 553
 554  if [ ! -d "${CUR_CADIR}" ]; then
 555      mkdir -p "${CUR_CADIR}"
 556  fi
 557  cd ${CUR_CADIR}
 558  pwd
 559
 560  LPROFILE=.
 561  if [ -n "${MULTIACCESS_DBM}" ]; then
 562	LPROFILE="multiaccess:${DOMAIN}"
 563  fi
 564
 565  ################# Creating an EC CA Cert ################################
 566  #
 567  CU_ACTION="Creating EC CA Cert $NICKNAME "
 568  CU_SUBJECT=$ALL_CU_SUBJECT
 569  certu -S -n $NICKNAME -k ec -q $CURVE -t $TRUSTARG -v 600 $SIGNER \
 570    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
 571    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
 5725
 5736
 5749
 575n
 576y
 577-1
 578n
 5795
 5806
 5817
 5829
 583n
 584CERTSCRIPT
 585
 586  if [ "$RET" -ne 0 ]; then
 587      echo "return value is $RET"
 588      Exit 6 "Fatal - failed to create EC CA cert"
 589  fi
 590
 591  ################# Exporting EC Root Cert ################################
 592  #
 593  CU_ACTION="Exporting EC Root Cert"
 594  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o ecroot.cert 
 595  if [ "$RET" -ne 0 ]; then
 596      Exit 7 "Fatal - failed to export ec root cert"
 597  fi
 598  cp ecroot.cert ${NICKNAME}.ca.cert
 599}
 600
 601############################## cert_smime_client #############################
 602# local shell function to create client Certificates for S/MIME tests 
 603##############################################################################
 604cert_smime_client()
 605{
 606  CERTFAILED=0
 607  echo "$SCRIPTNAME: Creating Client CA Issued Certificates =============="
 608
 609  cert_create_cert ${ALICEDIR} "Alice" 30 ${D_ALICE}
 610  cert_create_cert ${BOBDIR} "Bob" 40  ${D_BOB}
 611
 612  echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
 613  cert_create_cert "${DAVEDIR}" Dave 50 ${D_DAVE}
 614
 615## XXX With this new script merging ECC and non-ECC tests, the
 616## call to cert_create_cert ends up creating two separate certs
 617## one for Eve and another for Eve-ec but they both end up with
 618## the same Subject Alt Name Extension, i.e., both the cert for
 619## Eve@bogus.com and the cert for Eve-ec@bogus.com end up 
 620## listing eve@bogus.net in the Certificate Subject Alt Name extension. 
 621## This can cause a problem later when cmsutil attempts to create
 622## enveloped data and accidently picks up the ECC cert (NSS currently
 623## does not support ECC for enveloped data creation). This script
 624## avoids the problem by ensuring that these conflicting certs are
 625## never added to the same cert database (see comment marked XXXX).
 626  echo "$SCRIPTNAME: Creating multiEmail's Certificate --------------------"
 627  cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@bogus.net,eve@bogus.cc,beve@bogus.com"
 628
 629  #echo "************* Copying CA files to ${SERVERDIR}"
 630  #cp ${CADIR}/*.db .
 631  #hw_acc
 632
 633  #########################################################################
 634  #
 635  #cd ${CERTDIR}
 636  #CU_ACTION="Creating ${CERTNAME}'s Server Cert"
 637  #CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
 638  #certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" \
 639  #	-d ${PROFILEDIR} -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
 640
 641  #CU_ACTION="Export Dave's Cert"
 642  #cd ${DAVEDIR}
 643  #certu -L -n "Dave" -r -d ${P_R_DAVE} -o Dave.cert
 644
 645  ################# Importing Certificates for S/MIME tests ###############
 646  #
 647  echo "$SCRIPTNAME: Importing Certificates =============================="
 648  CU_ACTION="Import Bob's cert into Alice's db"
 649  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 650        -i ${R_BOBDIR}/Bob.cert 2>&1
 651
 652  CU_ACTION="Import Dave's cert into Alice's DB"
 653  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 654        -i ${R_DAVEDIR}/Dave.cert 2>&1
 655
 656  CU_ACTION="Import Dave's cert into Bob's DB"
 657  certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 658        -i ${R_DAVEDIR}/Dave.cert 2>&1
 659
 660  CU_ACTION="Import Eve's cert into Alice's DB"
 661  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 662        -i ${R_EVEDIR}/Eve.cert 2>&1
 663
 664  CU_ACTION="Import Eve's cert into Bob's DB"
 665  certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 666        -i ${R_EVEDIR}/Eve.cert 2>&1
 667
 668  if [ -n "$NSS_ENABLE_ECC" ] ; then
 669      echo "$SCRIPTNAME: Importing EC Certificates =============================="
 670      CU_ACTION="Import Bob's EC cert into Alice's db"
 671      certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 672          -i ${R_BOBDIR}/Bob-ec.cert 2>&1
 673
 674      CU_ACTION="Import Dave's EC cert into Alice's DB"
 675      certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 676          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
 677
 678      CU_ACTION="Import Dave's EC cert into Bob's DB"
 679      certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 680          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
 681
 682## XXXX Do not import Eve's EC cert until we can make sure that
 683## the email addresses listed in the Subject Alt Name Extension 
 684## inside Eve's ECC and non-ECC certs are different.
 685#     CU_ACTION="Import Eve's EC cert into Alice's DB"
 686#     certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
 687#         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
 688
 689#     CU_ACTION="Import Eve's EC cert into Bob's DB"
 690#     certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
 691#         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
 692  fi
 693
 694  if [ "$CERTFAILED" != 0 ] ; then
 695      cert_log "ERROR: SMIME failed $RET"
 696  else
 697      cert_log "SUCCESS: SMIME passed"
 698  fi
 699}
 700
 701############################## cert_extended_ssl #######################
 702# local shell function to create client + server certs for extended SSL test
 703########################################################################
 704cert_extended_ssl()
 705{
 706
 707  ################# Creating Certs for extended SSL test ####################
 708  #
 709  CERTFAILED=0
 710  echo "$SCRIPTNAME: Creating Certificates, issued by the last ==============="
 711  echo "     of a chain of CA's which are not in the same database============"
 712
 713  echo "Server Cert"
 714  cert_init_cert ${EXT_SERVERDIR} "${HOSTADDR}" 1 ${D_EXT_SERVER}
 715
 716  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
 717  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
 718
 719  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
 720  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
 721
 722  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
 723  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 724  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
 725
 726  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
 727  cp ${CERTDIR}/req ${SERVER_CADIR}
 728  certu -C -c "chain-2-serverCA" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
 729        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
 730
 731  CU_ACTION="Import $CERTNAME's Cert  -t u,u,u (ext)"
 732  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 733        -i "${CERTNAME}.cert" 2>&1
 734
 735  CU_ACTION="Import Client Root CA -t T,, for $CERTNAME (ext.)"
 736  certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 737          -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
 738
 739  if [ -n "$NSS_ENABLE_ECC" ] ; then
 740#
 741#     Repeat the above for EC certs
 742#
 743      EC_CURVE="secp256r1"
 744      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
 745      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 746      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 747	  -z "${R_NOISE_FILE}" -o req 2>&1
 748
 749      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
 750      cp ${CERTDIR}/req ${SERVER_CADIR}
 751      certu -C -c "chain-2-serverCA-ec" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
 752          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
 753
 754      CU_ACTION="Import $CERTNAME's EC Cert  -t u,u,u (ext)"
 755      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 756	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 757
 758      CU_ACTION="Import Client EC Root CA -t T,, for $CERTNAME (ext.)"
 759      certu -A -n "clientCA-ec" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 760          -i "${CLIENT_CADIR}/clientCA-ec.ca.cert" 2>&1
 761#
 762#     done with EC certs
 763#
 764#     Repeat again for mixed EC certs
 765#
 766      EC_CURVE="secp256r1"
 767      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
 768      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 769      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 770	  -z "${R_NOISE_FILE}" -o req 2>&1
 771
 772      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
 773      cp ${CERTDIR}/req ${SERVER_CADIR}
 774      certu -C -c "chain-2-serverCA" -m 201 -v 60 -d "${P_SERVER_CADIR}" \
 775          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
 776
 777      CU_ACTION="Import $CERTNAME's mixed EC Cert  -t u,u,u (ext)"
 778      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
 779	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
 780
 781#      CU_ACTION="Import Client mixed EC Root CA -t T,, for $CERTNAME (ext.)"
 782#      certu -A -n "clientCA-ecmixed" -t "T,," -f "${R_PWFILE}" \
 783#	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-ecmixed.ca.cert" \
 784#	  2>&1
 785  fi
 786
 787  echo "Importing all the server's own CA chain into the servers DB"
 788  for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
 789  do
 790      N=`basename $CA | sed -e "s/.ca.cert//"`
 791      if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then
 792          T="-t C,C,C"
 793      else
 794          T="-t u,u,u"
 795      fi
 796      CU_ACTION="Import $N CA $T for $CERTNAME (ext.) "
 797      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 798          -i "${CA}" 2>&1
 799  done
 800#============
 801  echo "Client Cert"
 802  cert_init_cert ${EXT_CLIENTDIR} ExtendedSSLUser 1 ${D_EXT_CLIENT}
 803
 804  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
 805  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
 806
 807  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
 808  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
 809
 810  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
 811  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 812  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" \
 813      -o req 2>&1
 814
 815  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
 816  cp ${CERTDIR}/req ${CLIENT_CADIR}
 817  certu -C -c "chain-2-clientCA" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
 818        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
 819
 820  CU_ACTION="Import $CERTNAME's Cert -t u,u,u (ext)"
 821  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
 822        -i "${CERTNAME}.cert" 2>&1
 823  CU_ACTION="Import Server Root CA -t C,C,C for $CERTNAME (ext.)"
 824  certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 825          -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
 826
 827  if [ -n "$NSS_ENABLE_ECC" ] ; then
 828#
 829#     Repeat the above for EC certs
 830#
 831      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
 832      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 833      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 834	  -z "${R_NOISE_FILE}" -o req 2>&1
 835
 836      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
 837      cp ${CERTDIR}/req ${CLIENT_CADIR}
 838      certu -C -c "chain-2-clientCA-ec" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
 839          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
 840
 841      CU_ACTION="Import $CERTNAME's EC Cert -t u,u,u (ext)"
 842      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
 843	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
 844
 845      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
 846      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
 847	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
 848#
 849# done with EC certs
 850#
 851#
 852#     Repeat the above for mixed EC certs
 853#
 854      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
 855      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
 856      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
 857	  -z "${R_NOISE_FILE}" -o req 2>&1
 858
 859      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
 860      cp ${CERTDIR}/req ${CLIENT_CADIR}
 861      certu -C -c "chain-2-clientCA" -m 301 -v 60 -d "${P_CLIENT_CADIR}" \
 862          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
 863
 864      CU_ACTION="Import $CERTNAME's mixed EC Cert -t u,u,u (ext)"
 865      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
 866	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
 867
 868#      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
 869#      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
 870#	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
 871#
 872# done with mixed EC certs
 873#
 874  fi
 875
 876  echo "Importing all the client's own CA chain into the servers DB"
 877  for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
 878  do
 879      N=`basename $CA | sed -e "s/.ca.cert//"`
 880      if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then
 881          T="-t T,C,C"
 882      else
 883          T="-t u,u,u"
 884      fi
 885      CU_ACTION="Import $N CA $T for $CERTNAME (ext.)"
 886      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
 887          -i "${CA}" 2>&1
 888  done
 889  if [ "$CERTFAILED" != 0 ] ; then
 890      cert_log "ERROR: EXT failed $RET"
 891  else
 892      cert_log "SUCCESS: EXT passed"
 893  fi
 894}
 895
 896############################## cert_ssl ################################
 897# local shell function to create client + server certs for SSL test
 898########################################################################
 899cert_ssl()
 900{
 901  ################# Creating Certs for SSL test ###########################
 902  #
 903  CERTFAILED=0
 904  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
 905  cert_create_cert ${CLIENTDIR} "TestUser" 70 ${D_CLIENT}
 906
 907  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
 908  echo "             ${HOSTADDR} ------------------------------------"
 909  cert_create_cert ${SERVERDIR} "${HOSTADDR}" 100 ${D_SERVER}
 910  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
 911  echo "             ${HOSTADDR}-sni --------------------------------"
 912  CERTSERIAL=101
 913  CERTNAME="${HOST}-sni${sniCertCount}.${DOMSUF}"
 914  cert_add_cert 
 915  CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
 916  certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
 917  if [ -n "$NSS_ENABLE_ECC" ] ; then
 918      CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
 919      certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
 920  fi
 921#  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
 922#  echo "************* Copying CA files to ${SERVERDIR}"
 923#  cp ${CADIR}/*.db .
 924#  hw_acc
 925#  CU_ACTION="Creating ${CERTNAME}'s Server Cert"
 926#  CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
 927#  certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d ${PROFILEDIR} \
 928#	 -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
 929
 930  if [ "$CERTFAILED" != 0 ] ; then
 931      cert_log "ERROR: SSL failed $RET"
 932  else
 933      cert_log "SUCCESS: SSL passed"
 934  fi
 935}
 936############################## cert_stresscerts ################################
 937# local shell function to create client certs for SSL stresstest
 938########################################################################
 939cert_stresscerts()
 940{
 941
 942  ############### Creating Certs for SSL stress test #######################
 943  #
 944  CERTDIR="$CLIENTDIR"
 945  cd "${CERTDIR}"
 946
 947  PROFILEDIR=`cd ${CERTDIR}; pwd`
 948  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
 949     PROFILEDIR=`cygpath -m ${PROFILEDIR}`
 950  fi  
 951  if [ -n "${MULTIACCESS_DBM}" ]; then
 952     PROFILEDIR="multiaccess:${D_CLIENT}"
 953  fi
 954  CERTFAILED=0
 955  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
 956
 957  CONTINUE=$GLOB_MAX_CERT
 958  CERTSERIAL=10
 959
 960  while [ $CONTINUE -ge $GLOB_MIN_CERT ]
 961  do
 962      CERTNAME="TestUser$CONTINUE"
 963#      cert_add_cert ${CLIENTDIR} "TestUser$CONTINUE" $CERTSERIAL
 964      cert_add_cert 
 965      CERTSERIAL=`expr $CERTSERIAL + 1 `
 966      CONTINUE=`expr $CONTINUE - 1 `
 967  done
 968  if [ "$CERTFAILED" != 0 ] ; then
 969      cert_log "ERROR: StressCert failed $RET"
 970  else
 971      cert_log "SUCCESS: StressCert passed"
 972  fi
 973}
 974
 975############################## cert_fips #####################################
 976# local shell function to create certificates for FIPS tests 
 977##############################################################################
 978cert_fips()
 979{
 980  CERTFAILED=0
 981  echo "$SCRIPTNAME: Creating FIPS 140 DSA Certificates =============="
 982  cert_init_cert "${FIPSDIR}" "FIPS PUB 140 Test Certificate" 1000 "${D_FIPS}"
 983
 984  CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
 985  certu -N -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" 2>&1
 986
 987  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
 988  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
 989
 990  echo "$SCRIPTNAME: Enable FIPS mode on database -----------------------"
 991  CU_ACTION="Enable FIPS mode on database for ${CERTNAME}"
 992  echo "modutil -dbdir ${PROFILEDIR} -fips true "
 993  ${BINDIR}/modutil -dbdir ${PROFILEDIR} -fips true 2>&1 <<MODSCRIPT
 994y
 995MODSCRIPT
 996  RET=$?
 997  if [ "$RET" -ne 0 ]; then
 998    html_failed "${CU_ACTION} ($RET) " 
 999    cert_log "ERROR: ${CU_ACTION} failed $RET"
1000  else
1001    html_passed "${CU_ACTION}"
1002  fi
1003
1004  CU_ACTION="Generate Certificate for ${CERTNAME}"
1005  CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US"
1006  certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1
1007  if [ "$RET" -eq 0 ]; then
1008    cert_log "SUCCESS: FIPS passed"
1009  fi
1010}
1011
1012############################## cert_eccurves ###########################
1013# local shell function to create server certs for all EC curves
1014########################################################################
1015cert_eccurves()
1016{
1017  ################# Creating Certs for EC curves test ########################
1018  #
1019  if [ -n "$NSS_ENABLE_ECC" ] ; then
1020    echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
1021    echo "             EC Curves Test Certificates ------------------------------------"
1022
1023    cert_init_cert "${ECCURVES_DIR}" "EC Curves Test Certificates" 1 ${D_ECCURVES}
1024
1025    CU_ACTION="Initializing EC Curve's Cert DB"
1026    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
1027
1028    CU_ACTION="Loading root cert module to EC Curve's Cert DB"
1029    modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
1030
1031    CU_ACTION="Import EC Root CA for $CERTNAME"
1032    certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
1033        -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
1034
1035    if [ -n "${NSS_ECC_MORE_THAN_SUITE_B}" ] ; then
1036      CURVE_LIST="c2pnb163v1 c2pnb163v2 c2pnb163v3 c2pnb176v1 \
1037	c2pnb208w1 c2pnb272w1 c2pnb304w1 c2pnb368w1 \
1038	c2tnb191v1 c2tnb191v2 c2tnb191v3 c2tnb239v1 \
1039	c2tnb239v2 c2tnb239v3 c2tnb359v1 c2tnb431r1 \
1040	nistb163 nistb233 nistb283 nistb409 nistb571 \
1041	nistk163 nistk233 nistk283 nistk409 nistk571 \
1042	nistp192 nistp224 nistp256 nistp384 nistp521 \
1043	prime192v1 prime192v2 prime192v3 \
1044	prime239v1 prime239v2 prime239v3 \
1045	secp112r1 secp112r2 secp128r1 secp128r2 secp160k1 \
1046	secp160r1 secp160r2 secp192k1 secp192r1 secp224k1 \
1047	secp224r1 secp256k1 secp256r1 secp384r1 secp521r1 \
1048	sect113r1 sect113r2 sect131r1 sect131r2 sect163k1 sect163r1 \
1049	sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 \
1050	sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1"
1051    else
1052      CURVE_LIST="nistp256 nistp384 nistp521"
1053    fi
1054    CERTSERIAL=2000
1055
1056    for CURVE in ${CURVE_LIST}
1057    do
1058	CERTFAILED=0
1059	CERTNAME="Curve-${CURVE}"
1060	CERTSERIAL=`expr $CERTSERIAL + 1 `
1061	CU_ACTION="Generate EC Cert Request for $CERTNAME"
1062	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
1063	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
1064		-z "${R_NOISE_FILE}" -o req  2>&1
1065	
1066	if [ $RET -eq 0 ] ; then
1067	  CU_ACTION="Sign ${CERTNAME}'s EC Request"
1068	  certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
1069		-i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
1070	fi
1071	
1072	if [ $RET -eq 0 ] ; then
1073	  CU_ACTION="Import $CERTNAME's EC Cert"
1074	  certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
1075		-f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
1076	fi
1077    done
1078
1079  fi # if NSS_ENABLE_ECC=1
1080}
1081
1082########################### cert_extensions_test #############################
1083# local shell function to test cert extensions generation
1084##############################################################################
1085cert_extensions_test()
1086{
1087    COUNT=`expr ${COUNT} + 1`
1088    CERTNAME=TestExt${COUNT}
1089    CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
1090
1091    echo
1092    echo certutil -d ${CERT_EXTENSIONS_DIR} -S -n ${CERTNAME} \
1093        -t "u,u,u" -o /tmp/cert -s "${CU_SUBJECT}" -x -f ${R_PWFILE} \
1094        -z "${R_NOISE_FILE}" -${OPT} \< ${TARG_FILE}
1095    echo "certutil options:"
1096    cat ${TARG_FILE}
1097    ${BINDIR}/certutil -d ${CERT_EXTENSIONS_DIR} -S -n ${CERTNAME} \
1098        -t "u,u,u" -o /tmp/cert -s "${CU_SUBJECT}" -x -f ${R_PWFILE} \
1099        -z "${R_NOISE_FILE}" -${OPT} < ${TARG_FILE}
1100    RET=$?
1101    if [ "${RET}" -ne 0 ]; then
1102        CERTFAILED=1
1103        html_failed "${TESTNAME} (${COUNT}) - Create and Add Certificate" 
1104        cert_log "ERROR: ${TESTNAME} - Create and Add Certificate failed" 
1105        return 1
1106    fi
1107
1108    echo certutil -d ${CERT_EXTENSIONS_DIR} -L -n ${CERTNAME} 
1109    EXTLIST=`${BINDIR}/certutil -d ${CERT_EXTENSIONS_DIR} -L -n ${CERTNAME}`
1110    RET=$?
1111    echo "${EXTLIST}"
1112    if [ "${RET}" -ne 0 ]; then
1113        CERTFAILED=1
1114        html_failed "${TESTNAME} (${COUNT}) - List Certificate" 
1115        cert_log "ERROR: ${TESTNAME} - List Certificate failed" 
1116        return 1
1117    fi
1118
1119    for FL in `echo ${FILTERLIST} | tr \| ' '`; do
1120        FL="`echo ${FL} | tr _ ' '`"
1121        EXPSTAT=0
1122        if [ X`echo "${FL}" | cut -c 1` = 'X!' ]; then
1123            EXPSTAT=1
1124            FL=`echo ${FL} | tr -d '!'`
1125        fi
1126        echo "${EXTLIST}" | grep "${FL}" >/dev/null 2>&1
1127        RET=$?
1128        if [ "${RET}" -ne "${EXPSTAT}" ]; then
1129            CERTFAILED=1
1130            html_failed "${TESTNAME} (${COUNT}) - Looking for ${FL}" "returned ${RET}, expected is ${EXPSTAT}" 
1131            cert_log "ERROR: ${TESTNAME} - Looking for ${FL} failed"
1132            return 1
1133        fi
1134    done
1135
1136    html_passed "${TESTNAME} (${COUNT})"
1137    return 0
1138}
1139
1140############################## cert_extensions ###############################
1141# local shell function to run cert extensions tests
1142##############################################################################
1143cert_extensions()
1144{
1145    CERTNAME=TestExt
1146    cert_create_cert ${CERT_EXTENSIONS_DIR} ${CERTNAME} 90 ${D_CERT_EXTENSTIONS}
1147    TARG_FILE=${CERT_EXTENSIONS_DIR}/test.args
1148
1149    COUNT=0
1150    while read ARG OPT FILTERLIST; do
1151        if [ X"`echo ${ARG} | cut -c 1`" = "X#" ]; then
1152            continue
1153        fi
1154        if [ X"`echo ${ARG} | cut -c 1`" = "X!" ]; then
1155            TESTNAME="${FILTERLIST}"
1156            continue
1157        fi
1158        if [ X"${ARG}" = "X=" ]; then
1159            cert_extensions_test
1160            rm -f ${TARG_FILE}
1161        else
1162            echo ${ARG} >> ${TARG_FILE}
1163        fi
1164    done < ${QADIR}/cert/certext.txt
1165}
1166
1167############################## cert_crl_ssl ############################
1168# local shell function to generate certs and crls for SSL tests
1169########################################################################
1170cert_crl_ssl()
1171{
1172    
1173  ################# Creating Certs ###################################
1174  #
1175  CERTFAILED=0
1176  CERTSERIAL=${CRL_GRP_1_BEGIN}
1177
1178  cd $CADIR
1179  
1180  PROFILEDIR=`cd ${CLIENTDIR}; pwd`
1181  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
1182     PROFILEDIR=`cygpath -m ${PROFILEDIR}`
1183  fi
1184  CRL_GRPS_END=`expr ${CRL_GRP_1_BEGIN} + ${TOTAL_CRL_RANGE} - 1`
1185  echo "$SCRIPTNAME: Creating Client CA Issued Certificates Range $CRL_GRP_1_BEGIN - $CRL_GRPS_END ==="
1186  CU_ACTION="Creating client test certs"
1187
1188  while [ $CERTSERIAL -le $CRL_GRPS_END ]
1189  do
1190      CERTNAME="TestUser$CERTSERIAL"
1191      cert_add_cert 
1192      CERTSERIAL=`expr $CERTSERIAL + 1 `
1193  done
1194
1195  #################### CRL Creation ##############################
1196  CRL_GEN_RES=0
1197  echo "$SCRIPTNAME: Creating CA CRL ====================================="
1198
1199  CRL_GRP_END=`expr ${CRL_GRP_1_BEGIN} + ${CRL_GRP_1_RANGE} - 1`
1200  CRL_FILE_GRP_1=${R_SERVERDIR}/root.crl_${CRL_GRP_1_BEGIN}-${CRL_GRP_END}
1201  CRL_FILE=${CRL_FILE_GRP_1}
1202  
1203  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
1204  CU_ACTION="Generating CRL for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA authority"
1205  CRL_GRP_END_=`expr ${CRL_GRP_END} - 1`
1206  crlu -d $CADIR -G -n "TestCA" -f ${R_PWFILE} \
1207      -o ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
1208update=$CRLUPDATE
1209addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
1210addext reasonCode 0 4
1211addext issuerAltNames 0 "rfc822Name:caemail@ca.com|dnsName:ca.com|directoryName:CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca.com|ipAddress:192.168.0.1|registerID=reg CA"
1212EOF_CRLINI
1213# This extension should be added to the list, but currently nss has bug
1214#addext authKeyId 0 "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" 1
1215  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1216  chmod 600 ${CRL_FILE_GRP_1}_or
1217
1218  if [ -n "$NSS_ENABLE_ECC" ] ; then
1219      CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
1220
1221#     Until Bug 292285 is resolved, do not encode x400 Addresses. After
1222#     the bug is resolved, reintroduce "x400Address:x400Address" within
1223#     addext issuerAltNames ...
1224      crlu -q -d $CADIR -G -n "TestCA-ec" -f ${R_PWFILE} \
1225	  -o ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
1226update=$CRLUPDATE
1227addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
1228addext reasonCode 0 4
1229addext issuerAltNames 0 "rfc822Name:ca-ecemail@ca.com|dnsName:ca-ec.com|directoryName:CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-ec.com|ipAddress:192.168.0.1|registerID=reg CA (ECC)"
1230EOF_CRLINI
1231      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1232      chmod 600 ${CRL_FILE_GRP_1}_or-ec
1233  fi
1234
1235  echo test > file
1236  ############################# Modification ##################################
1237
1238  echo "$SCRIPTNAME: Modifying CA CRL by adding one more cert ============"
1239  sleep 2
1240  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
1241  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
1242  CU_ACTION="Modify CRL by adding one more cert"
1243  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1 \
1244      -i ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
1245update=$CRLUPDATE
1246addcert ${CRL_GRP_END} $CRL_GRP_DATE
1247EOF_CRLINI
1248  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1249  chmod 600 ${CRL_FILE_GRP_1}_or1
1250  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
1251  if [ -n "$NSS_ENABLE_ECC" ] ; then
1252      CU_ACTION="Modify CRL (ECC) by adding one more cert"
1253      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
1254	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
1255update=$CRLUPDATE
1256addcert ${CRL_GRP_END} $CRL_GRP_DATE
1257EOF_CRLINI
1258      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1259      chmod 600 ${CRL_FILE_GRP_1}_or1-ec
1260      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-ec"
1261  fi
1262
1263  ########### Removing one cert ${UNREVOKED_CERT_GRP_1} #######################
1264  echo "$SCRIPTNAME: Modifying CA CRL by removing one cert ==============="
1265  CU_ACTION="Modify CRL by removing one cert"
1266  sleep 2
1267  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
1268  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
1269      -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
1270update=$CRLUPDATE
1271rmcert  ${UNREVOKED_CERT_GRP_1}
1272EOF_CRLINI
1273  chmod 600 ${CRL_FILE_GRP_1}
1274  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
1275  if [ -n "$NSS_ENABLE_ECC" ] ; then
1276      CU_ACTION="Modify CRL (ECC) by removing one cert"
1277      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
1278	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
1279update=$CRLUPDATE
1280rmcert  ${UNREVOKED_CERT_GRP_1}
1281EOF_CRLINI
1282      chmod 600 ${CRL_FILE_GRP_1}-ec
1283      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-ec"
1284  fi
1285
1286  ########### Creating second CRL which includes groups 1 and 2 ##############
1287  CRL_GRP_END=`expr ${CRL_GRP_2_BEGIN} + ${CRL_GRP_2_RANGE} - 1`
1288  CRL_FILE_GRP_2=${R_SERVERDIR}/root.crl_${CRL_GRP_2_BEGIN}-${CRL_GRP_END}
1289
1290  echo "$SCRIPTNAME: Creating CA CRL for groups 1 and 2  ==============="
1291  sleep 2
1292  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
1293  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
1294  CU_ACTION="Creating CRL for groups 1 and 2"
1295  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2} \
1296          -i ${CRL_FILE_GRP_1} <<EOF_CRLINI
1297update=$CRLUPDATE
1298addcert ${CRL_GRP_2_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
1299addext invalidityDate 0 $CRLUPDATE
1300rmcert  ${UNREVOKED_CERT_GRP_2}
1301EOF_CRLINI
1302  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1303  chmod 600 ${CRL_FILE_GRP_2}
1304  if [ -n "$NSS_ENABLE_ECC" ] ; then
1305      CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
1306      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
1307          -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
1308update=$CRLUPDATE
1309addcert ${CRL_GRP_2_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
1310addext invalidityDate 0 $CRLUPDATE
1311rmcert  ${UNREVOKED_CERT_GRP_2}
1312EOF_CRLINI
1313      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1314      chmod 600 ${CRL_FILE_GRP_2}-ec
1315  fi
1316
1317  ########### Creating second CRL which includes groups 1, 2 and 3 ##############
1318  CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
1319  CRL_FILE_GRP_3=${R_SERVERDIR}/root.crl_${CRL_GRP_3_BEGIN}-${CRL_GRP_END}
1320
1321
1322
1323  echo "$SCRIPTNAME: Creating CA CRL for groups 1, 2 and 3  ==============="
1324  sleep 2
1325  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
1326  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
1327  CU_ACTION="Creating CRL for groups 1, 2 and 3"
1328  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3} \
1329            -i ${CRL_FILE_GRP_2} <<EOF_CRLINI
1330update=$CRLUPDATE
1331addcert ${CRL_GRP_3_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
1332rmcert  ${UNREVOKED_CERT_GRP_3}
1333addext crlNumber 0 2
1334EOF_CRLINI
1335  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1336  chmod 600 ${CRL_FILE_GRP_3}
1337  if [ -n "$NSS_ENABLE_ECC" ] ; then
1338      CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
1339      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
1340          -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
1341update=$CRLUPDATE
1342addcert ${CRL_GRP_3_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
1343rmcert  ${UNREVOKED_CERT_GRP_3}
1344addext crlNumber 0 2
1345EOF_CRLINI
1346      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1347      chmod 600 ${CRL_FILE_GRP_3}-ec
1348  fi
1349
1350  ############ Importing Server CA Issued CRL for certs of first group #######
1351
1352  echo "$SCRIPTNAME: Importing Server CA Issued CRL for certs ${CRL_GRP_BEGIN} trough ${CRL_GRP_END}"
1353  CU_ACTION="Importing CRL for groups 1"
1354  crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
1355  crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
1356  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1357  if [ -n "$NSS_ENABLE_ECC" ] ; then
1358      CU_ACTION="Importing CRL (ECC) for groups 1"
1359      crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
1360      crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
1361	  -d "${R_SERVERDIR}"
1362      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
1363  fi
1364
1365  if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
1366      cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
1367  else
1368      cert_log "SUCCESS: SSL CRL prep passed"
1369  fi
1370}
1371
1372######…

Large files files are truncated, but you can click here to view the full file