PageRenderTime 29ms CodeModel.GetById 11ms app.highlight 12ms RepoModel.GetById 1ms app.codeStats 1ms

/security/nss/tests/iopr/cert_iopr.sh

http://github.com/zpao/v8monkey
Shell | 437 lines | 278 code | 37 blank | 122 comment | 22 complexity | 512c41061a1c87223b410f2c3251bd30 MD5 | raw file
  1#! /bin/bash
  2#
  3# ***** BEGIN LICENSE BLOCK *****
  4# Version: MPL 1.1/GPL 2.0/LGPL 2.1
  5#
  6# The contents of this file are subject to the Mozilla Public License Version
  7# 1.1 (the "License"); you may not use this file except in compliance with
  8# the License. You may obtain a copy of the License at
  9# http://www.mozilla.org/MPL/
 10#
 11# Software distributed under the License is distributed on an "AS IS" basis,
 12# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 13# for the specific language governing rights and limitations under the
 14# License.
 15#
 16# The Original Code is the Netscape security libraries.
 17#
 18# The Initial Developer of the Original Code is
 19# Netscape Communications Corporation.
 20# Portions created by the Initial Developer are Copyright (C) 1994-2009
 21# the Initial Developer. All Rights Reserved.
 22#
 23# Contributors:
 24#
 25# Alternatively, the contents of this file may be used under the terms of
 26# either the GNU General Public License Version 2 or later (the "GPL"), or
 27# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 28# in which case the provisions of the GPL or the LGPL are applicable instead
 29# of those above. If you wish to allow use of your version of this file only
 30# under the terms of either the GPL or the LGPL, and not to allow others to
 31# use your version of this file under the terms of the MPL, indicate your
 32# decision by deleting the provisions above and replace them with the notice
 33# and other provisions required by the GPL or the LGPL. If you do not delete
 34# the provisions above, a recipient may use your version of this file under
 35# the terms of any one of the MPL, the GPL or the LGPL.
 36#
 37# ***** END LICENSE BLOCK *****
 38
 39########################################################################
 40#
 41# mozilla/security/nss/tests/iopr/cert_iopr.sh
 42#
 43# Certificate generating and handeling for NSS interoperability QA. This file
 44# is included from cert.sh
 45#
 46# needs to work on all Unix and Windows platforms
 47#
 48# special strings
 49# ---------------
 50#   FIXME ... known problems, search for this string
 51#   NOTE .... unexpected behavior
 52########################################################################
 53
 54IOPR_CERT_SOURCED=1
 55
 56########################################################################
 57# function wraps calls to pk12util, also: writes action and options
 58# to stdout. 
 59# Params are the same as to pk12util.
 60# Returns pk12util status
 61#
 62pk12u()
 63{
 64    echo "${CU_ACTION} --------------------------"
 65
 66    echo "pk12util $@"
 67    ${BINDIR}/pk12util $@
 68    RET=$?
 69
 70    return $RET
 71}
 72
 73########################################################################
 74# Initializes nss db directory and files if they don't exists
 75# Params:
 76#      $1 - directory location
 77#
 78createDBDir() {
 79    trgDir=$1
 80
 81    if [ -z "`ls $trgDir | grep db`" ]; then
 82        trgDir=`cd ${trgDir}; pwd`
 83        if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
 84			trgDir=`cygpath -m ${trgDir}`
 85        fi
 86
 87        CU_ACTION="Initializing DB at ${trgDir}"
 88        certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
 89        if [ "$RET" -ne 0 ]; then
 90            return $RET
 91        fi
 92
 93        CU_ACTION="Loading root cert module to Cert DB at ${trgDir}"
 94        modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${trgDir}" 2>&1
 95        if [ "$RET" -ne 0 ]; then
 96            return $RET
 97        fi
 98    fi
 99}
100########################################################################
101# takes care of downloading config, cert and crl files from remote
102# location. 
103# Params:
104#      $1 - name of the host file will be downloaded from
105#      $2 - path to the file as it appeared in url
106#      $3 - target directory the file will be saved at.
107# Returns tstclnt status.
108#
109download_file() {
110    host=$1
111    filePath=$2
112    trgDir=$3
113
114    file=$trgDir/`basename $filePath`
115
116    createDBDir $trgDir || return $RET
117
118#    echo wget -O $file http://${host}${filePath}
119#    wget -O $file http://${host}${filePath}
120#    ret=$?
121
122    req=$file.$$
123    echo "GET $filePath HTTP/1.0" > $req
124    echo >> $req
125
126    echo ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
127        -v -w ${R_PWFILE} -o 
128    ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
129        -v -w ${R_PWFILE} -o < $req > $file
130    ret=$?
131    rm -f $_tmp;
132    return $ret
133}
134
135########################################################################
136# Uses pk12util, certutil of cerlutil to import files to an nss db located
137# at <dir>(the value of $1 parameter). Chooses a utility to use based on
138# a file extension. Initializing a db if it does not exists.
139# Params:
140#      $1 - db location directory
141#      $2 - file name to import
142#      $3 - nick name an object in the file will be associated with
143#      $4 - trust arguments 
144# Returns status of import
145#      
146importFile() {
147    dir=$1\
148    file=$2
149    certName=$3
150    certTrust=$4
151
152    [ ! -d $dir ] && mkdir -p $dir;
153
154    createDBDir $dir || return $RET
155            
156    case `basename $file | sed 's/^.*\.//'` in
157        p12)
158            CU_ACTION="Importing p12 $file to DB at $dir"
159            pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
160            [ $? -ne 0 ] && return 1
161            CU_ACTION="Modifying trust for cert $certName at $dir"
162            certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
163            return $?
164            ;;
165        
166        crl) 
167            CU_ACTION="Importing crl $file to DB at $dir"
168            crlu -d ${dir} -I -n TestCA -i $file
169            return $?
170            ;;
171
172        crt | cert)
173            CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
174            certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
175                -i "$file"
176            return $?
177            ;;
178
179        *)
180            echo "Unknown file extension: $file:"
181            return 1
182            ;;
183    esac
184}
185
186
187#########################################################################
188# Downloads and installs test certs and crl from a remote webserver.
189# Generates server cert for reverse testing if reverse test run is turned on.
190# Params:
191#      $1 - host name to download files from.
192#      $2 - directory at which CA cert will be installed and used for
193#           signing a server cert.
194#      $3 - path to a config file in webserver context.
195#      $4 - ssl server db location
196#      $5 - ssl client db location
197#      $5 - ocsp client db location
198#
199# Returns 0 upon success, otherwise, failed command error code.
200#
201download_install_certs() {
202    host=$1
203    caDir=$2
204    confPath=$3
205    sslServerDir=$4
206    sslClientDir=$5
207    ocspClientDir=$6
208
209    [ ! -d "$caDir" ] && mkdir -p $caDir;
210
211    #=======================================================
212    # Getting config file
213    #
214    download_file $host "$confPath/iopr_server.cfg" $caDir
215    RET=$?
216    if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
217        html_failed "Fail to download website config file(ws: $host)" 
218        return 1
219    fi
220
221    . $caDir/iopr_server.cfg
222    RET=$?
223    if [ $RET -ne 0 ]; then
224        html_failed "Fail to source config file(ws: $host)" 
225        return $RET
226    fi
227
228    #=======================================================
229    # Getting CA file
230    #
231
232    #----------------- !!!WARNING!!! -----------------------
233    # Do NOT copy this scenario. CA should never accompany its
234    # cert with the private key when deliver cert to a customer.
235    #----------------- !!!WARNING!!! -----------------------
236
237    download_file $host $certDir/$caCertName.p12 $caDir
238    RET=$?
239    if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
240        html_failed "Fail to download $caCertName cert(ws: $host)" 
241        return 1
242    fi
243    tmpFiles="$caDir/$caCertName.p12"
244
245    importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
246    RET=$?
247    if [ $RET -ne 0 ]; then
248        html_failed "Fail to import $caCertName cert to CA DB(ws: $host)" 
249        return $RET
250    fi
251
252    CU_ACTION="Exporting Root CA cert(ws: $host)"
253    certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert 
254    if [ "$RET" -ne 0 ]; then
255        Exit 7 "Fatal - failed to export $caCertName cert"
256    fi
257
258    #=======================================================
259    # Check what tests we want to run
260    #
261    doSslTests=0; doOcspTests=0
262    # XXX remove "_new" from variables below
263    [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
264    [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
265
266    if [ $doSslTests -eq 1 ]; then
267        if [ "$reverseRunCGIScript" ]; then
268            [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
269            #=======================================================
270            # Import CA cert to server DB
271            #
272            importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
273                        "TC,C,C"
274            RET=$?
275            if [ $RET -ne 0 ]; then
276                html_failed "Fail to import server-client-CA cert to \
277                             server DB(ws: $host)" 
278                return $RET
279            fi
280            
281            #=======================================================
282            # Creating server cert
283            #
284            CERTNAME=$HOSTADDR
285            
286            CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
287            CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
288                        L=Mountain View, ST=California, C=US"
289            certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
290                -o $sslServerDir/req 2>&1
291            tmpFiles="$tmpFiles $sslServerDir/req"
292
293            # NOTE:
294            # For possible time synchronization problems (bug 444308) we generate
295            # certificates valid also some time in past (-w -1)
296
297            CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
298            certu -C -c "$caCertName" -m `date +"%s"` -v 60 -w -1 \
299                -d "${caDir}" \
300                -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
301                -f "${R_PWFILE}" 2>&1
302            
303            importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
304            RET=$?
305            if [ $RET -ne 0 ]; then
306                html_failed "Fail to import $CERTNAME cert to server\
307                             DB(ws: $host)" 
308                return $RET
309            fi
310            tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
311            
312            #=======================================================
313            # Download and import CA crl to server DB
314            #
315            download_file $host "$certDir/$caCrlName.crl" $sslServerDir
316            RET=$?
317            if [ $? -ne 0 ]; then
318                html_failed "Fail to download $caCertName crl\
319                             (ws: $host)" 
320                return $RET
321            fi
322            tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
323            
324            importFile $sslServerDir $sslServerDir/TestCA.crl
325            RET=$?
326            if [ $RET -ne 0 ]; then
327                html_failed "Fail to import TestCA crt to server\
328                             DB(ws: $host)" 
329                return $RET
330            fi
331        fi # if [ "$reverseRunCGIScript" ]
332        
333        [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
334        #=======================================================
335        # Import CA cert to ssl client DB
336        #
337        importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
338                   "TC,C,C"
339        RET=$?
340        if [ $RET -ne 0 ]; then
341            html_failed "Fail to import server-client-CA cert to \
342                         server DB(ws: $host)" 
343            return $RET
344        fi
345    fi
346
347    if [ $doOcspTests -eq 1 ]; then
348        [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
349        #=======================================================
350        # Import CA cert to ocsp client DB
351        #
352        importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
353                   "TC,C,C"
354        RET=$?
355        if [ $RET -ne 0 ]; then
356            html_failed "Fail to import server-client-CA cert to \
357                         server DB(ws: $host)" 
358            return $RET
359        fi
360    fi
361
362    #=======================================================
363    # Import client certs to client DB
364    #
365    for fileName in $downloadFiles; do
366        certName=`echo $fileName | sed 's/\..*//'`
367
368        if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
369            clientDir=$ocspClientDir
370        elif [ $doSslTests -eq 1 ]; then
371            clientDir=$sslClientDir
372        else
373            continue
374        fi
375
376        download_file $host "$certDir/$fileName" $clientDir
377        RET=$?
378        if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
379            html_failed "Fail to download $certName cert(ws: $host)" 
380            return $RET
381        fi
382        tmpFiles="$tmpFiles $clientDir/$fileName"
383        
384        importFile $clientDir $clientDir/$fileName $certName ",,"
385        RET=$?
386        if [ $RET -ne 0 ]; then
387            html_failed "Fail to import $certName cert to client DB\
388                        (ws: $host)" 
389            return $RET
390        fi
391    done
392
393    rm -f $tmpFiles
394
395    return 0
396}
397
398
399#########################################################################
400# Initial point for downloading config, cert, crl files for multiple hosts
401# involved in interoperability testing. Called from nss/tests/cert/cert.sh
402# It will only proceed with downloading if environment variable 
403# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
404#
405# Returns 1 if interoperability testing is off, 0 otherwise. 
406#
407cert_iopr_setup() {
408
409    if [ "$IOPR" -ne 1 ]; then
410        return 1
411    fi
412    num=1
413    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
414    while [ "$IOPR_HOST_PARAM" ]; do
415        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
416        IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
417        [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
418        IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
419        [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
420        
421        echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
422              $IOPR_CONF_PATH"
423        
424        download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
425            ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
426            ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
427            ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
428        if [ $? -ne 0 ]; then
429            echo "wsFlags=\"NOIOPR $wsParam\"" >> \
430                ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
431        fi
432        num=`expr $num + 1`
433        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
434    done
435    
436    return 0
437}