tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ocsp_iopr.sh (7600B)

      1 #! /bin/bash
      2 #
      3 # This Source Code Form is subject to the terms of the Mozilla Public
      4 # License, v. 2.0. If a copy of the MPL was not distributed with this
      5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      6 
      7 ########################################################################
      8 #
      9 # mozilla/security/nss/tests/iopr/ocsp_iopr.sh
     10 #
     11 # NSS SSL interoperability QA. This file is included from ssl.sh
     12 #
     13 # needs to work on all Unix and Windows platforms
     14 #
     15 # special strings
     16 # ---------------
     17 #   FIXME ... known problems, search for this string
     18 #   NOTE .... unexpected behavior
     19 ########################################################################
     20 IOPR_OCSP_SOURCED=1
     21 
     22 ########################################################################
     23 # The funtion works with variables defined in interoperability 
     24 # configuration file that gets downloaded from a webserver.
     25 # The function sets test parameters defind for a particular type
     26 # of testing.
     27 #
     28 # No return value
     29 #
     30 setTestParam() {
     31    type=$1
     32    testParam=`eval 'echo $'${type}Param`
     33    testDescription=`eval 'echo $'${type}Descr`
     34    testProto=`eval 'echo $'${type}Proto`
     35    testPort=`eval 'echo $'${type}Port`
     36    testResponder=`eval 'echo $'${type}ResponderCert`
     37    testValidCertNames=`eval 'echo $'${type}ValidCertNames`
     38    testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
     39    testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
     40 }
     41 
     42 ########################################################################
     43 # The funtion checks status of a cert using ocspclnt.
     44 # Params:
     45 #    dbDir - nss cert db location
     46 #    cert - cert in question
     47 #    respUrl - responder url is available 
     48 #    defRespCert - trusted responder cert
     49 #
     50 # Return values:
     51 #    0 - test passed, 1 - otherwise.
     52 #
     53 ocsp_get_cert_status() {
     54    dbDir=$1
     55    cert=$2
     56    respUrl=$3
     57    defRespCert=$4
     58    
     59    if [ -n "$respUrl" -o -n "$defRespCert" ]; then
     60        if [ -z "$respUrl" -o -z "$defRespCert" ]; then
     61            html_failed "Incorrect test params" 
     62            return 1
     63        fi
     64        clntParam="-l $respUrl -t $defRespCert"
     65    fi
     66 
     67    if [ -z "${MEMLEAK_DBG}" ]; then
     68        outFile=$dbDir/ocsptest.out.$$
     69        echo "ocspclnt -d $dbDir -S $cert $clntParam"
     70        ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
     71        ret=$?
     72        echo "ocspclnt output:"
     73        cat $outFile
     74        [ -z "`grep succeeded $outFile`" ] && ret=1
     75    
     76        rm -f $outFile
     77        return $ret
     78    fi
     79 
     80    OCSP_ATTR="-d $dbDir -S $cert $clntParam"
     81    ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
     82 }
     83 
     84 ########################################################################
     85 # The funtion checks status of a cert using ocspclnt.
     86 # Params:
     87 #    testType - type of the test based on type of used responder
     88 #    servName - FQDM of the responder server
     89 #    dbDir - nss cert db location
     90 #
     91 # No return value
     92 #
     93 ocsp_iopr() {
     94    testType=$1
     95    servName=$2
     96    dbDir=$3
     97 
     98    setTestParam $testType
     99    if [ "`echo $testParam | grep NOCOV`" != "" ]; then
    100        echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
    101            "run by server configuration"
    102        return 0
    103    fi
    104    
    105    if [ -z "${MEMLEAK_DBG}" ]; then
    106        html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
    107            "Test Type: $testDescription"
    108    fi
    109 
    110    if [ -n "$testResponder" ]; then
    111        responderUrl="$testProto://$servName:$testPort"
    112    else
    113        responderUrl=""
    114    fi
    115 
    116    if [ -z "${MEMLEAK_DBG}" ]; then
    117        for certName in $testValidCertNames; do
    118            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
    119                "$testResponder"
    120            html_msg $? 0 "Getting status of a valid cert ($certName)" \
    121                "produced a returncode of $ret, expected is 0."
    122        done
    123 
    124        for certName in $testRevokedCertNames; do
    125            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
    126                "$testResponder"
    127            html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
    128                "produced a returncode of $ret, expected is 1." 
    129        done
    130 
    131        for certName in $testStatUnknownCertNames; do
    132            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
    133                "$testResponder"
    134            html_msg $? 1 "Getting status of a cert with unknown status " \
    135                        "($certName) produced a returncode of $ret, expected is 1."
    136        done
    137    else
    138        for certName in $testValidCertNames $testRevokedCertNames \
    139            $testStatUnknownCertName; do
    140            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
    141                "$testResponder" 
    142        done
    143    fi
    144 }
    145  
    146 #####################################################################
    147 # Initial point for running ocsp test againt multiple hosts involved in
    148 # interoperability testing. Called from nss/tests/ocsp/ocsp.sh
    149 # It will only proceed with test run for a specific host if environment variable 
    150 # IOPR_HOSTADDR_LIST was set, had the host name in the list
    151 # and all needed file were successfully downloaded and installed for the host.
    152 #
    153 # Returns 1 if interoperability testing is off, 0 otherwise. 
    154 #
    155 ocsp_iopr_run() {
    156    NO_ECC_CERTS=1 # disable ECC for interoperability tests
    157 
    158    if [ "$IOPR" -ne 1 ]; then
    159        return 1
    160    fi
    161    cd ${CLIENTDIR}
    162 
    163    if [ -n "${MEMLEAK_DBG}" ]; then
    164        html_head "Memory leak checking - IOPR"
    165    fi
    166 
    167    num=1
    168    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
    169    while [ "$IOPR_HOST_PARAM" ]; do
    170        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
    171        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
    172        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
    173        
    174        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
    175        RES=$?
    176        
    177        num=`expr $num + 1`
    178        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
    179 
    180        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
    181            continue
    182        fi
    183        
    184        #=======================================================
    185        # Check what server is configured to run ssl tests
    186        #
    187        [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
    188 
    189        # Testing directories defined by webserver.
    190        if [ -n "${MEMLEAK_DBG}" ]; then
    191            LOGNAME=iopr-${IOPR_HOSTADDR}
    192            LOGFILE=${LOGDIR}/${LOGNAME}.log
    193        fi
    194       
    195        # Testing directories defined by webserver.
    196        echo "Testing ocsp interoperability.
    197                Client: local(tstclnt).
    198                Responder: remote($IOPR_HOSTADDR)"
    199 
    200        for ocspTestType in ${supportedTests_new}; do
    201            if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
    202                continue
    203            fi
    204            if [ -n "${MEMLEAK_DBG}" ]; then
    205                ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
    206                    ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
    207            else
    208                ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
    209                    ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
    210            fi
    211        done
    212 
    213        if [ -n "${MEMLEAK_DBG}" ]; then
    214            log_parse
    215            ret=$?
    216            html_msg ${ret} 0 "${LOGNAME}" \
    217                "produced a returncode of $ret, expected is 0"
    218        fi
    219 
    220        echo "================================================"
    221        echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
    222    done
    223 
    224    if [ -n "${MEMLEAK_DBG}" ]; then
    225        html "</TABLE><BR>"
    226    fi
    227 
    228    NO_ECC_CERTS=0
    229    return 0
    230 }