tor-browser

merge.sh (9959B)

---

#! /bin/bash  
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

########################################################################
#
# mozilla/security/nss/tests/merge/merge.sh
#
# Script to test NSS merge
#
# needs to work on all Unix and Windows platforms
#
# special strings
# ---------------
#   FIXME ... known problems, search for this string
#   NOTE .... unexpected behavior
#
########################################################################

############################## merge_init ##############################
# local shell function to initialize this script
########################################################################
merge_init()
{
 SCRIPTNAME=merge.sh      # sourced - $0 would point to all.sh
 HAS_EXPLICIT_DB=0
 if [ ! -z "${NSS_DEFAULT_DB_TYPE}" ]; then
    HAS_EXPLICIT_DB=1
 fi


 if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
     CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
 fi

 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     cd ../common
     . ./init.sh
 fi
 if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
     cd ${QADIR}/cert
     . ./cert.sh
 fi

 if [ ! -d ${HOSTDIR}/SDR ]; then
     cd ${QADIR}/sdr
     . ./sdr.sh
 fi
 SCRIPTNAME=merge.sh

 html_head "Merge Tests"

 # need the SSL & SMIME directories from cert.sh
 grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
     Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
 }
 grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
     Exit 8 "Fatal - SSL of cert.sh needs to pass first"
 }

 #temporary files for SDR tests
 VALUE1=$HOSTDIR/tests.v1.$$
 VALUE3=$HOSTDIR/tests.v3.$$

 # local directories used in this test.
 MERGEDIR=${HOSTDIR}/merge
 R_MERGEDIR=../merge
 D_MERGE="merge.$version"
 # SDR not initialized in common/init
 P_R_SDR=../SDR
 D_SDR="SDR.$version"
 mkdir -p ${MERGEDIR}

 PROFILE=.
 if [ -n "${MULTIACCESS_DBM}" ]; then
    PROFILE="multiaccess:${D_MERGE}"
    P_R_SDR="multiaccess:${D_SDR}"
 fi

 cd ${MERGEDIR}

 # clear out any existing databases, potentially from a previous run.
 rm -f *.db

 # copy alicedir over as a seed database.
 cp ${R_ALICEDIR}/* .
 # copy the smime text samples
 cp ${QADIR}/smime/*.txt .

 # create a set of conflicting names.
 CONFLICT1DIR=conflict1
 CONFLICT2DIR=conflict2
 mkdir ${CONFLICT1DIR}
 mkdir ${CONFLICT2DIR}
 # in the upgrade mode (dbm->sql), make sure our test databases
 # are dbm databases.
 if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
save=${NSS_DEFAULT_DB_TYPE}
NSS_DEFAULT_DB_TYPE=dbm ; export NSS_DEFAULT_DB_TYPE
 fi

 certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
 certutil -N -d ${CONFLICT2DIR} -f ${R_PWFILE}
 certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser41.cert -d ${CONFLICT1DIR}
 # modify CONFLICTDIR potentially corrupting the database
 certutil -A -n "Alice #1" -t C,, -i ${R_CADIR}/TestUser42.cert -d ${CONFLICT1DIR} -f ${R_PWFILE}
 certutil -M -n "Alice #1" -t ,, -d ${CONFLICT1DIR} -f ${R_PWFILE}
 certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser43.cert -d ${CONFLICT1DIR}
 certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser44.cert -d ${CONFLICT2DIR}
 certutil -A -n "Alice #1" -t ,, -i ${R_CADIR}/TestUser45.cert -d ${CONFLICT2DIR}
 certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser46.cert -d ${CONFLICT2DIR}
 if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
NSS_DEFAULT_DB_TYPE=${save}; export NSS_DEFAULT_DB_TYPE
 fi

 #
 # allow all the tests to run in standalone mode.
 #  in standalone mode, TEST_MODE is not set.
 #  if NSS_DEFAULT_DB_TYPE is dbm, then test merge with dbm
 #  if NSS_DEFAULT_DB_TYPE is sql, then test merge with sql
 #  if NSS_DEFAULT_DB_TYPE is not set, then test database upgrade merge
 #   from dbm databases (created above) into a new sql db.
 if [ -z "${TEST_MODE}" ] && [ ${HAS_EXPLICIT_DB} -eq 0 ]; then
echo "*** Using Standalone Upgrade DB mode"
NSS_DEFAULT_DB_TYPE=sql; export NSS_DEFAULT_DB_TYPE
echo certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
${BINDIR}/certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE}  -f ${R_PWFILE} -@ ${R_PWFILE}
TEST_MODE=UPGRADE_DB

 fi

}

#
# this allows us to run this test for both merge and upgrade-merge cases.
# merge_cmd takes the potential upgrade-id and the rest of the certutil
# arguments.
#
merge_cmd()
{
 MERGE_CMD=--merge
 if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
    MERGE_CMD="--upgrade-merge --upgrade-token-name OldDB --upgrade-id ${1}"
 fi
 shift
 echo certutil ${MERGE_CMD} $*
 ${PROFTOOL} ${BINDIR}/certutil ${MERGE_CMD} $*
}


merge_main()
{
 # first create a local sdr key and encrypt some data with it
 # This will cause a colision with the SDR key in ../SDR.
 echo "$SCRIPTNAME: Creating an SDR key & Encrypt"
 echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}"
 ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}
 html_msg $? 0 "Creating SDR Key"

 # Now merge in Dave
 # Dave's cert is already in alicedir, but his key isn't. This will make
 # sure we are updating the keys and CKA_ID's on the certificate properly.
 MERGE_ID=dave
 echo "$SCRIPTNAME: Merging in Key for Existing user"
 merge_cmd dave --source-dir ${P_R_DAVEDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
 html_msg $? 0 "Merging Dave"

 # Merge in server
 # contains a CRL and new user certs
 MERGE_ID=server
 echo "$SCRIPTNAME: Merging in new user "
 merge_cmd server --source-dir ${P_R_SERVERDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
 html_msg $? 0 "Merging server"

 # Merge in ext_client
 # contains a new certificate chain and additional trust flags
 MERGE_ID=ext_client
 echo "$SCRIPTNAME: Merging in new chain "
 merge_cmd ext_client --source-dir ${P_R_EXT_CLIENTDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
 html_msg $? 0 "Merging ext_client"

 # Merge conflicting nicknames in conflict1dir
 # contains several certificates with nicknames that conflict with the target
 # database
 MERGE_ID=conflict1
 echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
 merge_cmd conflict1 --source-dir ${CONFLICT1DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}

 html_msg $? 0 "Merging conflicting nicknames 1"

 # Merge conflicting nicknames in conflict2dir
 # contains several certificates with nicknames that conflict with the target
 # database
 MERGE_ID=conflict2
 echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
 merge_cmd conflict2 --source-dir ${CONFLICT2DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
 html_msg $? 0 "Merging conflicting nicknames 2"

 # Make sure conflicted names were properly sorted out.
 echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #4)"
 certutil -L -n "Alice #4" -d ${PROFILE}
 html_msg $? 0 "Verify nicknames were deconflicted (Alice #4)"

 # Make sure conflicted names were properly sorted out.
 echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #100)"
 certutil -L -n "Alice #100" -d ${PROFILE}
 html_msg $? 0 "Verify nicknames were deconflicted (Alice #100)"

 # Merge in SDR
 # contains a secret SDR key
 MERGE_ID=SDR
 echo "$SCRIPTNAME: Merging in SDR "
 merge_cmd sdr --source-dir ${P_R_SDR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
 html_msg $? 0 "Merging SDR"

 # insert a listing of the database into the log for diagonic purposes
 ${BINDIR}/certutil -L -d ${PROFILE}
 ${BINDIR}/crlutil -L -d ${PROFILE}

 # Make sure we can decrypt with our original SDR key generated above
 echo "$SCRIPTNAME: Decrypt - With Original SDR Key"
 echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}"
 ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}
 html_msg $? 0 "Decrypt - Value 3"

 # Make sure we can decrypt with our the SDR key merged in from ../SDR
 echo "$SCRIPTNAME: Decrypt - With Merged SDR Key"
 echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}"
 ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}
 html_msg $? 0 "Decrypt - Value 1"

 # Make sure we can sign with merge certificate
 echo "$SCRIPTNAME: Signing with merged key  ------------------"
 echo "cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig"
 ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig
 html_msg $? 0 "Create Detached Signature Dave" "."

 echo "cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} "
 ${PROFTOOL} ${BINDIR}/cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE}
 html_msg $? 0 "Verifying Dave's Detached Signature"

 # Make sure that trust objects were properly merged
 echo "$SCRIPTNAME: verifying  merged cert  ------------------"
 echo "certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}"
 ${PROFTOOL} ${BINDIR}/certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}
 html_msg $? 0 "Verifying ExtendedSSL User Cert"

 # Make sure that the crl got properly copied in
 echo "$SCRIPTNAME: verifying  merged crl  ------------------"
 echo "crlutil -L -n TestCA -d ${PROFILE}"
 ${PROFTOOL} ${BINDIR}/crlutil -L -n TestCA -d ${PROFILE}
 html_msg $? 0 "Verifying TestCA CRL"

}
 
############################## smime_cleanup ###########################
# local shell function to finish this script (no exit since it might be
# sourced)
########################################################################
merge_cleanup()
{
 html "</TABLE><BR>"
 cd ${QADIR}
 . common/cleanup.sh
}

################## main #################################################

merge_init
merge_main
echo "TEST_MODE=${TEST_MODE}"
echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
merge_cleanup