107
############################## tools_p12 ###############################
108
# local shell function to test basic functionality of pk12util
109
########################################################################
112
echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------"
113
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
114
echo " -w ${R_PWFILE}"
115
${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
118
html_msg $ret 0 "Exporting Alice's email cert & key (pk12util -o)"
121
echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------"
122
echo "pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
123
${BINDIR}/pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
125
html_msg $ret 0 "Importing Alice's email cert & key (pk12util -i)"
128
echo "$SCRIPTNAME: Listing Alice's pk12 file -----------------"
129
echo "pk12util -l Alice.p12 -w ${R_PWFILE}"
130
${BINDIR}/pk12util -l Alice.p12 -w ${R_PWFILE} 2>&1
132
html_msg $ret 0 "Listing Alice's pk12 file (pk12util -l)"
140
########################## list_p12_file ###############################
141
# List the key and cert in the specified p12 file
142
########################################################################
145
echo "$SCRIPTNAME: Listing Alice's pk12 file"
146
echo "pk12util -l ${1} -w ${R_PWFILE}"
148
${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1
150
html_msg $ret 0 "Listing ${1} (pk12util -l)"
154
########################################################################
155
# Import the key and cert from the specified p12 file
156
########################################################################
159
echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file"
160
echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
162
${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
164
html_msg $ret 0 "Importing ${1} (pk12util -i)"
168
########################################################################
169
# Export the key and cert to a p12 file using default ciphers
170
########################################################################
171
export_with_default_ciphers()
173
echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)"
174
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
175
echo " -k ${R_PWFILE} -w ${R_PWFILE}"
176
${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
177
-k ${R_PWFILE} -w ${R_PWFILE} 2>&1
179
html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)"
184
########################################################################
185
# Exports key/cert to a p12 file, the key encryption cipher is specified
186
# and the cert encryption cipher is blank for default.
187
########################################################################
188
export_with_key_cipher()
190
# $1 key encryption cipher
191
echo "$SCRIPTNAME: Exporting with [${1}:default]"
192
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
193
echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}"
194
${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
195
-k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1
197
html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)"
202
########################################################################
203
# Exports key/cert to a p12 file, the key encryption cipher is left
204
# empty for default and the cert encryption cipher is specified.
205
########################################################################
206
export_with_cert_cipher()
208
# $1 certificate encryption cipher
209
echo "$SCRIPTNAME: Exporting with [default:${1}]"
210
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
211
echo " -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}"
212
${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
213
-k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1
215
html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)"
220
########################################################################
221
# Exports key/cert to a p12 file, both the key encryption cipher and
222
# the cert encryption cipher are specified.
223
########################################################################
224
export_with_both_key_and_cert_cipher()
226
# $1 key encryption cipher or ""
227
# $2 certificate encryption cipher or ""
229
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
230
echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}"
231
${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
232
-k ${R_PWFILE} -w ${R_PWFILE} \
233
-c "${1}" -C "${2}" 2>&1
235
html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)"
240
########################################################################
241
# Exports key and cert to a p12 file, both the key encryption cipher
242
# and the cert encryption cipher are specified. The key and cert are
243
# imported and the p12 file is listed
244
########################################################################
247
# $1 key encryption cipher
248
# $2 certificate encryption cipher
250
if [[ "${1}" != "" && "${2}" != "" ]]; then
251
export_with_both_key_and_cert_cipher "${1}" "${2}"
252
elif [[ "${1}" != "" && "${2}" = "" ]]; then
253
export_with_key_cipher "${1}"
254
elif [[ "${1}" = "" && "${2}" != "" ]]; then
255
export_with_cert_cipher "${2}"
257
export_with_default_ciphers
260
list_p12_file Alice.p12
261
import_p12_file Alice.p12
264
########################################################################
265
# Export using the pkcs5pbe ciphers for key and certificate encryption.
266
# List the contents of and import from the p12 file.
267
########################################################################
268
tools_p12_export_list_import_all_pkcs5pbe_ciphers()
270
# specify each on key and cert cipher
271
for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
272
"${pkcs5pbeWithMD5AndDEScbc}" \
273
"${pkcs5pbeWithSha1AndDEScbc}"\
275
for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
276
"${pkcs5pbeWithMD5AndDEScbc}" \
277
"${pkcs5pbeWithSha1AndDEScbc}" \
280
export_list_import "${key_cipher}" "${cert_cipher}"
285
########################################################################
286
# Export using the pkcs5v2 ciphers for key and certificate encryption.
287
# List the contents of and import from the p12 file.
288
########################################################################
289
tools_p12_export_list_import_all_pkcs5v2_ciphers()
302
#---------------------------------------------------------------
303
# Bug 452464 - pk12util -o fails when -C option specifies AES or
305
# FIXME Restore these to the list
309
# CAMELLIA-128-CBC, \
310
# CAMELLIA-192-CBC, \
311
# CAMELLIA-256-CBC, \
312
# when 452464 is fixed
313
#---------------------------------------------------------------
318
export_list_import ${key_cipher} ${cert_cipher}
323
########################################################################
324
# Export using the pkcs12v2pbe ciphers for key and certificate encryption.
325
# List the contents of and import from the p12 file.
326
########################################################################
327
tools_p12_export_list_import_all_pkcs12v2pbe_ciphers()
329
#---------------------------------------------------------------
330
# Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers
331
# FIXME - Restore these to the list
332
# "${pkcs12v2pbeWithSha1And128BitRc4}" \
333
# "${pkcs12v2pbeWithSha1And40BitRc4}" \
334
# "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
335
# "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
336
# "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
337
# "${pkcs12v2pbeWithMd2AndDESCBC}" \
338
# "${pkcs12v2pbeWithMd5AndDESCBC}" \
339
# "${pkcs12v2pbeWithSha1AndDESCBC}" \
341
# when 452471 is fixed
342
#---------------------------------------------------------------
343
# for key_cipher in \
345
for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \
346
"${pkcs12v2pbeWithSha1And40BitRc4}" \
347
"${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
348
"${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
349
"${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
350
"${pkcs12v2pbeWithMd2AndDESCBC}" \
351
"${pkcs12v2pbeWithMd5AndDESCBC}" \
352
"${pkcs12v2pbeWithSha1AndDESCBC}" \
355
export_list_import "${key_cipher}" "${key_cipher}"
360
#########################################################################
361
# Export with no encryption on key should fail but on cert should pass
362
#########################################################################
363
tools_p12_export_with_null_ciphers()
365
# use null as the key encryption algorithm default for the cert one
368
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
369
echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null"
370
${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
371
-k ${R_PWFILE} -w ${R_PWFILE} \
374
html_msg $ret 30 "Exporting with [null:default] (pk12util -o)"
377
# use default as the key encryption algorithm null for the cert one
380
echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
381
echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null"
382
${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
383
-k ${R_PWFILE} -w ${R_PWFILE} \
386
html_msg $ret 0 "Exporting with [default:null] (pk12util -o)"
391
#########################################################################
392
# Exports using the default key and certificate encryption ciphers.
393
# Imports from and lists the contents of the p12 file.
394
# Repeats the test with ECC if enabled.
395
########################################################################
396
tools_p12_export_list_import_with_default_ciphers()
398
echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers"
400
export_list_import "" ""
135
402
if [ -n "$NSS_ENABLE_ECC" ] ; then
136
403
echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"