3
# This Source Code Form is subject to the terms of the Mozilla Public
4
# License, v. 2.0. If a copy of the MPL was not distributed with this
5
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
7
########################################################################
9
# mozilla/security/nss/tests/common/init.sh
11
# initialization for NSS QA, can be included multiple times
12
# from all.sh and the individual scripts
14
# variables, utilities and shellfunctions global to NSS QA
15
# needs to work on all Unix and Windows platforms
31
# FIXME ... known problems, search for this string
32
# NOTE .... unexpected behavior
36
# Unlike the old QA this is based on files sourcing each other
37
# This is done to save time, since a great portion of time is lost
38
# in calling and sourcing the same things multiple times over the
39
# network. Also, this way all scripts have all shell function available
40
# and a completely common environment
42
########################################################################
45
export NSS_STRICT_SHUTDOWN
47
# Init directories based on HOSTDIR variable
48
if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
51
TMP=${HOSTDIR} #TMP=${TMP-/tmp}
56
SERVERDIR=${HOSTDIR}/server
57
CLIENTDIR=${HOSTDIR}/client
58
ALICEDIR=${HOSTDIR}/alicedir
59
BOBDIR=${HOSTDIR}/bobdir
60
DAVEDIR=${HOSTDIR}/dave
62
FIPSDIR=${HOSTDIR}/fips
63
DBPASSDIR=${HOSTDIR}/dbpass
64
ECCURVES_DIR=${HOSTDIR}/eccurves
65
DISTRUSTDIR=${HOSTDIR}/distrust
67
SERVER_CADIR=${HOSTDIR}/serverCA
68
CLIENT_CADIR=${HOSTDIR}/clientCA
69
EXT_SERVERDIR=${HOSTDIR}/ext_server
70
EXT_CLIENTDIR=${HOSTDIR}/ext_client
72
IOPR_CADIR=${HOSTDIR}/CA_iopr
73
IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
74
IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
75
IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
77
CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
79
PWFILE=${HOSTDIR}/tests.pw
80
NOISE_FILE=${HOSTDIR}/tests_noise
81
CORELIST_FILE=${HOSTDIR}/clist
83
FIPSPWFILE=${HOSTDIR}/tests.fipspw
84
FIPSBADPWFILE=${HOSTDIR}/tests.fipsbadpw
85
FIPSP12PWFILE=${HOSTDIR}/tests.fipsp12pw
87
echo "fIps140" > ${FIPSPWFILE}
88
echo "fips104" > ${FIPSBADPWFILE}
89
echo "pKcs12fips140" > ${FIPSP12PWFILE}
93
P_SERVER_CADIR=${SERVER_CADIR}
94
P_CLIENT_CADIR=${CLIENT_CADIR}
96
if [ -n "${MULTIACCESS_DBM}" ]; then
97
P_SERVER_CADIR="multiaccess:${D_SERVER_CA}"
98
P_CLIENT_CADIR="multiaccess:${D_CLIENT_CA}"
102
# a new log file, short - fast to search, mostly for tools to
103
# see if their portion of the cert has succeeded, also for me -
104
CERT_LOG_FILE=${HOSTDIR}/cert.log #the output.log is so crowded...
106
TEMPFILES=foobar # keep "${PWFILE} ${NOISE_FILE}" around
111
# Generate noise file
114
# NOTE: these keys are only suitable for testing, as this whole thing
115
# bypasses the entropy gathering. Don't use this method to generate
116
# keys and certs for product use or deployment.
117
ps -efl > ${NOISE_FILE} 2>&1
118
ps aux >> ${NOISE_FILE} 2>&1
119
date >> ${NOISE_FILE} 2>&1
122
# Print selected environment variable (used for backup)
125
echo "HOSTDIR=\"${HOSTDIR}\""
127
echo "NSS_TEST_DISABLE_CRL=${NSS_TEST_DISABLE_CRL}"
128
echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\""
129
echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
130
echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
131
echo "export NSS_DEFAULT_DB_TYPE"
132
echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}"
133
echo "export NSS_ENABLE_PKIX_VERIFY"
134
echo "init_directories"
137
# Exit shellfunction to clean up at exit (error, regular or signal)
140
if [ -n "$1" ] ; then
141
echo "$SCRIPTNAME: Exit: $* - FAILED"
144
echo "</TABLE><BR>" >> ${RESULTS}
145
if [ -n "${SERVERPID}" -a -f "${SERVERPID}" ]; then
146
${KILL} `cat ${SERVERPID}`
162
[ ! -f $CORELIST_FILE ] && touch $CORELIST_FILE
163
mv $CORELIST_FILE ${CORELIST_FILE}.old
164
coreStr=`find $HOSTDIR -type f -name '*core*'`
166
if [ -n "$coreStr" ]; then
167
sum $coreStr > $CORELIST_FILE
168
res=`cat $CORELIST_FILE ${CORELIST_FILE}.old | sort | uniq -u | wc -l`
173
#html functions to give the resultfiles a consistant look
174
html() ######################### write the results.html file
175
{ # 3 functions so we can put targets in the output.log easier
180
html_detect_core "$@" || return
181
MSG_ID=`cat ${MSG_ID_FILE}`
182
MSG_ID=`expr ${MSG_ID} + 1`
183
echo ${MSG_ID} > ${MSG_ID_FILE}
184
html "<TR><TD>#${MSG_ID}: $1 ${HTML_PASSED}"
185
echo "${SCRIPTNAME}: #${MSG_ID}: $* - PASSED"
189
html_detect_core "$@" || return
190
MSG_ID=`cat ${MSG_ID_FILE}`
191
MSG_ID=`expr ${MSG_ID} + 1`
192
echo ${MSG_ID} > ${MSG_ID_FILE}
193
html "<TR><TD>#${MSG_ID}: $1 ${HTML_FAILED}"
194
echo "${SCRIPTNAME}: #${MSG_ID}: $* - FAILED"
198
html_detect_core "$@" || return
199
MSG_ID=`cat ${MSG_ID_FILE}`
200
MSG_ID=`expr ${MSG_ID} + 1`
201
echo ${MSG_ID} > ${MSG_ID_FILE}
202
html "<TR><TD>#${MSG_ID}: $1 ${HTML_UNKNOWN}"
203
echo "${SCRIPTNAME}: #${MSG_ID}: $* - UNKNOWN"
208
if [ $? -ne 0 ]; then
209
MSG_ID=`cat ${MSG_ID_FILE}`
210
MSG_ID=`expr ${MSG_ID} + 1`
211
echo ${MSG_ID} > ${MSG_ID_FILE}
212
html "<TR><TD>#${MSG_ID}: $* ${HTML_FAILED_CORE}"
213
echo "${SCRIPTNAME}: #${MSG_ID}: $* - Core file is detected - FAILED"
221
html "<TABLE BORDER=1 ${TABLE_ARGS}><TR><TH COLSPAN=3>$*</TH></TR>"
222
html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>"
223
echo "$SCRIPTNAME: $* ==============================="
227
if [ "$1" -ne "$2" ] ; then
228
html_failed "$3" "$4"
230
html_passed "$3" "$4"
233
HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
234
HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
235
HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
236
HTML_UNKNOWN='</TD><TD>Unknown/TD><TR>'
243
mozilla_root=`(cd ../../../..; pwd)`
244
MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root}
247
QADIR=${QADIR-$qadir}
249
common=${QADIR}/common
250
COMMON=${TEST_COMMON-$common}
253
DIST=${DIST-${MOZILLA_ROOT}/dist}
254
SECURITY_ROOT=${SECURITY_ROOT-${MOZILLA_ROOT}/security/nss}
255
TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security}
257
# Allow for override options from a config file
258
if [ -n "${OBJDIR}" -a -f ${DIST}/${OBJDIR}/platform.cfg ]; then
259
. ${DIST}/${OBJDIR}/platform.cfg
262
# only need make if we don't already have certain variables set
263
if [ -z "${OBJDIR}" -o -z "${OS_ARCH}" -o -z "${DLL_PREFIX}" -o -z "${DLL_SUFFIX}" ]; then
265
$MAKE -v >/dev/null 2>&1 || MAKE=make
266
$MAKE -v >/dev/null 2>&1 || { echo "You are missing make."; exit 5; }
267
MAKE="$MAKE --no-print-directory"
270
if [ "${OBJDIR}" = "" ]; then
271
OBJDIR=`(cd $COMMON; $MAKE objdir_name)`
273
if [ "${OS_ARCH}" = "" ]; then
274
OS_ARCH=`(cd $COMMON; $MAKE os_arch)`
276
if [ "${DLL_PREFIX}" = "" ]; then
277
DLL_PREFIX=`(cd $COMMON; $MAKE dll_prefix)`
279
if [ "${DLL_SUFFIX}" = "" ]; then
280
DLL_SUFFIX=`(cd $COMMON; $MAKE dll_suffix)`
282
OS_NAME=`uname -s | sed -e "s/-[0-9]*\.[0-9]*//" | sed -e "s/-WOW64//"`
284
BINDIR="${DIST}/${OBJDIR}/bin"
286
# Pathnames constructed from ${TESTDIR} are passed to NSS tools
287
# such as certutil, which don't understand Cygwin pathnames.
288
# So we need to convert ${TESTDIR} to a Windows pathname (with
290
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
291
TESTDIR=`cygpath -m ${TESTDIR}`
292
QADIR=`cygpath -m ${QADIR}`
295
# Same problem with MSYS/Mingw, except we need to start over with pwd -W
296
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then
297
mingw_mozilla_root=`(cd ../../../..; pwd -W)`
298
MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root}
299
TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security}
302
# Same problem with MSYS/Mingw, except we need to start over with pwd -W
303
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then
304
mingw_mozilla_root=`(cd ../../../..; pwd -W)`
305
MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root}
306
TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security}
308
echo testdir is $TESTDIR
310
#in case of backward comp. tests the calling scripts set the
311
#PATH and LD_LIBRARY_PATH and do not want them to be changed
312
if [ -z "${DON_T_SET_PATHS}" -o "${DON_T_SET_PATHS}" != "TRUE" ] ; then
313
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" != "CYGWIN_NT" -a "$OS_NAME" != "MINGW32_NT" ]; then
314
PATH=.\;${DIST}/${OBJDIR}/bin\;${DIST}/${OBJDIR}/lib\;$PATH
315
PATH=`perl ../path_uniq -d ';' "$PATH"`
316
elif [ "${OS_ARCH}" = "Android" ]; then
317
# android doesn't have perl, skip the uniq step
318
PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH
320
PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:/bin:/usr/bin:$PATH
321
# added /bin and /usr/bin in the beginning so a local perl will
323
PATH=`perl ../path_uniq -d ':' "$PATH"`
326
LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$LD_LIBRARY_PATH
327
SHLIB_PATH=${DIST}/${OBJDIR}/lib:$SHLIB_PATH
328
LIBPATH=${DIST}/${OBJDIR}/lib:$LIBPATH
329
DYLD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$DYLD_LIBRARY_PATH
332
if [ ! -d "${TESTDIR}" ]; then
333
echo "$SCRIPTNAME init: Creating ${TESTDIR}"
337
#HOST and DOMSUF are needed for the server cert
339
DOMAINNAME=`which domainname`
340
if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then
346
if [ -z "${DOMSUF}" ]; then
347
DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
349
HOST=`echo $HOST | sed -e "s/\..*//"`
357
if [ -z "${DOMSUF}" ]; then
358
DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
360
HOST=`echo $HOST | sed -e "s/\..*//"`
365
echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
366
exit 1 #does not need to be Exit, very early in script
372
if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then
373
echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined."
374
exit 1 #does not need to be Exit, very early in script
377
#HOSTADDR was a workaround for the dist. stress test, and is probably
378
#not needed anymore (purpose: be able to use IP address for the server
379
#cert instead of PC name which was not in the DNS because of dyn IP address
380
if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then
381
if [ -z "${DOMSUF}" ]; then
384
HOSTADDR=${HOST}.${DOMSUF}
387
HOSTADDR=${IP_ADDRESS}
390
#if running remote side of the distributed stress test we need to use
391
#the files that the server side gives us...
392
if [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then
393
for w in `ls -rtd ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null |
394
sed -e "s/.*${HOST}.//"` ; do
397
HOSTDIR=${TESTDIR}/${HOST}.$version
398
echo "$SCRIPTNAME init: HOSTDIR $HOSTDIR"
400
if [ ! -d $HOSTDIR ] ; then
401
echo "$SCRIPTNAME: Fatal: Remote side of dist. stress test "
402
echo " - server HOSTDIR $HOSTDIR does not exist"
403
exit 1 #does not need to be Exit, very early in script
407
#find the HOSTDIR, where the results are supposed to go
408
if [ -n "${HOSTDIR}" ]; then
409
version=`echo $HOSTDIR | sed -e "s/.*${HOST}.//"`
411
if [ -f "${TESTDIR}/${HOST}" ]; then
412
version=`cat ${TESTDIR}/${HOST}`
416
#file has a tendency to disappear, messing up the rest of QA -
417
#workaround to find the next higher number if version file is not there
418
if [ -z "${version}" ]; then # for some strange reason this file
419
# gets truncated at times... Windos
420
for w in `ls -d ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null |
421
sort -t '.' -n | sed -e "s/.*${HOST}.//"` ; do
422
version=`expr $w + 1`
424
if [ -z "${version}" ]; then
428
expr $version + 1 > ${TESTDIR}/${HOST}
430
HOSTDIR=${TESTDIR}/${HOST}'.'$version
435
#result and log file and filename init,
436
if [ -z "${LOGFILE}" ]; then
437
LOGFILE=${HOSTDIR}/output.log
439
if [ ! -f "${LOGFILE}" ]; then
442
if [ -z "${RESULTS}" ]; then
443
RESULTS=${HOSTDIR}/results.html
445
if [ ! -f "${RESULTS}" ]; then
446
cp ${COMMON}/results_header.html ${RESULTS}
447
html "<H4>Platform: ${OBJDIR}<BR>"
448
html "Test Run: ${HOST}.$version</H4>"
453
echo "********************************************" | tee -a ${LOGFILE}
454
echo " Platform: ${OBJDIR}" | tee -a ${LOGFILE}
455
echo " Results: ${HOST}.$version" | tee -a ${LOGFILE}
456
echo "********************************************" | tee -a ${LOGFILE}
457
echo "$BC_ACTION" | tee -a ${LOGFILE}
458
#if running remote side of the distributed stress test
459
# let the user know who it is...
460
elif [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then
461
echo "********************************************" | tee -a ${LOGFILE}
462
echo " Platform: ${OBJDIR}" | tee -a ${LOGFILE}
463
echo " Results: ${HOST}.$version" | tee -a ${LOGFILE}
464
echo " remote side of distributed stress test " | tee -a ${LOGFILE}
465
echo " `uname -n -s`" | tee -a ${LOGFILE}
466
echo "********************************************" | tee -a ${LOGFILE}
469
echo "$SCRIPTNAME init: Testing PATH $PATH against LIB $LD_LIBRARY_PATH" |\
474
if [ `uname -s` = "SunOS" ]; then
479
#found 3 rsh's so far that do not work as expected - cygnus mks6
480
#(restricted sh) and mks 7 - if it is not in c:/winnt/system32 it
481
#needs to be set in the environ.ksh
482
if [ -z "$RSH" ]; then
483
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
484
RSH=/cygdrive/c/winnt/system32/rsh
485
elif [ "${OS_ARCH}" = "WINNT" ]; then
486
RSH=c:/winnt/system32/rsh
493
#more filename and directoryname init
496
CU_ACTION='Unknown certutil action'
498
# would like to preserve some tmp files, also easier to see if there
499
# are "leftovers" - another possibility ${HOSTDIR}/tmp
503
FIPSCERTNICK="FIPS_PUB_140_Test_Certificate"
505
# domains to handle ipc based access to databases
506
D_CA="TestCA.$version"
507
D_ALICE="Alice.$version"
509
D_DAVE="Dave.$version"
511
D_SERVER_CA="ServerCA.$version"
512
D_CLIENT_CA="ClientCA.$version"
513
D_SERVER="Server.$version"
514
D_CLIENT="Client.$version"
515
D_FIPS="FIPS.$version"
516
D_DBPASS="DBPASS.$version"
517
D_ECCURVES="ECCURVES.$version"
518
D_EXT_SERVER="ExtendedServer.$version"
519
D_EXT_CLIENT="ExtendedClient.$version"
520
D_CERT_EXTENSTIONS="CertExtensions.$version"
521
D_DISTRUST="Distrust.$version"
523
# we need relative pathnames of these files abd directories, since our
524
# tools can't handle the unix style absolut pathnames on cygnus
527
R_SERVERDIR=../server
528
R_CLIENTDIR=../client
529
R_IOPR_CADIR=../CA_iopr
530
R_IOPR_SSL_SERVERDIR=../server_ssl_iopr
531
R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr
532
R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr
533
R_ALICEDIR=../alicedir
537
R_EXT_SERVERDIR=../ext_server
538
R_EXT_CLIENTDIR=../ext_client
539
R_CERT_EXT=../cert_extensions
542
# profiles are either paths or domains depending on the setting of
546
P_R_ALICEDIR=${R_ALICEDIR}
547
P_R_BOBDIR=${R_BOBDIR}
548
P_R_DAVEDIR=${R_DAVEDIR}
549
P_R_EVEDIR=${R_EVEDIR}
550
P_R_SERVERDIR=${R_SERVERDIR}
551
P_R_CLIENTDIR=${R_CLIENTDIR}
552
P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
553
P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
554
if [ -n "${MULTIACCESS_DBM}" ]; then
555
P_R_CADIR="multiaccess:${D_CA}"
556
P_R_ALICEDIR="multiaccess:${D_ALICE}"
557
P_R_BOBDIR="multiaccess:${D_BOB}"
558
P_R_DAVEDIR="multiaccess:${D_DAVE}"
559
P_R_EVEDIR="multiaccess:${D_EVE}"
560
P_R_SERVERDIR="multiaccess:${D_SERVER}"
561
P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
562
P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
563
P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
567
R_NOISE_FILE=../tests_noise
569
R_FIPSPWFILE=../tests.fipspw
570
R_FIPSBADPWFILE=../tests.fipsbadpw
571
R_FIPSP12PWFILE=../tests.fipsp12pw
573
trap "Exit $0 Signal_caught" 2 3
575
export PATH LD_LIBRARY_PATH SHLIB_PATH LIBPATH DYLD_LIBRARY_PATH
576
export DOMSUF HOSTADDR
578
export MOZILLA_ROOT SECURITY_ROOT DIST TESTDIR OBJDIR QADIR
579
export LOGFILE SCRIPTNAME
581
#used for the distributed stress test, the server generates certificates
582
#from GLOB_MIN_CERT to GLOB_MAX_CERT
583
# NOTE - this variable actually gets initialized by directly by the
584
# ssl_dist_stress.shs sl_ds_init() before init is called - need to change
585
# in both places. speaking of data encapsulatioN...
587
if [ -z "$GLOB_MIN_CERT" ] ; then
590
if [ -z "$GLOB_MAX_CERT" ] ; then
593
if [ -z "$MIN_CERT" ] ; then
594
MIN_CERT=$GLOB_MIN_CERT
596
if [ -z "$MAX_CERT" ] ; then
597
MAX_CERT=$GLOB_MAX_CERT
600
#################################################
601
# CRL SSL testing constatnts
607
UNREVOKED_CERT_GRP_1=41
611
UNREVOKED_CERT_GRP_2=46
615
UNREVOKED_CERT_GRP_3=51
617
TOTAL_CRL_RANGE=`expr ${CRL_GRP_1_RANGE} + ${CRL_GRP_2_RANGE} + \
624
NSS_DEFAULT_DB_TYPE="dbm"
625
export NSS_DEFAULT_DB_TYPE
627
MSG_ID_FILE="${HOSTDIR}/id"
629
echo ${MSG_ID} > ${MSG_ID_FILE}
631
#################################################
632
# Interoperability testing constatnts
634
# if suite is setup for testing, IOPR_HOSTADDR_LIST should have
635
# at least one host name(FQDN)
636
# Example IOPR_HOSTADDR_LIST="goa1.SFBay.Sun.COM"
638
if [ -z "`echo ${IOPR_HOSTADDR_LIST} | grep '[A-Za-z]'`" ]; then
643
#################################################
645
if [ "${OS_ARCH}" != "WINNT" -a "${OS_ARCH}" != "Android" ]; then
650
INIT_SOURCED=TRUE #whatever one does - NEVER export this one please