2009-01-20 19:43:31 -08:00
|
|
|
#! /bin/bash
|
2008-06-06 05:40:11 -07:00
|
|
|
#
|
|
|
|
|
# ***** BEGIN LICENSE BLOCK *****
|
|
|
|
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
|
|
|
#
|
|
|
|
|
# The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
# the License. You may obtain a copy of the License at
|
|
|
|
|
# http://www.mozilla.org/MPL/
|
|
|
|
|
#
|
|
|
|
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
# for the specific language governing rights and limitations under the
|
|
|
|
|
# License.
|
|
|
|
|
#
|
|
|
|
|
# The Original Code is the Netscape security libraries.
|
|
|
|
|
#
|
|
|
|
|
# The Initial Developer of the Original Code is
|
|
|
|
|
# Netscape Communications Corporation.
|
2010-02-07 03:54:28 -08:00
|
|
|
# Portions created by the Initial Developer are Copyright (C) 1994-2009
|
2008-06-06 05:40:11 -07:00
|
|
|
# the Initial Developer. All Rights Reserved.
|
|
|
|
|
#
|
|
|
|
|
# Contributor(s):
|
|
|
|
|
# Sonja Mirtitsch Sun Microsystems
|
|
|
|
|
#
|
|
|
|
|
# Alternatively, the contents of this file may be used under the terms of
|
|
|
|
|
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
|
|
|
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
|
|
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
|
|
|
|
# of those above. If you wish to allow use of your version of this file only
|
|
|
|
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
|
|
|
|
# use your version of this file under the terms of the MPL, indicate your
|
|
|
|
|
# decision by deleting the provisions above and replace them with the notice
|
|
|
|
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
|
|
|
|
# the provisions above, a recipient may use your version of this file under
|
|
|
|
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
|
|
|
|
#
|
|
|
|
|
# ***** END LICENSE BLOCK *****
|
|
|
|
|
|
|
|
|
|
########################################################################
|
|
|
|
|
#
|
|
|
|
|
# mozilla/security/nss/tests/dbtest/dbtest.sh
|
|
|
|
|
#
|
|
|
|
|
# Certificate generating and handeling for NSS QA, can be included
|
|
|
|
|
# multiple times from all.sh and the individual scripts
|
|
|
|
|
#
|
|
|
|
|
# needs to work on all Unix and Windows platforms
|
|
|
|
|
#
|
|
|
|
|
# included from (don't expect this to be up to date)
|
|
|
|
|
# --------------------------------------------------
|
|
|
|
|
# all.sh
|
|
|
|
|
# ssl.sh
|
|
|
|
|
# smime.sh
|
|
|
|
|
# tools.sh
|
|
|
|
|
#
|
|
|
|
|
# special strings
|
|
|
|
|
# ---------------
|
|
|
|
|
# FIXME ... known problems, search for this string
|
|
|
|
|
# NOTE .... unexpected behavior
|
|
|
|
|
#
|
|
|
|
|
# FIXME - Netscape - NSS
|
|
|
|
|
########################################################################
|
|
|
|
|
|
|
|
|
|
############################## dbtest_init ###############################
|
|
|
|
|
# local shell function to initialize this script
|
|
|
|
|
########################################################################
|
|
|
|
|
dbtest_init()
|
|
|
|
|
{
|
|
|
|
|
SCRIPTNAME="dbtests.sh"
|
|
|
|
|
if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
|
|
|
|
|
CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
|
|
|
|
|
fi
|
|
|
|
|
if [ -z "${INIT_SOURCED}" ] ; then
|
|
|
|
|
cd ../common
|
|
|
|
|
. ./init.sh
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
|
|
|
|
|
cd ../cert
|
|
|
|
|
. ./cert.sh
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
SCRIPTNAME="dbtests.sh"
|
|
|
|
|
RONLY_DIR=${HOSTDIR}/ronlydir
|
|
|
|
|
EMPTY_DIR=${HOSTDIR}/emptydir
|
2009-01-20 19:43:31 -08:00
|
|
|
CONFLICT_DIR=${HOSTDIR}/conflictdir
|
2008-06-06 05:40:11 -07:00
|
|
|
|
|
|
|
|
html_head "CERT and Key DB Tests"
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
############################## dbtest_cleanup ############################
|
|
|
|
|
# local shell function to finish this script (no exit since it might be
|
|
|
|
|
# sourced)
|
|
|
|
|
########################################################################
|
|
|
|
|
dbtest_cleanup()
|
|
|
|
|
{
|
|
|
|
|
html "</TABLE><BR>"
|
|
|
|
|
cd ${QADIR}
|
|
|
|
|
chmod a+rw $RONLY_DIR
|
|
|
|
|
. common/cleanup.sh
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Echo()
|
|
|
|
|
{
|
|
|
|
|
echo
|
|
|
|
|
echo "---------------------------------------------------------------"
|
|
|
|
|
echo "| $*"
|
|
|
|
|
echo "---------------------------------------------------------------"
|
|
|
|
|
}
|
|
|
|
|
dbtest_main()
|
|
|
|
|
{
|
|
|
|
|
cd ${HOSTDIR}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Echo "test opening the database read/write in a nonexisting directory"
|
2010-07-18 22:45:52 -07:00
|
|
|
${BINDIR}/certutil -L -X -d ./non_existent_dir
|
2008-06-06 05:40:11 -07:00
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 255 ]; then
|
|
|
|
|
html_failed "Certutil succeeded in a nonexisting directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Certutil didn't work in a nonexisting dir $ret"
|
|
|
|
|
fi
|
2010-07-18 22:45:52 -07:00
|
|
|
${BINDIR}/dbtest -r -d ./non_existent_dir
|
2008-06-06 05:40:11 -07:00
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 46 ]; then
|
|
|
|
|
html_failed "Dbtest readonly succeeded in a nonexisting directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest readonly didn't work in a nonexisting dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test force opening the database in a nonexisting directory"
|
2010-07-18 22:45:52 -07:00
|
|
|
${BINDIR}/dbtest -f -d ./non_existent_dir
|
2008-06-06 05:40:11 -07:00
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Dbtest force failed in a nonexisting directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest force succeeded in a nonexisting dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test opening the database readonly in an empty directory"
|
|
|
|
|
mkdir $EMPTY_DIR
|
|
|
|
|
${BINDIR}/tstclnt -h ${HOST} -d $EMPTY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 1 ]; then
|
|
|
|
|
html_failed "Tstclnt succeded in an empty directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Tstclnt didn't work in an empty dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
${BINDIR}/dbtest -r -d $EMPTY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 46 ]; then
|
|
|
|
|
html_failed "Dbtest readonly succeeded in an empty directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest readonly didn't work in an empty dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
rm -rf $EMPTY_DIR/* 2>/dev/null
|
|
|
|
|
${BINDIR}/dbtest -i -d $EMPTY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
2009-04-06 18:36:45 -07:00
|
|
|
html_failed "Dbtest logout after empty DB Init loses key $ret"
|
2008-06-06 05:40:11 -07:00
|
|
|
else
|
|
|
|
|
html_passed "Dbtest logout after empty DB Init has key"
|
|
|
|
|
fi
|
|
|
|
|
rm -rf $EMPTY_DIR/* 2>/dev/null
|
|
|
|
|
${BINDIR}/dbtest -i -p pass -d $EMPTY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
2009-04-06 18:36:45 -07:00
|
|
|
html_failed "Dbtest password DB Init loses needlogin state $ret"
|
2008-06-06 05:40:11 -07:00
|
|
|
else
|
|
|
|
|
html_passed "Dbtest password DB Init maintains needlogin state"
|
|
|
|
|
fi
|
|
|
|
|
rm -rf $EMPTY_DIR/* 2>/dev/null
|
|
|
|
|
${BINDIR}/certutil -D -n xxxx -d $EMPTY_DIR #created DB
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 255 ]; then
|
|
|
|
|
html_failed "Certutil succeeded in deleting a cert in an empty directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Certutil didn't work in an empty dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
rm -rf $EMPTY_DIR/* 2>/dev/null
|
|
|
|
|
Echo "test force opening the database readonly in a empty directory"
|
|
|
|
|
${BINDIR}/dbtest -r -f -d $EMPTY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Dbtest force readonly failed in an empty directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest force readonly succeeded in an empty dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test opening the database r/w in a readonly directory"
|
|
|
|
|
mkdir $RONLY_DIR
|
|
|
|
|
cp -r ${CLIENTDIR}/* $RONLY_DIR
|
|
|
|
|
chmod -w $RONLY_DIR $RONLY_DIR/*
|
|
|
|
|
|
|
|
|
|
# On Mac OS X 10.1, if we do a "chmod -w" on files in an
|
|
|
|
|
# NFS-mounted directory, it takes several seconds for the
|
|
|
|
|
# first open to see the files are readonly, but subsequent
|
|
|
|
|
# opens immediately see the files are readonly. As a
|
|
|
|
|
# workaround we open the files once first. (Bug 185074)
|
|
|
|
|
if [ "${OS_ARCH}" = "Darwin" ]; then
|
|
|
|
|
cat $RONLY_DIR/* > /dev/null
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
${BINDIR}/dbtest -d $RONLY_DIR
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 46 ]; then
|
|
|
|
|
html_failed "Dbtest r/w succeeded in an readonly directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest r/w didn't work in an readonly dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
${BINDIR}/certutil -D -n "TestUser" -d .
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 255 ]; then
|
|
|
|
|
html_failed "Certutil succeeded in deleting a cert in an readonly directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Certutil didn't work in an readonly dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test opening the database ronly in a readonly directory"
|
|
|
|
|
|
|
|
|
|
${BINDIR}/dbtest -d $RONLY_DIR -r
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Dbtest readonly failed in a readonly directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest readonly succeeded in a readonly dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test force opening the database r/w in a readonly directory"
|
|
|
|
|
${BINDIR}/dbtest -d $RONLY_DIR -f
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Dbtest force failed in a readonly directory $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Dbtest force succeeded in a readonly dir $ret"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "ls -l $RONLY_DIR"
|
|
|
|
|
ls -ld $RONLY_DIR $RONLY_DIR/*
|
|
|
|
|
|
2009-01-20 19:43:31 -08:00
|
|
|
mkdir ${CONFLICT_DIR}
|
|
|
|
|
Echo "test creating a new cert with a conflicting nickname"
|
|
|
|
|
cd ${CONFLICT_DIR}
|
|
|
|
|
pwd
|
|
|
|
|
${BINDIR}/certutil -N -d ${CONFLICT_DIR} -f ${R_PWFILE}
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Nicknane conflict test failed, couldn't create database $ret"
|
|
|
|
|
else
|
|
|
|
|
${BINDIR}/certutil -A -n alice -t ,, -i ${R_ALICEDIR}/Alice.cert -d ${CONFLICT_DIR}
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Nicknane conflict test failed, couldn't import alice cert $ret"
|
|
|
|
|
else
|
|
|
|
|
${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -eq 0 ]; then
|
|
|
|
|
html_failed "Nicknane conflict test failed, could import conflict nickname $ret"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Nicknane conflict test, could not import conflict nickname $ret"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
Echo "test importing an old cert to a conflicting nickname"
|
|
|
|
|
# first, import the certificate
|
|
|
|
|
${BINDIR}/certutil -A -n bob -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
|
|
|
|
|
# now import with a different nickname
|
|
|
|
|
${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
|
|
|
|
|
# the old one should still be there...
|
|
|
|
|
${BINDIR}/certutil -L -n bob -d ${CONFLICT_DIR}
|
|
|
|
|
ret=$?
|
|
|
|
|
if [ $ret -ne 0 ]; then
|
|
|
|
|
html_failed "Nicknane conflict test-setting nickname conflict incorrectly worked"
|
|
|
|
|
else
|
|
|
|
|
html_passed "Nicknane conflict test-setting nickname conflict was correctly rejected"
|
|
|
|
|
fi
|
|
|
|
|
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
################## main #################################################
|
|
|
|
|
|
|
|
|
|
dbtest_init
|
2009-07-28 17:01:39 -07:00
|
|
|
dbtest_main 2>&1
|
2008-06-06 05:40:11 -07:00
|
|
|
dbtest_cleanup
|
