3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 # PRIOR TO RUNNING THIS SCRIPT
9 # you should adjust MAIL_COMMAND and QA_LIST
11 # External dependencies:
12 # - install the NISCC test files, e.g. at /niscc (readonly OK)
13 # - libfaketimeMT because the test certificates have expired
14 # - build environment for building NSS
15 # - gdb to analyze core files
16 # - a command line mail tool (e.g. mailx)
17 # - openssl to combine input PEM files into pkcs#12
18 # - curl for obtaining version information from the web
21 ################################################################################
23 ################################################################################
29 Test NSS library against NISCC SMIME and TLS testcases.
32 -h, --help print this help message and exit
33 -v, --verbose enable extra verbose output
34 --niscc-home DIR use NISCC testcases from directory DIR (default /niscc)
35 --host HOST use host HOST (default '127.0.0.1')
36 --threads X set thread number to X (max. 10, default 10)
37 --out DIR set DIR as output directory (default '/out')
38 --mail ADDRESS send mail with test result to ADDRESS
39 --nss DIR set NSS directory to DIR (default '~/niscc-hg/nss')
40 --nss-hack DIR set hacked NSS directory to DIR (default '~/niscc-hg/nss_hack')
41 --log-store store all the logs (only summary by default)
42 --no-build-test don't pull and build tested NSS
43 --no-build-hack don't pull and build hacked NSS
44 --test-system test system installed NSS
45 --date DATE use DATE in log archive name and outgoing email
46 --libfaketime path.so use faketime library with LD_PRELOAD=path.so
47 --smallset test only a very small subset
49 All options are optional.
50 All options (and possibly more) can be also set through environment variables.
51 Commandline options have higher priority than environment variables.
52 For more information please refer to the source code of this script.
54 For a successfull run the script NEEDS the core file pattern to be 'core.*',
55 e.g. 'core.%t'. You can check the current pattern in
56 '/proc/sys/kernel/core_pattern'. Otherwise the test will be unable to detect
57 any failures and will pass every time.
59 It is recommended to use hacked and tested binaries in a location, where their
60 absolute path is max. 80 characters. If their path is longer and a core file is
61 generated, its properties may be incomplete.
63 Return value of the script indicates how many failures it experienced.
69 ################################################################################
70 # Process command-line arguments
71 ################################################################################
75 args
=`getopt -u -l "niscc-home:,host:,threads:,out:,verbose,mail:,nss:,nss-hack:,log-store,no-build-test,no-build-hack,help,test-system,date:,libfaketime:,smallset" -- "hv" $*`
76 [ "$?" != "0" ] && usage
1
160 [ $HELP = "true" ] && usage
0
163 ################################################################################
164 # Create and set needed and useful environment variables
165 ################################################################################
168 # Base location of NISCC testcases
169 export NISCC_HOME
=${NISCC_HOME:-/niscc}
171 # Base location of NSS
172 export HG
=${HG:-"$HOME/niscc-hg"}
175 export LOCALDIST
=${LOCALDIST:-"${HG}/nss"}
177 # Hacked NSS - built with "NISCC_TEST=1"
178 export NSS_HACK
=${NSS_HACK:-"${HG}/nss_hack"}
180 # Hostname of the testmachine
181 export HOST
=${HOST:-127.0.0.1}
183 # Whether to store logfiles
184 export LOG_STORE
=${LOG_STORE:-"false"}
186 # Whether to mail the summary
187 export USE_MAIL
=${USE_MAIL:-"false"}
189 # How to mail summary
190 export MAIL_COMMAND
=${MAIL_COMMAND:-"mailx -S smtp=smtp://your.smtp.server:25 -r your+niscc@email.address"}
192 # List of mail addresses where to send summary
193 export QA_LIST
=${QA_LIST:-"result@recipient.address"}
195 # Whether to use 64b build
196 export USE_64
=${USE_64:-1}
198 # Directory where to write all the output data (around 650MiB for each run)
199 export TEST_OUTPUT
=${TEST_OUTPUT:-"$HOME/out"}
201 # How many threads to use in selfserv and strsclnt (max. 10)
202 export THREADS
=${THREADS:-10}
204 # If true, do not build tthe tested version of NSS
205 export NO_BUILD_TEST
=${NO_BUILD_TEST:-"false"}
207 # If true, do not build the special NSS version for NISCC
208 export NO_BUILD_HACK
=${NO_BUILD_HACK:-"false"}
210 # If true, do not rebuild client and server directories
211 export NO_SETUP
=${NO_SETUP:-"false"}
213 # Location of NISCC SSL/TLS testcases
214 export TEST
=${TEST:-"${NISCC_HOME}/NISCC_SSL_testcases"}
216 # If true, then be extra verbose
217 export VERBOSE
=${VERBOSE:-""}
219 # If true, test the system installed NSS
220 export TEST_SYSTEM
=${TEST_SYSTEM:-"false"}
221 [ "$TEST_SYSTEM" = "true" ] && export NO_BUILD_TEST
="true"
223 [ ! -z "$VERBOSE" ] && set -xv
225 # Real date for naming of archives (system date must be 2002-11-18 .. 2007-11-18 due to certificate validity
227 export DATE
=`date -d "$DATE" +%Y%m%d`
229 FAKETIMELIB
=${FAKETIMELIB:-""}
230 export DATE
=`date -d "$DATE" +%Y%m%d`
232 # Whether to test only a very small subset
233 export SMALLSET
=${SMALLSET:-"false"}
235 # Create output dir if it doesn't exist
236 mkdir
-p ${TEST_OUTPUT}
239 ################################################################################
240 # Do a HG pull of NSS
241 ################################################################################
244 # Tested NSS - by default using HG default tip
245 if [ "$NO_BUILD_TEST" = "false" ]; then
246 echo "cloning NSS sources to be tested from HG"
247 [ ! -d "$LOCALDIST" ] && mkdir
-p "$LOCALDIST"
249 [ ! -d "$LOCALDIST/nspr" ] && hg clone
--noupdate https
://hg.mozilla.org
/projects
/nspr
250 cd nspr
; hg pull
; hg update
-C -r default
; cd ..
251 [ ! -d "$LOCALDIST/nss" ] && hg clone
--noupdate https
://hg.mozilla.org
/projects
/nss
252 cd nss
; hg pull
; hg update
-C -r default
; cd ..
253 #find . -exec touch {} \;
256 # Hacked NSS - by default using some RTM version.
257 # Do not use HEAD for hacked NSS - it needs to be stable and bug-free
258 if [ "$NO_BUILD_HACK" = "false" ]; then
259 echo "cloning NSS sources for a hacked build from HG"
260 [ ! -d "$NSS_HACK" ] && mkdir
-p "$NSS_HACK"
262 NSPR_TAG
=`curl --silent http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/nsprpub/TAG-INFO | head -1 | sed --regexp-extended 's/[[:space:]]//g' | awk '{print $1}'`
263 NSS_TAG
=`curl --silent http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/TAG-INFO | head -1 | sed --regexp-extended 's/[[:space:]]//g' | awk '{print $1}'`
264 [ ! -d "$NSS_HACK/nspr" ] && hg clone
--noupdate https
://hg.mozilla.org
/projects
/nspr
265 cd nspr
; hg pull
; hg update
-C -r "$NSPR_TAG"; cd ..
266 [ ! -d "$NSS_HACK/nss" ] && hg clone
--noupdate https
://hg.mozilla.org
/projects
/nss
267 cd nss
; hg pull
; hg update
-C -r "$NSS_TAG"; cd ..
268 #find . -exec touch {} \;
272 ################################################################################
273 # Build NSS after setting make variable NISCC_TEST
274 ################################################################################
278 if [ "$NO_BUILD_TEST" = "false" ]; then
279 echo "building NSS to be tested"
283 gmake nss_clean_all
&>> $TEST_OUTPUT/nisccBuildLog
284 gmake nss_build_all
&>> $TEST_OUTPUT/nisccBuildLog
288 if [ "$NO_BUILD_HACK" = "false" ]; then
289 echo "building hacked NSS"
293 gmake nss_clean_all
&>> $TEST_OUTPUT/nisccBuildLogHack
294 gmake nss_build_all
&>> $TEST_OUTPUT/nisccBuildLogHack
300 ################################################################################
301 # Set build dir, bin and lib directories
302 ################################################################################
305 # Enable useful core files to be generated in case of crash
308 # Pattern of core files, they should be created in current directory
309 echo "core_pattern $(cat /proc/sys/kernel/core_pattern)" > "$TEST_OUTPUT/nisccLog00"
311 # gmake is needed in the path for this suite to run
312 echo "PATH $PATH" >> "$TEST_OUTPUT/nisccLog00"
314 # Find out hacked NSS version
315 DISTTYPE
=`cd "$NSS_HACK/nss/tests/common"; gmake objdir_name`
316 echo "NSS_HACK DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00"
317 export HACKBIN
="$NSS_HACK/dist/$DISTTYPE/bin"
318 export HACKLIB
="$NSS_HACK/dist/$DISTTYPE/lib"
320 if [ "$TEST_SYSTEM" = "false" ]; then
321 # Find out nss version
322 DISTTYPE
=`cd "$LOCALDIST/nss/tests/common"; gmake objdir_name`
323 echo "NSS DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00"
324 export TESTBIN
="$LOCALDIST/dist/$DISTTYPE/bin"
325 export TESTLIB
="$LOCALDIST/dist/$DISTTYPE/lib"
326 export TESTTOOLS
="$TESTBIN"
328 # Using system installed NSS
329 echo "USING SYSTEM NSS" >> "$TEST_OUTPUT/nisccLog00"
330 export TESTBIN
="/usr/bin"
331 if [ `uname -m` = "x86_64" ]; then
332 export TESTLIB
="/usr/lib64"
333 export TESTTOOLS
="/usr/lib64/nss/unsupported-tools"
335 export TESTLIB
="/usr/lib"
336 export TESTTOOLS
="/usr/lib/nss/unsupported-tools"
340 # Verify NISCC_TEST was set in the proper library
341 if strings "$HACKLIB/libssl3.so" |
grep NISCC_TEST
> /dev
/null
2>&1; then
342 echo "$HACKLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
344 echo "$HACKLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
347 if strings "$TESTLIB/libssl3.so" |
grep NISCC_TEST
> /dev
/null
2>&1; then
348 echo "$TESTLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
350 echo "$TESTLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
354 ################################################################################
355 # Setup simple client and server directory
356 ################################################################################
357 ssl_setup_dirs_simple
()
359 [ "$NO_SETUP" = "true" ] && return
361 echo "Setting up working directories for SSL simple tests"
363 CLIENT
="$TEST_OUTPUT/niscc_ssl/simple_client"
364 SERVER
="$TEST_OUTPUT/niscc_ssl/simple_server"
366 # Generate .p12 files
367 openssl pkcs12
-export -inkey "$TEST/client_key.pem" -in "$TEST/client_crt.pem" -out "$TEST_OUTPUT/client_crt.p12" -passout pass
:testtest1
-name "client_crt"
368 openssl pkcs12
-export -inkey "$TEST/server_key.pem" -in "$TEST/server_crt.pem" -out "$TEST_OUTPUT/server_crt.p12" -passout pass
:testtest1
-name "server_crt"
370 # Setup simple client directory
373 echo test > "$CLIENT/password-is-test.txt"
374 export LD_LIBRARY_PATH
="$TESTLIB"
375 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
376 "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
377 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
378 "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca
-i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
379 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
380 "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1
>> "$TEST_OUTPUT/nisccLog00" 2>&1
381 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
382 "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1
384 # File containg message used for terminating the server
385 echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt"
386 echo "" >> "$CLIENT/stop.txt"
388 # Setup simple server directory
391 echo test > "$SERVER/password-is-test.txt"
392 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
393 "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
394 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
395 "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca
-i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
396 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
397 "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1
>> "$TEST_OUTPUT/nisccLog00" 2>&1
398 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
399 "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1
401 unset LD_LIBRARY_PATH
404 ################################################################################
405 # Setup resigned client and server directory
406 ################################################################################
407 ssl_setup_dirs_resigned
()
409 [ "$NO_SETUP" = "true" ] && return
411 echo "Setting up working directories for SSL resigned tests"
413 CLIENT
="$TEST_OUTPUT/niscc_ssl/resigned_client"
414 SERVER
="$TEST_OUTPUT/niscc_ssl/resigned_server"
416 # Setup resigned client directory
419 echo test > "$CLIENT/password-is-test.txt"
420 export LD_LIBRARY_PATH
="$TESTLIB"
421 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
422 "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
423 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
424 "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca
-i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
425 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
426 "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1
>> "$TEST_OUTPUT/nisccLog00" 2>&1
427 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
428 "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1
430 echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt"
431 echo "" >> "$CLIENT/stop.txt"
433 # Setup resigned server directory
436 echo test > "$SERVER/password-is-test.txt"
437 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
438 "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
439 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
440 "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca
-i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
441 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
442 "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1
>> "$TEST_OUTPUT/nisccLog00" 2>&1
443 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
444 "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1
446 unset LD_LIBRARY_PATH
449 ################################################################################
451 ################################################################################
455 DATA
="$NISCC_HOME/NISCC_SMIME_testcases"
457 [ ! -d niscc_smime
] && mkdir
-p niscc_smime
459 export SMIME_CERT_DB_DIR
=envDB
460 export NSS_STRICT_SHUTDOWN
=1
461 export NSS_DISABLE_ARENA_FREE_LIST
=1
462 export LD_LIBRARY_PATH
="$TESTLIB"
464 # Generate .p12 files
465 openssl pkcs12
-export -inkey "$DATA/Client.key" -in "$DATA/Client.crt" -out Client.p12
-passout pass
:testtest1
&>/dev
/null
466 openssl pkcs12
-export -inkey "$DATA/CA.key" -in "$DATA/CA.crt" -out CA.p12
-passout pass
:testtest1
&>/dev
/null
468 # Generate envDB if needed
469 if [ ! -d "$SMIME_CERT_DB_DIR" ]; then
470 mkdir
-p "$SMIME_CERT_DB_DIR"
471 echo testtest1
> password-is-testtest1.txt
472 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
473 "${TESTBIN}/certutil" -N -d "./$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt
> /dev
/null
2>&1
474 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
475 "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt
-i "$DATA/CA.crt" -n CA
-t "TC,C,"
476 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
477 "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt
-i "$DATA/Client.crt" -n Client
-t "TC,C,"
478 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
479 "${TESTBIN}/pk12util" -i .
/CA.p12
-d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt
-W testtest1
480 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
481 "${TESTBIN}/pk12util" -i .
/Client.p12
-d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt
-W testtest1
484 # if p7m-ed-m-files.txt does not exist, then generate it.
485 [ -f "$DATA/p7m-ed-m-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-ed-m-files.txt" > p7m-ed-m-files.txt
486 export P7M_ED_M_FILES
=p7m-ed-m-files.txt
487 if [ "$SMALLSET" = "true" ]; then
488 [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0
* -type f
-print |
head -10 >> "$P7M_ED_M_FILES"
490 [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0
* -type f
-print >> "$P7M_ED_M_FILES"
493 # Test "p7m-ed-m*" testcases
494 echo "Testing SMIME enveloped data testcases"
495 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
496 "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -p testtest1
-b -i "$P7M_ED_M_FILES" > niscc_smime
/p7m-ed-m-results.txt
2>&1
498 export SMIME_CERT_DB_DIR
=sigDB
499 # Generate sigDB if needed
500 if [ ! -d "$SMIME_CERT_DB_DIR" ]; then
501 mkdir
-p "$SMIME_CERT_DB_DIR"
502 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
503 "${TESTBIN}/certutil" -N -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt
504 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
505 "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/CA.crt" -n CA
-t "TC,C,"
506 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
507 "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/Client.crt" -n Client
-t "TC,C,"
510 # if p7m-sd-dt-files.txt does not exist, then generate it.
511 [ -f "$DATA/p7m-sd-dt-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-dt-files.txt" > p7m-sd-dt-files.txt
512 export P7M_SD_DT_FILES
=p7m-sd-dt-files.txt
513 if [ "$SMALLSET" = "true" ]; then
514 [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-
[cm
]-* -type f
-print |
head -10 >> "$P7M_SD_DT_FILES"
516 [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-
[cm
]-* -type f
-print >> "$P7M_SD_DT_FILES"
519 [ ! -f detached.txt
] && touch detached.txt
521 # Test "p7m-sd-dt*" testcases
522 echo "Testing SMIME detached signed data testcases"
523 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
524 "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -c detached.txt
-b -i "$P7M_SD_DT_FILES" > niscc_smime
/p7m-sd-dt-results.txt
2>&1
526 # if p7m-sd-op-files.txt does not exist, then generate it.
527 [ -f "$DATA/p7m-sd-op-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-op-files.txt" > p7m-sd-op-files.txt
528 export P7M_SD_OP_FILES
=p7m-sd-op-files.txt
529 if [ "$SMALLSET" = "true" ]; then
530 [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-
[cm
]-* -type f
-print |
head -10 >> "$P7M_SD_OP_FILES"
532 [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-
[cm
]-* -type f
-print >> "$P7M_SD_OP_FILES"
535 # Test "p7m-sd-op*" testcases
536 echo "Testing SMIME opaque signed data testcases"
537 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
538 "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -b -i "$P7M_SD_OP_FILES" > niscc_smime
/p7m-sd-op-results.txt
2>&1
540 unset LD_LIBRARY_PATH
543 ################################################################################
544 # Set env variables for NISCC SSL tests
545 ################################################################################
548 export NSS_STRICT_SHUTDOWN
=1
549 export NSS_DISABLE_ARENA_FREE_LIST
=1
555 echo "int main(int argc, char *argv[]) { int *i; i = (int*)(void*)1; *i = 1; }" > "$TEST_OUTPUT/crashme.c"
556 gcc
-g -o "$TEST_OUTPUT/crashme" "$TEST_OUTPUT/crashme.c"
557 "$TEST_OUTPUT/crashme"
560 ################################################################################
561 # Do simple client auth tests
562 # Use an altered client against the server
563 ################################################################################
564 ssl_simple_client_auth
()
566 echo "Testing SSL simple client auth testcases"
567 export CLIENT
="$TEST_OUTPUT/niscc_ssl/simple_client"
568 export SERVER
="$TEST_OUTPUT/niscc_ssl/simple_server"
571 if [ "$SMALLSET" = "true" ]; then
574 export STOP_AT
=106160
577 export LD_LIBRARY_PATH
="$TESTLIB"
578 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
579 "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog01" 2>&1 &
581 export NISCC_TEST
="$TEST/simple_client"
582 export LD_LIBRARY_PATH
="$HACKLIB"
584 for START
in `seq $START_AT $THREADS $STOP_AT`; do
586 STOP_AT
=$
(($START+$THREADS)) \
587 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
588 "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt
-p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog02" 2>&1
592 echo "starting tstclnt to shutdown simple client selfserv process"
594 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
595 "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog02" 2>&1
598 unset LD_LIBRARY_PATH
603 ################################################################################
604 # Do simple server auth tests
605 # Use an altered server against the client
606 ################################################################################
607 ssl_simple_server_auth
()
609 echo "Testing SSL simple server auth testcases"
610 export CLIENT
="$TEST_OUTPUT/niscc_ssl/simple_client"
611 export SERVER
="$TEST_OUTPUT/niscc_ssl/simple_server"
613 export START_AT
=00000001
614 if [ "$SMALLSET" = "true" ]; then
615 export STOP_AT
=00000010
617 export STOP_AT
=00106167
619 export LD_LIBRARY_PATH
="$HACKLIB"
620 export NISCC_TEST
="$TEST/simple_server"
621 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
622 "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-t $THREADS -w test > "$TEST_OUTPUT/nisccLog03" 2>&1 &
625 export LD_LIBRARY_PATH
="$TESTLIB"
626 for START
in `seq $START_AT $THREADS $STOP_AT`; do
627 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
628 "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog04" 2>&1
631 echo "starting tstclnt to shutdown simple server selfserv process"
633 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
634 "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog04" 2>&1
637 unset LD_LIBRARY_PATH
642 ################################################################################
643 # Do simple rootCA tests
644 # Use an altered server against the client
645 ################################################################################
648 echo "Testing SSL simple rootCA testcases"
649 export CLIENT
="$TEST_OUTPUT/niscc_ssl/simple_client"
650 export SERVER
="$TEST_OUTPUT/niscc_ssl/simple_server"
653 if [ "$SMALLSET" = "true" ]; then
656 export STOP_AT
=106190
658 export LD_LIBRARY_PATH
="$HACKLIB"
659 export NISCC_TEST
="$TEST/simple_rootca"
660 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
661 "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-t $THREADS -w test > "$TEST_OUTPUT/nisccLog05" 2>&1 &
664 export LD_LIBRARY_PATH
="$TESTLIB"
665 for START
in `seq $START_AT $THREADS $STOP_AT`; do
666 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
667 "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog06" 2>&1
670 echo "starting tstclnt to shutdown simple rootca selfserv process"
672 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
673 "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog06" 2>&1
676 unset LD_LIBRARY_PATH
681 ################################################################################
682 # Do resigned client auth tests
683 # Use an altered client against the server
684 ################################################################################
685 ssl_resigned_client_auth
()
687 echo "Testing SSL resigned client auth testcases"
688 export CLIENT
="$TEST_OUTPUT/niscc_ssl/resigned_client"
689 export SERVER
="$TEST_OUTPUT/niscc_ssl/resigned_server"
692 if [ "$SMALLSET" = "true" ]; then
698 export LD_LIBRARY_PATH
="$TESTLIB"
699 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
700 "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog07" 2>&1 &
702 export NISCC_TEST
="$TEST/resigned_client"
703 export LD_LIBRARY_PATH
="$HACKLIB"
705 for START
in `seq $START_AT $THREADS $STOP_AT`; do
707 STOP_AT
=$
(($START+$THREADS)) \
708 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
709 "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt
-p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog08" 2>&1
713 echo "starting tstclnt to shutdown resigned client selfserv process"
715 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
716 "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog08" 2>&1
719 unset LD_LIBRARY_PATH
724 ################################################################################
725 # Do resigned server auth tests
726 # Use an altered server against the client
727 ################################################################################
728 ssl_resigned_server_auth
()
730 echo "Testing SSL resigned server auth testcases"
731 export CLIENT
="$TEST_OUTPUT/niscc_ssl/resigned_client"
732 export SERVER
="$TEST_OUTPUT/niscc_ssl/resigned_server"
735 if [ "$SMALLSET" = "true" ]; then
738 export STOP_AT
=100068
740 export LD_LIBRARY_PATH
="$HACKLIB"
741 export NISCC_TEST
="$TEST/resigned_server"
742 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
743 "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-t $THREADS -w test > "$TEST_OUTPUT/nisccLog09" 2>&1 &
746 export LD_LIBRARY_PATH
="$TESTLIB"
747 for START
in `seq $START_AT $THREADS $STOP_AT`; do
748 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
749 "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog10" 2>&1
752 echo "starting tstclnt to shutdown resigned server selfserv process"
754 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
755 "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog10" 2>&1
758 unset LD_LIBRARY_PATH
763 ################################################################################
764 # Do resigned rootCA tests
765 # Use an altered server against the client
766 ################################################################################
767 ssl_resigned_rootca
()
769 echo "Testing SSL resigned rootCA testcases"
770 export CLIENT
="$TEST_OUTPUT/niscc_ssl/resigned_client"
771 export SERVER
="$TEST_OUTPUT/niscc_ssl/resigned_server"
774 if [ "$SMALLSET" = "true" ]; then
779 export LD_LIBRARY_PATH
="$HACKLIB"
780 export NISCC_TEST
="$TEST/resigned_rootca"
781 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
782 "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt
-t $THREADS -w test > "$TEST_OUTPUT/nisccLog11" 2>&1 &
785 export LD_LIBRARY_PATH
="$TESTLIB"
786 for START
in `seq $START_AT $THREADS $STOP_AT`; do
787 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
788 "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog12" 2>&1
791 echo "starting tstclnt to shutdown resigned rootca selfserv process"
793 LD_PRELOAD
=${FAKETIMELIB} NO_FAKE_STAT
=1 FAKETIME
="@2004-03-29 14:14:14" \
794 "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt
-o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog12" 2>&1
797 unset LD_LIBRARY_PATH
802 ################################################################################
803 # Email the test logfile, and if core found, notify of failure
804 ################################################################################
809 # remove mozilla nss build false positives and core stored in previous runs
810 find .
-name "core*" -print |
grep -v coreconf |
grep -v core_watch |
grep -v archive
>> crashLog
811 export SIZE
=`cat crashLog | wc -l`
813 [ "$USE_MAIL" = "false" ] && return
819 if [ "$SIZE" -ne 1 ]; then
820 echo "### FAILED ###" >> $MT
821 echo "### Exactly one crash is expected." >> $MT
822 echo "### Zero means: crash detection is broken, fix the script!" >> $MT
823 echo "### > 1 means: robustness test failure, fix the bug! (check the logs)" >> $MT
824 cat crashLog
>> nisccLogSummary
825 SUBJ
="FAILED: NISCC TESTS (check file: crashLog)"
827 echo ":) PASSED :)" >> $MT
828 SUBJ
="PASSED: NISCC tests"
831 echo "Date used during test run: $DATE" >> $MT
833 echo "Count of lines in files:" >> $MT
834 wc -l crashLog nisccBuildLog nisccBuildLogHack nisccLog
[0-9]* p7m-
* |
grep -vw total
>> $MT
835 NUM
=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "success/passed"`
836 echo "Number of times the SSL tests reported success/passed (low expected): $NUM" >> $MT
837 NUM
=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "problem|failed|error"`
838 echo "Number of times the SSL tests reported problem/failed/error (high expected): $NUM" >> $MT
839 NUM
=`cat niscc_smime/p7m*results.txt | egrep -ic "success/passed"`
840 echo "Number of times the S/MIME tests reported success/passed (low expected): $NUM" >> $MT
841 NUM
=`cat niscc_smime/p7m*results.txt | egrep -ic "problem|failed|error"`
842 echo "Number of times the S/MIME tests reported problem/failed/error (high expected): $NUM" >> $MT
843 echo "==== tail of nisccBuildLog ====" >> $MT
844 tail -20 nisccBuildLog
>> $MT
845 echo "===============================" >> $MT
846 echo "==== tail of nisccBuildLogHack ====" >> $MT
847 tail -20 nisccBuildLogHack
>> $MT
848 echo "===================================" >> $MT
851 #echo "Number of : $NUM" >> $MT
853 cat $MT |
$MAIL_COMMAND -s "$SUBJ" $QA_LIST
858 ################################################################################
860 ################################################################################
863 echo "Summarizing all logs"
865 [ -f "$TEST_OUTPUT/nisccLogSummary" ] && mv nisccLogSummary nisccLogSummary.old
866 [ -f "$TEST_OUTPUT/crashLog" ] && mv crashLog crashLog.old
868 for a
in $TEST_OUTPUT/nisccLog
[0-9]*; do
869 echo ================================== "$a"
870 grep -v using
"$a" |
sort |
uniq -c |
sort -b -n +0 -1
871 done > $TEST_OUTPUT/nisccLogSummary
873 for a
in $TEST_OUTPUT/niscc_smime
/p7m-
*-results.txt
; do
874 echo ================================== "$a"
875 grep -v using
"$a" |
sort |
uniq -c |
sort -b -n +0 -1
876 done >> $TEST_OUTPUT/nisccLogSummary
879 ################################################################################
881 ################################################################################
884 echo "Processing core files"
887 for CORE
in `cat crashLog`; do
888 FILE
=`file "$CORE" | sed "s/.* from '//" | sed "s/'.*//"`
889 BINARY
=`strings "$CORE" | grep "^${FILE}" | tail -1`
890 gdb
"$BINARY" "$CORE" << EOF_GDB > "$CORE.details"
897 ################################################################################
898 # Move the old log files to save them, delete extra log files
899 ################################################################################
902 echo "Moving and deleting log files"
908 if [ "$LOG_STORE" = "true" ]; then
909 BRANCH
=`echo $LOCALDIST | sed "s:.*/\(security.*\)/builds/.*:\1:"`
910 if [ "$BRANCH" = "$LOCALDIST" ]; then
911 ARCHIVE
="$TEST_OUTPUT/archive"
913 ARCHIVE
="$TEST_OUTPUT/archive/$BRANCH"
916 # Check for archive directory
917 if [ ! -d "$ARCHIVE" ]; then
921 # Determine next log storage point
922 slot
=`ls -1 "$ARCHIVE" | grep $DATE | wc -l`
923 slot
=`expr $slot + 1`
924 location
="$ARCHIVE/$DATE.$slot"
928 mv nisccBuildLog
"$location" 2> /dev
/null
929 mv nisccBuildLogHack
"$location" 2> /dev
/null
930 mv nisccLogSummary
"$location"
931 mv nisccLog
* "$location"
932 mv niscc_smime
/p7m-ed-m-results.txt
"$location"
933 mv niscc_smime
/p7m-sd-dt-results.txt
"$location"
934 mv niscc_smime
/p7m-sd-op-results.txt
"$location"
936 # Archive any core files produced
937 for core
in `cat "$TEST_OUTPUT/crashLog"`; do
938 mv "$core" "$location"
939 mv "$core.details" "$location"
941 mv crashLog
"$location"
943 # Logs not stored => summaries, crashlog and corefiles not moved, other logs deleted
944 mv nisccLog00 nisccLog01 nisccLog02 nisccLog03 nisccLog04 nisccLog05 nisccLog06 nisccLog07 nisccLog08 nisccLog09 nisccLog10 nisccLog11 nisccLog12 TRASH
/
945 mv niscc_smime
/p7m-ed-m-results.txt niscc_smime
/p7m-sd-dt-results.txt niscc_smime
/p7m-sd-op-results.txt TRASH
/
947 mv envDB sigDB niscc_smime niscc_ssl TRASH
/
948 mv CA.p12 Client.p12 client_crt.p12 server_crt.p12 TRASH
/
949 mv p7m-ed-m-files.txt p7m-sd-dt-files.txt p7m-sd-op-files.txt password-is-testtest1.txt detached.txt TRASH
/
950 mv crashme.c crashme TRASH
/
953 ################################################################################
955 ################################################################################
964 ssl_setup_dirs_simple
965 ssl_simple_client_auth
966 ssl_simple_server_auth
968 ssl_setup_dirs_resigned
969 ssl_resigned_client_auth
970 ssl_resigned_server_auth
972 # no idea what these commented-out lines are supposed to be!
973 #ssl_setup_dirs_update
974 # ssl_update_server_auth der
975 # ssl_update_client_auth der
976 # ssl_update_server_auth resigned-der
977 # ssl_update_client_auth resigned-der