1#! /bin/bash
2#
3# This Source Code Form is subject to the terms of the Mozilla Public
4# License, v. 2.0. If a copy of the MPL was not distributed with this
5# file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7########################################################################
8#
9# mozilla/security/nss/tests/dbtest/dbtest.sh
10#
11# Certificate generating and handeling for NSS QA, can be included
12# multiple times from all.sh and the individual scripts
13#
14# needs to work on all Unix and Windows platforms
15#
16# included from (don't expect this to be up to date)
17# --------------------------------------------------
18#   all.sh
19#   ssl.sh
20#   smime.sh
21#   tools.sh
22#
23# special strings
24# ---------------
25#   FIXME ... known problems, search for this string
26#   NOTE .... unexpected behavior
27#
28# FIXME - Netscape - NSS
29########################################################################
30
31############################## dbtest_init ###############################
32# local shell function to initialize this script
33########################################################################
34dbtest_init()
35{
36  SCRIPTNAME="dbtests.sh"
37  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
38      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
39  fi
40  if [ -z "${INIT_SOURCED}" ] ; then
41      cd ../common
42      . ./init.sh
43  fi
44  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
45      cd ../cert
46      . ./cert.sh
47  fi
48
49  SCRIPTNAME="dbtests.sh"
50  RONLY_DIR=${HOSTDIR}/ronlydir
51  EMPTY_DIR=${HOSTDIR}/emptydir
52  CONFLICT_DIR=${HOSTDIR}/conflictdir
53
54  html_head "CERT and Key DB Tests"
55
56}
57
58############################## dbtest_cleanup ############################
59# local shell function to finish this script (no exit since it might be
60# sourced)
61########################################################################
62dbtest_cleanup()
63{
64  html "</TABLE><BR>"
65  cd ${QADIR}
66  chmod a+rw $RONLY_DIR
67  . common/cleanup.sh
68}
69
70Echo()
71{
72    echo
73    echo "---------------------------------------------------------------"
74    echo "| $*"
75    echo "---------------------------------------------------------------"
76}
77dbtest_main()
78{
79    cd ${HOSTDIR}
80
81
82    Echo "test opening the database read/write in a nonexisting directory"
83    ${BINDIR}/certutil -L -X -d ./non_existent_dir
84    ret=$?
85    if [ $ret -ne 255 ]; then
86      html_failed "Certutil succeeded in a nonexisting directory $ret"
87    else
88      html_passed "Certutil didn't work in a nonexisting dir $ret"
89    fi
90    ${BINDIR}/dbtest -r -d ./non_existent_dir
91    ret=$?
92    if [ $ret -ne 46 ]; then
93      html_failed "Dbtest readonly succeeded in a nonexisting directory $ret"
94    else
95      html_passed "Dbtest readonly didn't work in a nonexisting dir $ret"
96    fi
97
98    Echo "test force opening the database in a nonexisting directory"
99    ${BINDIR}/dbtest -f -d ./non_existent_dir
100    ret=$?
101    if [ $ret -ne 0 ]; then
102      html_failed "Dbtest force failed in a nonexisting directory $ret"
103    else
104      html_passed "Dbtest force succeeded in a nonexisting dir $ret"
105    fi
106
107    Echo "test opening the database readonly in an empty directory"
108    mkdir $EMPTY_DIR
109    ${BINDIR}/tstclnt -h  ${HOST}  -d $EMPTY_DIR
110    ret=$?
111    if [ $ret -ne 1 ]; then
112      html_failed "Tstclnt succeded in an empty directory $ret"
113    else
114      html_passed "Tstclnt didn't work in an empty dir $ret"
115    fi
116    ${BINDIR}/dbtest -r -d $EMPTY_DIR
117    ret=$?
118    if [ $ret -ne 46 ]; then
119      html_failed "Dbtest readonly succeeded in an empty directory $ret"
120    else
121      html_passed "Dbtest readonly didn't work in an empty dir $ret"
122    fi
123    rm -rf $EMPTY_DIR/* 2>/dev/null
124    ${BINDIR}/dbtest -i -d $EMPTY_DIR
125    ret=$?
126    if [ $ret -ne 0 ]; then
127      html_failed "Dbtest logout after empty DB Init loses key $ret"
128    else
129      html_passed "Dbtest logout after empty DB Init has key"
130    fi
131    rm -rf $EMPTY_DIR/* 2>/dev/null
132    ${BINDIR}/dbtest -i -p pass -d $EMPTY_DIR
133    ret=$?
134    if [ $ret -ne 0 ]; then
135      html_failed "Dbtest password DB Init loses needlogin state $ret"
136    else
137      html_passed "Dbtest password DB Init maintains needlogin state"
138    fi
139    rm -rf $EMPTY_DIR/* 2>/dev/null
140    ${BINDIR}/certutil -D -n xxxx -d $EMPTY_DIR #created DB
141    ret=$?
142    if [ $ret -ne 255 ]; then
143        html_failed "Certutil succeeded in deleting a cert in an empty directory $ret"
144    else
145        html_passed "Certutil didn't work in an empty dir $ret"
146    fi
147    rm -rf $EMPTY_DIR/* 2>/dev/null
148    Echo "test force opening the database  readonly in a empty directory"
149    ${BINDIR}/dbtest -r -f -d $EMPTY_DIR
150    ret=$?
151    if [ $ret -ne 0 ]; then
152      html_failed "Dbtest force readonly failed in an empty directory $ret"
153    else
154      html_passed "Dbtest force readonly succeeded in an empty dir $ret"
155    fi
156
157    Echo "test opening the database r/w in a readonly directory"
158    mkdir $RONLY_DIR
159    cp -r ${CLIENTDIR}/* $RONLY_DIR
160    chmod -w $RONLY_DIR $RONLY_DIR/*
161
162    # On Mac OS X 10.1, if we do a "chmod -w" on files in an
163    # NFS-mounted directory, it takes several seconds for the
164    # first open to see the files are readonly, but subsequent
165    # opens immediately see the files are readonly.  As a
166    # workaround we open the files once first.  (Bug 185074)
167    if [ "${OS_ARCH}" = "Darwin" ]; then
168        cat $RONLY_DIR/* > /dev/null
169    fi
170
171    # skipping the next two tests when user is root,
172    # otherwise they would fail due to rooty powers
173    if [ $UID -ne 0 ]; then
174      ${BINDIR}/dbtest -d $RONLY_DIR
175    ret=$?
176    if [ $ret -ne 46 ]; then
177      html_failed "Dbtest r/w succeeded in a readonly directory $ret"
178    else
179      html_passed "Dbtest r/w didn't work in an readonly dir $ret"
180    fi
181    else
182      html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
183    fi
184    if [ $UID -ne 0 ]; then
185      ${BINDIR}/certutil -D -n "TestUser" -d .
186    ret=$?
187    if [ $ret -ne 255 ]; then
188      html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret"
189    else
190      html_passed "Certutil didn't work in an readonly dir $ret"
191    fi
192    else
193        html_passed "Skipping Certutil delete cert in a readonly directory test because user is root"
194    fi
195
196    Echo "test opening the database ronly in a readonly directory"
197
198    ${BINDIR}/dbtest -d $RONLY_DIR -r
199    ret=$?
200    if [ $ret -ne 0 ]; then
201      html_failed "Dbtest readonly failed in a readonly directory $ret"
202    else
203      html_passed "Dbtest readonly succeeded in a readonly dir $ret"
204    fi
205
206    Echo "test force opening the database  r/w in a readonly directory"
207    ${BINDIR}/dbtest -d $RONLY_DIR -f
208    ret=$?
209    if [ $ret -ne 0 ]; then
210      html_failed "Dbtest force failed in a readonly directory $ret"
211    else
212      html_passed "Dbtest force succeeded in a readonly dir $ret"
213    fi
214
215    Echo "ls -l $RONLY_DIR"
216    ls -ld $RONLY_DIR $RONLY_DIR/*
217
218    mkdir ${CONFLICT_DIR}
219    Echo "test creating a new cert with a conflicting nickname"
220    cd ${CONFLICT_DIR}
221    pwd
222    ${BINDIR}/certutil -N -d ${CONFLICT_DIR} -f ${R_PWFILE}
223    ret=$?
224    if [ $ret -ne 0 ]; then
225      html_failed "Nicknane conflict test failed, couldn't create database $ret"
226    else
227      ${BINDIR}/certutil -A -n alice -t ,, -i ${R_ALICEDIR}/Alice.cert -d ${CONFLICT_DIR}
228      ret=$?
229      if [ $ret -ne 0 ]; then
230        html_failed "Nicknane conflict test failed, couldn't import alice cert $ret"
231      else
232        ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
233        ret=$?
234        if [ $ret -eq 0 ]; then
235          html_failed "Nicknane conflict test failed, could import conflict nickname $ret"
236        else
237          html_passed "Nicknane conflict test, could not import conflict nickname $ret"
238        fi
239      fi
240    fi
241
242    Echo "test importing an old cert to a conflicting nickname"
243    # first, import the certificate
244    ${BINDIR}/certutil -A -n bob -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
245    # now import with a different nickname
246    ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
247    # the old one should still be there...
248    ${BINDIR}/certutil -L -n bob -d ${CONFLICT_DIR}
249    ret=$?
250    if [ $ret -ne 0 ]; then
251      html_failed "Nicknane conflict test-setting nickname conflict incorrectly worked"
252    else
253      html_passed "Nicknane conflict test-setting nickname conflict was correctly rejected"
254    fi
255
256}
257
258################## main #################################################
259
260dbtest_init
261dbtest_main 2>&1
262dbtest_cleanup
263