Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1208243 - Enable ssl_gtest if built, r=ekr
--HG--
extra : amend_source : 5e545e34d5d6e7d3be9ca7adbd9c41383bc3b039
  • Loading branch information
martinthomson committed Sep 24, 2015
1 parent 9a8e90f commit 8c736f3
Show file tree
Hide file tree
Showing 6 changed files with 94 additions and 93 deletions.
32 changes: 8 additions & 24 deletions external_tests/README
@@ -1,31 +1,15 @@
GTest-based Unit Tests

This directory contains GTest-based unit tests for NSS.
This directory contains GTest-based unit tests for NSS libssl.

Currently, these are only loopback-type tests of libsssl,
but could be expanded to other types of tests. To make these
work do:
These aren't built by default, because they require C++.
To build them, set ``NSS_BUILD_GTESTS=1''

- Set NSS_BUILD_GTESTS=1 before starting your build
Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''

- cd tests/

- Set NSS_TESTS=ssl_gtests and NSS_CYCLES=standard

- run ./all.sh

This will run the certutil tests (generating a test db) and
will finalize with a call to the ssl_gtest

You should be able to run the unit tests manually as:

ssl_gtest -d ${SSLGTESTDIR}

Where $SSLGTESTDIR is a directory with a database containing:
- an RSA certificate called server (with its private key)
- an ECDSA certificate called ecdsa (with its private key)

A directory like this is created by ./all.sh and can be found
in a directory named something like
They can be run standalone or under a debugger by invoking the ssl_gtest
executable with a ``-d'' option pointing to the directory created by either
of the above options. You can find that in

tests_results/security/${hostname}.${NUMBER}/ssl_gtests
6 changes: 3 additions & 3 deletions tests/all.sh
Expand Up @@ -202,7 +202,7 @@ run_cycle_upgrade_db()

# run the subset of tests with the upgraded database
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests"

echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
Expand Down Expand Up @@ -233,7 +233,7 @@ run_cycle_shared_db()

# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests"

echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
Expand Down Expand Up @@ -274,7 +274,7 @@ run_cycles()
cycles="standard pkix upgradedb sharedb"
CYCLES=${NSS_CYCLES:-$cycles}

tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests"
TESTS=${NSS_TESTS:-$tests}

ALL_TESTS=${TESTS}
Expand Down
57 changes: 0 additions & 57 deletions tests/cert/cert.sh
Expand Up @@ -1201,62 +1201,6 @@ cert_ssl()
pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
}

############################# ssl_gtest ##########################
# local shell function to create serve certs for SSL gtests
##################################################################
cert_ssl_gtests()
{
CERTFAILED=0
echo "$SCRIPTNAME: Creating ssl_gtest DB dir"
cert_init_cert ${SSLGTESTDIR} "server" 1 ${D_EXT_SERVER}
echo "$SCRIPTNAME: Creating database for ssl_gtests"
certu -N -d "${SSLGTESTDIR}" --empty-password 2>&1
# the ssl server used here is special: is a self-signed server
# certificate with name server.
echo "$SCRIPTNAME: Creating certs for ssl_gtests"
certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n server -s "CN=server" \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
2
9
n
n
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create RSA server cert for ssl_gtests"
fi
certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n client -s "CN=client" \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create RSA client cert for ssl_gtests"
fi
certu -S -z ${R_NOISE_FILE} -k ec -q nistp256 -d ${SSLGTESTDIR} -n ecdsa -s CN=ecdsa \
-t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT

if [ "$RET" -ne 0 ]; then
echo "return value is $RET"
Exit 6 "Fatal - failed to create ECDSA server cert for ssl_gtests"
fi
}

############################## cert_stresscerts ################################
# local shell function to create client certs for SSL stresstest
########################################################################
Expand Down Expand Up @@ -2060,7 +2004,6 @@ cert_init
cert_all_CA
cert_extended_ssl
cert_ssl
cert_ssl_gtests
cert_smime_client
if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
cert_fips
Expand Down
2 changes: 1 addition & 1 deletion tests/common/init.sh
Expand Up @@ -235,7 +235,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown/TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown</TD><TR>'
TABLE_ARGS=


Expand Down
8 changes: 8 additions & 0 deletions tests/ssl_gtests/parsereport.sed
@@ -0,0 +1,8 @@
/\<testcase/{
s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
t end
s/^.* name="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
t end
}
d
: end
82 changes: 74 additions & 8 deletions tests/ssl_gtests/ssl_gtests.sh 100644 → 100755
Expand Up @@ -18,6 +18,55 @@
# NOTE .... unexpected behavior
#
########################################################################
ssl_gtest_certs() {
mkdir -p "${SSLGTESTDIR}"
cd "${SSLGTESTDIR}"

PROFILEDIR=`pwd`
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
PROFILEDIR=`cygpath -m "${PROFILEDIR}"`
fi

${BINDIR}/certutil -N -d "${PROFILEDIR}" --empty-password 2>&1
html_msg $? 0 "create ssl_gtest database"

${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n server -s "CN=server" -t C,C,C -x -m 1 -w -2 -v 120 \
-k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
0
2
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest server certificate"

${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n client -s "CN=client" -t C,C,C -x -m 1 -w -2 -v 120 \
-k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest client certificate"

${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n ecdsa -s "CN=ecdsa" -t C,C,C -x -m 1 -w -2 -v 120 \
-k ec -q nistp256 -Z SHA256 -1 -2 <<CERTSCRIPT
0
9
n
n
n
CERTSCRIPT
html_msg $? 0 "create ssl_gtest ECDSA certificate"
}

############################## ssl_gtest_init ##########################
# local shell function to initialize this script
Expand All @@ -33,25 +82,42 @@ ssl_gtest_init()
cd ../common
. ./init.sh
fi
if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
cd ../cert
. ./cert.sh
fi

SCRIPTNAME=ssl_gtest.sh
echo "$SCRIPTNAME: SSL Gtests ==============================="
html_head SSL Gtests

if [ ! -d "${SSLGTESTDIR}" ]; then
ssl_gtest_certs
fi

REQF=${QADIR}/ssl/sslreq.dat

cd ${CLIENTDIR}
cd "${SSLGTESTDIR}"
}

########################## ssl_gtest_start #########################
# Local function to actually start the test
####################################################################
ssl_gtest_start()
{
ssl_gtest -d ${SSLGTESTDIR}
html_msg $? 0 "ssl_gtest"
if [ ! -f ${BINDIR}/ssl_gtest ]; then
html_unknown "Skipping ssl_gtest (not built)"
return
fi

SSLGTESTREPORT="${SSLGTESTDIR}/report.xml"
${BINDIR}/ssl_gtest -d "${SSLGTESTDIR}" --gtest_output=xml:"${SSLGTESTREPORT}"
html_msg $? 0 "ssl_gtest run successfully"
sed -f ${QADIR}/ssl_gtests/parsereport.sed "${SSLGTESTREPORT}" | \
while read result name; do
if [ "$result" = "notrun" ]; then
echo "$name" SKIPPED
elif [ "$result" = "run" ]; then
html_passed "$name" > /dev/null
else
html_failed "$name"
fi
done
}

################## main #################################################
Expand Down

0 comments on commit 8c736f3

Please sign in to comment.