From 8c736f34d93446eef6a40fce971d13d43cb24ceb Mon Sep 17 00:00:00 2001
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 24 Sep 2015 15:23:19 -0700
Subject: [PATCH] Bug 1208243 - Enable ssl_gtest if built, r=ekr

--HG--
extra : amend_source : 5e545e34d5d6e7d3be9ca7adbd9c41383bc3b039
---
 external_tests/README            | 32 ++++---------
 tests/all.sh                     |  6 +--
 tests/cert/cert.sh               | 57 ----------------------
 tests/common/init.sh             |  2 +-
 tests/ssl_gtests/parsereport.sed |  8 ++++
 tests/ssl_gtests/ssl_gtests.sh   | 82 ++++++++++++++++++++++++++++----
 6 files changed, 94 insertions(+), 93 deletions(-)
 create mode 100644 tests/ssl_gtests/parsereport.sed
 mode change 100644 => 100755 tests/ssl_gtests/ssl_gtests.sh

diff --git a/external_tests/README b/external_tests/README
index 45d3b1f706..30e69d1ee5 100644
--- a/external_tests/README
+++ b/external_tests/README
@@ -1,31 +1,15 @@
 GTest-based Unit Tests
 
-This directory contains GTest-based unit tests for NSS.
+This directory contains GTest-based unit tests for NSS libssl.
 
-Currently, these are only loopback-type tests of libsssl,
-but could be expanded to other types of tests. To make these
-work do:
+These aren't built by default, because they require C++.
+To build them, set ``NSS_BUILD_GTESTS=1''
 
-- Set NSS_BUILD_GTESTS=1 before starting your build
+Once built, they are run as part of running ``test/all.sh''
+You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
 
-- cd tests/
-
-- Set NSS_TESTS=ssl_gtests and NSS_CYCLES=standard
-
-- run ./all.sh
-
-This will run the certutil tests (generating a test db) and
-will finalize with a call to the ssl_gtest
-
-You should be able to run the unit tests manually as:
-
-  ssl_gtest -d ${SSLGTESTDIR}
-
-Where $SSLGTESTDIR is a directory with a database containing:
- - an RSA certificate called server (with its private key)
- - an ECDSA certificate called ecdsa (with its private key)
-
-A directory like this is created by ./all.sh and can be found
-in a directory named something like
+They can be run standalone or under a debugger by invoking the ssl_gtest
+executable with a ``-d'' option pointing to the directory created by either
+of the above options.  You can find that in
 
   tests_results/security/${hostname}.${NUMBER}/ssl_gtests
diff --git a/tests/all.sh b/tests/all.sh
index 1170bc1bac..819789c93b 100755
--- a/tests/all.sh
+++ b/tests/all.sh
@@ -202,7 +202,7 @@ run_cycle_upgrade_db()
 
     # run the subset of tests with the upgraded database
     TESTS="${ALL_TESTS}"
-    TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
+    TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests"
 
     echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
     RET=$?
@@ -233,7 +233,7 @@ run_cycle_shared_db()
 
     # run the tests for native sharedb support
     TESTS="${ALL_TESTS}"
-    TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
+    TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests"
 
     echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
     RET=$?
@@ -274,7 +274,7 @@ run_cycles()
 cycles="standard pkix upgradedb sharedb"
 CYCLES=${NSS_CYCLES:-$cycles}
 
-tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
+tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests"
 TESTS=${NSS_TESTS:-$tests}
 
 ALL_TESTS=${TESTS}
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
index e19cb6b564..114369f6bf 100755
--- a/tests/cert/cert.sh
+++ b/tests/cert/cert.sh
@@ -1201,62 +1201,6 @@ cert_ssl()
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
 }
 
-############################# ssl_gtest ##########################
-# local shell function to create serve certs for SSL gtests
-##################################################################
-cert_ssl_gtests()
-{
-  CERTFAILED=0
-  echo "$SCRIPTNAME: Creating ssl_gtest DB dir"
-  cert_init_cert ${SSLGTESTDIR} "server" 1 ${D_EXT_SERVER}
-  echo "$SCRIPTNAME: Creating database for ssl_gtests"
-  certu -N -d "${SSLGTESTDIR}" --empty-password 2>&1
-  # the ssl server used here is special: is a self-signed server
-  # certificate with name server.
-  echo "$SCRIPTNAME: Creating certs for ssl_gtests"
-  certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n server -s "CN=server" \
-        -t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
-0
-2
-9
-n
-n
-
-n
-CERTSCRIPT
-  if [ "$RET" -ne 0 ]; then
-     echo "return value is $RET"
-     Exit 6 "Fatal - failed to create RSA server cert for ssl_gtests"
-  fi
-  certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n client -s "CN=client" \
-        -t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
-0
-9
-n
-n
-
-n
-CERTSCRIPT
-  if [ "$RET" -ne 0 ]; then
-     echo "return value is $RET"
-     Exit 6 "Fatal - failed to create RSA client cert for ssl_gtests"
-  fi
-  certu -S -z ${R_NOISE_FILE} -k ec -q nistp256 -d ${SSLGTESTDIR} -n ecdsa -s CN=ecdsa \
-        -t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <<CERTSCRIPT
-0
-9
-n
-n
-
-n
-CERTSCRIPT
-
-  if [ "$RET" -ne 0 ]; then
-     echo "return value is $RET"
-     Exit 6 "Fatal - failed to create ECDSA server cert for ssl_gtests"
-  fi
-}
-
 ############################## cert_stresscerts ################################
 # local shell function to create client certs for SSL stresstest
 ########################################################################
@@ -2060,7 +2004,6 @@ cert_init
 cert_all_CA
 cert_extended_ssl 
 cert_ssl 
-cert_ssl_gtests
 cert_smime_client        
 if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
     cert_fips
diff --git a/tests/common/init.sh b/tests/common/init.sh
index 521438c3d7..2c4e69c18d 100644
--- a/tests/common/init.sh
+++ b/tests/common/init.sh
@@ -235,7 +235,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
     HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
     HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
     HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
-    HTML_UNKNOWN='</TD><TD>Unknown/TD><TR>'
+    HTML_UNKNOWN='</TD><TD>Unknown</TD><TR>'
     TABLE_ARGS=
 
 
diff --git a/tests/ssl_gtests/parsereport.sed b/tests/ssl_gtests/parsereport.sed
new file mode 100644
index 0000000000..d7c6ddada0
--- /dev/null
+++ b/tests/ssl_gtests/parsereport.sed
@@ -0,0 +1,8 @@
+/\<testcase/{
+  s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
+  t end
+  s/^.* name="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
+  t end
+}
+d
+: end
diff --git a/tests/ssl_gtests/ssl_gtests.sh b/tests/ssl_gtests/ssl_gtests.sh
old mode 100644
new mode 100755
index ce404ba45a..ad3d4448d6
--- a/tests/ssl_gtests/ssl_gtests.sh
+++ b/tests/ssl_gtests/ssl_gtests.sh
@@ -18,6 +18,55 @@
 #   NOTE .... unexpected behavior
 #
 ########################################################################
+ssl_gtest_certs() {
+  mkdir -p "${SSLGTESTDIR}"
+  cd "${SSLGTESTDIR}"
+
+  PROFILEDIR=`pwd`
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+    PROFILEDIR=`cygpath -m "${PROFILEDIR}"`
+  fi
+
+  ${BINDIR}/certutil -N -d "${PROFILEDIR}" --empty-password 2>&1
+  html_msg $? 0 "create ssl_gtest database"
+
+  ${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
+    -n server -s "CN=server" -t C,C,C -x -m 1 -w -2 -v 120 \
+    -k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
+0
+2
+9
+n
+n
+
+n
+CERTSCRIPT
+  html_msg $? 0 "create ssl_gtest server certificate"
+
+  ${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
+    -n client -s "CN=client" -t C,C,C -x -m 1 -w -2 -v 120 \
+    -k rsa -g 1024 -Z SHA256 -1 -2 <<CERTSCRIPT
+0
+9
+n
+n
+
+n
+CERTSCRIPT
+  html_msg $? 0 "create ssl_gtest client certificate"
+
+  ${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
+    -n ecdsa -s "CN=ecdsa" -t C,C,C -x -m 1 -w -2 -v 120 \
+    -k ec -q nistp256 -Z SHA256 -1 -2 <<CERTSCRIPT
+0
+9
+n
+n
+
+n
+CERTSCRIPT
+  html_msg $? 0 "create ssl_gtest ECDSA certificate"
+}
 
 ############################## ssl_gtest_init ##########################
 # local shell function to initialize this script
@@ -33,16 +82,17 @@ ssl_gtest_init()
       cd ../common
       . ./init.sh
   fi
-  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
-      cd ../cert
-      . ./cert.sh
-  fi
+
   SCRIPTNAME=ssl_gtest.sh
-  echo "$SCRIPTNAME: SSL Gtests ==============================="
+  html_head SSL Gtests
+
+  if [ ! -d "${SSLGTESTDIR}" ]; then
+    ssl_gtest_certs
+  fi
 
   REQF=${QADIR}/ssl/sslreq.dat
 
-  cd ${CLIENTDIR}
+  cd "${SSLGTESTDIR}"
 }
 
 ########################## ssl_gtest_start #########################
@@ -50,8 +100,24 @@ ssl_gtest_init()
 ####################################################################
 ssl_gtest_start()
 {
-  ssl_gtest -d ${SSLGTESTDIR}
-   html_msg $? 0 "ssl_gtest"
+  if [ ! -f ${BINDIR}/ssl_gtest ]; then
+    html_unknown "Skipping ssl_gtest (not built)"
+    return
+  fi
+
+  SSLGTESTREPORT="${SSLGTESTDIR}/report.xml"
+  ${BINDIR}/ssl_gtest -d "${SSLGTESTDIR}" --gtest_output=xml:"${SSLGTESTREPORT}"
+  html_msg $? 0 "ssl_gtest run successfully"
+  sed -f ${QADIR}/ssl_gtests/parsereport.sed "${SSLGTESTREPORT}" | \
+  while read result name; do
+    if [ "$result" = "notrun" ]; then
+      echo "$name" SKIPPED
+    elif [ "$result" = "run" ]; then
+      html_passed "$name" > /dev/null
+    else
+      html_failed "$name"
+    fi
+  done
 }
 
 ################## main #################################################