certmonger

Clone

#159 Make it possible to run NSS db type specific tests separately
Merged 3 years ago by rcritten. Opened 3 years ago by rcritten.
rcritten/certmonger issue_155  into  master

file modified
+26 -15 
@@ -86,9 +86,10 @@ 
 

  	FILE *fp;
 

  	NSSInitContext *ctx;
 

  	SECStatus err;
 

- 	CERTCertificate *decoded, *found, **imported = NULL;
 

+ 	CERTCertificate *decoded, *found;
 

  	CERTCertTrust trust;
 

  	CERTCertDBHandle *certdb;
 

+ 	PK11SlotInfo *slot = NULL;
 

  	SECItem *items[2];
 

  	PRUint32 flags;
 

  	const char *es, *ttrust;
 
@@ -157,6 +158,16 @@ 
 

  			}
 

  		}
 

  		certdb = CERT_GetDefaultCertDB();
 

+ 		slot = PK11_GetInternalKeySlot();
 

+ 		if (PK11_NeedUserInit(slot)) {
 

+ 			/* If no PIN is set at all on the database set an empty one
 

+  			 * in case we are the creator. */
 

+ 			PK11_InitPin(slot, NULL, "");
 

+ 		}
 

+ 		if (PK11_NeedLogin(slot)) {
 

+ 			cm_log(0, "NSS database %s requires login\n", state->nssdb);
 

+ 				return CM_CERTSAVE_STATUS_INTERNAL_ERROR;
 

+ 		}
 

  		for (i = 0; state->certs[i] != NULL; i++) {
 

  			package = state->certs[i]->cert;
 

  			decoded = CERT_DecodeCertFromPackage(package,
 
@@ -186,16 +197,10 @@ 
 

  				found = CERT_FindCertByDERCert(certdb,
 

  							       &decoded->derCert);
 

  				if (found != NULL) {
 

- 					items[0] = &found->derCert;
 

- 					items[1] = NULL;
 

- 					if ((CERT_ImportCerts(certdb,
 

- 							      certUsageSSLCA,
 

- 							      1, items,
 

- 							      &imported,
 

- 							      PR_TRUE, PR_FALSE,
 

- 							      p) != SECSuccess) ||
 

- 					    (imported == NULL) ||
 

- 					    (imported[0] == NULL)) {
 

+ 					if (PK11_ImportCert(slot, found,
 

+ 							      CK_INVALID_HANDLE,
 

+ 							      p,
 

+ 							      PR_FALSE) != SECSuccess) {
 

  						ec = PORT_GetError();
 

  						if (ec != 0) {
 

  							es = PR_ErrorToName(ec);
 
@@ -217,10 +222,15 @@ 
 

  						cm_log(3, "Wrote '%s' to "
 

  						       "database '%s'.\n",
 

  						       p, state->nssdb);
 

- 						CERT_ChangeCertTrust(certdb,
 

- 								     imported[0],
 

- 								     &trust);
 

- 						CERT_DestroyCertificate(imported[0]);
 

+ 						if (CERT_ChangeCertTrust(certdb,
 

+ 								     found,
 

+ 								     &trust) != SECSuccess) {
 

+ 							if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN)
 

+ 							{
 

+ 								cm_log(0, "Unable to set trust. "
 

+ 										  "Token not logged in.\n");
 

+ 							}
 

+ 						}
 

  					}
 

  					CERT_DestroyCertificate(found);
 

  				} else{
 
@@ -234,6 +244,7 @@ 
 

  				       p);
 

  			}
 

  		}
 

+ 		PK11_FreeSlot(slot);
 

  		err = NSS_ShutdownContext(ctx);
 

  		if (err != SECSuccess) {
 

  			cm_log(1, "Error shutting down NSS.\n");

file added
+381 
@@ -0,0 +1,381 @@ 
 

+ [(CAB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(CAD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(CAD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Root Certificate D3 CT,C,C
 

+ 

+ [(EntryB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Per-certificate Signing Authority D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Per-certificate Signing Authority D1 CT,C,C
 

+ 

+ [(EntryD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Per-certificate Signing Authority D3 ,, 

+ [dba]
 

+ Per-certificate Signing Authority D3 ,, 

+ 

+ [(EntryCB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Per-certificate Signing Authority CD1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Per-certificate Signing Authority CD1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(EntryCD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(EntryCD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ Per-certificate Signing Authority CD3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Per-certificate Signing Authority CD3 ,, 

+ Root Certificate D3 CT,C,C
 

+ 

+ [(EntryCAB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(EntryCAD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(EntryCAD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Root Certificate D3 CT,C,C
 

+ 

+ OK.

file added
+3 
@@ -0,0 +1,3 @@ 
 

+ #!/bin/bash -e
 

+ 

+ exec env scheme=dbm ../025-casave/run.sh

file added
+381 
@@ -0,0 +1,381 @@ 
 

+ [(CAB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(CAD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(CAD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(CAD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Root Certificate D3 CT,C,C
 

+ 

+ [(EntryB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Per-certificate Signing Authority D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Per-certificate Signing Authority D1 CT,C,C
 

+ 

+ [(EntryD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Per-certificate Signing Authority D3 ,, 

+ [dba]
 

+ Per-certificate Signing Authority D3 ,, 

+ 

+ [(EntryCB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Per-certificate Signing Authority CD1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Per-certificate Signing Authority CD1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(EntryCD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(EntryCD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ Per-certificate Signing Authority CD3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Per-certificate Signing Authority CD3 ,, 

+ Root Certificate D3 CT,C,C
 

+ 

+ [(EntryCAB1)]
 

+ [bundle1]
 

+ 2
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAB2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 1
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAB3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 2
 

+ [bundle-all]
 

+ 6
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ 

+ [(EntryCAD1)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ Root Certificate D1 CT,C,C
 

+ [db2]
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D1 ,, 

+ Other Root Certificate D1 CT,C,C
 

+ Root Certificate D1 CT,C,C
 

+ 

+ [(EntryCAD2)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ Other Root Certificate D2 CT,C,C
 

+ [db3]
 

+ [dba]
 

+ Other Certificate D2 ,, 

+ Other Root Certificate D2 CT,C,C
 

+ Root Certificate D2 CT,C,C
 

+ 

+ [(EntryCAD3)]
 

+ [bundle1]
 

+ 0
 

+ [bundle2]
 

+ 0
 

+ [bundle3]
 

+ 0
 

+ [bundle-all]
 

+ 0
 

+ [db1]
 

+ [db2]
 

+ [db3]
 

+ Other Certificate D3 ,, 

+ [dba]
 

+ Other Certificate D3 ,, 

+ Other Root Certificate D3 CT,C,C
 

+ Root Certificate D3 CT,C,C
 

+ 

+ OK.

file added
+3 
@@ -0,0 +1,3 @@ 
 

+ #!/bin/bash -e
 

+ 

+ exec env scheme=sql ../025-casave/run.sh

file modified
+21 -20 
@@ -2,6 +2,7 @@ 
 

  

  cd $tmpdir
 

  

+ scheme="${scheme:-dbm}"
 

  cat > $tmpdir/entrycb1 <<- EOF
 

  id=EntryCB1
 

  ca_name=CAB1
 
@@ -196,7 +197,7 @@ 
 

  root_cert_files=
 

  other_root_cert_files=
 

  other_cert_files=
 

- root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
 

+ root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba
 

  other_root_cert_dbs=
 

  other_cert_dbs=
 

  cert_roots=Per-certificate Signing Authority D1
 
@@ -229,7 +230,7 @@ 
 

  other_root_cert_files=
 

  other_cert_files=
 

  root_cert_dbs=
 

- other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
 

+ other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba
 

  other_cert_dbs=
 

  EOF
 

  cat > $tmpdir/entryd3 <<- EOF
 
@@ -239,7 +240,7 @@ 
 

  other_cert_files=
 

  root_cert_dbs=
 

  other_root_cert_dbs=
 

- other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 

+ other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba
 

  cert_chain=Per-certificate Signing Authority D3
 

   -----BEGIN CERTIFICATE-----
 

   MIIDjjCCAnagAwIBAgIRALuVK2FuXklPuMP4qtRyQjUwDQYJKoZIhvcNAQELBQAw
 
@@ -300,7 +301,7 @@ 
 

  root_cert_files=
 

  other_root_cert_files=
 

  other_cert_files=
 

- root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
 

+ root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba
 

  other_root_cert_dbs=
 

  other_cert_dbs=
 

  EOF
 
@@ -311,7 +312,7 @@ 
 

  other_root_cert_files=
 

  other_cert_files=
 

  root_cert_dbs=
 

- other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
 

+ other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba
 

  other_cert_dbs=
 

  EOF
 

  cat > $tmpdir/entrycad3 <<- EOF
 
@@ -322,7 +323,7 @@ 
 

  other_cert_files=
 

  root_cert_dbs=
 

  other_root_cert_dbs=
 

- other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 

+ other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba
 

  EOF
 

  

  cat > $tmpdir/cab1 <<- EOF
 
@@ -564,9 +565,9 @@ 
 

  ca_root_cert_files=
 

  ca_other_root_cert_files=
 

  ca_other_cert_files=
 

- ca_root_cert_dbs=dbm:$tmpdir/db1,dbm:$tmpdir/dba
 

- ca_other_root_cert_dbs=dbm:$tmpdir/dba
 

- ca_other_cert_dbs=dbm:$tmpdir/dba
 

+ ca_root_cert_dbs=$scheme:$tmpdir/db1,$scheme:$tmpdir/dba
 

+ ca_other_root_cert_dbs=$scheme:$tmpdir/dba
 

+ ca_other_cert_dbs=$scheme:$tmpdir/dba
 

  ca_root_certs=Root Certificate D1
 

   -----BEGIN CERTIFICATE-----
 

   MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
 
@@ -639,9 +640,9 @@ 
 

  ca_root_cert_files=
 

  ca_other_root_cert_files=
 

  ca_other_cert_files=
 

- ca_root_cert_dbs=dbm:$tmpdir/dba
 

- ca_other_root_cert_dbs=dbm:$tmpdir/db2,dbm:$tmpdir/dba
 

- ca_other_cert_dbs=dbm:$tmpdir/dba
 

+ ca_root_cert_dbs=$scheme:$tmpdir/dba
 

+ ca_other_root_cert_dbs=$scheme:$tmpdir/db2,$scheme:$tmpdir/dba
 

+ ca_other_cert_dbs=$scheme:$tmpdir/dba
 

  ca_root_certs=Root Certificate D2
 

   -----BEGIN CERTIFICATE-----
 

   MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET
 
@@ -722,9 +723,9 @@ 
 

  ca_root_cert_files=
 

  ca_other_root_cert_files=
 

  ca_other_cert_files=
 

- ca_root_cert_dbs=,dbm:$tmpdir/dba
 

- ca_other_root_cert_dbs=,dbm:$tmpdir/dba,
 

- ca_other_cert_dbs=dbm:$tmpdir/db3,dbm:$tmpdir/dba
 

+ ca_root_cert_dbs=,$scheme:$tmpdir/dba
 

+ ca_other_root_cert_dbs=,$scheme:$tmpdir/dba,
 

+ ca_other_cert_dbs=$scheme:$tmpdir/db3,$scheme:$tmpdir/dba
 

  ca_root_certs=Root Certificate D3
 

   -----BEGIN CERTIFICATE-----
 

   MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
 
@@ -796,9 +797,9 @@ 
 

  ca_root_cert_files=$tmpdir/bundle-all
 

  ca_other_root_cert_files=
 

  ca_other_cert_files=
 

- ca_root_cert_dbs=dbm:$tmpdir/dba
 

- ca_other_root_cert_dbs=,dbm:$tmpdir/dba
 

- ca_other_cert_dbs=,dbm:$tmpdir/dba
 

+ ca_root_cert_dbs=$scheme:$tmpdir/dba
 

+ ca_other_root_cert_dbs=,$scheme:$tmpdir/dba
 

+ ca_other_cert_dbs=,$scheme:$tmpdir/dba
 

  ca_root_certs=Root Certificate DA
 

   -----BEGIN CERTIFICATE-----
 

   MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
 
@@ -843,7 +844,7 @@ 
 

  	done
 

  	for db in 1 2 3 a ; do
 

  		echo "[db$db]"
 

- 		certutil -L -d "db$db" 2> /dev/null | \
 

+ 		certutil -L -d "$scheme:db$db" 2> /dev/null | \
 

  		grep , | grep -v JAR/XPI | sed -r 's, +, ,g' | \
 

  		env LANG=C sort | tee "olddblist$db"
 

  	done
 
@@ -852,7 +853,7 @@ 
 

  		diff -u "bundle$bundle" "oldbundle$bundle"
 

  	done
 

  	for db in 1 2 3 a ; do
 

- 		certutil -L -d "db$db" 2> /dev/null | \
 

+ 		certutil -L -d "$scheme:db$db" 2> /dev/null | \
 

  		grep , | grep -v JAR/XPI | sed -r 's, +, ,g' | \
 

  		env LANG=C sort > "dblist$db"
 

  		diff -u "olddblist$db" "dblist$db"

file modified
+20 -9 
@@ -8,6 +8,10 @@ 
 

  	001-keyiread-rsa/actual.err \
 

  	002-keygen/actual.out \
 

  	002-keygen/actual.err \
 

+ 	002-keygen-dbm/actual.out \
 

+ 	002-keygen-dbm/actual.err \
 

+ 	002-keygen-sql/actual.out \
 

+ 	002-keygen-sql/actual.err \
 

  	002-keygen-dsa/actual.out \
 

  	002-keygen-dsa/actual.err \
 

  	002-keygen-ec/actual.out \
 
@@ -92,6 +96,10 @@ 
 

  	024-citerate/actual.err \
 

  	025-casave/actual.out \
 

  	025-casave/actual.err \
 

+ 	025-casave-dbm/actual.out \
 

+ 	025-casave-dbm/actual.err \
 

+ 	025-casave-sql/actual.out \
 

+ 	025-casave-sql/actual.err \
 

  	026-local/actual.out \
 

  	026-local/actual.err \
 

  	027-hooks/actual.out \
 
@@ -138,6 +146,10 @@ 
 

  	002-keygen/prequal.sh \
 

  	002-keygen/run.sh \
 

  	002-keygen/expected.out \
 

+ 	002-keygen-dbm/run.sh \
 

+ 	002-keygen-dbm/expected.out \
 

+ 	002-keygen-sql/run.sh \
 

+ 	002-keygen-sql/expected.out \
 

  	002-keygen-rsa/prequal.sh \
 

  	002-keygen-rsa/run.sh \
 

  	002-keygen-rsa/expected.out \
 
@@ -263,6 +275,10 @@ 
 

  	024-citerate/run.sh \
 

  	025-casave/expected.out \
 

  	025-casave/run.sh \
 

+ 	025-casave-dbm/expected.out \
 

+ 	025-casave-dbm/run.sh \
 

+ 	025-casave-sql/expected.out \
 

+ 	025-casave-sql/run.sh \
 

  	026-local/expected.out \
 

  	026-local/run.sh \
 

  	027-hooks/expected.out \
 
@@ -344,7 +360,6 @@ 
 

  subdirs = \
 

  	001-keyiread \
 

  	001-keyiread-rsa \
 

- 	002-keygen \
 

  	002-keygen-rsa \
 

  	003-csrgen \
 

  	003-csrgen-rsa \
 
@@ -352,24 +367,17 @@ 
 

  	004-selfsign-rsa \
 

  	005-dbusm \
 

  	006-serial \
 

- 	007-certsave \
 

  	008-certread \
 

  	009-oiddict \
 

  	010-iterate \
 

- 	011-dbinit \
 

- 	012-dbadd \
 

- 	013-enckey \
 

  	014-prefs \
 

- 	015-lockedkey \
 

  	016-dates \
 

- 	017-notoken \
 

  	018-pembase \
 

  	019-dparse \
 

  	021-resume \
 

  	022-base64 \
 

  	023-cadata \
 

  	024-citerate \
 

- 	025-casave \
 

  	026-local \
 

  	027-hooks \
 

  	028-dbus \
 
@@ -378,7 +386,6 @@ 
 

  	031-pkcs7 \
 

  	032-chain \
 

  	033-scep \
 

- 	034-perms \
 

  	035-json \
 

  	036-getcert \
 

  	037-rekey2 \
 
@@ -387,23 +394,27 @@ 
 

  

  if HAVE_DBM_NSSDB
 

  subdirs += \
 

+ 	002-keygen-dbm \
 

  	007-certsave-dbm \
 

  	011-dbinit-dbm \
 

  	012-dbadd-dbm \
 

  	013-enckey-dbm \
 

  	015-lockedkey-dbm \
 

  	017-notoken-dbm \
 

+ 	025-casave-dbm \
 

  	034-perms-dbm
 

  endif
 

  

  if HAVE_SQL_NSSDB
 

  subdirs += \
 

+ 	002-keygen-sql \
 

  	007-certsave-sql \
 

  	011-dbinit-sql \
 

  	012-dbadd-sql \
 

  	013-enckey-sql \
 

  	015-lockedkey-sql \
 

  	017-notoken-sql \
 

+ 	025-casave-sql \
 

  	034-perms-sql
 

  endif

If NSS is configured with NSS_DISABLE_DBM then Certmonger's tests which are related to DBM fail. The legacy NSS db type(DBM) will be eventually disabled. Thus, Certmonger should handle this.

NSS db specific tests are placed under the corresponding HAVE_SQL_NSSDB and HAVE_DBM_NSSDB sections.

Fixes: https://pagure.io/certmonger/issue/155

This PR merges https://pagure.io/certmonger/pull-request/156 and a patch to fix sqlite handling when saving CA certificates into an NSS database.

Pull-Request has been merged by rcritten
3 years ago
Metadata
None
No Tags
Changes Summary 7
+26 -15
file changed
src/casave.c
+381
file added
tests/025-casave-dbm/expected.out
+3
file added
tests/025-casave-dbm/run.sh
+381
file added
tests/025-casave-sql/expected.out
+3
file added
tests/025-casave-sql/run.sh
+21 -20
file changed
tests/025-casave/run.sh
+20 -9
file changed
tests/Makefile.am
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.