Test Framework#

JSS tests are defined in dogtagpki/jss.

These are the values of some environment variables during testing:

JAVA_HOME=/etc/alternatives/java_sdk_1.8.0_openjdk
USE_64=1
XPCLASS_JAR=xpclass.jar
SOURCE_PREFIX=./../dist
SOURCE_RELEASE_PREFIX=./../dist/release/no-policy
SOURCE_RELEASE_CLASSES_DIR=classes
NSS OBJDIR_NAME=Linux4.15_x86_64_cc_glibc_PTH_64_DBG.OBJ
JSS OBJDIR_NAME=Linux4.15_x86_64_glibc_PTH_64_DBG.OBJ
jss_symlink=/root/sandbox/dist/Linux4.15_x86_64_glibc_PTH_64_DBG.OBJ
LD_LIBRARY_PATH=:/root/sandbox/dist/Linux4.15_x86_64_glibc_PTH_64_DBG.OBJ/lib
CLASSPATH=/root/sandbox/dist/xpclass.jar

Test Cases#

Basic tests#

$testname = "Setup DBs";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SetupDBs $testdir $pwfile";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known RSA cert pair";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/RSA CA_RSA Server_RSA Client_RSA";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known ECDSA cert pair";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-256/EC CA_ECDSA Server_ECDSA Client_ECDSA";
run_test($testname, $command);
updateCertSN();
$testname = "Generate known DSS cert pair";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.GenerateTestCert $testdir $pwfile $certSN localhost SHA-1/DSA CA_DSS Server_DSS Client_DSS";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 rsa.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/rsa.pfx -n CA_RSA -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 ecdsa.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/ecdsa.pfx -n CA_ECDSA -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
$testname = "Create PKCS11 cert to PKCS12 dss.pfx";
$command = "$nss_lib_dir/../bin/pk12util$exe_suffix -o $testdir/dss.pfx -n CA_DSS -d $testdir -K $dbPwd -W $dbPwd";
run_test($testname, $command);
#$testname = "Convert nss db  to Java keystore";
#$command = "$java -cp $jss_classpath org.mozilla.jss.tests.NSS2JKS $keystore $dbPwd $configfile $dbPwd";
#run_test($testname, $command);
$testname = "List CA certs";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.ListCACerts $testdir";
run_test($testname, $command);
updateCertSN();
$serverPort = checkPort($serverPort);
$testname = "SSLClientAuth";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
run_test($testname, $command);
$testname = "Key Generation";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.TestKeyGen $testdir $pwfile";
run_test($testname, $command);
$testname = "Key Factory";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.KeyFactoryTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Digest";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.DigestTest $testdir $pwfile";
run_test($testname, $command);
$testname = "HMAC ";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HMACTest $testdir $pwfile";
run_test($testname, $command);
$testname = "HMAC Unwrap";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HmacTest $testdir $pwfile";
run_test($testname, $command);
$testname = "KeyWrapping ";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCAKeyWrap $testdir $pwfile";
run_test($testname, $command);
$testname = "Mozilla-JSS JCA Signature ";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCASigTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Mozilla-JSS NSS Signature ";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SigTest $testdir $pwfile";
run_test($testname, $command);
$testname = "JSS Signature test";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SigTest $testdir $pwfile";
run_test($testname, $command);
$testname = "Secret Decoder Ring";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.TestSDR $testdir $pwfile";
run_test($testname, $command);
$testname = "List cert by certnick";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.ListCerts $testdir Server_RSA";
run_test($testname, $command);
$testname = "Verify cert by certnick";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.VerifyCert $testdir $pwfile Server_RSA";
run_test($testname, $command);
$testname = "Secret Key Generation";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SymKeyGen $testdir";
run_test($testname, $command);
$testname = "Mozilla-JSS Secret Key Generation";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCASymKeyGen $testdir";
run_test($testname, $command);

SSLServer and SSLClient Ciphersuite tests#

Servers are kicked off by the shell script and are told to shutdown by the client test.

$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server and JSS client both";
$serverCommand = "$run_shell ./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort  $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort verboseoff JSS";
# To be restored when bug 1321594 is fixed
# run_ssl_test($testname, $serverCommand, $command);
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSS Server and JSSE client";
$serverCommand = "$run_shell ./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSE_SSLClient $testdir $serverPort $hostname JSS";
# To be restored when bug 1321594 is fixed
#run_ssl_test($testname, $serverCommand, $command);
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using default provider and JSS client";
$serverCommand = "$run_shell ./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx default $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort  verboseoff JSSE";
# To be restored when bug 1321594 is fixed
#run_ssl_test($testname, $serverCommand, $command);
if ($java =~ /1.4/i || $osname =~ /HP/ || ( ($osname =~ /Linux/)  && $java =~ /1.5/i && ($ENV{USE_64}) )) {
    print "don't run the SunJSSE with Mozilla-JSS provider with Java4 need java5 or higher";
    print "don't run the JSSE Server tests on HP or Linux  64 bit with java5.\n";
    print "Java 5 on HP does not have SunPKCS11 class\n";
} else {
#with JSS is being build with JDK 1.5 add the Sunpkcs11-NSS support back in!
#$serverPort = checkPort($serverPort);
#$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client";
#$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
#$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort  verboseoff JSSE";
#run_ssl_test($testname, $serverCommand, $command);

#$serverPort = checkPort($serverPort);
#$testname = "SSL Ciphersuite JSSE Server using Sunpkcs11-NSS provider and JSS client";
#$serverCommand = "./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Sunpkcs11 $configfile $pwfile $java";
#$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort verboseoff JSSE";
#run_ssl_test($testname, $serverCommand, $command);

#Mozilla-JSS only works with JDK 1.5 or higher when used as provider for SunJSSE
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite JSSE Server using Mozilla-JSS provider and JSS client";
$serverCommand = "$run_shell ./startJsseServ.$scriptext $jss_classpath $serverPort false $testdir rsa.pfx Mozilla-JSS $configfile $pwfile $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort verboseoff Mozilla-JSS";
# To be restored when bug 1321594 is fixed
#run_ssl_test($testname, $serverCommand, $command);
}

FIPS tests#

$testname = "Enable FipsMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir enable";
run_test($testname, $command);
$testname = "check FipsMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir chkfips";
run_test($testname, $command);
updateCertSN();
$testname = "SSLClientAuth FIPSMODE";
$serverPort = checkPort(++$serverPort);
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SSLClientAuth $testdir $pwfile $serverPort $certSN";
run_test($testname, $command);
$testname = "HMAC FIPSMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.HMACTest $testdir $pwfile";
run_test($testname, $command);
$testname = "KeyWrapping FIPSMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCAKeyWrap $testdir $pwfile";
run_test($testname, $command);
$testname = "Mozilla-JSS JCA Signature FIPSMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JCASigTest $testdir $pwfile";
run_test($testname, $command);
$testname = "JSS Signature test FipsMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.SigTest $testdir $pwfile";
run_test($testname, $command);
$serverPort = checkPort($serverPort);
$testname = "SSL Ciphersuite FIPSMODE JSS Server and JSS client both";
$serverCommand = "$run_shell ./startJssSelfServ.$scriptext $jss_classpath $testdir $hostname $serverPort  $java";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSS_SelfServClient 2 -1 $testdir $pwfile $hostname $serverPort  verboseoff JSS";
# To be restored when bug 1321594 is fixed
#run_ssl_test($testname, $serverCommand, $command);
$testname = "Disable FipsMODE";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.FipsTest $testdir disable";
run_test($testname, $command);

Tests for JSS jar and library revision#

$testname = "Check JSS jar version";
$command = "$java -cp $jss_classpath org.mozilla.jss.tests.JSSPackageTest $testdir";
run_test($testname, $command);

Test Procedure#

$ perl build_java.pl <perl variables> test
$ cd org/mozilla/jss/tests
$ perl all.pl dist <JSS symlink>

See also:

References#