Bug 382775: Added test for certutil -D. r=julien
authorslavomir.katuscak%sun.com
Wed, 11 Jul 2007 07:44:41 +0000
changeset 7924 f57a6d7a3ae0ff282b5b54e87ec3c302bcf9ff07
parent 7923 bd84a8c5103da078419554bbf461e17ed987bf19
child 7925 5e5cc22b4f4dca262bb28871c0092f50fc838b0b
push idunknown
push userunknown
push dateunknown
reviewersjulien
bugs382775
Bug 382775: Added test for certutil -D. r=julien
security/nss/tests/fips/fips.sh
--- a/security/nss/tests/fips/fips.sh
+++ b/security/nss/tests/fips/fips.sh
@@ -133,52 +133,101 @@ fips_140()
 
   echo "$SCRIPTNAME: Export the certificate as a DER-encoded file ------"
   echo "certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt"
   certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt 2>&1
   html_msg $? 0 "Export the certificate as a DER (certutil -L -r)" "."
 
   echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
   echo "certutil -d ${P_R_FIPSDIR} -L"
-  certutil -d ${P_R_FIPSDIR} -L 2>&1
-  html_msg $? 0 "List the FIPS module certificates (certutil -L)" "."
+  certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  if [ ! "${certs}" ]; then
+    ret=255
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
 
   echo "$SCRIPTNAME: Delete the certificate and key from the FIPS module"
   echo "certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE}"
   certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE} 2>&1
-  html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -D)" "."
-
+  html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -F)" "."
 
   echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
   echo "certutil -d ${P_R_FIPSDIR} -L"
-  certutil -d ${P_R_FIPSDIR} -L 2>&1
-  html_msg $? 0 "List the FIPS module certificates (certutil -L)" "."
+  certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  if [ "${certs}" ]; then
+    ret=255
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
 
   echo "$SCRIPTNAME: List the FIPS module keys."
   echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
   certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
   # certutil -K now returns a failure if no keys are found. This verifies that
   # our delete succeded.
   html_msg $? 255 "List the FIPS module keys (certutil -K)" "."
 
+
   echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file"
   echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}"
   pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
   html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "."
 
   echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
   echo "certutil -d ${P_R_FIPSDIR} -L"
-  certutil -d ${P_R_FIPSDIR} -L 2>&1
-  html_msg $? 0 "List the FIPS module certificates (certutil -L)" "."
+  certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  if [ ! "${certs}" ]; then
+    ret=255
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
 
   echo "$SCRIPTNAME: List the FIPS module keys --------------------------"
   echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
   certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
   html_msg $? 0 "List the FIPS module keys (certutil -K)" "."
 
+
+  echo "$SCRIPTNAME: Delete the certificate from the FIPS module"
+  echo "certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK}"
+  certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK} 2>&1
+  html_msg $? 0 "Delete the certificate from the FIPS module (certutil -D)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  if [ "${certs}" ]; then
+    ret=255
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+
+  echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file"
+  echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}"
+  pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  if [ ! "${certs}" ]; then
+    ret=255
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module keys --------------------------"
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
+  certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "List the FIPS module keys (certutil -K)" "."
+
+
   echo "$SCRIPTNAME: Run PK11MODE in FIPSMODE  -----------------"
   echo "pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}"
   pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}  2>&1
   html_msg $? 0 "Run PK11MODE in FIPS mode (pk11mode)" "."
 
   echo "$SCRIPTNAME: Run PK11MODE in Non FIPSMODE  -----------------"
   echo "pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n"
   pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n 2>&1