firefox-main/security/nss/tests/ssl_gtests/ssl_gtest_db.sh

Source code

Revision control

Copy as Markdown

Other Tools

#!/bin/bash
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# Create an NSS certificate database for ssl_gtest.
# Usage: ssl_gtest_db.sh [db_dir [certutil [noise_file]]]
# db_dir - directory for the NSS cert DB (default: ./ssl_gtest_certdb)
# certutil - path to certutil binary (default: found in PATH)
# noise_file - entropy file for key generation (default: auto-generated)
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROFILEDIR="${1:-./ssl_gtest_certdb}"
CERTUTIL="${2:-}"
R_NOISE_FILE="${3:-}"
html_msg() { :; }
. "${SCRIPT_DIR}/../common/certsetup.sh"
# Use certutil from PATH if not provided
if [ -z "$CERTUTIL" ]; then
CERTUTIL="$(command -v certutil 2>/dev/null || true)"
fi
if [ -z "$CERTUTIL" ]; then
echo "certutil not found; pass it as \$2 or ensure it is in PATH" >&2
exit 1
fi
BINDIR="$(dirname "$CERTUTIL")"
# Auto-generate a noise file if not provided
if [ -z "$R_NOISE_FILE" ]; then
_noise_tmp="$(mktemp)"
trap 'rm -f "$_noise_tmp"' EXIT
dd if=/dev/urandom of="$_noise_tmp" bs=2048 count=1 2>/dev/null
R_NOISE_FILE="$_noise_tmp"
fi
mkdir -p "$PROFILEDIR"
PROFILEDIR="$(cd "$PROFILEDIR" && pwd)"
"$CERTUTIL" -N -d "$PROFILEDIR" --empty-password
cd "$PROFILEDIR"
counter=0
make_cert client rsa sign
make_cert rsa rsa sign kex
make_cert rsa2048 rsa2048 sign kex
make_cert rsa8192 rsa8192 sign kex
make_cert rsa_sign rsa sign
make_cert rsa_pss rsapss sign
make_cert rsa_pss384 rsapss384 sign
make_cert rsa_pss512 rsapss512 sign
make_cert rsa_pss_noparam rsapss_noparam sign
make_cert rsa_decrypt rsa kex
make_cert ecdsa256 p256 sign
make_cert ecdsa384 p384 sign
make_cert ecdsa521 p521 sign
make_cert ecdh_ecdsa p256 kex
make_cert rsa_ca rsa_ca ca
make_cert rsa_chain rsa_chain sign
make_cert rsa_pss_ca rsapss_ca ca
make_cert rsa_pss_chain rsapss_chain sign
make_cert rsa_ca_rsa_pss_chain rsa_ca_rsapss_chain sign
make_cert ecdh_rsa ecdh_rsa kex
if [ -z "${NSS_DISABLE_DSA}" ]; then
make_cert dsa dsa sign
fi
make_cert delegator_ecdsa256 delegator_p256 sign
make_cert delegator_rsae2048 delegator_rsae2048 sign
make_cert delegator_rsa_pss2048 delegator_rsa_pss2048 sign