214397 - need certutil batch mode

Status: RESOLVED FIXED

(NSS :: Tools, defect, P2)

Description

[Julien Pierre]

In order to create complex test cases that simulate application environment, I
find it necessary to be able to perform batch commands in certutil within a
single process. Using an external shell to call certutil multiple times doesn't
do the trick, because the NSS cache and many other structures go away.

I propose to add a -B option - for batch mode. It will take the name of a file
as an argument. Each line in that file will be the equivalent of a current
certutil command-line.

The expectation is that NSS will be initialized the first time certutil runs,
ie. before the commands in the batch file are run.

Comment 1

[Julien Pierre]

Attachment: add -B option for batch mode

Comment 2

[Julien Pierre]

Comment on attachment 128834 [details] [diff] [review]
add -B option for batch mode

Nelson, Wan-Teh, please review. Thanks.

Comment 3

[Julien Pierre]

Comment on attachment 128834 [details] [diff] [review]
add -B option for batch mode

Nelson, Wan-Teh, please review. Thanks.

Comment 4

[Julien Pierre]

Nelson, Wan-Teh,

Could you please review the patch for this bug ?

Thanks.

Comment 5

[Wan-Teh Chang]

Comment on attachment 128834 [details] [diff] [review]
add -B option for batch mode

Julien, I wrote my review comments on a copy of this patch
and left it in your cube.

I think the use of recursion is a clever way to process
the command file in batch mode!

Please add some comments to describe how the command file
will be processed in batch mode.  Something like this:
- If -B <command line> is specified, the contents in the
  command file will be interpreted as subsequent certutil
  commands to be executed in the current certutil process
  context after the current certutil command has been executed.
- Each line in the command file consists of the command
  line argumentss for certutil.
- The -d <configdir> option must not be specified in the
  command file.  (Any other command line options disallowed
  in the command file?)
- Quoting with double quote characters ("...") is supported
  to allow white space in a command line argument.  The
  double quote character cannot be escaped and quoting cannot
  be nested in this version.

Comment 6

[Julien Pierre]

Attachment: incorporate Wan-Teh's feedback

Comment 7

[Julien Pierre]

Attachment: another update

Comment 8

[Wan-Teh Chang]

Comment on attachment 130148 [details] [diff] [review]
another update

1. After the while loop that skips white space,
we must check for the case that *space == '\0'.
If we do not handle that case, the subsequent
strchr(space+1, '\"') call will read beyond the
end of string, and we will add an extraneous
empty string to the newargv array.

2. If invalid is PR_TRUE, we should not go on
to execute the next command.  We should exit
the while loop.

3. We should get the return value of the
certutil_main(..., PR_FALSE) call.  If the
return value is nonzero (a failure), we should
exit the while loop and exit the process with
that return value.  In other words, if a command
fails, we should not go on to execute the next
command.

Two suggested style changes:

1. Use the prevalent multi-line comment block
style.

2. In the NSS source tree we usually use the
PORT_ versions of malloc, realloc, free, strpbrk,
strchr, strdup, and strrchr.

Comment 9

[Julien Pierre]

Attachment: address Wan-Teh's remaining issues

I have addressed all issues in this patch except the first one you mention
about reading past the string. I don't believe that can happen since the
strchr(space+1, ... is only invoked in the case where *space matches the quote
, which means it is not the end of the string.

Comment 10

[Julien Pierre]

Attachment: patch as checked in

Comment 11

[Julien Pierre]

Checking in certutil.c;
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v  <--  certutil.c
new revision: 1.77; previous revision: 1.76
done