From b10c43033d2fe2fe1697e574a067e302bbe9d893 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Tue, 6 Aug 2013 02:18:52 -0400
Subject: [PATCH] Fix self-tests when run with newer certutil

- pull up a patch from master to adapt self-tests to certutil's
  diagnostic output having changed (#992050)
---
 certmonger-certutil.patch | 200 ++++++++++++++++++++++++++++++++++++++
 certmonger.spec           |   8 +-
 2 files changed, 207 insertions(+), 1 deletion(-)
 create mode 100644 certmonger-certutil.patch

diff --git a/certmonger-certutil.patch b/certmonger-certutil.patch
new file mode 100644
index 0000000..1508b96
--- /dev/null
+++ b/certmonger-certutil.patch
@@ -0,0 +1,200 @@
+commit d8db04e88cc82272f6fba5102c38d4cac1c64517
+Author: Nalin Dahyabhai <nalin@dahyabhai.net>
+Date:   Thu Aug 1 16:14:13 2013 -0400
+
+    Fixup tests for recent certutil changes
+    
+    * Skip certutil's
+    certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+      message, which is printed at a different point(?) now.
+    * If a certutil error message includes an error name, strip out the
+      name, because it didn't always used to be there.
+
+diff --git a/tests/015-lockedkey-dbm/expected.out b/tests/015-lockedkey-dbm/expected.out
+index e2ffc54..4378b91 100644
+--- a/tests/015-lockedkey-dbm/expected.out
++++ b/tests/015-lockedkey-dbm/expected.out
+@@ -36,40 +36,32 @@ OK (2048).
+ [Not pre-creating database.]
+ [Generating key (dbm) without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "dbm:$tmpdir/dbmdb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Creating database, without PIN.]
+ [Generating key (dbm) without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "dbm:$tmpdir/dbmdb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Not pre-creating database, with PIN.]
+ [Generating key (dbm) with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "dbm:$tmpdir/dbmdb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+@@ -85,12 +77,10 @@ OK (2048).
+ [Creating database with PIN.]
+ [Generating key (dbm) with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "dbm:$tmpdir/dbmdb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+diff --git a/tests/015-lockedkey-sql/expected.out b/tests/015-lockedkey-sql/expected.out
+index 48a1a90..a739284 100644
+--- a/tests/015-lockedkey-sql/expected.out
++++ b/tests/015-lockedkey-sql/expected.out
+@@ -36,40 +36,32 @@ OK (2048).
+ [Not pre-creating database.]
+ [Generating key (sql) without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "sql:$tmpdir/sqldb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Creating database, without PIN.]
+ [Generating key (sql) without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "sql:$tmpdir/sqldb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Not pre-creating database, with PIN.]
+ [Generating key (sql) with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "sql:$tmpdir/sqldb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+@@ -85,12 +77,10 @@ OK (2048).
+ [Creating database with PIN.]
+ [Generating key (sql) with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "sql:$tmpdir/sqldb":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+diff --git a/tests/015-lockedkey/expected.out b/tests/015-lockedkey/expected.out
+index 779308e..eae75dc 100644
+--- a/tests/015-lockedkey/expected.out
++++ b/tests/015-lockedkey/expected.out
+@@ -36,40 +36,32 @@ OK (2048).
+ [Not pre-creating database.]
+ [Generating key without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "$tmpdir/db":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Creating database, without PIN.]
+ [Generating key without PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Providing Unnecessary PIN.]
+ [Reading Key Info With Unnecessary PIN.]
+ Failed to read key "$tmpdir/db":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Generating CSR With Unnecessary PIN.]
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Not pre-creating database, with PIN.]
+ [Generating key with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "$tmpdir/db":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+@@ -85,12 +77,10 @@ OK (2048).
+ [Creating database with PIN.]
+ [Generating key with PIN.]
+ OK.
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ < 0> rsa PRIVATE-KEY Test
+ [Reading Key Info Without PIN.]
+ Failed to read key "$tmpdir/db":"Test".
+ (Need PIN.)
+-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
+ Incorrect password/PIN entered.
+ certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
+ [Reading Key Info With Bogus PIN Location.]
+diff --git a/tests/015-lockedkey/run.sh b/tests/015-lockedkey/run.sh
+index 7f1d973..1f6340d 100755
+--- a/tests/015-lockedkey/run.sh
++++ b/tests/015-lockedkey/run.sh
+@@ -10,7 +10,8 @@ echo $pin > pin.txt
+ echo ""   > empty.txt
+ 
+ clean() {
+-	sed 's|'"$tmpdir"'|$tmpdir|g'
++	sed -r -e 's|'"$tmpdir"'|$tmpdir|g' -e 's,: SEC_ERROR_[^:]+: ,: ,g' |\
++	grep -vF 'certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"'
+ }
+ 
+ echo '['Generate Key Without PIN.']'
diff --git a/certmonger.spec b/certmonger.spec
index f77a154..980af3d 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -20,7 +20,7 @@
 
 Name:		certmonger
 Version:	0.67
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 Group:		System Environment/Daemons
@@ -29,6 +29,7 @@ URL:		http://certmonger.fedorahosted.org
 Source0:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz
 Source1:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+Patch0:		certmonger-certutil.patch
 
 BuildRequires:	dbus-devel, nspr-devel, nss-devel, openssl-devel
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
@@ -87,6 +88,7 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
 
 %prep
 %setup -q
+%patch0 -p1 -b .certutil
 %if 0%{?rhel} > 0
 # Enabled by default for RHEL for bug #765600, still disabled by default for
 # Fedora pending a similar bug report there.
@@ -201,6 +203,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug  6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.67-3
+- pull up a patch from master to adapt self-tests to certutil's diagnostic
+  output having changed (#992050)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.67-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild