Bug 1181614

Based on the TCMS test test https://tcms.engineering.redhat.com/case/75306/
I have created a simplified version that doesn't require Beaker so I can
trace in the debugger.

Checkeout the test: rhpkg tests pyton nss
cd python-nss/Sanity/pkcs12-sanity-test/
and edited runtest.sh to run everything manually from this directory

PACKAGE=python-nss
TmpDir=`pwd`
cp *jdennis $TmpDir
for i in `rpm -ql python-nss-doc`; do
  echo $i | grep -e setup_certs.py$ -e test_pkcs12.py$ && cp $i $TmpDir
done
if [ !-e $TmpDir/setup_certs.py ]; then
  cp -p setup_certs.py.jdennis $TmpDir/setup_certs.py
fi
if [ !-e $TmpDir/test_pkcs12.py ]; then
  cp -p test_pkcs12.py.jdennis $TmpDir/test_pkcs12.py
fi
export NSS_DEFAULT_DB_TYPE=sql
echo "PKCS12 Sanity Test"
rm -rf pki
python setup_certs.py

# run the test_pkcs12.py one manually on gdb, backtrace will tell you
# the pk12util command to run in the debugger which will likely be 
# /usr/bin/pk12util -l exported_test_user.p12 -W pk12_passwd
# python test_pkcs12.py

I'm still debugging but let me make sure first, I'm doing the right thing.
Patrick, is this a faithful adaptation of your original test?

The if [ !-e...]; then lines above are in error. One totally remove those tests as we now the .py scripts are presenta nd ther is nothing to copy. I keep having problems with passwords whether on the debugger or not. One thing I did after the database was created is to export and list the exported file myself, as I had studied what pyton scrips do. I used these commands

pk12util -o exported_test_userManual.p12 -n test_user -d sql:./pki -K db_passwd -W "pk12_passwd"
pk12util -l exported_test_userManual.p12 -W "pk12_passwd"
and it listed just fine. 

I'm at a loss on how to explain the failures of the test. Patrick, perhaps we can meet on-line on IRC to analyse this and see what I may be doing wrong.

The cause I think is my incorrect fix for bug 1174527.

Bob rightly objected to me using strlen in his comment at
https://bugzilla.redhat.com/show_bug.cgi?id=1174527#c6 

Looking at the original attachment at
https://bugzilla.redhat.com/attachment.cgi?id=969405&action=diff
we see if (strlen(dest->data) >= 2 && ...
                                    ^^
I changed if (strlen(dest->data) >= 2 && ... to 
if ((dest->len < 2) && ..... )
               ^  reversing the sense of the test, bad

where I should have instead changed it to 
if ((dest->len >= 2) && ..... )
               ^^  preserving the sense of the original

This fixes the problem as far as my testing tells me. A scratch build with this change is at https://brewweb.devel.redhat.com/taskinfo?taskID=8556324.

Could someone please give it try?

(In reply to Elio Maldonado Batiz from comment #7)
> 
> This fixes the problem as far as my testing tells me. A scratch build with
> this change is at https://brewweb.devel.redhat.com/taskinfo?taskID=8556324.
> 
> Could someone please give it try?

It looks like the test build fixes the problem:

[0 root@rhel71 tmp]$ rpm -qa python-nss\* nss\*
nss-softokn-freebl-devel-3.16.2.3-6.el7.x86_64
nss-pam-ldapd-0.8.13-8.el7.x86_64
python-nss-doc-0.16.0-2.el7.x86_64
nss_compat_ossl-0.9.6-8.el7.x86_64
nss-tools-3.16.2.3-4.el7.x86_64
nss-softokn-3.16.2.3-6.el7.x86_64
python-nss-0.16.0-2.el7.x86_64
nss-util-devel-3.16.2.3-1.el7.x86_64
nss-3.16.2.3-4.el7.x86_64
nss-util-3.16.2.3-1.el7.x86_64
nss-softokn-devel-3.16.2.3-6.el7.x86_64
nss-devel-3.16.2.3-4.el7.x86_64
nss-sysinit-3.16.2.3-4.el7.x86_64
nss-softokn-freebl-3.16.2.3-6.el7.x86_64
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ python /usr/share/doc/python-nss-0.16.0/test/setup_certs.pyINFO: Creating clean database directory: "pki"
INFO: creating ca cert: subject="CN=Test CA", nickname="test_ca"
INFO: creating server cert: subject="CN=auto-x86-64-001.ss.eng.bos.redhat.com", nickname="test_server"
INFO: creating client cert: subject="CN=test_user", nickname="test_user"
INFO: adding system trusted certs: name="ca_certs" module="libnssckbi.so"
INFO: ---------- Summary ----------
INFO: NSS database name="sql:pki", password="db_passwd"
INFO: CA nickname="test_ca", CA subject="CN=Test CA"
INFO: server nickname="test_server", server subject="CN=auto-x86-64-001.ss.eng.bos.redhat.com"
INFO: client nickname="test_user", client subject="CN=test_user"
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ python /usr/share/doc/python-nss-0.16.0/test/test_pkcs12.py
..E
======================================================================
ERROR: test_export (test_pkcs12.TestPKCS12Export)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/share/doc/python-nss-0.16.0/test/test_pkcs12.py", line 210, in test_export
    exported_pk12_listing = list_pk12(exported_pk12_filename)
  File "/usr/share/doc/python-nss-0.16.0/test/test_pkcs12.py", line 109, in list_pk12
    stdout, stderr = run_cmd(cmd_args)
  File "/usr/share/doc/python-nss-0.16.0/test/test_pkcs12.py", line 56, in run_cmd
    stdout, stderr)
CmdError: failed /usr/bin/pk12util, -l, exported_test_user.p12, -W, pk12_passwd

----------------------------------------------------------------------
Ran 3 tests in 6.313s

FAILED (errors=1)
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ rm -rf *
You have new mail in /var/spool/mail/root
[0 root@rhel71 tmp]$ yum update ~/pkis/nss-3.16.2.3-5.el7/*rpm
Loaded plugins: auto-update-debuginfo, langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-3.16.2.3-5.el7.x86_64.rpm: nss-3.16.2.3-5.el7.x86_64
Marking /root/pkis/nss-3.16.2.3-5.el7/nss-3.16.2.3-5.el7.x86_64.rpm as an update to nss-3.16.2.3-4.el7.x86_64
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-debuginfo-3.16.2.3-5.el7.x86_64.rpm: nss-debuginfo-3.16.2.3-5.el7.x86_64
Package nss-debuginfo not installed, cannot update it. Run yum install to install it instead.
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-devel-3.16.2.3-5.el7.x86_64.rpm: nss-devel-3.16.2.3-5.el7.x86_64
Marking /root/pkis/nss-3.16.2.3-5.el7/nss-devel-3.16.2.3-5.el7.x86_64.rpm as an update to nss-devel-3.16.2.3-4.el7.x86_64
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-pkcs11-devel-3.16.2.3-5.el7.x86_64.rpm: nss-pkcs11-devel-3.16.2.3-5.el7.x86_64
Package nss-pkcs11-devel not installed, cannot update it. Run yum install to install it instead.
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-sysinit-3.16.2.3-5.el7.x86_64.rpm: nss-sysinit-3.16.2.3-5.el7.x86_64
Marking /root/pkis/nss-3.16.2.3-5.el7/nss-sysinit-3.16.2.3-5.el7.x86_64.rpm as an update to nss-sysinit-3.16.2.3-4.el7.x86_64
Examining /root/pkis/nss-3.16.2.3-5.el7/nss-tools-3.16.2.3-5.el7.x86_64.rpm: nss-tools-3.16.2.3-5.el7.x86_64
Marking /root/pkis/nss-3.16.2.3-5.el7/nss-tools-3.16.2.3-5.el7.x86_64.rpm as an update to nss-tools-3.16.2.3-4.el7.x86_64
Resolving Dependencies
--> Running transaction check
---> Package nss.x86_64 0:3.16.2.3-4.el7 will be updated
---> Package nss.x86_64 0:3.16.2.3-5.el7 will be an update
---> Package nss-devel.x86_64 0:3.16.2.3-4.el7 will be updated
---> Package nss-devel.x86_64 0:3.16.2.3-5.el7 will be an update
---> Package nss-sysinit.x86_64 0:3.16.2.3-4.el7 will be updated
---> Package nss-sysinit.x86_64 0:3.16.2.3-5.el7 will be an update
---> Package nss-tools.x86_64 0:3.16.2.3-4.el7 will be updated
---> Package nss-tools.x86_64 0:3.16.2.3-5.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================
 Package              Arch            Version                 Repository                                   Size
================================================================================================================
Updating:
 nss                  x86_64          3.16.2.3-5.el7          /nss-3.16.2.3-5.el7.x86_64                  2.4 M
 nss-devel            x86_64          3.16.2.3-5.el7          /nss-devel-3.16.2.3-5.el7.x86_64            758 k
 nss-sysinit          x86_64          3.16.2.3-5.el7          /nss-sysinit-3.16.2.3-5.el7.x86_64           14 k
 nss-tools            x86_64          3.16.2.3-5.el7          /nss-tools-3.16.2.3-5.el7.x86_64            1.8 M

Transaction Summary
================================================================================================================
Upgrade  4 Packages

Total size: 5.0 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : nss-3.16.2.3-5.el7.x86_64                                                                    1/8 
  Updating   : nss-sysinit-3.16.2.3-5.el7.x86_64                                                            2/8 
  Updating   : nss-tools-3.16.2.3-5.el7.x86_64                                                              3/8 
  Updating   : nss-devel-3.16.2.3-5.el7.x86_64                                                              4/8 
  Cleanup    : nss-devel-3.16.2.3-4.el7.x86_64                                                              5/8 
  Cleanup    : nss-tools-3.16.2.3-4.el7.x86_64                                                              6/8 
  Cleanup    : nss-3.16.2.3-4.el7.x86_64                                                                    7/8 
  Cleanup    : nss-sysinit-3.16.2.3-4.el7.x86_64                                                            8/8 
  Verifying  : nss-sysinit-3.16.2.3-5.el7.x86_64                                                            1/8 
  Verifying  : nss-tools-3.16.2.3-5.el7.x86_64                                                              2/8 
  Verifying  : nss-3.16.2.3-5.el7.x86_64                                                                    3/8 
  Verifying  : nss-devel-3.16.2.3-5.el7.x86_64                                                              4/8 
  Verifying  : nss-devel-3.16.2.3-4.el7.x86_64                                                              5/8 
  Verifying  : nss-tools-3.16.2.3-4.el7.x86_64                                                              6/8 
  Verifying  : nss-sysinit-3.16.2.3-4.el7.x86_64                                                            7/8 
  Verifying  : nss-3.16.2.3-4.el7.x86_64                                                                    8/8 

Updated:
  nss.x86_64 0:3.16.2.3-5.el7         nss-devel.x86_64 0:3.16.2.3-5.el7   nss-sysinit.x86_64 0:3.16.2.3-5.el7  
  nss-tools.x86_64 0:3.16.2.3-5.el7  

Complete!
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ python /usr/share/doc/python-nss-0.16.0/test/setup_certs.py
INFO: Creating clean database directory: "pki"
INFO: creating ca cert: subject="CN=Test CA", nickname="test_ca"
INFO: creating server cert: subject="CN=auto-x86-64-001.ss.eng.bos.redhat.com", nickname="test_server"
INFO: creating client cert: subject="CN=test_user", nickname="test_user"
INFO: adding system trusted certs: name="ca_certs" module="libnssckbi.so"
INFO: ---------- Summary ----------
INFO: NSS database name="sql:pki", password="db_passwd"
INFO: CA nickname="test_ca", CA subject="CN=Test CA"
INFO: server nickname="test_server", server subject="CN=auto-x86-64-001.ss.eng.bos.redhat.com"
INFO: client nickname="test_user", client subject="CN=test_user"
[0 root@rhel71 tmp]$ 
[0 root@rhel71 tmp]$ python /usr/share/doc/python-nss-0.16.0/test/test_pkcs12.py
...
----------------------------------------------------------------------
Ran 3 tests in 6.214s

OK
[0 root@rhel71 tmp]$

*** This bug has been marked as a duplicate of bug 1174527 ***