[apple/security.git] / SecurityTests / clxutils / anchorTest / intermedSourceTest

#! /bin/csh -f
#
# verify all of the certs in specified directory as intermediates. They must
# verify against the system roots. 
#
if ( $#argv < 1 ) then
        echo "Usage: intermedSourceTest directory [q(uiet)] [t(rustSettings)]"
		echo A good directory would be ../../../security_certificates/certs/
        exit(1)
endif
#
set BUILD_DIR=$LOCAL_BUILD_DIR
set CERTS_DIR=$argv[1]

set QUIET=0
set TRUST_SETTINGS_ARG=
shift
while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case q:
            set QUIET = 1
            shift
            breaksw
        case t:
            set TRUST_SETTINGS_ARG = -g
            shift
            breaksw
        default:
			echo Usage: intermedSourceTest directory
            exit(1)
    endsw
end

#
# binaries we need
#
set CERTCRL=$BUILD_DIR/certcrl
set CERTS_FROM_DB=$BUILD_DIR/certsFromDb
foreach targ ($CERTCRL $CERTS_FROM_DB)
	if(! -e $targ) then
		echo === $targ is missing. Try building clxutil. 
		exit(1)
	endif
end

set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain

echo starting intermedSourceTest
#
# certcrl args:
#
#  -c  cert to eval
#  -s  use system anchors
#  -a  allow certs unverified by CRLs
#  -n  no network fetch of CRLs
#  -N  no network fetch of certs  
#  -f  leaf cert is a CA
#  -d  SYSTEM_CERTS   -- use additional certs from there
#  -L  silent
#  -g  use Trust Settings
#
cd $CERTS_DIR
foreach certFile (*)
	if ( -f "$certFile" ) then 
		if($QUIET == 0) then
			echo testing $certFile....
		endif
		$CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
		set ERR=$status
		if($ERR == 1) then
		   echo "Note: $certFile is expired"
		else
		if($ERR != 0) then
		   echo "++++++++ Verification error on $certFile ($ERR)"
		   $CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
		   exit(1)
		endif
	endif
end

if($QUIET == 0) then
	echo "...intermedSourceTest complete"
endif
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# verify all of the certs in specified directory as intermediates. They must
	4	# verify against the system roots.
	5	#
	6	if ( $#argv < 1 ) then
	7	echo "Usage: intermedSourceTest directory [q(uiet)] [t(rustSettings)]"
	8	echo A good directory would be ../../../security_certificates/certs/
	9	exit(1)
	10	endif
	11	#
	12	set BUILD_DIR=$LOCAL_BUILD_DIR
	13	set CERTS_DIR=$argv[1]
	14
	15	set QUIET=0
	16	set TRUST_SETTINGS_ARG=
	17	shift
	18	while ( $#argv > 0 )
	19	switch ( "$argv[1]" )
	20	case q:
	21	set QUIET = 1
	22	shift
	23	breaksw
	24	case t:
	25	set TRUST_SETTINGS_ARG = -g
	26	shift
	27	breaksw
	28	default:
	29	echo Usage: intermedSourceTest directory
	30	exit(1)
	31	endsw
	32	end
	33
	34	#
	35	# binaries we need
	36	#
	37	set CERTCRL=$BUILD_DIR/certcrl
	38	set CERTS_FROM_DB=$BUILD_DIR/certsFromDb
	39	foreach targ ($CERTCRL $CERTS_FROM_DB)
	40	if(! -e $targ) then
	41	echo === $targ is missing. Try building clxutil.
	42	exit(1)
	43	endif
	44	end
	45
	46	set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain
	47
	48	echo starting intermedSourceTest
	49	#
	50	# certcrl args:
	51	#
	52	# -c cert to eval
	53	# -s use system anchors
	54	# -a allow certs unverified by CRLs
	55	# -n no network fetch of CRLs
	56	# -N no network fetch of certs
	57	# -f leaf cert is a CA
	58	# -d SYSTEM_CERTS -- use additional certs from there
	59	# -L silent
	60	# -g use Trust Settings
	61	#
	62	cd $CERTS_DIR
	63	foreach certFile (*)
	64	if ( -f "$certFile" ) then
65	if($QUIET == 0) then
66	echo testing $certFile....
67	endif
68	$CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
69	set ERR=$status
70	if($ERR == 1) then
71	echo "Note: $certFile is expired"
72	else
73	if($ERR != 0) then
74	echo "++++++++ Verification error on $certFile ($ERR)"
75	$CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
76	exit(1)
77	endif
78	endif
79	end
80
81	if($QUIET == 0) then
82	echo "...intermedSourceTest complete"
83	endif
84