projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| d8f41ccd A |
1 | #! /bin/csh -f |
| 2 | # | |
| 3 | # Run cmstest, handsoff, any user, any environment, ECDSA version. | |
| 4 | # This uses a keychain we have right here for this purpose. It's insecure - we | |
| 5 | # know its passphrase and use it here in the clear to unlock - and its private | |
| 6 | # keys have wide-open ACLs to avoid UI. We use the root used to generate the | |
| 7 | # certs in that keychain in the -A option to newCmsTool. | |
| 8 | # | |
| 9 | # To get identities with no ACLs, create them in the usual way (I do it with | |
| 10 | # the Cert app), export them in p12 form, delete from the keychain, and import | |
| 11 | # like this: | |
| 12 | # | |
| 13 | # % kcImport user3.p12 -z password -f pkcs12 -n -k ecdsaCmsKeychain.keychain | |
| 14 | # | |
| 15 | # We copy the test's keychain to ${BUILD_DIR}/ecdsaCmsKeychain.keychain just to keep the UI spew to | |
| 16 | # a minimum. | |
| 17 | # | |
| 18 | ||
| 19 | # | |
| 20 | # safely look for this required env var | |
| 21 | # | |
| 22 | setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null | |
| 23 | if($status != 0) then | |
| 24 | echo Please set env var LOCAL_BUILD_DIR. | |
| 25 | exit(1) | |
| 26 | endif | |
| 27 | set BUILD_DIR=$LOCAL_BUILD_DIR | |
| 28 | ||
| 29 | set TESTDIR=`pwd` | |
| 30 | set CMS_KEYCHAIN_SRC=ecdsaCmsKeychain.keychain | |
| 31 | set CMS_KEYCHAIN_DST=${BUILD_DIR}/ecdsaCmsKeychain.keychain | |
| 32 | set CMS_KEYCHAIN_PASSWORD=password | |
| 33 | set CMS_KEYCHAIN_ROOT=cmsEcdsaRoot.cer | |
| 34 | set USER1=user3@debug.apple.com | |
| 35 | set USER2=user4@debug.apple.com | |
| 36 | set QUIET= | |
| 37 | set OUR_QUIET=NO | |
| 38 | ||
| 39 | while ( $#argv > 0 ) | |
| 40 | switch ( "$argv[1]" ) | |
| 41 | case -q: | |
| 42 | set QUIET="-q" | |
| 43 | set OUR_QUIET=YES | |
| 44 | shift | |
| 45 | breaksw | |
| 46 | default: | |
| 47 | echo "Usage: cmstestHandsoff [-q(uiet)]" | |
| 48 | exit(1) | |
| 49 | endsw | |
| 50 | end | |
| 51 | ||
| 52 | echo Starting cmsEcdsaHandsoff | |
| 53 | ||
| 54 | set cmd="cp $CMS_KEYCHAIN_SRC $CMS_KEYCHAIN_DST" | |
| 55 | if($OUR_QUIET == NO) then | |
| 56 | echo $cmd | |
| 57 | endif | |
| 58 | # ignore errors here...we'll soon fail if this does | |
| 59 | $cmd | |
| 60 | ||
| 61 | set cmd="/usr/bin/security unlock -p $CMS_KEYCHAIN_PASSWORD $CMS_KEYCHAIN_DST" | |
| 62 | if($OUR_QUIET == NO) then | |
| 63 | echo $cmd | |
| 64 | endif | |
| 65 | $cmd || exit(1) | |
| 66 | ||
| 67 | set cmd="./cmstest -s $USER1 -S $USER2 -k $CMS_KEYCHAIN_DST -a $CMS_KEYCHAIN_ROOT $QUIET" | |
| 68 | if($OUR_QUIET == NO) then | |
| 69 | echo $cmd | |
| 70 | endif | |
| 71 | $cmd || exit(1) | |
| 72 | ||
| 73 | # and try to be nice | |
| 74 | set cmd="rm $CMS_KEYCHAIN_DST" | |
| 75 | if($OUR_QUIET == NO) then | |
| 76 | echo $cmd | |
| 77 | endif | |
| 78 | $cmd || exit(1) | |
| 79 | ||
| 80 | if($OUR_QUIET == NO) then | |
| 81 | echo === cmsEcdsaHandsoff Succeeded === | |
| 82 | endif | |
| 83 |