[apple/security.git] / SecurityTests / clxutils / signerAndSubjSsl / doTest

#! /bin/csh -f
#
# Test SSL's hostname compare using subjectAltName extensions. 
#
# these can be overridden by the 'q' and 'v' cmd line options
#
set QUIET = 0
set VERBOSE = 0
#
while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case v:
            set VERBOSE = 1
            shift
            breaksw
        case q:
            set QUIET = 1
            shift
            breaksw
        default:
            echo usage: doTest \[q\] \[v\]
            exit(1)
    endsw
end

#
# hard coded in signerAndSubjSsl
#
set ROOT_CERT = ssRootCert.der
set LEAF_CERT = ssSubjCert.der
set COMMON_NAME = something.org
#
# the common arguments to certcrl
#
set STD_CRL_ARGS = "-c $LEAF_CERT -C $ROOT_CERT -a -n -N -q"
#
# DNS_NAME goes in the leaf cert's subjectAltName, which is supposed to have precedence
# over the common name (which is fixed at something.org).
#
set DNS_NAME = foo.bar
set BAD_DNS_NAME = foo.foo.bar
#
if($QUIET == 0) then
	echo === leaf cert with DNS name $DNS_NAME
endif
#
set cmd = "signerAndSubjSsl d=$DNS_NAME q"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
# Note the app is passing in $HOST_NAME which differs from the leaf cert's common name
#
if($QUIET == 0) then
	echo === ...verify success with hostname $DNS_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $DNS_NAME"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify failure with common name $COMMON_NAME when DNS name present 
endif
set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify failure with host name $BAD_DNS_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $BAD_DNS_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
######
#
set IP_ADDR = 1.0.5.8
set IP_ADDR_PAD = 1.0.05.008
set BAD_IP_ADDR = 2.0.5.8
#
if($QUIET == 0) then
	echo === leaf cert with IP address $IP_ADDR
endif
set cmd = "signerAndSubjSsl i=$IP_ADDR q"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify with hostname $IP_ADDR
endif
set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify with hostname $IP_ADDR_PAD
endif
set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR_PAD"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify with hostname $COMMON_NAME when no DNS name present 
endif
set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify failure with host name $BAD_IP_ADDR
endif
set cmd = "certcrl $STD_CRL_ARGS -h $BAD_IP_ADDR -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
######
#
set DNS_WC_NAME = "*.foo.bar"
set DNS_GOOD_WC_NAME = bar.foo.bar
set DNS_BAD_WC_NAME = foo.bar
#
if($QUIET == 0) then
	echo === leaf cert with DNS name "$DNS_WC_NAME"
endif
set cmd = "signerAndSubjSsl d=*.foo.bar q"
if($VERBOSE == 1) then
	echo "$cmd"
endif
signerAndSubjSsl "d=*.foo.bar" q || exit(1)
#
if($QUIET == 0) then
	echo === ...verify with hostname $DNS_GOOD_WC_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify failure with hostname $DNS_BAD_WC_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
######
#
set DNS_WC_NAME = "*foo.bar"
set DNS_GOOD_WC_NAME = barfoo.bar
set DNS_BAD_WC_NAME = bar.foo.bar
#
if($QUIET == 0) then
	echo === leaf cert with DNS name "$DNS_WC_NAME"
endif
set cmd = "signerAndSubjSsl d=*foo.bar q"
if($VERBOSE == 1) then
	echo "$cmd"
endif
signerAndSubjSsl "d=*foo.bar" q || exit(1)
#
if($QUIET == 0) then
	echo === ...verify with hostname $DNS_GOOD_WC_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
if($QUIET == 0) then
	echo === ...verify failure with hostname $DNS_BAD_WC_NAME
endif
set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
#
######
#
if($QUIET == 0) then
	echo === leaf cert with no DNS name, verify with common name
endif
set cmd = "signerAndSubjSsl q"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
if($VERBOSE == 1) then
	echo $cmd
endif
$cmd || exit(1)
echo ...signerAndSubjSslTest complete
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# Test SSL's hostname compare using subjectAltName extensions.
	4	#
	5	# these can be overridden by the 'q' and 'v' cmd line options
	6	#
	7	set QUIET = 0
	8	set VERBOSE = 0
	9	#
	10	while ( $#argv > 0 )
	11	switch ( "$argv[1]" )
	12	case v:
	13	set VERBOSE = 1
	14	shift
	15	breaksw
	16	case q:
	17	set QUIET = 1
	18	shift
	19	breaksw
	20	default:
	21	echo usage: doTest \[q\] \[v\]
	22	exit(1)
	23	endsw
	24	end
	25
	26	#
	27	# hard coded in signerAndSubjSsl
	28	#
	29	set ROOT_CERT = ssRootCert.der
	30	set LEAF_CERT = ssSubjCert.der
	31	set COMMON_NAME = something.org
	32	#
	33	# the common arguments to certcrl
	34	#
	35	set STD_CRL_ARGS = "-c $LEAF_CERT -C $ROOT_CERT -a -n -N -q"
	36	#
	37	# DNS_NAME goes in the leaf cert's subjectAltName, which is supposed to have precedence
	38	# over the common name (which is fixed at something.org).
	39	#
	40	set DNS_NAME = foo.bar
	41	set BAD_DNS_NAME = foo.foo.bar
	42	#
	43	if($QUIET == 0) then
	44	echo === leaf cert with DNS name $DNS_NAME
	45	endif
	46	#
	47	set cmd = "signerAndSubjSsl d=$DNS_NAME q"
	48	if($VERBOSE == 1) then
	49	echo $cmd
	50	endif
	51	$cmd \|\| exit(1)
	52	#
	53	# Note the app is passing in $HOST_NAME which differs from the leaf cert's common name
	54	#
	55	if($QUIET == 0) then
	56	echo === ...verify success with hostname $DNS_NAME
	57	endif
	58	set cmd = "certcrl $STD_CRL_ARGS -h $DNS_NAME"
	59	if($VERBOSE == 1) then
	60	echo $cmd
	61	endif
	62	$cmd \|\| exit(1)
	63	#
	64	if($QUIET == 0) then
65	echo === ...verify failure with common name $COMMON_NAME when DNS name present
66	endif
67	set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
68	if($VERBOSE == 1) then
69	echo $cmd
70	endif
71	$cmd \|\| exit(1)
72	#
73	if($QUIET == 0) then
74	echo === ...verify failure with host name $BAD_DNS_NAME
75	endif
76	set cmd = "certcrl $STD_CRL_ARGS -h $BAD_DNS_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
77	if($VERBOSE == 1) then
78	echo $cmd
79	endif
80	$cmd \|\| exit(1)
81	#
82	######
83	#
84	set IP_ADDR = 1.0.5.8
85	set IP_ADDR_PAD = 1.0.05.008
86	set BAD_IP_ADDR = 2.0.5.8
87	#
88	if($QUIET == 0) then
89	echo === leaf cert with IP address $IP_ADDR
90	endif
91	set cmd = "signerAndSubjSsl i=$IP_ADDR q"
92	if($VERBOSE == 1) then
93	echo $cmd
94	endif
95	$cmd \|\| exit(1)
96	#
97	if($QUIET == 0) then
98	echo === ...verify with hostname $IP_ADDR
99	endif
100	set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR"
101	if($VERBOSE == 1) then
102	echo $cmd
103	endif
104	$cmd \|\| exit(1)
105	#
106	if($QUIET == 0) then
107	echo === ...verify with hostname $IP_ADDR_PAD
108	endif
109	set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR_PAD"
110	if($VERBOSE == 1) then
111	echo $cmd
112	endif
113	$cmd \|\| exit(1)
114	#
115	if($QUIET == 0) then
116	echo === ...verify with hostname $COMMON_NAME when no DNS name present
117	endif
118	set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
119	if($VERBOSE == 1) then
120	echo $cmd
121	endif
122	$cmd \|\| exit(1)
123	#
124	if($QUIET == 0) then
125	echo === ...verify failure with host name $BAD_IP_ADDR
126	endif
127	set cmd = "certcrl $STD_CRL_ARGS -h $BAD_IP_ADDR -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
128	if($VERBOSE == 1) then
129	echo $cmd
130	endif
131	$cmd \|\| exit(1)
132	#
133	######
134	#
135	set DNS_WC_NAME = "*.foo.bar"
136	set DNS_GOOD_WC_NAME = bar.foo.bar
137	set DNS_BAD_WC_NAME = foo.bar
138	#
139	if($QUIET == 0) then
140	echo === leaf cert with DNS name "$DNS_WC_NAME"
141	endif
142	set cmd = "signerAndSubjSsl d=*.foo.bar q"
143	if($VERBOSE == 1) then
144	echo "$cmd"
145	endif
146	signerAndSubjSsl "d=*.foo.bar" q \|\| exit(1)
147	#
148	if($QUIET == 0) then
149	echo === ...verify with hostname $DNS_GOOD_WC_NAME
150	endif
151	set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
152	if($VERBOSE == 1) then
153	echo $cmd
154	endif
155	$cmd \|\| exit(1)
156	#
157	if($QUIET == 0) then
158	echo === ...verify failure with hostname $DNS_BAD_WC_NAME
159	endif
160	set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
161	if($VERBOSE == 1) then
162	echo $cmd
163	endif
164	$cmd \|\| exit(1)
165	#
166	######
167	#
168	set DNS_WC_NAME = "*foo.bar"
169	set DNS_GOOD_WC_NAME = barfoo.bar
170	set DNS_BAD_WC_NAME = bar.foo.bar
171	#
172	if($QUIET == 0) then
173	echo === leaf cert with DNS name "$DNS_WC_NAME"
174	endif
175	set cmd = "signerAndSubjSsl d=*foo.bar q"
176	if($VERBOSE == 1) then
177	echo "$cmd"
178	endif
179	signerAndSubjSsl "d=*foo.bar" q \|\| exit(1)
180	#
181	if($QUIET == 0) then
182	echo === ...verify with hostname $DNS_GOOD_WC_NAME
183	endif
184	set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
185	if($VERBOSE == 1) then
186	echo $cmd
187	endif
188	$cmd \|\| exit(1)
189	#
190	if($QUIET == 0) then
191	echo === ...verify failure with hostname $DNS_BAD_WC_NAME
192	endif
193	set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
194	if($VERBOSE == 1) then
195	echo $cmd
196	endif
197	$cmd \|\| exit(1)
198	#
199	######
200	#
201	if($QUIET == 0) then
202	echo === leaf cert with no DNS name, verify with common name
203	endif
204	set cmd = "signerAndSubjSsl q"
205	if($VERBOSE == 1) then
206	echo $cmd
207	endif
208	$cmd \|\| exit(1)
209	set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
210	if($VERBOSE == 1) then
211	echo $cmd
212	endif
213	$cmd \|\| exit(1)
214	echo ...signerAndSubjSslTest complete
215