[apple/security.git] / OSX / codesign_tests / SignatureEditing.sh

#!/bin/sh

v=${v:-:}

fails=0
t=$(mktemp -d /tmp/cs-edit-XXXXXX)

runTest () {
    test=$1
    shift

    echo "[BEGIN] ${test}"

    ${v} echo "> $@"
    "$@" > $t/outfile.txt 2>&1
    res=$?
    [ $res != 0 ] && res=1 #normalize

    if expr "$test" : "fail"  > /dev/null; then
        exp=1
    else
        exp=0
    fi

    ${v} cat $t/outfile.txt
    if [ $res -eq $exp ]; then
        echo "[PASS] ${test}"
        echo
        rm -f $t/outfile.txt
    else
        echo
        cat $t/outfile.txt
        echo
        echo "[FAIL] ${test}"
        echo
        fails=$(($fails+1))
    fi
}

codesign=${codesign:-codesign}

editTest () {
    name="$1"
    shift
    target="$1"
    shift

    rm -f $t/cms

    runTest validate-$name $codesign -v -R="anchor apple" -v "$target"
    runTest dump-cms-$name $codesign -d --dump-cms=$t/cms "$target"
    runTest edit-nonsense-into-cms-$name $codesign -e "$target" --edit-cms /etc/hosts
    runTest fail-nonsense-validation-$name $codesign -v -R="anchor apple" -v "$target"
    runTest edit-original-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
    runTest success-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
    runTest edit-cat-cms-into-cms-$name $codesign -e "$target" --edit-cms $t/cat.cms
    runTest fail-cat-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
    runTest edit-original-again-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
    runTest success-cms-validation-again-$name $codesign -v -R="anchor apple" -v "$target"
}

runTest dump-cat-cms $codesign -d --dump-cms=$t/cat.cms /bin/cat

runTest prepare-ls cp -R /bin/ls $t/ls
editTest ls $t/ls
runTest prepare-TextEdit cp -R /Applications/TextEdit.app $t/TextEdit.app
editTest TextEdit $t/TextEdit.app

runTest prepare-codeless cp -R /var/db/gke.bundle $t/gke.bundle
editTest codeless $t/gke.bundle

runTest codesign-remove-signature $codesign --remove $t/ls
runTest codesign-omit-adhoc $codesign -s - -f --omit-adhoc-flag $t/ls
runTest adhoc-omitted sh -c "$codesign -d -v $t/ls 2>&1| grep -F 'flags=0x0(none)'"

# cleanup

if [ $fails != 0 ] ; then
    echo "$fails signature edit tests failed"
    exit 1
else
    echo "all signature edit tests passed"
    rm -rf $t
fi

exit 0
Commit	Line	Data
dbe77505 A	1	#!/bin/sh
	2
	3	v=${v:-:}
	4
	5	fails=0
	6	t=$(mktemp -d /tmp/cs-edit-XXXXXX)
	7
	8	runTest () {
	9	test=$1
	10	shift
	11
	12	echo "[BEGIN] ${test}"
	13
	14	${v} echo "> $@"
	15	"$@" > $t/outfile.txt 2>&1
	16	res=$?
	17	[ $res != 0 ] && res=1 #normalize
	18
	19	if expr "$test" : "fail" > /dev/null; then
	20	exp=1
	21	else
	22	exp=0
	23	fi
	24
	25	${v} cat $t/outfile.txt
	26	if [ $res -eq $exp ]; then
	27	echo "[PASS] ${test}"
	28	echo
	29	rm -f $t/outfile.txt
	30	else
	31	echo
	32	cat $t/outfile.txt
	33	echo
	34	echo "[FAIL] ${test}"
	35	echo
	36	fails=$(($fails+1))
	37	fi
	38	}
	39
	40	codesign=${codesign:-codesign}
	41
	42	editTest () {
	43	name="$1"
	44	shift
	45	target="$1"
	46	shift
	47
	48	rm -f $t/cms
	49
	50	runTest validate-$name $codesign -v -R="anchor apple" -v "$target"
	51	runTest dump-cms-$name $codesign -d --dump-cms=$t/cms "$target"
	52	runTest edit-nonsense-into-cms-$name $codesign -e "$target" --edit-cms /etc/hosts
	53	runTest fail-nonsense-validation-$name $codesign -v -R="anchor apple" -v "$target"
	54	runTest edit-original-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
	55	runTest success-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
	56	runTest edit-cat-cms-into-cms-$name $codesign -e "$target" --edit-cms $t/cat.cms
	57	runTest fail-cat-cms-validation-$name $codesign -v -R="anchor apple" -v "$target"
	58	runTest edit-original-again-into-cms-$name $codesign -e "$target" --edit-cms $t/cms
	59	runTest success-cms-validation-again-$name $codesign -v -R="anchor apple" -v "$target"
	60	}
	61
	62	runTest dump-cat-cms $codesign -d --dump-cms=$t/cat.cms /bin/cat
	63
	64	runTest prepare-ls cp -R /bin/ls $t/ls
65	editTest ls $t/ls
66	runTest prepare-TextEdit cp -R /Applications/TextEdit.app $t/TextEdit.app
67	editTest TextEdit $t/TextEdit.app
68
69	runTest prepare-codeless cp -R /var/db/gke.bundle $t/gke.bundle
70	editTest codeless $t/gke.bundle
71
72	runTest codesign-remove-signature $codesign --remove $t/ls
73	runTest codesign-omit-adhoc $codesign -s - -f --omit-adhoc-flag $t/ls
74	runTest adhoc-omitted sh -c "$codesign -d -v $t/ls 2>&1\| grep -F 'flags=0x0(none)'"
75
76	# cleanup
77
78	if [ $fails != 0 ] ; then
79	echo "$fails signature edit tests failed"
80	exit 1
81	else
82	echo "all signature edit tests passed"
83	rm -rf $t
84	fi
85
86	exit 0