]>
git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/cltpdvt
3 # run CL/TP/SSL X regression tests.
5 set BUILD_DIR
=$LOCAL_BUILD_DIR
13 # when false, no SSL, not even local loopback tests or CRL/OCSP tests
15 # when empty, do ssl Ping tests via ssldvt
53 set CERTCRL_QUIET
= -q
64 # Select 'quick' or 'normal' test params
66 # Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid
67 # messing with user's ~/Library/Keychains.
69 if($QUICK_TEST == 1) then
70 set CGCONSTRUCT_ARGS
="d=0"
72 set CGVERIFY_DSA_ARGS
="l=20 d"
76 set THREADTEST_ARGS
="ecvsyfF l=10"
78 set THREADTEST_ARGS
="l=10"
80 set THREADPING_ARGS
="ep o=mr3 l=5"
81 set P12REENCODE_ARGS
="l=2"
83 set CGCONSTRUCT_ARGS
="l=100 d=0"
84 set CGVERIFY_ARGS
="l=100 d"
85 set CAVERIFY_ARGS
="l=500"
86 set CGVERIFY_DSA_ARGS
="l=500 d"
87 set EXTENTEST_ARGS
="l=100"
89 set THREADTEST_ARGS
="l=100 ecvsyfF"
91 set THREADTEST_ARGS
="l=100"
93 set THREADPING_ARGS
="ep o=mr3 l=10"
94 set P12REENCODE_ARGS
="l=10"
99 if($SKIP_BASIC == 0) then
101 # test RSA, FEE, ECDSA with the following two...
103 $BUILD_DIR/cgConstruct
$CGCONSTRUCT_ARGS $QUIET $VERB || exit(1)
104 $BUILD_DIR/cgConstruct
$CGCONSTRUCT_ARGS a
=f
$QUIET $VERB || exit(1)
105 $BUILD_DIR/cgConstruct
$CGCONSTRUCT_ARGS a
=E
$QUIET $VERB || exit(1)
106 $BUILD_DIR/cgVerify
$CGVERIFY_ARGS n
=2 $QUIET $VERB || exit(1)
107 $BUILD_DIR/cgVerify
$CGVERIFY_ARGS $QUIET $VERB || exit(1)
108 $BUILD_DIR/cgVerify
$CGVERIFY_ARGS a
=e
$QUIET $VERB || exit(1)
109 $BUILD_DIR/cgVerify
$CGVERIFY_ARGS a
=5 $QUIET $VERB || exit(1)
110 $BUILD_DIR/cgVerify
$CGVERIFY_ARGS a
=E
$QUIET $VERB || exit(1)
112 # And one run for DSA partial key processing; run in the test
113 # dir to pick up DSA params
115 cd $CLXUTILS/cgVerify
116 $BUILD_DIR/cgVerify
$CGVERIFY_DSA_ARGS a
=d
$QUIET $VERB || exit(1)
117 $BUILD_DIR/caVerify
$CAVERIFY_ARGS $QUIET $VERB || exit(1)
118 $BUILD_DIR/caVerify a
=E
$CAVERIFY_ARGS $QUIET $VERB || exit(1)
122 # Anchor and intermediate test: once with normal anchors, one with
126 ### Allow expired anchors until Radar 6133507 is fixed
128 echo "### Warning: allowing expired roots in anchorTest..."
129 $BUILD_DIR/anchorTest e
$QUIET $VERB || exit(1)
130 $BUILD_DIR/anchorTest t e
$QUIET $VERB || exit(1)
131 $CLXUTILS/anchorTest
/intermedTest
$QUIET || exit(1)
132 $CLXUTILS/anchorTest
/intermedTest t
$QUIET || exit(1)
133 $BUILD_DIR/trustAnchors
$QUIET || exit(1)
138 $BUILD_DIR/certSerialEncodeTest
$QUIET || exit(1)
141 # certcrl script tests require files relative to cwd
143 cd $CLXUTILS/certcrl
/testSubjects
/X509tests
144 $BUILD_DIR/certcrl
-S x509tests.scr
$CERTCRL_QUIET || exit(1)
145 cd $CLXUTILS/certcrl
/testSubjects
/smime
146 $BUILD_DIR/certcrl
-S smime.scr
$CERTCRL_QUIET || exit(1)
148 # disable expiredRoot test since it makes assumptions about
149 # store.apple.com which are no longer true %%%FIXME!
150 #cd $CLXUTILS/certcrl/testSubjects/expiredRoot
151 #$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET || exit(1)
153 cd $CLXUTILS/certcrl
/testSubjects
/expiredCerts
154 $BUILD_DIR/certcrl
-S expiredCerts.scr
$CERTCRL_QUIET || exit(1)
156 cd $CLXUTILS/certcrl
/testSubjects
/anchorAndDb
157 $BUILD_DIR/certcrl
-S anchorAndDb.scr
$CERTCRL_QUIET || exit(1)
159 cd $CLXUTILS/certcrl
/testSubjects
/hostNameDot
160 $BUILD_DIR/certcrl
-S hostNameDot.scr
$CERTCRL_QUIET || exit(1)
162 # one with normal anchors, one with Trust Settings
163 cd $CLXUTILS/certcrl
/testSubjects
/AppleCerts
164 $BUILD_DIR/certcrl
-S AppleCerts.scr
$CERTCRL_QUIET || exit(1)
165 $BUILD_DIR/certcrl
-S AppleCerts.scr
-g $CERTCRL_QUIET || exit(1)
167 # one with normal anchors, one with Trust Settings
168 # This will fail if you have userTrustSettings.plist, from ../trustSettings,
170 # Note this should eventually be renamed to something like SWUpdateSigning...
171 cd $CLXUTILS/certcrl
/testSubjects
/AppleCodeSigning
172 $BUILD_DIR/certcrl
-S AppleCodeSigning.scr
$CERTCRL_QUIET || exit(1)
173 $BUILD_DIR/certcrl
-S AppleCodeSigning.scr
-g $CERTCRL_QUIET || exit(1)
175 cd $CLXUTILS/certcrl
/testSubjects
/CodePkgSigning
176 $BUILD_DIR/certcrl
-S CodePkgSigning.scr
$CERTCRL_QUIET || exit(1)
178 cd $CLXUTILS/certcrl
/testSubjects
/localTime
179 $BUILD_DIR/certcrl
-S localTime.scr
$CERTCRL_QUIET || exit(1)
181 # one with normal anchors, one with Trust Settings
182 cd $CLXUTILS/certcrl
/testSubjects
/serverGatedCrypto
183 $BUILD_DIR/certcrl
-S sgc.scr
$CERTCRL_QUIET || exit(1)
184 $BUILD_DIR/certcrl
-S sgc.scr
-g $CERTCRL_QUIET || exit(1)
186 cd $CLXUTILS/certcrl
/testSubjects
/crlTime
187 $BUILD_DIR/certcrl
-S crlTime.scr
$CERTCRL_QUIET || exit(1)
188 cd $CLXUTILS/certcrl
/testSubjects
/implicitAnchor
189 $BUILD_DIR/certcrl
-S implicitAnchor.scr
$CERTCRL_QUIET || exit(1)
190 cd $CLXUTILS/certcrl
/testSubjects
/crossSigned
191 $BUILD_DIR/certcrl
-S crossSigned.scr
$CERTCRL_QUIET || exit(1)
192 cd $CLXUTILS/certcrl
/testSubjects
/emptyCert
193 $BUILD_DIR/certcrl
-S emptyCert.scr
$CERTCRL_QUIET || exit(1)
194 cd $CLXUTILS/certcrl
/testSubjects
/emptySubject
195 $BUILD_DIR/certcrl
-S emptySubject.scr
$CERTCRL_QUIET || exit(1)
196 cd $CLXUTILS/certcrl
/testSubjects
/qualCertStatment
197 $BUILD_DIR/certcrl
-S qualCertStatement.scr
$CERTCRL_QUIET || exit(1)
198 cd $CLXUTILS/certcrl
/testSubjects
/ipSec
199 $BUILD_DIR/certcrl
-S ipSec.scr
$CERTCRL_QUIET || exit(1)
201 # ECDSA certs, lots of 'em
203 cd $CLXUTILS/certcrl
/testSubjects
/NSS_ECC
204 $BUILD_DIR/certcrl
-S nssecc.scr
$CERTCRL_QUIET || exit(1)
205 $BUILD_DIR/certcrl
-S msEcc.scr
$CERTCRL_QUIET || exit(1)
206 $BUILD_DIR/certcrl
-S opensslEcc.scr
$CERTCRL_QUIET || exit(1)
210 # once each with normal anchors, one with Trust Settings
212 # Until Verisign gets their CRL server fixed, we have to allow the disabling of the
215 if($NO_SSL == 0) then
217 if($FULL_SSL == YES
) then
218 cd $CLXUTILS/certcrl
/testSubjects
/crlFromSsl
219 $BUILD_DIR/certcrl
-S crlssl.scr
$CERTCRL_QUIET || exit(1)
220 $BUILD_DIR/certcrl
-S crlssl.scr
-g $CERTCRL_QUIET || exit(1)
222 cd $CLXUTILS/certcrl
/testSubjects
/ocspFromSsl
223 # this test makes assumptions about store.apple.com which are no longer
224 # true, so need to disable the test for now. %%%FIXME!
225 #$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET || exit(1)
226 #$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET || exit(1)
229 $BUILD_DIR/extenTest
$EXTENTEST_ARGS $QUIET $VERB || exit(1)
230 $BUILD_DIR/extenTestTp
$EXTENTEST_ARGS $QUIET $VERB || exit(1)
231 $BUILD_DIR/sslSubjName
$QUIET $VERB || exit(1)
232 $BUILD_DIR/smimePolicy
$QUIET $VERB || exit(1)
233 $BUILD_DIR/certLabelTest
$CERTCRL_QUIET || exit(1)
236 # extendAttrTest has to be run from specific directory for access to keys and certs
238 cd $CLXUTILS/extendAttrTest
239 $BUILD_DIR/extendAttrTest
-k $BUILD_DIR/eat.keychain
$CERTCRL_QUIET || exit(1)
242 # threadTest relies on a cert file in cwd
244 if($DO_THREAD == 1) then
245 cd $CLXUTILS/threadTest
246 $BUILD_DIR/threadTest
$THREADTEST_ARGS $QUIET $VERB || exit(1)
249 # CMS tests have to be run from specific directory for access to keychain and certs
251 cd $CLXUTILS/newCmsTool
/blobs
252 .
/cmstestHandsoff
$CERTCRL_QUIET || exit(1)
253 .
/cmsEcdsaHandsoff
$CERTCRL_QUIET || exit(1)
256 # This one uses a number of p12 files in cwd
258 # we may never see this again....
260 # echo ==== skipping p12Reencode for now, but I really want this back ===
261 # cd $CLXUTILS/p12Reencode
262 # ./doReencode $P12REENCODE_ARGS $QUIET || exit(1)
266 # Import/export tests, always run from here with no default ACL (to avoid UI).
268 cd $CLXUTILS/importExport
269 .
/importExport n
$QUIET || exit(1)
271 # sslEcdsa test removed pending validation of tls.secg.org server
273 # $BUILD_DIR/sslEcdsa $CERTCRL_QUIET || exit(1)
276 # Full SSL tests run:
277 # -- once with blocking socket I/O
278 # -- once with nonblocking socket I/O
279 # -- once with RingBuffer I/O, no verifyPing
281 if($NO_SSL == 0) then
282 cd $CLXUTILS/sslScripts
283 .
/makeLocalCert a
|| exit(1)
284 .
/ssldvt
$SSL_PING_ENABLE $QUIET $VERB || exit(1)
285 .
/ssldvt
$SSL_PING_ENABLE $QUIET $VERB b
|| exit(1)
286 .
/ssldvt n
$QUIET $VERB R
|| exit(1)
289 if($FULL_SSL == YES
) then
290 $BUILD_DIR/threadTest
$THREADPING_ARGS $QUIET $VERB || exit(1)
293 echo ==== cltpdvt success
====
projects / apple / security.git / blob