SecurityTests/clxutils/anchorTest/intermedSourceTest

   1 #! /bin/csh -f
   2 #
   3 # verify all of the certs in specified directory as intermediates. They must
   4 # verify against the system roots.
   5 #
   6 if ( $#argv < 1 ) then
   7         echo "Usage: intermedSourceTest directory [q(uiet)] [t(rustSettings)]"
   8                 echo A good directory would be ../../../security_certificates/certs/
   9         exit(1)
  10 endif
  11 #
  12 set BUILD_DIR=$LOCAL_BUILD_DIR
  13 set CERTS_DIR=$argv[1]
  14
  15 set QUIET=0
  16 set TRUST_SETTINGS_ARG=
  17 shift
  18 while ( $#argv > 0 )
  19     switch ( "$argv[1]" )
  20         case q:
  21             set QUIET = 1
  22             shift
  23             breaksw
  24         case t:
  25             set TRUST_SETTINGS_ARG = -g
  26             shift
  27             breaksw
  28         default:
  29                         echo Usage: intermedSourceTest directory
  30             exit(1)
  31     endsw
  32 end
  33
  34 #
  35 # binaries we need
  36 #
  37 set CERTCRL=$BUILD_DIR/certcrl
  38 set CERTS_FROM_DB=$BUILD_DIR/certsFromDb
  39 foreach targ ($CERTCRL $CERTS_FROM_DB)
  40         if(! -e $targ) then
  41                 echo === $targ is missing. Try building clxutil.
  42                 exit(1)
  43         endif
  44 end
  45
  46 set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain
  47
  48 echo starting intermedSourceTest
  49 #
  50 # certcrl args:
  51 #
  52 #  -c  cert to eval
  53 #  -s  use system anchors
  54 #  -a  allow certs unverified by CRLs
  55 #  -n  no network fetch of CRLs
  56 #  -N  no network fetch of certs
  57 #  -f  leaf cert is a CA
  58 #  -d  SYSTEM_CERTS   -- use additional certs from there
  59 #  -L  silent
  60 #  -g  use Trust Settings
  61 #
  62 cd $CERTS_DIR
  63 foreach certFile (*)
  64         if ( -f "$certFile" ) then
  65                 if($QUIET == 0) then
  66                         echo testing $certFile....
  67                 endif
  68                 $CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
  69                 set ERR=$status
  70                 if($ERR == 1) then
  71                    echo "Note: $certFile is expired"
  72                 else
  73                 if($ERR != 0) then
  74                    echo "++++++++ Verification error on $certFile ($ERR)"
  75                    $CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG
  76                    exit(1)
  77                 endif
  78         endif
  79 end
  80
  81 if($QUIET == 0) then
  82         echo "...intermedSourceTest complete"
  83 endif
  84