]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/importExportPkcs12
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.30.12.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / importExportPkcs12
1 #! /bin/csh -f
2 #
3 # Run import/export tests for PKCS12.
4 #
5 # Run this from SecurityTests/clxutils/importExport. The
6 # kcImport and kcExport programs must exist in the location
7 # specified by the LOCAL_BUILD_DIR env var.
8 #
9
10 source setupCommon
11
12 # PKCS12 blob, we generate
13 set GEN_PKCS12_PFX=${BUILD_DIR}/generated.p12
14
15 # parsed PEM sequence generated by openssl (parsing $GEN_PKCS12_PFX)
16 set PKCS12_PARSED_PEM=${BUILD_DIR}/parsed.p12.pem
17
18 # PKCS12 blob, openssl generates
19 set GEN_OPENSSL_PKCS12_PFX=${BUILD_DIR}/generatedOpenssl.p12
20
21 # PKCS12 passphrase
22 set PKCS12_PASSPHRASE=somePassphrase
23
24 # user specified variables
25 set QUIET=NO
26 set QUIET_ARG=
27 set KEYSIZE=512
28 set NOACL=NO
29 set NOACL_ARG=
30 set SECURE_PASSPHR=
31 set NOCLEAN=NO
32
33 #
34 # Verify existence of a few crucial things before we start.
35 #
36 if( ( ! -e $KCIMPORT ) || \
37 ( ! -e $KCEXPORT ) ) then
38 echo === You do not seem to have all of the required executables.
39 echo === Please build all of cspxutils and clxutils.
40 echo === See the README files in those directories for info.
41 exit(1)
42 endif
43
44 # user options
45
46 while ( $#argv > 0 )
47 switch ( "$argv[1]" )
48 case q:
49 set QUIET=YES
50 set QUIET_ARG=-q
51 shift
52 breaksw
53 case n:
54 set NOACL=YES
55 set NOACL_ARG=-n
56 shift
57 breaksw
58 case s:
59 set SECURE_PASSPHR=-Z
60 shift
61 breaksw
62 case N:
63 set NOCLEAN=YES
64 shift
65 breaksw
66 default:
67 echo Usage: importExportPkcs12 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
68 exit(1)
69 endsw
70 end
71
72 # Create keypair and cert using certtool
73
74 echo === Begin PKCS12 test ===
75 if ($QUIET == NO) then
76 echo Creating keypair and cert with certtool...
77 echo $CLEANKC
78 endif
79 $CLEANKC || exit(1)
80 set cmd="$CERTTOOL c k=$KEYCHAIN_PATH Z"
81 if ($QUIET == NO) then
82 echo $cmd
83 endif
84 $cmd > /dev/null || exit(1)
85
86 # export as P12
87
88 if ($QUIET == NO) then
89 echo ...Exporting private key and cert as PKCS12...
90 endif
91 # note we export Identities, not All, since pub keys can't go in a P12
92 set cmd="$KCEXPORT $KEYCHAIN -t identities -f pkcs12 -o $GEN_PKCS12_PFX -z $PKCS12_PASSPHRASE $SECURE_PASSPHR -q"
93 if ($QUIET == NO) then
94 echo $cmd
95 endif
96 $cmd || exit(1)
97
98 # import and verify
99
100 if ($QUIET == NO) then
101 echo ...Importing PKCS12, explicit format...
102 endif
103 if ($QUIET == NO) then
104 echo $CLEANKC
105 endif
106 $CLEANKC || exit(1)
107 set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -f pkcs12 -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
108 if ($QUIET == NO) then
109 echo $cmd
110 endif
111 $cmd || exit(1)
112
113 if ($QUIET == NO) then
114 echo ...Importing PKCS12, format inferred from filename...
115 endif
116 if ($QUIET == NO) then
117 echo $CLEANKC
118 endif
119 $CLEANKC || exit(1)
120 set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
121 if ($QUIET == NO) then
122 echo $cmd
123 endif
124 $cmd || exit(1)
125 if ($QUIET == NO) then
126 echo $CLEANKC
127 endif
128 $CLEANKC || exit(1)
129
130 #
131 # Exchange with openssl.
132 #
133 if ($QUIET == NO) then
134 echo ...parsing our P12 PFX with openssl...
135 endif
136 set cmd="$RM -f $PKCS12_PARSED_PEM"
137 if ($QUIET == NO) then
138 echo $cmd
139 endif
140 $cmd || exit(1)
141 set cmd="$OPENSSL pkcs12 -in $GEN_PKCS12_PFX -passin pass:$PKCS12_PASSPHRASE -nodes -out $PKCS12_PARSED_PEM"
142 if ($QUIET == NO) then
143 echo $cmd
144 endif
145 $cmd >& /dev/null|| exit(1)
146
147 if ($QUIET == NO) then
148 echo ...parsing openssl PEM sequence
149 echo $CLEANKC
150 endif
151 $CLEANKC || exit(1)
152 set cmd="$KCIMPORT $PKCS12_PARSED_PEM -k $KEYCHAIN -z $PKCS12_PASSPHRASE -q $NOACL_ARG $SECURE_PASSPHR"
153 if ($QUIET == NO) then
154 echo $cmd
155 endif
156 $cmd || exit(1)
157
158 if ($QUIET == NO) then
159 echo ...creating PKCS12 with openssl, import to empty keychain
160 endif
161 set cmd="$OPENSSL pkcs12 -in $PKCS12_PARSED_PEM -out $GEN_OPENSSL_PKCS12_PFX -passout pass:$PKCS12_PASSPHRASE -export"
162 if ($QUIET == NO) then
163 echo $cmd
164 endif
165 $cmd || exit(1)
166 if ($QUIET == NO) then
167 echo $CLEANKC
168 endif
169 $CLEANKC || exit(1)
170 set cmd="$KCIMPORT $GEN_OPENSSL_PKCS12_PFX -z $PKCS12_PASSPHRASE -k $KEYCHAIN -K 0 -C 0 -I 1 -q $SECURE_PASSPHR"
171 if ($QUIET == NO) then
172 echo $cmd
173 endif
174 $cmd || exit(1)
175 set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
176 if ($QUIET == NO) then
177 echo $cmd
178 endif
179 $cmd || exit(1)
180
181 # cleanup
182 if ($NOCLEAN == NO) then
183 set cmd="rm -f $GEN_PKCS12_PFX $PKCS12_PARSED_PEM $GEN_OPENSSL_PKCS12_PFX"
184 if ($QUIET == NO) then
185 echo $cmd
186 endif
187 $cmd || exit(1)
188 endif
189
190 if ($QUIET == NO) then
191 echo === PKCS12 test complete ===
192 endif
193
mirror of Security