]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/cltpdvt
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / cltpdvt
1 #! /bin/csh -f
2 #
3 # run CL/TP/SSL X regression tests.
4 #
5 set BUILD_DIR=$LOCAL_BUILD_DIR
6 #
7 set QUICK_TEST = 1
8 set QUIET=
9 set CERTCRL_QUIET=
10 set VERB=
11 set PINGSSL_QUIET=
12 set SKIP_BASIC = 0
13 # when false, no SSL, not even local loopback tests or CRL/OCSP tests
14 set NO_SSL=0
15 # when empty, do ssl Ping tests via ssldvt
16 set SSL_PING_ENABLE=n
17 set FULL_SSL=NO
18 set DO_THREAD=1
19 #
20 while ( $#argv > 0 )
21 switch ( "$argv[1]" )
22 case s:
23 set QUICK_TEST = 1
24 shift
25 breaksw
26 case l:
27 set QUICK_TEST = 0
28 shift
29 breaksw
30 case v:
31 set VERB = v
32 shift
33 breaksw
34 case n:
35 set NO_SSL = 1
36 shift
37 breaksw
38 case f:
39 set SSL_PING_ENABLE =
40 set FULL_SSL = YES
41 shift
42 breaksw
43 case t:
44 set DO_THREAD = 0
45 shift
46 breaksw
47 case k:
48 set SKIP_BASIC = 1
49 shift
50 breaksw
51 case q:
52 set QUIET = q
53 set CERTCRL_QUIET = -q
54 set PINGSSL_QUIET = s
55 shift
56 breaksw
57 default:
58 cat cltpdvt_usage
59 exit(1)
60 endsw
61 end
62
63 #
64 # Select 'quick' or 'normal' test params
65 #
66 # Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid
67 # messing with user's ~/Library/Keychains.
68 #
69 if($QUICK_TEST == 1) then
70 set CGCONSTRUCT_ARGS="d=0"
71 set CGVERIFY_ARGS="d"
72 set CGVERIFY_DSA_ARGS="l=20 d"
73 set CAVERIFY_ARGS=
74 set EXTENTEST_ARGS=
75 if($NO_SSL == 1) then
76 set THREADTEST_ARGS="ecvsyfF l=10"
77 else
78 set THREADTEST_ARGS="l=10"
79 endif
80 set THREADPING_ARGS="ep o=mr3 l=5"
81 set P12REENCODE_ARGS="l=2"
82 else
83 set CGCONSTRUCT_ARGS="l=100 d=0"
84 set CGVERIFY_ARGS="l=100 d"
85 set CAVERIFY_ARGS="l=500"
86 set CGVERIFY_DSA_ARGS="l=500 d"
87 set EXTENTEST_ARGS="l=100"
88 if($NO_SSL == 1) then
89 set THREADTEST_ARGS="l=100 ecvsyfF"
90 else
91 set THREADTEST_ARGS="l=100"
92 endif
93 set THREADPING_ARGS="ep o=mr3 l=10"
94 set P12REENCODE_ARGS="l=10"
95 endif
96 #
97 set CLXUTILS=`pwd`
98
99 if($SKIP_BASIC == 0) then
100 #
101 # test RSA, FEE, ECDSA with the following two...
102 #
103 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS $QUIET $VERB || exit(1)
104 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=f $QUIET $VERB || exit(1)
105 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=E $QUIET $VERB || exit(1)
106 $BUILD_DIR/cgVerify $CGVERIFY_ARGS n=2 $QUIET $VERB || exit(1)
107 $BUILD_DIR/cgVerify $CGVERIFY_ARGS $QUIET $VERB || exit(1)
108 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=e $QUIET $VERB || exit(1)
109 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=5 $QUIET $VERB || exit(1)
110 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=E $QUIET $VERB || exit(1)
111 #
112 # And one run for DSA partial key processing; run in the test
113 # dir to pick up DSA params
114 #
115 cd $CLXUTILS/cgVerify
116 $BUILD_DIR/cgVerify $CGVERIFY_DSA_ARGS a=d $QUIET $VERB || exit(1)
117 $BUILD_DIR/caVerify $CAVERIFY_ARGS $QUIET $VERB || exit(1)
118 $BUILD_DIR/caVerify a=E $CAVERIFY_ARGS $QUIET $VERB || exit(1)
119 endif
120
121 #
122 # Anchor and intermediate test: once with normal anchors, one with
123 # Trust Settings.
124 #
125 ###
126 ### Allow expired anchors until Radar 6133507 is fixed
127 ###
128 echo "### Warning: allowing expired roots in anchorTest..."
129 $BUILD_DIR/anchorTest e $QUIET $VERB || exit(1)
130 $BUILD_DIR/anchorTest t e $QUIET $VERB || exit(1)
131 $CLXUTILS/anchorTest/intermedTest $QUIET || exit(1)
132 $CLXUTILS/anchorTest/intermedTest t $QUIET || exit(1)
133 $BUILD_DIR/trustAnchors $QUIET || exit(1)
134
135 cd $CLXUTILS
136 ./updateCerts
137
138 $BUILD_DIR/certSerialEncodeTest $QUIET || exit(1)
139
140 #
141 # certcrl script tests require files relative to cwd
142 #
143 cd $CLXUTILS/certcrl/testSubjects/X509tests
144 $BUILD_DIR/certcrl -S x509tests.scr $CERTCRL_QUIET || exit(1)
145 cd $CLXUTILS/certcrl/testSubjects/smime
146 $BUILD_DIR/certcrl -S smime.scr $CERTCRL_QUIET || exit(1)
147 #
148 # disable expiredRoot test since it makes assumptions about
149 # store.apple.com which are no longer true %%%FIXME!
150 #cd $CLXUTILS/certcrl/testSubjects/expiredRoot
151 #$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET || exit(1)
152 #
153 cd $CLXUTILS/certcrl/testSubjects/expiredCerts
154 $BUILD_DIR/certcrl -S expiredCerts.scr $CERTCRL_QUIET || exit(1)
155 #
156 cd $CLXUTILS/certcrl/testSubjects/anchorAndDb
157 $BUILD_DIR/certcrl -S anchorAndDb.scr $CERTCRL_QUIET || exit(1)
158 #
159 cd $CLXUTILS/certcrl/testSubjects/hostNameDot
160 $BUILD_DIR/certcrl -S hostNameDot.scr $CERTCRL_QUIET || exit(1)
161 #
162 # one with normal anchors, one with Trust Settings
163 cd $CLXUTILS/certcrl/testSubjects/AppleCerts
164 $BUILD_DIR/certcrl -S AppleCerts.scr $CERTCRL_QUIET || exit(1)
165 $BUILD_DIR/certcrl -S AppleCerts.scr -g $CERTCRL_QUIET || exit(1)
166 #
167 # one with normal anchors, one with Trust Settings
168 # This will fail if you have userTrustSettings.plist, from ../trustSettings,
169 # installed!
170 # Note this should eventually be renamed to something like SWUpdateSigning...
171 cd $CLXUTILS/certcrl/testSubjects/AppleCodeSigning
172 $BUILD_DIR/certcrl -S AppleCodeSigning.scr $CERTCRL_QUIET || exit(1)
173 $BUILD_DIR/certcrl -S AppleCodeSigning.scr -g $CERTCRL_QUIET || exit(1)
174 #
175 cd $CLXUTILS/certcrl/testSubjects/CodePkgSigning
176 $BUILD_DIR/certcrl -S CodePkgSigning.scr $CERTCRL_QUIET || exit(1)
177 #
178 cd $CLXUTILS/certcrl/testSubjects/localTime
179 $BUILD_DIR/certcrl -S localTime.scr $CERTCRL_QUIET || exit(1)
180 #
181 # one with normal anchors, one with Trust Settings
182 cd $CLXUTILS/certcrl/testSubjects/serverGatedCrypto
183 $BUILD_DIR/certcrl -S sgc.scr $CERTCRL_QUIET || exit(1)
184 $BUILD_DIR/certcrl -S sgc.scr -g $CERTCRL_QUIET || exit(1)
185 #
186 cd $CLXUTILS/certcrl/testSubjects/crlTime
187 $BUILD_DIR/certcrl -S crlTime.scr $CERTCRL_QUIET || exit(1)
188 cd $CLXUTILS/certcrl/testSubjects/implicitAnchor
189 $BUILD_DIR/certcrl -S implicitAnchor.scr $CERTCRL_QUIET || exit(1)
190 cd $CLXUTILS/certcrl/testSubjects/crossSigned
191 $BUILD_DIR/certcrl -S crossSigned.scr $CERTCRL_QUIET || exit(1)
192 cd $CLXUTILS/certcrl/testSubjects/emptyCert
193 $BUILD_DIR/certcrl -S emptyCert.scr $CERTCRL_QUIET || exit(1)
194 cd $CLXUTILS/certcrl/testSubjects/emptySubject
195 $BUILD_DIR/certcrl -S emptySubject.scr $CERTCRL_QUIET || exit(1)
196 cd $CLXUTILS/certcrl/testSubjects/qualCertStatment
197 $BUILD_DIR/certcrl -S qualCertStatement.scr $CERTCRL_QUIET || exit(1)
198 cd $CLXUTILS/certcrl/testSubjects/ipSec
199 $BUILD_DIR/certcrl -S ipSec.scr $CERTCRL_QUIET || exit(1)
200 #
201 # ECDSA certs, lots of 'em
202 #
203 cd $CLXUTILS/certcrl/testSubjects/NSS_ECC
204 $BUILD_DIR/certcrl -S nssecc.scr $CERTCRL_QUIET || exit(1)
205 $BUILD_DIR/certcrl -S msEcc.scr $CERTCRL_QUIET || exit(1)
206 $BUILD_DIR/certcrl -S opensslEcc.scr $CERTCRL_QUIET || exit(1)
207
208 #
209 # CRL/OCSP tests
210 # once each with normal anchors, one with Trust Settings
211 #
212 # Until Verisign gets their CRL server fixed, we have to allow the disabling of the
213 # CRL test....
214 #
215 if($NO_SSL == 0) then
216 cd $CLXUTILS
217 if($FULL_SSL == YES) then
218 cd $CLXUTILS/certcrl/testSubjects/crlFromSsl
219 $BUILD_DIR/certcrl -S crlssl.scr $CERTCRL_QUIET || exit(1)
220 $BUILD_DIR/certcrl -S crlssl.scr -g $CERTCRL_QUIET || exit(1)
221 endif
222 cd $CLXUTILS/certcrl/testSubjects/ocspFromSsl
223 # this test makes assumptions about store.apple.com which are no longer
224 # true, so need to disable the test for now. %%%FIXME!
225 #$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET || exit(1)
226 #$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET || exit(1)
227 endif
228 #
229 $BUILD_DIR/extenTest $EXTENTEST_ARGS $QUIET $VERB || exit(1)
230 $BUILD_DIR/extenTestTp $EXTENTEST_ARGS $QUIET $VERB || exit(1)
231 $BUILD_DIR/sslSubjName $QUIET $VERB || exit(1)
232 $BUILD_DIR/smimePolicy $QUIET $VERB || exit(1)
233 $BUILD_DIR/certLabelTest $CERTCRL_QUIET || exit(1)
234
235 #
236 # extendAttrTest has to be run from specific directory for access to keys and certs
237 #
238 cd $CLXUTILS/extendAttrTest
239 $BUILD_DIR/extendAttrTest -k $BUILD_DIR/eat.keychain $CERTCRL_QUIET || exit(1)
240
241 #
242 # threadTest relies on a cert file in cwd
243 #
244 if($DO_THREAD == 1) then
245 cd $CLXUTILS/threadTest
246 $BUILD_DIR/threadTest $THREADTEST_ARGS $QUIET $VERB || exit(1)
247 endif
248 #
249 # CMS tests have to be run from specific directory for access to keychain and certs
250 #
251 cd $CLXUTILS/newCmsTool/blobs
252 ./cmstestHandsoff $CERTCRL_QUIET || exit(1)
253 ./cmsEcdsaHandsoff $CERTCRL_QUIET || exit(1)
254
255 #
256 # This one uses a number of p12 files in cwd
257 #
258 # we may never see this again....
259 #
260 # echo ==== skipping p12Reencode for now, but I really want this back ===
261 # cd $CLXUTILS/p12Reencode
262 # ./doReencode $P12REENCODE_ARGS $QUIET || exit(1)
263 #
264
265 #
266 # Import/export tests, always run from here with no default ACL (to avoid UI).
267 #
268 cd $CLXUTILS/importExport
269 ./importExport n $QUIET || exit(1)
270
271 # sslEcdsa test removed pending validation of tls.secg.org server
272 #
273 # $BUILD_DIR/sslEcdsa $CERTCRL_QUIET || exit(1)
274
275 #
276 # Full SSL tests run:
277 # -- once with blocking socket I/O
278 # -- once with nonblocking socket I/O
279 # -- once with RingBuffer I/O, no verifyPing
280 #
281 if($NO_SSL == 0) then
282 cd $CLXUTILS/sslScripts
283 ./makeLocalCert a || exit(1)
284 ./ssldvt $SSL_PING_ENABLE $QUIET $VERB || exit(1)
285 ./ssldvt $SSL_PING_ENABLE $QUIET $VERB b || exit(1)
286 ./ssldvt n $QUIET $VERB R || exit(1)
287 ./removeLocalCerts
288 endif
289 if($FULL_SSL == YES) then
290 $BUILD_DIR/threadTest $THREADPING_ARGS $QUIET $VERB || exit(1)
291 endif
292
293 echo ==== cltpdvt success ====
294