]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/newCmsTool/blobs/cmstest
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / newCmsTool / blobs / cmstest
1 #! /bin/csh -f
2 #
3 # test libsecurity_cms.
4 #
5 set USE_REF_BLOBS=NO
6 set QUIET=NO
7 set QUIET_ARG=
8 set MULTI_UPDATE=
9
10 #
11 # safely look for this required env var
12 #
13 setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null
14 if($status != 0) then
15 echo Please set env var LOCAL_BUILD_DIR.
16 exit(1)
17 endif
18 set BUILD_DIR=$LOCAL_BUILD_DIR
19
20 #
21 # Default options: identities, keychain, etc.; overridable
22 #
23 set SRCH_KC=
24 set SIGNER=dmitch@apple.com
25 set RECIP=dmitch@apple.com
26 set SIGNER2=dmitch@dmitch.com
27 set RECIP2=dmitch@dmitch.com
28 # specifying an anchorFile implies manual SecTrustEval
29 set MANUAL_EVAL=
30 set ANCHOR_CERT=
31
32 while ( $#argv > 0 )
33 switch ( "$argv[1]" )
34 case -r:
35 set USE_REF_BLOBS = YES
36 shift
37 breaksw
38 case -q:
39 set QUIET=YES
40 set QUIET_ARG = -Z
41 shift
42 breaksw
43 case -m:
44 set MULTI_UPDATE = -m
45 shift
46 breaksw
47 case -s:
48 if($#argv < 2) then
49 cat cmstestUsage
50 exit(1)
51 endif
52 set SIGNER=$argv[2]
53 set RECIP=$argv[2]
54 shift
55 shift
56 breaksw
57 case -S:
58 if($#argv < 2) then
59 cat cmstestUsage
60 exit(1)
61 endif
62 set SIGNER2=$argv[2]
63 set RECIP2=$argv[2]
64 shift
65 shift
66 breaksw
67 case -k:
68 if($#argv < 2) then
69 cat cmstestUsage
70 exit(1)
71 endif
72 set SRCH_KC="-k $argv[2]"
73 shift
74 shift
75 breaksw
76 case -a:
77 if($#argv < 2) then
78 cat cmstestUsage
79 exit(1)
80 endif
81 set ANCHOR_CERT="-A $argv[2]"
82 set MANUAL_EVAL="-M"
83 shift
84 shift
85 breaksw
86 default:
87 cat cmstestUsage
88 exit(1)
89 endsw
90 end
91
92 set BUILD_DIR=$LOCAL_BUILD_DIR
93 set CMSTOOL=$BUILD_DIR/newCmsTool
94
95 # the files we act on - we only write to $BUILD_DIR. If we're using reference blobs,
96 # we copy them to the build directory and then run as usual.
97 #
98 set PTEXT=ptext
99 set RPTEXT=${BUILD_DIR}/rptext
100
101 set OTHER_CERT0=GTE_SGC.cer
102 set OTHER_CERT1=dmitchIChat.cer
103 set CERT_FILEBASE=${BUILD_DIR}/outcert
104
105 set STD_SIGN_CMD="$CMSTOOL sign $SRCH_KC -S $SIGNER $QUIET_ARG $MULTI_UPDATE"
106 set STD_ENCR_CMD="$CMSTOOL envel $SRCH_KC -r $RECIP $QUIET_ARG $MULTI_UPDATE"
107 set STD_SIGN_ENCR_CMD="$CMSTOOL signEnv $SRCH_KC -S $SIGNER -r $RECIP $QUIET_ARG $MULTI_UPDATE"
108 set STD_PARSE_CMD="$CMSTOOL parse -o $RPTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL $QUIET_ARG $MULTI_UPDATE"
109 set STD_CMP_CMD="cmp $PTEXT $RPTEXT"
110
111 # vanilla
112 set O_SIGN=${BUILD_DIR}/sign.p7
113 set O_ENV=${BUILD_DIR}/env.p7
114 set O_SIGN_ENV=${BUILD_DIR}/signEnv.p7
115 # eContentType = auth
116 set O_SIGN_AUTH=${BUILD_DIR}/sign_auth.p7
117 set O_SIGN_ENV_AUTH=${BUILD_DIR}/signEnv_auth.p7
118 # detached content
119 set O_SIGN_DETACH=${BUILD_DIR}/sign_det.p7
120 # two signers
121 set O_SIGN_TWO=${BUILD_DIR}/sign_two.p7
122 set O_SIGN_ENV_TWO_SIGN=${BUILD_DIR}/signEnv_twoSign.p7
123 # two recipients
124 set O_ENV_TWO=${BUILD_DIR}/env_two.p7
125 set O_SIGN_ENV_TWO_SIGN_TWO_RECIP=${BUILD_DIR}/signEnv_twoSign_twoRecip.p7
126 # additional certs - one signed, sone signed/encryped, one certs only
127 set O_SIGN_ADD_CERTS=${BUILD_DIR}/sign_certs.p7
128 set O_SIGN_ENV_ADD_CERTS=${BUILD_DIR}/signEnv_certs.p7
129 set O_SIGN_ONLY_CERTS=${BUILD_DIR}/certsOnly.p7
130 # cert chain options
131 set O_SIGN_NONE=${BUILD_DIR}/sign_nocerts.p7
132 set O_SIGN_SIGNER=${BUILD_DIR}/sign_signer.p7
133 set O_SIGN_WITHROOT=${BUILD_DIR}/sign_withroot.p7
134
135 if($USE_REF_BLOBS == YES) then
136 if($QUIET == NO) then
137 echo copying reference blobs to Build directory...
138 echo "cp *.p7 ${BUILD_DIR}/"
139 endif
140 cp *.p7 ${BUILD_DIR} || exit(1)
141 else
142 if($QUIET == NO) then
143 echo generating blobs in Build directory...
144 endif
145
146 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN"
147 if($QUIET == NO) then
148 echo $cmd
149 endif
150 $cmd || exit(1)
151
152 set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV"
153 if($QUIET == NO) then
154 echo $cmd
155 endif
156 $cmd || exit(1)
157
158 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV"
159 if($QUIET == NO) then
160 echo $cmd
161 endif
162 $cmd || exit(1)
163
164 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_AUTH -e a"
165 if($QUIET == NO) then
166 echo $cmd
167 endif
168 $cmd || exit(1)
169
170 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_AUTH -e a"
171 if($QUIET == NO) then
172 echo $cmd
173 endif
174 $cmd || exit(1)
175
176 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_DETACH -d"
177 if($QUIET == NO) then
178 echo $cmd
179 endif
180 $cmd || exit(1)
181
182 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_TWO -S $SIGNER2"
183 if($QUIET == NO) then
184 echo $cmd
185 endif
186 $cmd || exit(1)
187
188 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN -S $SIGNER2"
189 if($QUIET == NO) then
190 echo $cmd
191 endif
192 $cmd || exit(1)
193
194 set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV_TWO -r $RECIP2"
195 if($QUIET == NO) then
196 echo $cmd
197 endif
198 $cmd || exit(1)
199
200 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -S $SIGNER2 -r $RECIP2"
201 if($QUIET == NO) then
202 echo $cmd
203 endif
204 $cmd || exit(1)
205
206 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
207 if($QUIET == NO) then
208 echo $cmd
209 endif
210 $cmd || exit(1)
211
212 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
213 if($QUIET == NO) then
214 echo $cmd
215 endif
216 $cmd || exit(1)
217
218 set cmd="$CMSTOOL certs -o $O_SIGN_ONLY_CERTS $QUIET_ARG -C $OTHER_CERT0 -C $OTHER_CERT1"
219 if($QUIET == NO) then
220 echo $cmd
221 endif
222 $cmd || exit(1)
223
224 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_NONE -t none"
225 if($QUIET == NO) then
226 echo $cmd
227 endif
228 $cmd || exit(1)
229
230 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_SIGNER -t signer"
231 if($QUIET == NO) then
232 echo $cmd
233 endif
234 $cmd || exit(1)
235
236 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_WITHROOT -t chainWithRoot"
237 if($QUIET == NO) then
238 echo $cmd
239 endif
240 $cmd || exit(1)
241
242 endif
243
244 if($QUIET == NO) then
245 echo verifying blobs in Build directory...
246 endif
247
248 # Note we expect there to be twp certs per signer...true for the current
249 # Thawte certs.
250
251 # signed
252 set cmd="$STD_PARSE_CMD -i $O_SIGN -v sign -E d -s 1 -N 2"
253 if($QUIET == NO) then
254 echo $cmd
255 endif
256 $cmd || exit(1)
257 set cmd="$STD_CMP_CMD"
258 if($QUIET == NO) then
259 echo $cmd
260 endif
261 $cmd || exit(1)
262 if($QUIET == NO) then
263 echo rm $RPTEXT
264 endif
265 rm $RPTEXT
266
267 # enveloped
268 set cmd="$STD_PARSE_CMD -i $O_ENV -v encr -N 0"
269 if($QUIET == NO) then
270 echo $cmd
271 endif
272 $cmd || exit(1)
273 set cmd="$STD_CMP_CMD"
274 if($QUIET == NO) then
275 echo $cmd
276 endif
277 $cmd || exit(1)
278 if($QUIET == NO) then
279 echo rm $RPTEXT
280 endif
281 rm $RPTEXT
282
283 # signed & enveloped
284 set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV -v signEnv -E d -s 1 -N 2"
285 if($QUIET == NO) then
286 echo $cmd
287 endif
288 $cmd || exit(1)
289 set cmd="$STD_CMP_CMD"
290 if($QUIET == NO) then
291 echo $cmd
292 endif
293 $cmd || exit(1)
294 if($QUIET == NO) then
295 echo rm $RPTEXT
296 endif
297 rm $RPTEXT
298
299 # signed, eContentType auth
300 set cmd="$STD_PARSE_CMD -i $O_SIGN_AUTH -v sign -E a -s 1 -N 2"
301 if($QUIET == NO) then
302 echo $cmd
303 endif
304 $cmd || exit(1)
305 set cmd="$STD_CMP_CMD"
306 if($QUIET == NO) then
307 echo $cmd
308 endif
309 $cmd || exit(1)
310 if($QUIET == NO) then
311 echo rm $RPTEXT
312 endif
313 rm $RPTEXT
314
315 # signed & enveloped, eContentType auth
316 set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_AUTH -v signEnv -E a -s 1 -N 2"
317 if($QUIET == NO) then
318 echo $cmd
319 endif
320 $cmd || exit(1)
321 set cmd="$STD_CMP_CMD"
322 if($QUIET == NO) then
323 echo $cmd
324 endif
325 $cmd || exit(1)
326 if($QUIET == NO) then
327 echo rm $RPTEXT
328 endif
329 rm $RPTEXT
330
331 # signed, detached content - no output
332 set cmd="$CMSTOOL parse -i $O_SIGN_DETACH -D $PTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL -v sign -E d -s 1 $QUIET_ARG $MULTI_UPDATE -N 2"
333 if($QUIET == NO) then
334 echo $cmd
335 endif
336 $cmd || exit(1)
337
338 # signed, two signers
339 set cmd="$STD_PARSE_CMD -i $O_SIGN_TWO -v sign -E d -s 2 -N 4"
340 if($QUIET == NO) then
341 echo $cmd
342 endif
343 $cmd || exit(1)
344 set cmd="$STD_CMP_CMD"
345 if($QUIET == NO) then
346 echo $cmd
347 endif
348 $cmd || exit(1)
349 if($QUIET == NO) then
350 echo rm $RPTEXT
351 endif
352 rm $RPTEXT
353
354 # signed & enveloped, two signers
355 set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN -v signEnv -E d -s 2 -N 4"
356 if($QUIET == NO) then
357 echo $cmd
358 endif
359 $cmd || exit(1)
360 set cmd="$STD_CMP_CMD"
361 if($QUIET == NO) then
362 echo $cmd
363 endif
364 $cmd || exit(1)
365 if($QUIET == NO) then
366 echo rm $RPTEXT
367 endif
368 rm $RPTEXT
369
370 # enveloped, two recipients
371 set cmd="$STD_PARSE_CMD -i $O_ENV_TWO -v encr -N 0"
372 if($QUIET == NO) then
373 echo $cmd
374 endif
375 $cmd || exit(1)
376 set cmd="$STD_CMP_CMD"
377 if($QUIET == NO) then
378 echo $cmd
379 endif
380 $cmd || exit(1)
381 if($QUIET == NO) then
382 echo rm $RPTEXT
383 endif
384 rm $RPTEXT
385
386 # signed & enveloped, two signers, two recipients
387 set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -v signEnv -E d -s 2 -N 4"
388 if($QUIET == NO) then
389 echo $cmd
390 endif
391 $cmd || exit(1)
392 set cmd="$STD_CMP_CMD"
393 if($QUIET == NO) then
394 echo $cmd
395 endif
396 $cmd || exit(1)
397
398 # additional certs with signer
399 set cmd="$STD_PARSE_CMD -i $O_SIGN_ADD_CERTS -v sign -E d -s 1 -N 4"
400 if($QUIET == NO) then
401 echo $cmd
402 endif
403 $cmd || exit(1)
404 set cmd="$STD_CMP_CMD"
405 if($QUIET == NO) then
406 echo $cmd
407 endif
408 $cmd || exit(1)
409 if($QUIET == NO) then
410 echo rm $RPTEXT
411 endif
412 rm $RPTEXT
413
414 # additional certs with signer & recipient
415 set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_ADD_CERTS -v signEnv -E d -s 1 -N 4"
416 if($QUIET == NO) then
417 echo $cmd
418 endif
419 $cmd || exit(1)
420 set cmd="$STD_CMP_CMD"
421 if($QUIET == NO) then
422 echo $cmd
423 endif
424 $cmd || exit(1)
425 if($QUIET == NO) then
426 echo rm $RPTEXT
427 endif
428 rm $RPTEXT
429
430 # cert chain options - first, no certs
431 set cmd="$STD_PARSE_CMD -i $O_SIGN_NONE -v sign -E d -s 1 -N 0"
432 if($QUIET == NO) then
433 echo $cmd
434 endif
435 $cmd || exit(1)
436 set cmd="$STD_CMP_CMD"
437 if($QUIET == NO) then
438 echo $cmd
439 endif
440 $cmd || exit(1)
441 if($QUIET == NO) then
442 echo rm $RPTEXT
443 endif
444 rm $RPTEXT
445
446 # cert chain options - signer certs
447 set cmd="$STD_PARSE_CMD -i $O_SIGN_SIGNER -v sign -E d -s 1 -N 1"
448 if($QUIET == NO) then
449 echo $cmd
450 endif
451 $cmd || exit(1)
452 set cmd="$STD_CMP_CMD"
453 if($QUIET == NO) then
454 echo $cmd
455 endif
456 $cmd || exit(1)
457 if($QUIET == NO) then
458 echo rm $RPTEXT
459 endif
460 rm $RPTEXT
461
462 # cert chain options - chain with root
463 set cmd="$STD_PARSE_CMD -i $O_SIGN_WITHROOT -v sign -E d -s 1 -N 3"
464 if($QUIET == NO) then
465 echo $cmd
466 endif
467 $cmd || exit(1)
468 set cmd="$STD_CMP_CMD"
469 if($QUIET == NO) then
470 echo $cmd
471 endif
472 $cmd || exit(1)
473 if($QUIET == NO) then
474 echo rm $RPTEXT
475 endif
476 rm $RPTEXT
477
478 # certs only
479 set cmd="$CMSTOOL parse -i $O_SIGN_ONLY_CERTS $QUIET_ARG $MULTI_UPDATE -v sign -s 0 -N 2 -f $CERT_FILEBASE"
480 if($QUIET == NO) then
481 echo $cmd
482 endif
483 $cmd || exit(1)
484 # the order here is affected by the size of the certs: the certs are encoded in the
485 # p7 blob as a SET OF, which when DER-encoded (as opposed to BER encoded), is ordered,
486 # with the length octets happening to determine the order (if the certs are different
487 # sizes). We know that OTHER_CERT1 is smaller that OTHER_CERT0...
488 set cmd="cmp $OTHER_CERT1 ${CERT_FILEBASE}_0.cer"
489 if($QUIET == NO) then
490 echo $cmd
491 endif
492 $cmd || exit(1)
493 set cmd="cmp $OTHER_CERT0 ${CERT_FILEBASE}_1.cer"
494 if($QUIET == NO) then
495 echo $cmd
496 endif
497 $cmd || exit(1)
498 set cmd="rm ${CERT_FILEBASE}_0.cer ${CERT_FILEBASE}_1.cer"
499 if($QUIET == NO) then
500 echo $cmd
501 endif
502 $cmd || exit(1)
503
504 if($QUIET == NO) then
505 echo === cmstest Succeeded ===
506 endif
mirror of Security