]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/signerAndSubjSsl/doTest
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / signerAndSubjSsl / doTest
1 #! /bin/csh -f
2 #
3 # Test SSL's hostname compare using subjectAltName extensions.
4 #
5 # these can be overridden by the 'q' and 'v' cmd line options
6 #
7 set QUIET = 0
8 set VERBOSE = 0
9 #
10 while ( $#argv > 0 )
11 switch ( "$argv[1]" )
12 case v:
13 set VERBOSE = 1
14 shift
15 breaksw
16 case q:
17 set QUIET = 1
18 shift
19 breaksw
20 default:
21 echo usage: doTest \[q\] \[v\]
22 exit(1)
23 endsw
24 end
25
26 #
27 # hard coded in signerAndSubjSsl
28 #
29 set ROOT_CERT = ssRootCert.der
30 set LEAF_CERT = ssSubjCert.der
31 set COMMON_NAME = something.org
32 #
33 # the common arguments to certcrl
34 #
35 set STD_CRL_ARGS = "-c $LEAF_CERT -C $ROOT_CERT -a -n -N -q"
36 #
37 # DNS_NAME goes in the leaf cert's subjectAltName, which is supposed to have precedence
38 # over the common name (which is fixed at something.org).
39 #
40 set DNS_NAME = foo.bar
41 set BAD_DNS_NAME = foo.foo.bar
42 #
43 if($QUIET == 0) then
44 echo === leaf cert with DNS name $DNS_NAME
45 endif
46 #
47 set cmd = "signerAndSubjSsl d=$DNS_NAME q"
48 if($VERBOSE == 1) then
49 echo $cmd
50 endif
51 $cmd || exit(1)
52 #
53 # Note the app is passing in $HOST_NAME which differs from the leaf cert's common name
54 #
55 if($QUIET == 0) then
56 echo === ...verify success with hostname $DNS_NAME
57 endif
58 set cmd = "certcrl $STD_CRL_ARGS -h $DNS_NAME"
59 if($VERBOSE == 1) then
60 echo $cmd
61 endif
62 $cmd || exit(1)
63 #
64 if($QUIET == 0) then
65 echo === ...verify failure with common name $COMMON_NAME when DNS name present
66 endif
67 set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
68 if($VERBOSE == 1) then
69 echo $cmd
70 endif
71 $cmd || exit(1)
72 #
73 if($QUIET == 0) then
74 echo === ...verify failure with host name $BAD_DNS_NAME
75 endif
76 set cmd = "certcrl $STD_CRL_ARGS -h $BAD_DNS_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
77 if($VERBOSE == 1) then
78 echo $cmd
79 endif
80 $cmd || exit(1)
81 #
82 ######
83 #
84 set IP_ADDR = 1.0.5.8
85 set IP_ADDR_PAD = 1.0.05.008
86 set BAD_IP_ADDR = 2.0.5.8
87 #
88 if($QUIET == 0) then
89 echo === leaf cert with IP address $IP_ADDR
90 endif
91 set cmd = "signerAndSubjSsl i=$IP_ADDR q"
92 if($VERBOSE == 1) then
93 echo $cmd
94 endif
95 $cmd || exit(1)
96 #
97 if($QUIET == 0) then
98 echo === ...verify with hostname $IP_ADDR
99 endif
100 set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR"
101 if($VERBOSE == 1) then
102 echo $cmd
103 endif
104 $cmd || exit(1)
105 #
106 if($QUIET == 0) then
107 echo === ...verify with hostname $IP_ADDR_PAD
108 endif
109 set cmd = "certcrl $STD_CRL_ARGS -h $IP_ADDR_PAD"
110 if($VERBOSE == 1) then
111 echo $cmd
112 endif
113 $cmd || exit(1)
114 #
115 if($QUIET == 0) then
116 echo === ...verify with hostname $COMMON_NAME when no DNS name present
117 endif
118 set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
119 if($VERBOSE == 1) then
120 echo $cmd
121 endif
122 $cmd || exit(1)
123 #
124 if($QUIET == 0) then
125 echo === ...verify failure with host name $BAD_IP_ADDR
126 endif
127 set cmd = "certcrl $STD_CRL_ARGS -h $BAD_IP_ADDR -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
128 if($VERBOSE == 1) then
129 echo $cmd
130 endif
131 $cmd || exit(1)
132 #
133 ######
134 #
135 set DNS_WC_NAME = "*.foo.bar"
136 set DNS_GOOD_WC_NAME = bar.foo.bar
137 set DNS_BAD_WC_NAME = foo.bar
138 #
139 if($QUIET == 0) then
140 echo === leaf cert with DNS name "$DNS_WC_NAME"
141 endif
142 set cmd = "signerAndSubjSsl d=*.foo.bar q"
143 if($VERBOSE == 1) then
144 echo "$cmd"
145 endif
146 signerAndSubjSsl "d=*.foo.bar" q || exit(1)
147 #
148 if($QUIET == 0) then
149 echo === ...verify with hostname $DNS_GOOD_WC_NAME
150 endif
151 set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
152 if($VERBOSE == 1) then
153 echo $cmd
154 endif
155 $cmd || exit(1)
156 #
157 if($QUIET == 0) then
158 echo === ...verify failure with hostname $DNS_BAD_WC_NAME
159 endif
160 set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
161 if($VERBOSE == 1) then
162 echo $cmd
163 endif
164 $cmd || exit(1)
165 #
166 ######
167 #
168 set DNS_WC_NAME = "*foo.bar"
169 set DNS_GOOD_WC_NAME = barfoo.bar
170 set DNS_BAD_WC_NAME = bar.foo.bar
171 #
172 if($QUIET == 0) then
173 echo === leaf cert with DNS name "$DNS_WC_NAME"
174 endif
175 set cmd = "signerAndSubjSsl d=*foo.bar q"
176 if($VERBOSE == 1) then
177 echo "$cmd"
178 endif
179 signerAndSubjSsl "d=*foo.bar" q || exit(1)
180 #
181 if($QUIET == 0) then
182 echo === ...verify with hostname $DNS_GOOD_WC_NAME
183 endif
184 set cmd = "certcrl $STD_CRL_ARGS -h $DNS_GOOD_WC_NAME"
185 if($VERBOSE == 1) then
186 echo $cmd
187 endif
188 $cmd || exit(1)
189 #
190 if($QUIET == 0) then
191 echo === ...verify failure with hostname $DNS_BAD_WC_NAME
192 endif
193 set cmd = "certcrl $STD_CRL_ARGS -h $DNS_BAD_WC_NAME -e=CSSMERR_TP_VERIFY_ACTION_FAILED"
194 if($VERBOSE == 1) then
195 echo $cmd
196 endif
197 $cmd || exit(1)
198 #
199 ######
200 #
201 if($QUIET == 0) then
202 echo === leaf cert with no DNS name, verify with common name
203 endif
204 set cmd = "signerAndSubjSsl q"
205 if($VERBOSE == 1) then
206 echo $cmd
207 endif
208 $cmd || exit(1)
209 set cmd = "certcrl $STD_CRL_ARGS -h $COMMON_NAME"
210 if($VERBOSE == 1) then
211 echo $cmd
212 endif
213 $cmd || exit(1)
214 echo ...signerAndSubjSslTest complete
215
mirror of Security