--- /dev/null
+#! /bin/csh -f
+#
+# Run import/export tests for PKCS12.
+#
+# Run this from SecurityTests/clxutils/importExport. The
+# kcImport and kcExport programs must exist in the location
+# specified by the LOCAL_BUILD_DIR env var.
+#
+
+source setupCommon
+
+# PKCS12 blob, we generate
+set GEN_PKCS12_PFX=${BUILD_DIR}/generated.p12
+
+# parsed PEM sequence generated by openssl (parsing $GEN_PKCS12_PFX)
+set PKCS12_PARSED_PEM=${BUILD_DIR}/parsed.p12.pem
+
+# PKCS12 blob, openssl generates
+set GEN_OPENSSL_PKCS12_PFX=${BUILD_DIR}/generatedOpenssl.p12
+
+# PKCS12 passphrase
+set PKCS12_PASSPHRASE=somePassphrase
+
+# user specified variables
+set QUIET=NO
+set QUIET_ARG=
+set KEYSIZE=512
+set NOACL=NO
+set NOACL_ARG=
+set SECURE_PASSPHR=
+set NOCLEAN=NO
+
+#
+# Verify existence of a few crucial things before we start.
+#
+if( ( ! -e $KCIMPORT ) || \
+ ( ! -e $KCEXPORT ) ) then
+ echo === You do not seem to have all of the required executables.
+ echo === Please build all of cspxutils and clxutils.
+ echo === See the README files in those directories for info.
+ exit(1)
+endif
+
+# user options
+
+while ( $#argv > 0 )
+ switch ( "$argv[1]" )
+ case q:
+ set QUIET=YES
+ set QUIET_ARG=-q
+ shift
+ breaksw
+ case n:
+ set NOACL=YES
+ set NOACL_ARG=-n
+ shift
+ breaksw
+ case s:
+ set SECURE_PASSPHR=-Z
+ shift
+ breaksw
+ case N:
+ set NOCLEAN=YES
+ shift
+ breaksw
+ default:
+ echo Usage: importExportPkcs12 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
+ exit(1)
+ endsw
+end
+
+# Create keypair and cert using certtool
+
+echo === Begin PKCS12 test ===
+if ($QUIET == NO) then
+ echo Creating keypair and cert with certtool...
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+set cmd="$CERTTOOL c k=$KEYCHAIN_PATH Z"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd > /dev/null || exit(1)
+
+# export as P12
+
+if ($QUIET == NO) then
+ echo ...Exporting private key and cert as PKCS12...
+endif
+# note we export Identities, not All, since pub keys can't go in a P12
+set cmd="$KCEXPORT $KEYCHAIN -t identities -f pkcs12 -o $GEN_PKCS12_PFX -z $PKCS12_PASSPHRASE $SECURE_PASSPHR -q"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# import and verify
+
+if ($QUIET == NO) then
+ echo ...Importing PKCS12, explicit format...
+endif
+if ($QUIET == NO) then
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -f pkcs12 -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+if ($QUIET == NO) then
+ echo ...Importing PKCS12, format inferred from filename...
+endif
+if ($QUIET == NO) then
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+if ($QUIET == NO) then
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+
+#
+# Exchange with openssl.
+#
+if ($QUIET == NO) then
+ echo ...parsing our P12 PFX with openssl...
+endif
+set cmd="$RM -f $PKCS12_PARSED_PEM"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+set cmd="$OPENSSL pkcs12 -in $GEN_PKCS12_PFX -passin pass:$PKCS12_PASSPHRASE -nodes -out $PKCS12_PARSED_PEM"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd >& /dev/null|| exit(1)
+
+if ($QUIET == NO) then
+ echo ...parsing openssl PEM sequence
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+set cmd="$KCIMPORT $PKCS12_PARSED_PEM -k $KEYCHAIN -z $PKCS12_PASSPHRASE -q $NOACL_ARG $SECURE_PASSPHR"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+if ($QUIET == NO) then
+ echo ...creating PKCS12 with openssl, import to empty keychain
+endif
+set cmd="$OPENSSL pkcs12 -in $PKCS12_PARSED_PEM -out $GEN_OPENSSL_PKCS12_PFX -passout pass:$PKCS12_PASSPHRASE -export"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+if ($QUIET == NO) then
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+set cmd="$KCIMPORT $GEN_OPENSSL_PKCS12_PFX -z $PKCS12_PASSPHRASE -k $KEYCHAIN -K 0 -C 0 -I 1 -q $SECURE_PASSPHR"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# cleanup
+if ($NOCLEAN == NO) then
+ set cmd="rm -f $GEN_PKCS12_PFX $PKCS12_PARSED_PEM $GEN_OPENSSL_PKCS12_PFX"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+endif
+
+if ($QUIET == NO) then
+ echo === PKCS12 test complete ===
+endif
+
projects / apple / security.git / blobdiff