+++ /dev/null
-/*
- * script.cpp - run certcrl from script file
- */
-
-#include <security_cdsa_utils/cuFileIo.h>
-#include <utilLib/common.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <Security/cssm.h>
-#include <clAppUtils/BlobList.h>
-#include <clAppUtils/certVerify.h>
-#include "script.h"
-
-/* Line type returned from parseLine */
-typedef enum {
- LT_Empty, // comments, whitespace
- LT_TestName,
- LT_DirName,
- LT_Cert,
- LT_Root,
- LT_CRL,
- LT_CertDb,
- LT_CrlDb,
- LT_ExpectError, // expected function return
- LT_CertError, // per-cert error string
- LT_CertStatus, // per-cert StatusBits
- LT_SslHost,
- LT_SslClient,
- LT_SenderEmail,
- LT_Policy,
- LT_KeyUsage,
- LT_RevokePolicy,
- LT_RespURI,
- LT_RespCert,
- LT_EndOfSection,
- LT_EndOfFile,
- LT_BadLine,
- LT_Globals,
- LT_Echo,
- LT_GenerateOcspNonce,
- LT_RequireOcspNonce,
- LT_AllowExpiredRoot,
- LT_VerifyTime,
- LT_ImplicitAnchors,
-
- /* variables which can be in globals or per-test */
- LT_AllowUnverified,
- LT_CrlNetFetchEnable,
- LT_CertNetFetchEnable,
- LT_UseSystemAnchors,
- LT_UseTrustSettings,
- LT_LeafCertIsCA,
- LT_CacheDisable,
- LT_OcspNetFetchDisable,
- LT_RequireOcspIfPresent,
- LT_RequireCrlIfPresent,
- LT_RequireCrlForAll,
- LT_RequireOcspForAll
-} LineType;
-
-/* table to map key names to LineType */
-typedef struct {
- const char *keyName;
- LineType lineType;
-} KeyLineType;
-
-KeyLineType keyLineTypes[] =
-{
- { "test", LT_TestName },
- { "dir", LT_DirName },
- { "cert", LT_Cert },
- { "root", LT_Root },
- { "crl", LT_CRL },
- { "certDb", LT_CertDb },
- { "crlDb", LT_CrlDb }, // no longer used
- { "error", LT_ExpectError },
- { "certerror", LT_CertError },
- { "certstatus", LT_CertStatus },
- { "sslHost", LT_SslHost },
- { "sslClient", LT_SslClient },
- { "senderEmail", LT_SenderEmail },
- { "policy", LT_Policy },
- { "keyUsage", LT_KeyUsage },
- { "revokePolicy", LT_RevokePolicy },
- { "responderURI", LT_RespURI },
- { "responderCert", LT_RespCert },
- { "cacheDisable", LT_CacheDisable },
- { "echo", LT_Echo },
- { "globals", LT_Globals },
- { "end", LT_EndOfSection },
- { "allowUnverified", LT_AllowUnverified },
- { "requireCrlIfPresent",LT_RequireCrlIfPresent },
- { "crlNetFetchEnable", LT_CrlNetFetchEnable },
- { "certNetFetchEnable", LT_CertNetFetchEnable },
- { "ocspNetFetchDisable",LT_OcspNetFetchDisable },
- { "requireCrlForAll", LT_RequireCrlForAll },
- { "requireOcspForAll", LT_RequireOcspForAll },
- { "useSystemAnchors", LT_UseSystemAnchors },
- { "useTrustSettings", LT_UseTrustSettings },
- { "leafCertIsCA", LT_LeafCertIsCA },
- { "requireOcspIfPresent",LT_RequireOcspIfPresent },
- { "generateOcspNonce", LT_GenerateOcspNonce },
- { "requireOcspNonce", LT_RequireOcspNonce },
- { "allowExpiredRoot", LT_AllowExpiredRoot },
- { "verifyTime", LT_VerifyTime },
- { "implicitAnchors", LT_ImplicitAnchors },
-};
-
-#define NUM_KEYS (sizeof(keyLineTypes) / sizeof(KeyLineType))
-
-/* map policy string to CertVerifyPolicy */
-typedef struct {
- const char *str;
- CertVerifyPolicy policy;
-} PolicyString;
-
-static const PolicyString policyStrings[] =
-{
- { "basic", CVP_Basic },
- { "ssl", CVP_SSL },
- { "smime", CVP_SMIME },
- { "swuSign", CVP_SWUpdateSign },
- { "codeSign", CVP_AppleCodeSigning },
- { "pkgSign", CVP_PackageSigning },
- { "resourceSign", CVP_ResourceSigning },
- { "iChat", CVP_iChat },
- { "pkinitServer", CVP_PKINIT_Server },
- { "pkinitClient", CVP_PKINIT_Client },
- { "IPSec", CVP_IPSec },
- { NULL, (CertVerifyPolicy)0 }
-};
-
-/* skip whitespace (but not line terminators) */
-static void skipWhite(
- const unsigned char *&cp,
- unsigned &bytesLeft)
-{
- while(bytesLeft != 0) {
- switch(*cp) {
- case ' ':
- case '\t':
- cp++;
- bytesLeft--;
- break;
- default:
- return;
- }
- }
-}
-
-/* skip to next char after EOL */
-static void skipLine(
- const unsigned char *&cp,
- unsigned &bytesLeft)
-{
- bool foundEol = false;
- while(bytesLeft != 0) {
- switch(*cp) {
- case '\n':
- case '\r':
- foundEol = true;
- cp++;
- bytesLeft--;
- break;
- default:
- if(foundEol) {
- return;
- }
- cp++;
- bytesLeft--;
- break;
- }
- }
-}
-
-/* skip to end of current token (i.e., find next whitespace or '=') */
-static void skipToken(
- const unsigned char *&cp,
- unsigned &bytesLeft,
- bool isQuoted)
-{
- while(bytesLeft != 0) {
- char c = *cp;
- if(isQuoted) {
- if(c == '"') {
- /* end of quoted string, return still pointing to it */
- return;
- }
- }
- else {
- if(isspace(c)) {
- return;
- }
- if(c == '=') {
- /* hopefully, end of key */
- return;
- }
- }
- cp++;
- bytesLeft--;
- }
-}
-
-/*
- * Parse one line, return value (following "=" and whitespace) as
- * mallocd C string. On return, scriptData points to next char after line
- * terminator(s).
- *
- * The basic form of a line is
- * [whitespace] key [whitespace] = [whitespace] value [whitespace] \n|\r...
- *
- * ...except for comments and blank lines. Comments contain '#' as the
- * first non-whitespace char.
- */
-#define CHECK_EOF(bytesLeft) \
- if(bytesLeft == 0) { \
- return LT_BadLine; \
- }
-
-#define MAX_KEY_LEN 80
-
-static LineType parseLine(
- const unsigned char *&cp, // IN/OUT
- unsigned &bytesLeft, // IN/OUT bytes left in script
- char *&value, // mallocd and RETURNED
- CSSM_BOOL verbose)
-{
- if(bytesLeft == 0) {
- if(verbose) {
- printf("...EOF reached\n");
- }
- return LT_EndOfFile;
- }
- skipWhite(cp, bytesLeft);
- if(bytesLeft == 0) {
- return LT_Empty;
- }
- switch(*cp) {
- case '#':
- case '\n':
- case '\r':
- skipLine(cp, bytesLeft);
- return LT_Empty;
- }
-
- /*
- * cp points to start of key
- * get key value as NULL terminated C string
- */
- const unsigned char *tokenStart = cp;
- skipToken(cp, bytesLeft, false);
- CHECK_EOF(bytesLeft);
- unsigned tokenLen = cp - tokenStart;
- char key[MAX_KEY_LEN];
- memmove(key, tokenStart, tokenLen);
- key[tokenLen] = '\0';
-
- /* parse key */
- LineType rtnType = LT_BadLine;
- for(unsigned i=0; i<NUM_KEYS; i++) {
- KeyLineType *klt = &keyLineTypes[i];
- if(!strcmp(klt->keyName, key)) {
- rtnType = klt->lineType;
- break;
- }
- }
-
- /* these keys have no value */
- bool noValue = false;
- switch(rtnType) {
- case LT_EndOfSection:
- if(verbose) {
- printf("...end of section\n");
- }
- noValue = true;
- break;
- case LT_Globals:
- noValue = true;
- break;
- case LT_BadLine:
- printf("***unknown key '%s'\n", key);
- noValue = true;
- break;
- default:
- break;
- }
- if(noValue) {
- /* done with line */
- skipLine(cp, bytesLeft);
- return rtnType;
- }
-
- /* get to start of value */
- skipWhite(cp, bytesLeft);
- CHECK_EOF(bytesLeft);
- if(rtnType == LT_Echo) {
- /* echo: value is everything from this char to end of line */
- tokenStart = cp;
- for( ; bytesLeft != 0; cp++, bytesLeft--) {
- if((*cp == '\n') || (*cp == '\r')) {
- break;
- }
- }
- if(cp != tokenStart) {
- tokenLen = cp - tokenStart;
- value = (char *)malloc(tokenLen + 1);
- memmove(value, tokenStart, tokenLen);
- value[tokenLen] = '\0';
- }
- else {
- value = NULL;
- }
- skipLine(cp, bytesLeft);
- return LT_Echo;
- }
-
- /* all other line types: value is first token after '=' */
- if(*cp != '=') {
- printf("===missing = after key\n");
- return LT_BadLine;
- }
- cp++;
- bytesLeft--;
- skipWhite(cp, bytesLeft);
- CHECK_EOF(bytesLeft);
-
- /* cp points to start of value */
- bool isQuoted = false;
- if(*cp == '"') {
- cp++;
- bytesLeft--;
- CHECK_EOF(bytesLeft)
- isQuoted = true;
- }
- tokenStart = cp;
- skipToken(cp, bytesLeft, isQuoted);
- /* cp points to next char after end of value */
- /* get value as mallocd C string */
- tokenLen = cp - tokenStart;
- if(tokenLen == 0) {
- value = NULL;
- }
- else {
- value = (char *)malloc(tokenLen + 1);
- memmove(value, tokenStart, tokenLen);
- value[tokenLen] = '\0';
- }
- skipLine(cp, bytesLeft);
- if(verbose) {
- printf("'%s' = '%s'\n", key, value);
- }
- return rtnType;
-}
-
-/* describe fate of one run of runOneTest() */
-typedef enum {
- OTR_Success,
- OTR_Fail,
- OTR_EndOfScript
-} OneTestResult;
-
-/* parse boolean variable, in globals or per-test */
-OneTestResult parseVar(
- LineType lineType,
- const char *value,
- ScriptVars &scriptVars)
-{
- /* parse value */
- CSSM_BOOL cval;
- if(!strcmp(value, "true")) {
- cval = CSSM_TRUE;
- }
- else if(!strcmp(value, "false")) {
- cval = CSSM_FALSE;
- }
- else {
- printf("***boolean variables must be true or false, not '%s'\n", value);
- return OTR_Fail;
- }
-
- switch(lineType) {
- case LT_AllowUnverified:
- scriptVars.allowUnverified = cval;
- break;
- case LT_CrlNetFetchEnable:
- scriptVars.crlNetFetchEnable = cval;
- break;
- case LT_CertNetFetchEnable:
- scriptVars.certNetFetchEnable = cval;
- break;
- case LT_UseSystemAnchors:
- scriptVars.useSystemAnchors = cval;
- break;
- case LT_UseTrustSettings:
- scriptVars.useTrustSettings = cval;
- break;
- case LT_LeafCertIsCA:
- scriptVars.leafCertIsCA = cval;
- break;
- case LT_CacheDisable:
- scriptVars.cacheDisable = cval;
- break;
- case LT_OcspNetFetchDisable:
- scriptVars.ocspNetFetchDisable = cval;
- break;
- case LT_RequireOcspIfPresent:
- scriptVars.requireOcspIfPresent = cval;
- break;
- case LT_RequireCrlIfPresent:
- scriptVars.requireCrlIfPresent = cval;
- break;
- case LT_RequireCrlForAll:
- scriptVars.requireCrlForAll = cval;
- break;
- case LT_RequireOcspForAll:
- scriptVars.requireOcspForAll = cval;
- break;
- default:
- return OTR_Fail;
- }
- return OTR_Success;
-}
-
-#if 0
-/* sure wish X had strnstr */
-static char *strnstr(
- const char *big,
- const char *little,
- size_t len)
-{
- const char *cp;
- unsigned littleLen = strlen(little);
- const char *end = big + len - littleLen;
- char first = little[0];
-
- for(cp=big; cp<end; cp++) {
- /* find first char of little in what's left of big */
- if(*cp != first) {
- continue;
- }
- if(memcmp(cp, little, littleLen) == 0) {
- return (char *)cp;
- }
- } while(cp < end);
- return NULL;
-}
-#endif
-
-OneTestResult fetchGlobals(
- const unsigned char *&scriptData, // IN/OUT
- unsigned &bytesLeft, // IN/OUT
- ScriptVars &scriptVars, // may be modified
- CSSM_BOOL verbose)
-{
- char *value; // mallocd by parseLine
- LineType lineType;
- OneTestResult result;
-
- if(verbose) {
- printf("...processing global section\n");
- }
- /* parse globals section until end encountered */
- do {
- value = NULL;
- lineType = parseLine(scriptData, bytesLeft, value, verbose);
- switch(lineType) {
- case LT_Empty:
- case LT_Globals:
- break; // nop
- case LT_EndOfSection:
- return OTR_Success;
- case LT_EndOfFile:
- printf("***Premature end of file in globals section.\n");
- return OTR_EndOfScript;
- case LT_BadLine:
- return OTR_Fail;
- default:
- /* hopefully a variable */
- result = parseVar(lineType, value, scriptVars);
- if(result != OTR_Success) {
- return OTR_Fail;
- }
- break;
- }
- if(value != NULL) {
- free(value);
- }
- } while(1);
- /* NOT REACHED */
- return OTR_Success;
-}
-
-/* parse script fragment for one test, run it */
-OneTestResult runOneTest(
- const unsigned char *&scriptData, // IN/OUT
- unsigned &bytesLeft, // IN/OUT bytes left in script
- CSSM_TP_HANDLE tpHand,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- CSSM_DL_HANDLE dlHand,
- ScriptVars &scriptVars,
- CSSM_BOOL quiet,
- CSSM_BOOL verbose)
-{
- CertVerifyArgs vfyArgs;
- memset(&vfyArgs, 0, sizeof(vfyArgs));
-
- /* to be gathered from script */
- char *testName = NULL;
- char *dirName = NULL;
- BlobList certs;
- BlobList roots;
- BlobList crls;
-
- LineType lineType;
- char *value; // mallocd by parseLine
- int blobErr;
- ScriptVars localVars = scriptVars;
- OneTestResult result;
- char pathName[300];
- CSSM_RETURN crtn;
- CSSM_DL_DB_HANDLE_PTR currDlDb = NULL;
- CSSM_DL_DB_LIST dlDbList = {0, NULL};
-
- vfyArgs.version = CERT_VFY_ARGS_VERS;
- vfyArgs.certs = &certs;
- vfyArgs.roots = &roots;
- vfyArgs.crls = &crls;
- vfyArgs.quiet = quiet;
- vfyArgs.tpHand = tpHand;
- vfyArgs.clHand = clHand;
- vfyArgs.cspHand = cspHand;
- vfyArgs.quiet = quiet;
- vfyArgs.revokePolicy = CRP_None;
- vfyArgs.vfyPolicy = CVP_Basic;
- vfyArgs.dlDbList = &dlDbList;
-
- /* parse script up to end of test */
- do {
- value = NULL;
- blobErr = 0;
- lineType = parseLine(scriptData, bytesLeft, value, verbose);
- switch(lineType) {
- case LT_Empty:
- break; // nop
- case LT_TestName:
- if(testName != NULL) {
- printf("***Duplicate test name ignored\n");
- free(value);
- }
- else {
- testName = value; // free after test
- }
- value = NULL;
- break;
- case LT_DirName:
- if(dirName != NULL) {
- printf("***Duplicate directory name ignored\n");
- free(value);
- }
- else {
- dirName = value; // free after test
- }
- value = NULL;
- break;
- case LT_Cert:
- blobErr = certs.addFile(value, dirName);
- break;
- case LT_Root:
- blobErr = roots.addFile(value, dirName);
- break;
- case LT_CRL:
- blobErr = crls.addFile(value, dirName);
- break;
- case LT_CertDb:
- case LT_CrlDb:
- /* these can be called multiple times */
- if(dirName) {
- sprintf(pathName, "%s/%s", dirName, value);
- }
- else {
- strcpy(pathName, value);
- }
- dlDbList.NumHandles++;
- dlDbList.DLDBHandle = (CSSM_DL_DB_HANDLE_PTR)realloc(
- dlDbList.DLDBHandle,
- dlDbList.NumHandles * sizeof(CSSM_DL_DB_HANDLE));
- currDlDb = &dlDbList.DLDBHandle[dlDbList.NumHandles-1];
- currDlDb->DLHandle = dlHand;
- crtn = CSSM_DL_DbOpen(dlHand,
- pathName,
- NULL, // DbLocation
- CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE,
- NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred
- NULL, // void *OpenParameters
- &currDlDb->DBHandle);
- if(crtn) {
- printError("CSSM_DL_DbOpen", crtn);
- printf("***Error opening DB %s. Aborting.\n", value);
- return OTR_Fail;
- }
- break;
- case LT_ExpectError:
- if(vfyArgs.expectedErrStr != NULL) {
- printf("***Duplicate expected error ignored\n");
- free(value);
- }
- else {
- vfyArgs.expectedErrStr = value; // free after test
- }
- value = NULL;
- break;
- case LT_CertError:
- vfyArgs.numCertErrors++;
- vfyArgs.certErrors = (const char **)realloc(vfyArgs.certErrors,
- vfyArgs.numCertErrors * sizeof(char *));
- vfyArgs.certErrors[vfyArgs.numCertErrors - 1] = value;
- value = NULL; // free after test
- break;
- case LT_CertStatus:
- vfyArgs.numCertStatus++;
- vfyArgs.certStatus = (const char **)realloc(vfyArgs.certStatus,
- vfyArgs.numCertStatus * sizeof(char *));
- vfyArgs.certStatus[vfyArgs.numCertStatus - 1] = value;
- value = NULL; // // free after test
- break;
- case LT_SslHost:
- vfyArgs.sslHost = value;
- value = NULL; // free after test
- vfyArgs.vfyPolicy = CVP_SSL;
- break;
- case LT_SenderEmail:
- vfyArgs.senderEmail = value;
- value = NULL; // free after test
- if(vfyArgs.vfyPolicy == CVP_Basic) {
- /* don't overwrite if it's already been set to e.g. iChat */
- vfyArgs.vfyPolicy = CVP_SMIME;
- }
- break;
- case LT_Policy:
- if(parsePolicyString(value, &vfyArgs.vfyPolicy)) {
- printf("Bogus policyValue (%s)\n", value);
- printPolicyStrings();
- return OTR_Fail;
- }
- break;
- case LT_KeyUsage:
- vfyArgs.intendedKeyUse = hexToBin(value);
- break;
- case LT_RevokePolicy:
- if(!strcmp(value, "none")) {
- vfyArgs.revokePolicy = CRP_None;
- }
- else if(!strcmp(value, "crl")) {
- vfyArgs.revokePolicy = CRP_CRL;
- }
- else if(!strcmp(value, "ocsp")) {
- vfyArgs.revokePolicy = CRP_OCSP;
- }
- else if(!strcmp(value, "both")) {
- vfyArgs.revokePolicy = CRP_CRL_OCSP;
- }
- else {
- printf("***Illegal revokePolicy (%s)\n.", value);
- return OTR_Fail;
- }
- break;
- case LT_RespURI:
- vfyArgs.responderURI = value;
- value = NULL; // free after test
- break;
- case LT_VerifyTime:
- vfyArgs.vfyTime = value;
- value = NULL; // free after test
- break;
- case LT_RespCert:
- if(readFile(value, (unsigned char **)&vfyArgs.responderCert,
- &vfyArgs.responderCertLen)) {
- printf("***Error reading responderCert from %s\n", value);
- return OTR_Fail;
- }
- break;
- case LT_EndOfSection:
- break;
- case LT_EndOfFile:
- /* only legal if we haven't gotten a test name */
- if(testName == NULL) {
- return OTR_EndOfScript;
- }
- printf("***Premature end of file.\n");
- return OTR_Fail;
- case LT_BadLine:
- return OTR_Fail;
- case LT_Globals:
- result = fetchGlobals(scriptData, bytesLeft, scriptVars, verbose);
- if(result != OTR_Success) {
- printf("***Bad globals section\n");
- return OTR_Fail;
- }
- /* and start over with these variables */
- localVars = scriptVars;
- break;
- case LT_SslClient:
- if(!strcmp(value, "true")) {
- vfyArgs.sslClient = CSSM_TRUE;
- }
- else {
- vfyArgs.sslClient = CSSM_FALSE;
- }
- vfyArgs.vfyPolicy = CVP_SSL;
- break;
- case LT_Echo:
- if(!quiet) {
- printf("%s\n", value);
- }
- break;
- case LT_GenerateOcspNonce:
- vfyArgs.generateOcspNonce = CSSM_TRUE;
- break;
- case LT_RequireOcspNonce:
- vfyArgs.requireOcspRespNonce = CSSM_TRUE;
- break;
- case LT_AllowExpiredRoot:
- if(!strcmp(value, "true")) {
- vfyArgs.allowExpiredRoot = CSSM_TRUE;
- }
- else {
- vfyArgs.allowExpiredRoot = CSSM_FALSE;
- }
- break;
- case LT_ImplicitAnchors:
- if(!strcmp(value, "true")) {
- vfyArgs.implicitAnchors = CSSM_TRUE;
- }
- else {
- vfyArgs.implicitAnchors = CSSM_FALSE;
- }
- break;
- default:
- /* hopefully a variable */
- result = parseVar(lineType, value, localVars);
- if(result != OTR_Success) {
- printf("**Bogus line in script %u bytes from EOF\n",
- bytesLeft);
- return OTR_Fail;
- }
- break;
-
- }
- if(blobErr) {
- return OTR_Fail;
- }
- if(value != NULL) {
- free(value);
- }
- } while(lineType != LT_EndOfSection);
-
- /* some args: copy from ScriptVars -> CertVerifyArgs */
- vfyArgs.allowUnverified = localVars.allowUnverified;
- vfyArgs.requireOcspIfPresent = localVars.requireOcspIfPresent;
- vfyArgs.requireCrlIfPresent = localVars.requireCrlIfPresent;
- vfyArgs.crlNetFetchEnable = localVars.crlNetFetchEnable;
- vfyArgs.certNetFetchEnable = localVars.certNetFetchEnable;
- vfyArgs.useSystemAnchors = localVars.useSystemAnchors;
- vfyArgs.useTrustSettings = localVars.useTrustSettings;
- vfyArgs.leafCertIsCA = localVars.leafCertIsCA;
- vfyArgs.disableCache = localVars.cacheDisable;
- vfyArgs.disableOcspNet = localVars.ocspNetFetchDisable;
- vfyArgs.requireCrlForAll = localVars.requireCrlForAll;
- vfyArgs.requireOcspForAll = localVars.requireOcspForAll;
- vfyArgs.verbose = verbose;
-
- /* here we go */
- if(!quiet && (testName != NULL)) {
- printf("%s\n", testName);
- }
- int rtn = certVerify(&vfyArgs);
-
- OneTestResult ourRtn = OTR_Success;
- if(rtn) {
- printf("***Failure on %s\n", testName);
- if(testError(quiet)) {
- ourRtn = OTR_Fail;
- }
- }
- /* free the stuff that didn't get freed and the end of the
- * main per-line loop */
- if(dirName != NULL) {
- free(dirName);
- }
- if(vfyArgs.expectedErrStr != NULL) {
- free((void *)vfyArgs.expectedErrStr);
- }
- if(vfyArgs.certErrors != NULL) {
- for(unsigned i=0; i<vfyArgs.numCertErrors; i++) {
- free((void *)vfyArgs.certErrors[i]); // mallocd by parseLine
- }
- free((void *)vfyArgs.certErrors); // reallocd by us
- }
- if(vfyArgs.certStatus != NULL) {
- for(unsigned i=0; i<vfyArgs.numCertStatus; i++) {
- free((void *)vfyArgs.certStatus[i]); // mallocd by parseLine
- }
- free((void *)vfyArgs.certStatus); // reallocd by us
- }
- if(testName != NULL) {
- free(testName);
- }
- if(vfyArgs.sslHost) {
- free((void *)vfyArgs.sslHost);
- }
- if(vfyArgs.senderEmail) {
- free((void *)vfyArgs.senderEmail);
- }
- if(vfyArgs.responderURI) {
- free((void *)vfyArgs.responderURI);
- }
- if(vfyArgs.responderCert) {
- free((void *)vfyArgs.responderCert);
- }
- if(vfyArgs.vfyTime) {
- free((void *)vfyArgs.vfyTime);
- }
- if(dlDbList.DLDBHandle) {
- for(unsigned dex=0; dex<dlDbList.NumHandles; dex++) {
- CSSM_DL_DbClose(dlDbList.DLDBHandle[dex]);
- }
- free(dlDbList.DLDBHandle);
- }
- return ourRtn;
-}
-
-int runScript(
- const char *fileName,
- CSSM_TP_HANDLE tpHand,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- CSSM_DL_HANDLE dlHand,
- ScriptVars *scriptVars,
- CSSM_BOOL quiet,
- CSSM_BOOL verbose,
- CSSM_BOOL doPause)
-{
- const unsigned char *scriptData;
- unsigned char *cp;
- unsigned scriptDataLen;
- int rtn;
- ScriptVars localVars = *scriptVars;
-
- rtn = readFile(fileName, &cp, &scriptDataLen);
- if(rtn) {
- printf("***Error reading script file; aborting.\n");
- printf("***Are you sure you're running this from the proper directory?\n");
- return rtn;
- }
- scriptData = (const unsigned char *)cp;
- OneTestResult result;
-
- do {
- result = runOneTest(scriptData, scriptDataLen,
- tpHand, clHand, cspHand, dlHand,
- localVars, quiet, verbose);
- if(result == OTR_Fail) {
- rtn = 1;
- break;
- }
- if(doPause) {
- fpurge(stdin);
- printf("CR to continue: ");
- getchar();
- }
- } while(result == OTR_Success);
- free(cp);
- return rtn;
-}
-
-/* parse policy string; returns nonzero if not found */
-int parsePolicyString(
- const char *str,
- CertVerifyPolicy *policy)
-{
- const PolicyString *ps;
- for(ps=policyStrings; ps->str; ps++) {
- if(!strcmp(ps->str, str)) {
- *policy = ps->policy;
- return 0;
- }
- }
- return 1;
-}
-
-void printPolicyStrings()
-{
- printf("Valid policy strings are:\n ");
- const PolicyString *ps;
- unsigned i=0;
- for(ps=policyStrings; ps->str; ps++, i++) {
- printf("%s", ps->str);
- if(ps[1].str == NULL) {
- break;
- }
- if((i % 6) == 5) {
- printf(",\n ");
- }
- else {
- printf(", ");
- }
- }
- printf("\n");
-}
-
-void printScriptVars()
-{
- printf("The list of script variables is as follows:\n");
- for(unsigned dex=0; dex<NUM_KEYS; dex++) {
- printf(" %s\n", keyLineTypes[dex].keyName);
- }
- printPolicyStrings();
- printf("Valid revokePolicy strings are:\n none, crl, ocsp, both\n");
-}
-
projects / apple / security.git / blobdiff