+++ /dev/null
-#! /bin/csh -f
-#
-# Run import/export tests for PKCS12.
-#
-# Run this from SecurityTests/clxutils/importExport. The
-# kcImport and kcExport programs must exist in the location
-# specified by the LOCAL_BUILD_DIR env var.
-#
-
-source setupCommon
-
-# PKCS12 blob, we generate
-set GEN_PKCS12_PFX=${BUILD_DIR}/generated.p12
-
-# parsed PEM sequence generated by openssl (parsing $GEN_PKCS12_PFX)
-set PKCS12_PARSED_PEM=${BUILD_DIR}/parsed.p12.pem
-
-# PKCS12 blob, openssl generates
-set GEN_OPENSSL_PKCS12_PFX=${BUILD_DIR}/generatedOpenssl.p12
-
-# PKCS12 passphrase
-set PKCS12_PASSPHRASE=somePassphrase
-
-# user specified variables
-set QUIET=NO
-set QUIET_ARG=
-set KEYSIZE=512
-set NOACL=NO
-set NOACL_ARG=
-set SECURE_PASSPHR=
-set NOCLEAN=NO
-
-#
-# Verify existence of a few crucial things before we start.
-#
-if( ( ! -e $KCIMPORT ) || \
- ( ! -e $KCEXPORT ) ) then
- echo === You do not seem to have all of the required executables.
- echo === Please build all of cspxutils and clxutils.
- echo === See the README files in those directories for info.
- exit(1)
-endif
-
-# user options
-
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case q:
- set QUIET=YES
- set QUIET_ARG=-q
- shift
- breaksw
- case n:
- set NOACL=YES
- set NOACL_ARG=-n
- shift
- breaksw
- case s:
- set SECURE_PASSPHR=-Z
- shift
- breaksw
- case N:
- set NOCLEAN=YES
- shift
- breaksw
- default:
- echo Usage: importExportPkcs12 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
- exit(1)
- endsw
-end
-
-# Create keypair and cert using certtool
-
-echo === Begin PKCS12 test ===
-if ($QUIET == NO) then
- echo Creating keypair and cert with certtool...
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$CERTTOOL c k=$KEYCHAIN_PATH Z"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd > /dev/null || exit(1)
-
-# export as P12
-
-if ($QUIET == NO) then
- echo ...Exporting private key and cert as PKCS12...
-endif
-# note we export Identities, not All, since pub keys can't go in a P12
-set cmd="$KCEXPORT $KEYCHAIN -t identities -f pkcs12 -o $GEN_PKCS12_PFX -z $PKCS12_PASSPHRASE $SECURE_PASSPHR -q"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-# import and verify
-
-if ($QUIET == NO) then
- echo ...Importing PKCS12, explicit format...
-endif
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -f pkcs12 -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-if ($QUIET == NO) then
- echo ...Importing PKCS12, format inferred from filename...
-endif
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-
-#
-# Exchange with openssl.
-#
-if ($QUIET == NO) then
- echo ...parsing our P12 PFX with openssl...
-endif
-set cmd="$RM -f $PKCS12_PARSED_PEM"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$OPENSSL pkcs12 -in $GEN_PKCS12_PFX -passin pass:$PKCS12_PASSPHRASE -nodes -out $PKCS12_PARSED_PEM"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd >& /dev/null|| exit(1)
-
-if ($QUIET == NO) then
- echo ...parsing openssl PEM sequence
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$KCIMPORT $PKCS12_PARSED_PEM -k $KEYCHAIN -z $PKCS12_PASSPHRASE -q $NOACL_ARG $SECURE_PASSPHR"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-if ($QUIET == NO) then
- echo ...creating PKCS12 with openssl, import to empty keychain
-endif
-set cmd="$OPENSSL pkcs12 -in $PKCS12_PARSED_PEM -out $GEN_OPENSSL_PKCS12_PFX -passout pass:$PKCS12_PASSPHRASE -export"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$KCIMPORT $GEN_OPENSSL_PKCS12_PFX -z $PKCS12_PASSPHRASE -k $KEYCHAIN -K 0 -C 0 -I 1 -q $SECURE_PASSPHR"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-# cleanup
-if ($NOCLEAN == NO) then
- set cmd="rm -f $GEN_PKCS12_PFX $PKCS12_PARSED_PEM $GEN_OPENSSL_PKCS12_PFX"
- if ($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-endif
-
-if ($QUIET == NO) then
- echo === PKCS12 test complete ===
-endif
-
projects / apple / security.git / blobdiff