+++ /dev/null
-#! /bin/csh -f
-#
-# test libsecurity_cms.
-#
-set USE_REF_BLOBS=NO
-set QUIET=NO
-set QUIET_ARG=
-set MULTI_UPDATE=
-
-#
-# safely look for this required env var
-#
-setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null
-if($status != 0) then
- echo Please set env var LOCAL_BUILD_DIR.
- exit(1)
-endif
-set BUILD_DIR=$LOCAL_BUILD_DIR
-
-#
-# Default options: identities, keychain, etc.; overridable
-#
-set SRCH_KC=
-set SIGNER=dmitch@apple.com
-set RECIP=dmitch@apple.com
-set SIGNER2=dmitch@dmitch.com
-set RECIP2=dmitch@dmitch.com
-# specifying an anchorFile implies manual SecTrustEval
-set MANUAL_EVAL=
-set ANCHOR_CERT=
-
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case -r:
- set USE_REF_BLOBS = YES
- shift
- breaksw
- case -q:
- set QUIET=YES
- set QUIET_ARG = -Z
- shift
- breaksw
- case -m:
- set MULTI_UPDATE = -m
- shift
- breaksw
- case -s:
- if($#argv < 2) then
- cat cmstestUsage
- exit(1)
- endif
- set SIGNER=$argv[2]
- set RECIP=$argv[2]
- shift
- shift
- breaksw
- case -S:
- if($#argv < 2) then
- cat cmstestUsage
- exit(1)
- endif
- set SIGNER2=$argv[2]
- set RECIP2=$argv[2]
- shift
- shift
- breaksw
- case -k:
- if($#argv < 2) then
- cat cmstestUsage
- exit(1)
- endif
- set SRCH_KC="-k $argv[2]"
- shift
- shift
- breaksw
- case -a:
- if($#argv < 2) then
- cat cmstestUsage
- exit(1)
- endif
- set ANCHOR_CERT="-A $argv[2]"
- set MANUAL_EVAL="-M"
- shift
- shift
- breaksw
- default:
- cat cmstestUsage
- exit(1)
- endsw
-end
-
-set BUILD_DIR=$LOCAL_BUILD_DIR
-set CMSTOOL=$BUILD_DIR/newCmsTool
-
-# the files we act on - we only write to $BUILD_DIR. If we're using reference blobs,
-# we copy them to the build directory and then run as usual.
-#
-set PTEXT=ptext
-set RPTEXT=${BUILD_DIR}/rptext
-
-set OTHER_CERT0=GTE_SGC.cer
-set OTHER_CERT1=dmitchIChat.cer
-set CERT_FILEBASE=${BUILD_DIR}/outcert
-
-set STD_SIGN_CMD="$CMSTOOL sign $SRCH_KC -S $SIGNER $QUIET_ARG $MULTI_UPDATE"
-set STD_ENCR_CMD="$CMSTOOL envel $SRCH_KC -r $RECIP $QUIET_ARG $MULTI_UPDATE"
-set STD_SIGN_ENCR_CMD="$CMSTOOL signEnv $SRCH_KC -S $SIGNER -r $RECIP $QUIET_ARG $MULTI_UPDATE"
-set STD_PARSE_CMD="$CMSTOOL parse -o $RPTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL $QUIET_ARG $MULTI_UPDATE"
-set STD_CMP_CMD="cmp $PTEXT $RPTEXT"
-
-# vanilla
-set O_SIGN=${BUILD_DIR}/sign.p7
-set O_ENV=${BUILD_DIR}/env.p7
-set O_SIGN_ENV=${BUILD_DIR}/signEnv.p7
-# eContentType = auth
-set O_SIGN_AUTH=${BUILD_DIR}/sign_auth.p7
-set O_SIGN_ENV_AUTH=${BUILD_DIR}/signEnv_auth.p7
-# detached content
-set O_SIGN_DETACH=${BUILD_DIR}/sign_det.p7
-# two signers
-set O_SIGN_TWO=${BUILD_DIR}/sign_two.p7
-set O_SIGN_ENV_TWO_SIGN=${BUILD_DIR}/signEnv_twoSign.p7
-# two recipients
-set O_ENV_TWO=${BUILD_DIR}/env_two.p7
-set O_SIGN_ENV_TWO_SIGN_TWO_RECIP=${BUILD_DIR}/signEnv_twoSign_twoRecip.p7
-# additional certs - one signed, sone signed/encryped, one certs only
-set O_SIGN_ADD_CERTS=${BUILD_DIR}/sign_certs.p7
-set O_SIGN_ENV_ADD_CERTS=${BUILD_DIR}/signEnv_certs.p7
-set O_SIGN_ONLY_CERTS=${BUILD_DIR}/certsOnly.p7
-# cert chain options
-set O_SIGN_NONE=${BUILD_DIR}/sign_nocerts.p7
-set O_SIGN_SIGNER=${BUILD_DIR}/sign_signer.p7
-set O_SIGN_WITHROOT=${BUILD_DIR}/sign_withroot.p7
-
-if($USE_REF_BLOBS == YES) then
- if($QUIET == NO) then
- echo copying reference blobs to Build directory...
- echo "cp *.p7 ${BUILD_DIR}/"
- endif
- cp *.p7 ${BUILD_DIR} || exit(1)
-else
- if($QUIET == NO) then
- echo generating blobs in Build directory...
- endif
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_AUTH -e a"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_AUTH -e a"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_DETACH -d"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_TWO -S $SIGNER2"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN -S $SIGNER2"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV_TWO -r $RECIP2"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -S $SIGNER2 -r $RECIP2"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$CMSTOOL certs -o $O_SIGN_ONLY_CERTS $QUIET_ARG -C $OTHER_CERT0 -C $OTHER_CERT1"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_NONE -t none"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_SIGNER -t signer"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
- set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_WITHROOT -t chainWithRoot"
- if($QUIET == NO) then
- echo $cmd
- endif
- $cmd || exit(1)
-
-endif
-
-if($QUIET == NO) then
- echo verifying blobs in Build directory...
-endif
-
-# Note we expect there to be twp certs per signer...true for the current
-# Thawte certs.
-
-# signed
-set cmd="$STD_PARSE_CMD -i $O_SIGN -v sign -E d -s 1 -N 2"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# enveloped
-set cmd="$STD_PARSE_CMD -i $O_ENV -v encr -N 0"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed & enveloped
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV -v signEnv -E d -s 1 -N 2"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed, eContentType auth
-set cmd="$STD_PARSE_CMD -i $O_SIGN_AUTH -v sign -E a -s 1 -N 2"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed & enveloped, eContentType auth
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_AUTH -v signEnv -E a -s 1 -N 2"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed, detached content - no output
-set cmd="$CMSTOOL parse -i $O_SIGN_DETACH -D $PTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL -v sign -E d -s 1 $QUIET_ARG $MULTI_UPDATE -N 2"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-# signed, two signers
-set cmd="$STD_PARSE_CMD -i $O_SIGN_TWO -v sign -E d -s 2 -N 4"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed & enveloped, two signers
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN -v signEnv -E d -s 2 -N 4"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# enveloped, two recipients
-set cmd="$STD_PARSE_CMD -i $O_ENV_TWO -v encr -N 0"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# signed & enveloped, two signers, two recipients
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -v signEnv -E d -s 2 -N 4"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-# additional certs with signer
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ADD_CERTS -v sign -E d -s 1 -N 4"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# additional certs with signer & recipient
-set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_ADD_CERTS -v signEnv -E d -s 1 -N 4"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# cert chain options - first, no certs
-set cmd="$STD_PARSE_CMD -i $O_SIGN_NONE -v sign -E d -s 1 -N 0"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# cert chain options - signer certs
-set cmd="$STD_PARSE_CMD -i $O_SIGN_SIGNER -v sign -E d -s 1 -N 1"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# cert chain options - chain with root
-set cmd="$STD_PARSE_CMD -i $O_SIGN_WITHROOT -v sign -E d -s 1 -N 3"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="$STD_CMP_CMD"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-if($QUIET == NO) then
- echo rm $RPTEXT
-endif
-rm $RPTEXT
-
-# certs only
-set cmd="$CMSTOOL parse -i $O_SIGN_ONLY_CERTS $QUIET_ARG $MULTI_UPDATE -v sign -s 0 -N 2 -f $CERT_FILEBASE"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-# the order here is affected by the size of the certs: the certs are encoded in the
-# p7 blob as a SET OF, which when DER-encoded (as opposed to BER encoded), is ordered,
-# with the length octets happening to determine the order (if the certs are different
-# sizes). We know that OTHER_CERT1 is smaller that OTHER_CERT0...
-set cmd="cmp $OTHER_CERT1 ${CERT_FILEBASE}_0.cer"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="cmp $OTHER_CERT0 ${CERT_FILEBASE}_1.cer"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-set cmd="rm ${CERT_FILEBASE}_0.cer ${CERT_FILEBASE}_1.cer"
-if($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-if($QUIET == NO) then
- echo === cmstest Succeeded ===
-endif
projects / apple / security.git / blobdiff