X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaHandsoff

diff --git a/SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaHandsoff b/SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaHandsoff
new file mode 100755
index 00000000..69a2f825
--- /dev/null
+++ b/SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaHandsoff
@@ -0,0 +1,83 @@
+#! /bin/csh -f
+#
+# Run cmstest, handsoff, any user, any environment, ECDSA version.
+# This uses a keychain we have right here for this purpose. It's insecure - we 
+# know its passphrase and use it here in the clear to unlock - and its private
+# keys have wide-open ACLs to avoid UI. We use the root used to generate the 
+# certs in that keychain in the -A option to newCmsTool. 
+#
+# To get identities with no ACLs, create them in the usual way (I do it with 
+# the Cert app), export them in p12 form, delete from the keychain, and import
+# like this:
+#
+# % kcImport user3.p12 -z password -f pkcs12 -n -k ecdsaCmsKeychain.keychain
+#
+# We copy the test's keychain to ${BUILD_DIR}/ecdsaCmsKeychain.keychain just to keep the UI spew to 
+# a minimum. 
+#
+
+#
+# safely look for this required env var
+#
+setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null
+if($status != 0) then
+        echo Please set env var LOCAL_BUILD_DIR.
+        exit(1)
+endif
+set BUILD_DIR=$LOCAL_BUILD_DIR
+
+set TESTDIR=`pwd`
+set CMS_KEYCHAIN_SRC=ecdsaCmsKeychain.keychain
+set CMS_KEYCHAIN_DST=${BUILD_DIR}/ecdsaCmsKeychain.keychain
+set CMS_KEYCHAIN_PASSWORD=password
+set CMS_KEYCHAIN_ROOT=cmsEcdsaRoot.cer
+set USER1=user3@debug.apple.com
+set USER2=user4@debug.apple.com
+set QUIET=
+set OUR_QUIET=NO
+
+while ( $#argv > 0 )
+    switch ( "$argv[1]" )
+        case -q:
+            set QUIET="-q"
+			set OUR_QUIET=YES
+            shift
+            breaksw
+        default:
+            echo "Usage: cmstestHandsoff [-q(uiet)]"
+            exit(1)
+    endsw
+end
+
+echo Starting cmsEcdsaHandsoff
+
+set cmd="cp $CMS_KEYCHAIN_SRC $CMS_KEYCHAIN_DST"
+if($OUR_QUIET == NO) then
+	echo $cmd
+endif
+# ignore errors here...we'll soon fail if this does
+$cmd
+
+set cmd="/usr/bin/security unlock -p $CMS_KEYCHAIN_PASSWORD $CMS_KEYCHAIN_DST"
+if($OUR_QUIET == NO) then
+	echo $cmd
+endif
+$cmd || exit(1)
+
+set cmd="./cmstest -s $USER1 -S $USER2 -k $CMS_KEYCHAIN_DST -a $CMS_KEYCHAIN_ROOT $QUIET"
+if($OUR_QUIET == NO) then
+	echo $cmd
+endif
+$cmd || exit(1)
+
+# and try to be nice
+set cmd="rm $CMS_KEYCHAIN_DST"
+if($OUR_QUIET == NO) then
+	echo $cmd
+endif
+$cmd || exit(1)
+
+if($OUR_QUIET == NO) then
+	echo === cmsEcdsaHandsoff Succeeded ===
+endif
+