1#! /bin/csh -f 2# 3# run CL/TP/SSL X regression tests. 4# 5set BUILD_DIR=$LOCAL_BUILD_DIR 6# 7set QUICK_TEST = 1 8set QUIET= 9set CERTCRL_QUIET= 10set VERB= 11set PINGSSL_QUIET= 12set SKIP_BASIC = 0 13# when false, no SSL, not even local loopback tests or CRL/OCSP tests 14set NO_SSL=0 15# when empty, do ssl Ping tests via ssldvt 16set SSL_PING_ENABLE=n 17set FULL_SSL=NO 18set DO_THREAD=1 19# 20while ( $#argv > 0 ) 21 switch ( "$argv[1]" ) 22 case s: 23 set QUICK_TEST = 1 24 shift 25 breaksw 26 case l: 27 set QUICK_TEST = 0 28 shift 29 breaksw 30 case v: 31 set VERB = v 32 shift 33 breaksw 34 case n: 35 set NO_SSL = 1 36 shift 37 breaksw 38 case f: 39 set SSL_PING_ENABLE = 40 set FULL_SSL = YES 41 shift 42 breaksw 43 case t: 44 set DO_THREAD = 0 45 shift 46 breaksw 47 case k: 48 set SKIP_BASIC = 1 49 shift 50 breaksw 51 case q: 52 set QUIET = q 53 set CERTCRL_QUIET = -q 54 set PINGSSL_QUIET = s 55 shift 56 breaksw 57 default: 58 cat cltpdvt_usage 59 exit(1) 60 endsw 61end 62 63# 64# Select 'quick' or 'normal' test params 65# 66# Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid 67# messing with user's ~/Library/Keychains. 68# 69if($QUICK_TEST == 1) then 70 set CGCONSTRUCT_ARGS="d=0" 71 set CGVERIFY_ARGS="d" 72 set CGVERIFY_DSA_ARGS="l=20 d" 73 set CAVERIFY_ARGS= 74 set EXTENTEST_ARGS= 75 if($NO_SSL == 1) then 76 set THREADTEST_ARGS="ecvsyfF l=10" 77 else 78 set THREADTEST_ARGS="l=10" 79 endif 80 set THREADPING_ARGS="ep o=mr3 l=5" 81 set P12REENCODE_ARGS="l=2" 82else 83 set CGCONSTRUCT_ARGS="l=100 d=0" 84 set CGVERIFY_ARGS="l=100 d" 85 set CAVERIFY_ARGS="l=500" 86 set CGVERIFY_DSA_ARGS="l=500 d" 87 set EXTENTEST_ARGS="l=100" 88 if($NO_SSL == 1) then 89 set THREADTEST_ARGS="l=100 ecvsyfF" 90 else 91 set THREADTEST_ARGS="l=100" 92 endif 93 set THREADPING_ARGS="ep o=mr3 l=10" 94 set P12REENCODE_ARGS="l=10" 95endif 96# 97set CLXUTILS=`pwd` 98 99if($SKIP_BASIC == 0) then 100 # 101 # test RSA, FEE, ECDSA with the following two... 102 # 103 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS $QUIET $VERB || exit(1) 104 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=f $QUIET $VERB || exit(1) 105 $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=E $QUIET $VERB || exit(1) 106 $BUILD_DIR/cgVerify $CGVERIFY_ARGS n=2 $QUIET $VERB || exit(1) 107 $BUILD_DIR/cgVerify $CGVERIFY_ARGS $QUIET $VERB || exit(1) 108 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=e $QUIET $VERB || exit(1) 109 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=5 $QUIET $VERB || exit(1) 110 $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=E $QUIET $VERB || exit(1) 111 # 112 # And one run for DSA partial key processing; run in the test 113 # dir to pick up DSA params 114 # 115 cd $CLXUTILS/cgVerify 116 $BUILD_DIR/cgVerify $CGVERIFY_DSA_ARGS a=d $QUIET $VERB || exit(1) 117 $BUILD_DIR/caVerify $CAVERIFY_ARGS $QUIET $VERB || exit(1) 118 $BUILD_DIR/caVerify a=E $CAVERIFY_ARGS $QUIET $VERB || exit(1) 119endif 120 121# 122# Anchor and intermediate test: once with normal anchors, one with 123# Trust Settings. 124# 125### 126### Allow expired anchors until Radar 6133507 is fixed 127### 128echo "### Warning: allowing expired roots in anchorTest..." 129$BUILD_DIR/anchorTest e $QUIET $VERB || exit(1) 130$BUILD_DIR/anchorTest t e $QUIET $VERB || exit(1) 131$CLXUTILS/anchorTest/intermedTest $QUIET || exit(1) 132$CLXUTILS/anchorTest/intermedTest t $QUIET || exit(1) 133$BUILD_DIR/trustAnchors $QUIET || exit(1) 134 135cd $CLXUTILS 136./updateCerts 137 138$BUILD_DIR/certSerialEncodeTest $QUIET || exit(1) 139 140# 141# certcrl script tests require files relative to cwd 142# 143cd $CLXUTILS/certcrl/testSubjects/X509tests 144$BUILD_DIR/certcrl -S x509tests.scr $CERTCRL_QUIET || exit(1) 145cd $CLXUTILS/certcrl/testSubjects/smime 146$BUILD_DIR/certcrl -S smime.scr $CERTCRL_QUIET || exit(1) 147# 148# disable expiredRoot test since it makes assumptions about 149# store.apple.com which are no longer true %%%FIXME! 150#cd $CLXUTILS/certcrl/testSubjects/expiredRoot 151#$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET || exit(1) 152# 153cd $CLXUTILS/certcrl/testSubjects/expiredCerts 154$BUILD_DIR/certcrl -S expiredCerts.scr $CERTCRL_QUIET || exit(1) 155# 156cd $CLXUTILS/certcrl/testSubjects/anchorAndDb 157$BUILD_DIR/certcrl -S anchorAndDb.scr $CERTCRL_QUIET || exit(1) 158# 159cd $CLXUTILS/certcrl/testSubjects/hostNameDot 160$BUILD_DIR/certcrl -S hostNameDot.scr $CERTCRL_QUIET || exit(1) 161# 162# one with normal anchors, one with Trust Settings 163cd $CLXUTILS/certcrl/testSubjects/AppleCerts 164$BUILD_DIR/certcrl -S AppleCerts.scr $CERTCRL_QUIET || exit(1) 165$BUILD_DIR/certcrl -S AppleCerts.scr -g $CERTCRL_QUIET || exit(1) 166# 167# one with normal anchors, one with Trust Settings 168# This will fail if you have userTrustSettings.plist, from ../trustSettings, 169# installed! 170# Note this should eventually be renamed to something like SWUpdateSigning... 171cd $CLXUTILS/certcrl/testSubjects/AppleCodeSigning 172$BUILD_DIR/certcrl -S AppleCodeSigning.scr $CERTCRL_QUIET || exit(1) 173$BUILD_DIR/certcrl -S AppleCodeSigning.scr -g $CERTCRL_QUIET || exit(1) 174# 175cd $CLXUTILS/certcrl/testSubjects/CodePkgSigning 176$BUILD_DIR/certcrl -S CodePkgSigning.scr $CERTCRL_QUIET || exit(1) 177# 178cd $CLXUTILS/certcrl/testSubjects/localTime 179$BUILD_DIR/certcrl -S localTime.scr $CERTCRL_QUIET || exit(1) 180# 181# one with normal anchors, one with Trust Settings 182cd $CLXUTILS/certcrl/testSubjects/serverGatedCrypto 183$BUILD_DIR/certcrl -S sgc.scr $CERTCRL_QUIET || exit(1) 184$BUILD_DIR/certcrl -S sgc.scr -g $CERTCRL_QUIET || exit(1) 185# 186cd $CLXUTILS/certcrl/testSubjects/crlTime 187$BUILD_DIR/certcrl -S crlTime.scr $CERTCRL_QUIET || exit(1) 188cd $CLXUTILS/certcrl/testSubjects/implicitAnchor 189$BUILD_DIR/certcrl -S implicitAnchor.scr $CERTCRL_QUIET || exit(1) 190cd $CLXUTILS/certcrl/testSubjects/crossSigned 191$BUILD_DIR/certcrl -S crossSigned.scr $CERTCRL_QUIET || exit(1) 192cd $CLXUTILS/certcrl/testSubjects/emptyCert 193$BUILD_DIR/certcrl -S emptyCert.scr $CERTCRL_QUIET || exit(1) 194cd $CLXUTILS/certcrl/testSubjects/emptySubject 195$BUILD_DIR/certcrl -S emptySubject.scr $CERTCRL_QUIET || exit(1) 196cd $CLXUTILS/certcrl/testSubjects/qualCertStatment 197$BUILD_DIR/certcrl -S qualCertStatement.scr $CERTCRL_QUIET || exit(1) 198cd $CLXUTILS/certcrl/testSubjects/ipSec 199$BUILD_DIR/certcrl -S ipSec.scr $CERTCRL_QUIET || exit(1) 200# 201# ECDSA certs, lots of 'em 202# 203cd $CLXUTILS/certcrl/testSubjects/NSS_ECC 204$BUILD_DIR/certcrl -S nssecc.scr $CERTCRL_QUIET || exit(1) 205$BUILD_DIR/certcrl -S msEcc.scr $CERTCRL_QUIET || exit(1) 206$BUILD_DIR/certcrl -S opensslEcc.scr $CERTCRL_QUIET || exit(1) 207 208# 209# CRL/OCSP tests 210# once each with normal anchors, one with Trust Settings 211# 212# Until Verisign gets their CRL server fixed, we have to allow the disabling of the 213# CRL test.... 214# 215if($NO_SSL == 0) then 216 cd $CLXUTILS 217 if($FULL_SSL == YES) then 218 cd $CLXUTILS/certcrl/testSubjects/crlFromSsl 219 $BUILD_DIR/certcrl -S crlssl.scr $CERTCRL_QUIET || exit(1) 220 $BUILD_DIR/certcrl -S crlssl.scr -g $CERTCRL_QUIET || exit(1) 221 endif 222 cd $CLXUTILS/certcrl/testSubjects/ocspFromSsl 223 # this test makes assumptions about store.apple.com which are no longer 224 # true, so need to disable the test for now. %%%FIXME! 225 #$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET || exit(1) 226 #$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET || exit(1) 227endif 228# 229$BUILD_DIR/extenTest $EXTENTEST_ARGS $QUIET $VERB || exit(1) 230$BUILD_DIR/extenTestTp $EXTENTEST_ARGS $QUIET $VERB || exit(1) 231$BUILD_DIR/sslSubjName $QUIET $VERB || exit(1) 232$BUILD_DIR/smimePolicy $QUIET $VERB || exit(1) 233$BUILD_DIR/certLabelTest $CERTCRL_QUIET || exit(1) 234 235# 236# extendAttrTest has to be run from specific directory for access to keys and certs 237# 238cd $CLXUTILS/extendAttrTest 239$BUILD_DIR/extendAttrTest -k $BUILD_DIR/eat.keychain $CERTCRL_QUIET || exit(1) 240 241# 242# threadTest relies on a cert file in cwd 243# 244if($DO_THREAD == 1) then 245 cd $CLXUTILS/threadTest 246 $BUILD_DIR/threadTest $THREADTEST_ARGS $QUIET $VERB || exit(1) 247endif 248# 249# CMS tests have to be run from specific directory for access to keychain and certs 250# 251cd $CLXUTILS/newCmsTool/blobs 252./cmstestHandsoff $CERTCRL_QUIET || exit(1) 253./cmsEcdsaHandsoff $CERTCRL_QUIET || exit(1) 254 255# 256# This one uses a number of p12 files in cwd 257# 258# we may never see this again.... 259# 260# echo ==== skipping p12Reencode for now, but I really want this back === 261# cd $CLXUTILS/p12Reencode 262# ./doReencode $P12REENCODE_ARGS $QUIET || exit(1) 263# 264 265# 266# Import/export tests, always run from here with no default ACL (to avoid UI). 267# 268cd $CLXUTILS/importExport 269./importExport n $QUIET || exit(1) 270 271# sslEcdsa test removed pending validation of tls.secg.org server 272# 273# $BUILD_DIR/sslEcdsa $CERTCRL_QUIET || exit(1) 274 275# 276# Full SSL tests run: 277# -- once with blocking socket I/O 278# -- once with nonblocking socket I/O 279# -- once with RingBuffer I/O, no verifyPing 280# 281if($NO_SSL == 0) then 282 cd $CLXUTILS/sslScripts 283 ./makeLocalCert a || exit(1) 284 ./ssldvt $SSL_PING_ENABLE $QUIET $VERB || exit(1) 285 ./ssldvt $SSL_PING_ENABLE $QUIET $VERB b || exit(1) 286 ./ssldvt n $QUIET $VERB R || exit(1) 287 ./removeLocalCerts 288endif 289if($FULL_SSL == YES) then 290 $BUILD_DIR/threadTest $THREADPING_ARGS $QUIET $VERB || exit(1) 291endif 292 293echo ==== cltpdvt success ==== 294 295