1#! /bin/csh -f 2# 3# Run import/export tests for PKCS12. 4# 5# Run this from SecurityTests/clxutils/importExport. The 6# kcImport and kcExport programs must exist in the location 7# specified by the LOCAL_BUILD_DIR env var. 8# 9 10source setupCommon 11 12# PKCS12 blob, we generate 13set GEN_PKCS12_PFX=${BUILD_DIR}/generated.p12 14 15# parsed PEM sequence generated by openssl (parsing $GEN_PKCS12_PFX) 16set PKCS12_PARSED_PEM=${BUILD_DIR}/parsed.p12.pem 17 18# PKCS12 blob, openssl generates 19set GEN_OPENSSL_PKCS12_PFX=${BUILD_DIR}/generatedOpenssl.p12 20 21# PKCS12 passphrase 22set PKCS12_PASSPHRASE=somePassphrase 23 24# user specified variables 25set QUIET=NO 26set QUIET_ARG= 27set KEYSIZE=512 28set NOACL=NO 29set NOACL_ARG= 30set SECURE_PASSPHR= 31set NOCLEAN=NO 32 33# 34# Verify existence of a few crucial things before we start. 35# 36if( ( ! -e $KCIMPORT ) || \ 37 ( ! -e $KCEXPORT ) ) then 38 echo === You do not seem to have all of the required executables. 39 echo === Please build all of cspxutils and clxutils. 40 echo === See the README files in those directories for info. 41 exit(1) 42endif 43 44# user options 45 46while ( $#argv > 0 ) 47 switch ( "$argv[1]" ) 48 case q: 49 set QUIET=YES 50 set QUIET_ARG=-q 51 shift 52 breaksw 53 case n: 54 set NOACL=YES 55 set NOACL_ARG=-n 56 shift 57 breaksw 58 case s: 59 set SECURE_PASSPHR=-Z 60 shift 61 breaksw 62 case N: 63 set NOCLEAN=YES 64 shift 65 breaksw 66 default: 67 echo Usage: importExportPkcs12 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\] 68 exit(1) 69 endsw 70end 71 72# Create keypair and cert using certtool 73 74echo === Begin PKCS12 test === 75if ($QUIET == NO) then 76 echo Creating keypair and cert with certtool... 77 echo $CLEANKC 78endif 79$CLEANKC || exit(1) 80set cmd="$CERTTOOL c k=$KEYCHAIN_PATH Z" 81if ($QUIET == NO) then 82 echo $cmd 83endif 84$cmd > /dev/null || exit(1) 85 86# export as P12 87 88if ($QUIET == NO) then 89 echo ...Exporting private key and cert as PKCS12... 90endif 91# note we export Identities, not All, since pub keys can't go in a P12 92set cmd="$KCEXPORT $KEYCHAIN -t identities -f pkcs12 -o $GEN_PKCS12_PFX -z $PKCS12_PASSPHRASE $SECURE_PASSPHR -q" 93if ($QUIET == NO) then 94 echo $cmd 95endif 96$cmd || exit(1) 97 98# import and verify 99 100if ($QUIET == NO) then 101 echo ...Importing PKCS12, explicit format... 102endif 103if ($QUIET == NO) then 104 echo $CLEANKC 105endif 106$CLEANKC || exit(1) 107set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -f pkcs12 -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR" 108if ($QUIET == NO) then 109 echo $cmd 110endif 111$cmd || exit(1) 112 113if ($QUIET == NO) then 114 echo ...Importing PKCS12, format inferred from filename... 115endif 116if ($QUIET == NO) then 117 echo $CLEANKC 118endif 119$CLEANKC || exit(1) 120set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR" 121if ($QUIET == NO) then 122 echo $cmd 123endif 124$cmd || exit(1) 125if ($QUIET == NO) then 126 echo $CLEANKC 127endif 128$CLEANKC || exit(1) 129 130# 131# Exchange with openssl. 132# 133if ($QUIET == NO) then 134 echo ...parsing our P12 PFX with openssl... 135endif 136set cmd="$RM -f $PKCS12_PARSED_PEM" 137if ($QUIET == NO) then 138 echo $cmd 139endif 140$cmd || exit(1) 141set cmd="$OPENSSL pkcs12 -in $GEN_PKCS12_PFX -passin pass:$PKCS12_PASSPHRASE -nodes -out $PKCS12_PARSED_PEM" 142if ($QUIET == NO) then 143 echo $cmd 144endif 145$cmd >& /dev/null|| exit(1) 146 147if ($QUIET == NO) then 148 echo ...parsing openssl PEM sequence 149 echo $CLEANKC 150endif 151$CLEANKC || exit(1) 152set cmd="$KCIMPORT $PKCS12_PARSED_PEM -k $KEYCHAIN -z $PKCS12_PASSPHRASE -q $NOACL_ARG $SECURE_PASSPHR" 153if ($QUIET == NO) then 154 echo $cmd 155endif 156$cmd || exit(1) 157 158if ($QUIET == NO) then 159 echo ...creating PKCS12 with openssl, import to empty keychain 160endif 161set cmd="$OPENSSL pkcs12 -in $PKCS12_PARSED_PEM -out $GEN_OPENSSL_PKCS12_PFX -passout pass:$PKCS12_PASSPHRASE -export" 162if ($QUIET == NO) then 163 echo $cmd 164endif 165$cmd || exit(1) 166if ($QUIET == NO) then 167 echo $CLEANKC 168endif 169$CLEANKC || exit(1) 170set cmd="$KCIMPORT $GEN_OPENSSL_PKCS12_PFX -z $PKCS12_PASSPHRASE -k $KEYCHAIN -K 0 -C 0 -I 1 -q $SECURE_PASSPHR" 171if ($QUIET == NO) then 172 echo $cmd 173endif 174$cmd || exit(1) 175set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG" 176if ($QUIET == NO) then 177 echo $cmd 178endif 179$cmd || exit(1) 180 181# cleanup 182if ($NOCLEAN == NO) then 183 set cmd="rm -f $GEN_PKCS12_PFX $PKCS12_PARSED_PEM $GEN_OPENSSL_PKCS12_PFX" 184 if ($QUIET == NO) then 185 echo $cmd 186 endif 187 $cmd || exit(1) 188endif 189 190if ($QUIET == NO) then 191 echo === PKCS12 test complete === 192endif 193 194