1#! /bin/csh -f 2# 3# test libsecurity_cms. 4# 5set USE_REF_BLOBS=NO 6set QUIET=NO 7set QUIET_ARG= 8set MULTI_UPDATE= 9 10# 11# safely look for this required env var 12# 13setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null 14if($status != 0) then 15 echo Please set env var LOCAL_BUILD_DIR. 16 exit(1) 17endif 18set BUILD_DIR=$LOCAL_BUILD_DIR 19 20# 21# Default options: identities, keychain, etc.; overridable 22# 23set SRCH_KC= 24set SIGNER=dmitch@apple.com 25set RECIP=dmitch@apple.com 26set SIGNER2=dmitch@dmitch.com 27set RECIP2=dmitch@dmitch.com 28# specifying an anchorFile implies manual SecTrustEval 29set MANUAL_EVAL= 30set ANCHOR_CERT= 31 32while ( $#argv > 0 ) 33 switch ( "$argv[1]" ) 34 case -r: 35 set USE_REF_BLOBS = YES 36 shift 37 breaksw 38 case -q: 39 set QUIET=YES 40 set QUIET_ARG = -Z 41 shift 42 breaksw 43 case -m: 44 set MULTI_UPDATE = -m 45 shift 46 breaksw 47 case -s: 48 if($#argv < 2) then 49 cat cmstestUsage 50 exit(1) 51 endif 52 set SIGNER=$argv[2] 53 set RECIP=$argv[2] 54 shift 55 shift 56 breaksw 57 case -S: 58 if($#argv < 2) then 59 cat cmstestUsage 60 exit(1) 61 endif 62 set SIGNER2=$argv[2] 63 set RECIP2=$argv[2] 64 shift 65 shift 66 breaksw 67 case -k: 68 if($#argv < 2) then 69 cat cmstestUsage 70 exit(1) 71 endif 72 set SRCH_KC="-k $argv[2]" 73 shift 74 shift 75 breaksw 76 case -a: 77 if($#argv < 2) then 78 cat cmstestUsage 79 exit(1) 80 endif 81 set ANCHOR_CERT="-A $argv[2]" 82 set MANUAL_EVAL="-M" 83 shift 84 shift 85 breaksw 86 default: 87 cat cmstestUsage 88 exit(1) 89 endsw 90end 91 92set BUILD_DIR=$LOCAL_BUILD_DIR 93set CMSTOOL=$BUILD_DIR/newCmsTool 94 95# the files we act on - we only write to $BUILD_DIR. If we're using reference blobs, 96# we copy them to the build directory and then run as usual. 97# 98set PTEXT=ptext 99set RPTEXT=${BUILD_DIR}/rptext 100 101set OTHER_CERT0=GTE_SGC.cer 102set OTHER_CERT1=dmitchIChat.cer 103set CERT_FILEBASE=${BUILD_DIR}/outcert 104 105set STD_SIGN_CMD="$CMSTOOL sign $SRCH_KC -S $SIGNER $QUIET_ARG $MULTI_UPDATE" 106set STD_ENCR_CMD="$CMSTOOL envel $SRCH_KC -r $RECIP $QUIET_ARG $MULTI_UPDATE" 107set STD_SIGN_ENCR_CMD="$CMSTOOL signEnv $SRCH_KC -S $SIGNER -r $RECIP $QUIET_ARG $MULTI_UPDATE" 108set STD_PARSE_CMD="$CMSTOOL parse -o $RPTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL $QUIET_ARG $MULTI_UPDATE" 109set STD_CMP_CMD="cmp $PTEXT $RPTEXT" 110 111# vanilla 112set O_SIGN=${BUILD_DIR}/sign.p7 113set O_ENV=${BUILD_DIR}/env.p7 114set O_SIGN_ENV=${BUILD_DIR}/signEnv.p7 115# eContentType = auth 116set O_SIGN_AUTH=${BUILD_DIR}/sign_auth.p7 117set O_SIGN_ENV_AUTH=${BUILD_DIR}/signEnv_auth.p7 118# detached content 119set O_SIGN_DETACH=${BUILD_DIR}/sign_det.p7 120# two signers 121set O_SIGN_TWO=${BUILD_DIR}/sign_two.p7 122set O_SIGN_ENV_TWO_SIGN=${BUILD_DIR}/signEnv_twoSign.p7 123# two recipients 124set O_ENV_TWO=${BUILD_DIR}/env_two.p7 125set O_SIGN_ENV_TWO_SIGN_TWO_RECIP=${BUILD_DIR}/signEnv_twoSign_twoRecip.p7 126# additional certs - one signed, sone signed/encryped, one certs only 127set O_SIGN_ADD_CERTS=${BUILD_DIR}/sign_certs.p7 128set O_SIGN_ENV_ADD_CERTS=${BUILD_DIR}/signEnv_certs.p7 129set O_SIGN_ONLY_CERTS=${BUILD_DIR}/certsOnly.p7 130# cert chain options 131set O_SIGN_NONE=${BUILD_DIR}/sign_nocerts.p7 132set O_SIGN_SIGNER=${BUILD_DIR}/sign_signer.p7 133set O_SIGN_WITHROOT=${BUILD_DIR}/sign_withroot.p7 134 135if($USE_REF_BLOBS == YES) then 136 if($QUIET == NO) then 137 echo copying reference blobs to Build directory... 138 echo "cp *.p7 ${BUILD_DIR}/" 139 endif 140 cp *.p7 ${BUILD_DIR} || exit(1) 141else 142 if($QUIET == NO) then 143 echo generating blobs in Build directory... 144 endif 145 146 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN" 147 if($QUIET == NO) then 148 echo $cmd 149 endif 150 $cmd || exit(1) 151 152 set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV" 153 if($QUIET == NO) then 154 echo $cmd 155 endif 156 $cmd || exit(1) 157 158 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV" 159 if($QUIET == NO) then 160 echo $cmd 161 endif 162 $cmd || exit(1) 163 164 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_AUTH -e a" 165 if($QUIET == NO) then 166 echo $cmd 167 endif 168 $cmd || exit(1) 169 170 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_AUTH -e a" 171 if($QUIET == NO) then 172 echo $cmd 173 endif 174 $cmd || exit(1) 175 176 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_DETACH -d" 177 if($QUIET == NO) then 178 echo $cmd 179 endif 180 $cmd || exit(1) 181 182 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_TWO -S $SIGNER2" 183 if($QUIET == NO) then 184 echo $cmd 185 endif 186 $cmd || exit(1) 187 188 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN -S $SIGNER2" 189 if($QUIET == NO) then 190 echo $cmd 191 endif 192 $cmd || exit(1) 193 194 set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV_TWO -r $RECIP2" 195 if($QUIET == NO) then 196 echo $cmd 197 endif 198 $cmd || exit(1) 199 200 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -S $SIGNER2 -r $RECIP2" 201 if($QUIET == NO) then 202 echo $cmd 203 endif 204 $cmd || exit(1) 205 206 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1" 207 if($QUIET == NO) then 208 echo $cmd 209 endif 210 $cmd || exit(1) 211 212 set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1" 213 if($QUIET == NO) then 214 echo $cmd 215 endif 216 $cmd || exit(1) 217 218 set cmd="$CMSTOOL certs -o $O_SIGN_ONLY_CERTS $QUIET_ARG -C $OTHER_CERT0 -C $OTHER_CERT1" 219 if($QUIET == NO) then 220 echo $cmd 221 endif 222 $cmd || exit(1) 223 224 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_NONE -t none" 225 if($QUIET == NO) then 226 echo $cmd 227 endif 228 $cmd || exit(1) 229 230 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_SIGNER -t signer" 231 if($QUIET == NO) then 232 echo $cmd 233 endif 234 $cmd || exit(1) 235 236 set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_WITHROOT -t chainWithRoot" 237 if($QUIET == NO) then 238 echo $cmd 239 endif 240 $cmd || exit(1) 241 242endif 243 244if($QUIET == NO) then 245 echo verifying blobs in Build directory... 246endif 247 248# Note we expect there to be twp certs per signer...true for the current 249# Thawte certs. 250 251# signed 252set cmd="$STD_PARSE_CMD -i $O_SIGN -v sign -E d -s 1 -N 2" 253if($QUIET == NO) then 254 echo $cmd 255endif 256$cmd || exit(1) 257set cmd="$STD_CMP_CMD" 258if($QUIET == NO) then 259 echo $cmd 260endif 261$cmd || exit(1) 262if($QUIET == NO) then 263 echo rm $RPTEXT 264endif 265rm $RPTEXT 266 267# enveloped 268set cmd="$STD_PARSE_CMD -i $O_ENV -v encr -N 0" 269if($QUIET == NO) then 270 echo $cmd 271endif 272$cmd || exit(1) 273set cmd="$STD_CMP_CMD" 274if($QUIET == NO) then 275 echo $cmd 276endif 277$cmd || exit(1) 278if($QUIET == NO) then 279 echo rm $RPTEXT 280endif 281rm $RPTEXT 282 283# signed & enveloped 284set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV -v signEnv -E d -s 1 -N 2" 285if($QUIET == NO) then 286 echo $cmd 287endif 288$cmd || exit(1) 289set cmd="$STD_CMP_CMD" 290if($QUIET == NO) then 291 echo $cmd 292endif 293$cmd || exit(1) 294if($QUIET == NO) then 295 echo rm $RPTEXT 296endif 297rm $RPTEXT 298 299# signed, eContentType auth 300set cmd="$STD_PARSE_CMD -i $O_SIGN_AUTH -v sign -E a -s 1 -N 2" 301if($QUIET == NO) then 302 echo $cmd 303endif 304$cmd || exit(1) 305set cmd="$STD_CMP_CMD" 306if($QUIET == NO) then 307 echo $cmd 308endif 309$cmd || exit(1) 310if($QUIET == NO) then 311 echo rm $RPTEXT 312endif 313rm $RPTEXT 314 315# signed & enveloped, eContentType auth 316set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_AUTH -v signEnv -E a -s 1 -N 2" 317if($QUIET == NO) then 318 echo $cmd 319endif 320$cmd || exit(1) 321set cmd="$STD_CMP_CMD" 322if($QUIET == NO) then 323 echo $cmd 324endif 325$cmd || exit(1) 326if($QUIET == NO) then 327 echo rm $RPTEXT 328endif 329rm $RPTEXT 330 331# signed, detached content - no output 332set cmd="$CMSTOOL parse -i $O_SIGN_DETACH -D $PTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL -v sign -E d -s 1 $QUIET_ARG $MULTI_UPDATE -N 2" 333if($QUIET == NO) then 334 echo $cmd 335endif 336$cmd || exit(1) 337 338# signed, two signers 339set cmd="$STD_PARSE_CMD -i $O_SIGN_TWO -v sign -E d -s 2 -N 4" 340if($QUIET == NO) then 341 echo $cmd 342endif 343$cmd || exit(1) 344set cmd="$STD_CMP_CMD" 345if($QUIET == NO) then 346 echo $cmd 347endif 348$cmd || exit(1) 349if($QUIET == NO) then 350 echo rm $RPTEXT 351endif 352rm $RPTEXT 353 354# signed & enveloped, two signers 355set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN -v signEnv -E d -s 2 -N 4" 356if($QUIET == NO) then 357 echo $cmd 358endif 359$cmd || exit(1) 360set cmd="$STD_CMP_CMD" 361if($QUIET == NO) then 362 echo $cmd 363endif 364$cmd || exit(1) 365if($QUIET == NO) then 366 echo rm $RPTEXT 367endif 368rm $RPTEXT 369 370# enveloped, two recipients 371set cmd="$STD_PARSE_CMD -i $O_ENV_TWO -v encr -N 0" 372if($QUIET == NO) then 373 echo $cmd 374endif 375$cmd || exit(1) 376set cmd="$STD_CMP_CMD" 377if($QUIET == NO) then 378 echo $cmd 379endif 380$cmd || exit(1) 381if($QUIET == NO) then 382 echo rm $RPTEXT 383endif 384rm $RPTEXT 385 386# signed & enveloped, two signers, two recipients 387set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -v signEnv -E d -s 2 -N 4" 388if($QUIET == NO) then 389 echo $cmd 390endif 391$cmd || exit(1) 392set cmd="$STD_CMP_CMD" 393if($QUIET == NO) then 394 echo $cmd 395endif 396$cmd || exit(1) 397 398# additional certs with signer 399set cmd="$STD_PARSE_CMD -i $O_SIGN_ADD_CERTS -v sign -E d -s 1 -N 4" 400if($QUIET == NO) then 401 echo $cmd 402endif 403$cmd || exit(1) 404set cmd="$STD_CMP_CMD" 405if($QUIET == NO) then 406 echo $cmd 407endif 408$cmd || exit(1) 409if($QUIET == NO) then 410 echo rm $RPTEXT 411endif 412rm $RPTEXT 413 414# additional certs with signer & recipient 415set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_ADD_CERTS -v signEnv -E d -s 1 -N 4" 416if($QUIET == NO) then 417 echo $cmd 418endif 419$cmd || exit(1) 420set cmd="$STD_CMP_CMD" 421if($QUIET == NO) then 422 echo $cmd 423endif 424$cmd || exit(1) 425if($QUIET == NO) then 426 echo rm $RPTEXT 427endif 428rm $RPTEXT 429 430# cert chain options - first, no certs 431set cmd="$STD_PARSE_CMD -i $O_SIGN_NONE -v sign -E d -s 1 -N 0" 432if($QUIET == NO) then 433 echo $cmd 434endif 435$cmd || exit(1) 436set cmd="$STD_CMP_CMD" 437if($QUIET == NO) then 438 echo $cmd 439endif 440$cmd || exit(1) 441if($QUIET == NO) then 442 echo rm $RPTEXT 443endif 444rm $RPTEXT 445 446# cert chain options - signer certs 447set cmd="$STD_PARSE_CMD -i $O_SIGN_SIGNER -v sign -E d -s 1 -N 1" 448if($QUIET == NO) then 449 echo $cmd 450endif 451$cmd || exit(1) 452set cmd="$STD_CMP_CMD" 453if($QUIET == NO) then 454 echo $cmd 455endif 456$cmd || exit(1) 457if($QUIET == NO) then 458 echo rm $RPTEXT 459endif 460rm $RPTEXT 461 462# cert chain options - chain with root 463set cmd="$STD_PARSE_CMD -i $O_SIGN_WITHROOT -v sign -E d -s 1 -N 3" 464if($QUIET == NO) then 465 echo $cmd 466endif 467$cmd || exit(1) 468set cmd="$STD_CMP_CMD" 469if($QUIET == NO) then 470 echo $cmd 471endif 472$cmd || exit(1) 473if($QUIET == NO) then 474 echo rm $RPTEXT 475endif 476rm $RPTEXT 477 478# certs only 479set cmd="$CMSTOOL parse -i $O_SIGN_ONLY_CERTS $QUIET_ARG $MULTI_UPDATE -v sign -s 0 -N 2 -f $CERT_FILEBASE" 480if($QUIET == NO) then 481 echo $cmd 482endif 483$cmd || exit(1) 484# the order here is affected by the size of the certs: the certs are encoded in the 485# p7 blob as a SET OF, which when DER-encoded (as opposed to BER encoded), is ordered, 486# with the length octets happening to determine the order (if the certs are different 487# sizes). We know that OTHER_CERT1 is smaller that OTHER_CERT0... 488set cmd="cmp $OTHER_CERT1 ${CERT_FILEBASE}_0.cer" 489if($QUIET == NO) then 490 echo $cmd 491endif 492$cmd || exit(1) 493set cmd="cmp $OTHER_CERT0 ${CERT_FILEBASE}_1.cer" 494if($QUIET == NO) then 495 echo $cmd 496endif 497$cmd || exit(1) 498set cmd="rm ${CERT_FILEBASE}_0.cer ${CERT_FILEBASE}_1.cer" 499if($QUIET == NO) then 500 echo $cmd 501endif 502$cmd || exit(1) 503 504if($QUIET == NO) then 505 echo === cmstest Succeeded === 506endif 507