1#! /bin/csh -f
2#
3# test libsecurity_cms.
4#
5set USE_REF_BLOBS=NO
6set QUIET=NO
7set QUIET_ARG=
8set MULTI_UPDATE=
9
10#
11# safely look for this required env var
12#
13setenv | /usr/bin/grep LOCAL_BUILD_DIR > /dev/null
14if($status != 0) then
15        echo Please set env var LOCAL_BUILD_DIR.
16        exit(1)
17endif
18set BUILD_DIR=$LOCAL_BUILD_DIR
19
20# 
21# Default options: identities, keychain, etc.; overridable
22#
23set SRCH_KC=
24set SIGNER=dmitch@apple.com
25set RECIP=dmitch@apple.com
26set SIGNER2=dmitch@dmitch.com
27set RECIP2=dmitch@dmitch.com
28# specifying an anchorFile implies manual SecTrustEval
29set MANUAL_EVAL=
30set ANCHOR_CERT=
31
32while ( $#argv > 0 )
33    switch ( "$argv[1]" )
34        case -r:
35            set USE_REF_BLOBS = YES
36            shift
37            breaksw
38		case -q:
39			set QUIET=YES
40			set QUIET_ARG = -Z
41            shift
42            breaksw
43		case -m:
44			set MULTI_UPDATE = -m
45			shift
46			breaksw
47		case -s:
48			if($#argv < 2) then
49				cat cmstestUsage
50				exit(1)
51			endif
52			set SIGNER=$argv[2]
53			set RECIP=$argv[2]
54			shift
55			shift
56			breaksw
57		case -S:
58			if($#argv < 2) then
59				cat cmstestUsage
60				exit(1)
61			endif
62			set SIGNER2=$argv[2]
63			set RECIP2=$argv[2]
64			shift
65			shift
66			breaksw
67		case -k:
68			if($#argv < 2) then
69				cat cmstestUsage
70				exit(1)
71			endif
72			set SRCH_KC="-k $argv[2]"
73			shift
74			shift
75			breaksw
76		case -a:
77			if($#argv < 2) then
78				cat cmstestUsage
79				exit(1)
80			endif
81			set ANCHOR_CERT="-A $argv[2]"
82			set MANUAL_EVAL="-M"
83			shift
84			shift
85			breaksw
86        default:
87            cat cmstestUsage
88            exit(1)
89    endsw
90end
91
92set BUILD_DIR=$LOCAL_BUILD_DIR
93set CMSTOOL=$BUILD_DIR/newCmsTool
94
95# the files we act on - we only write to $BUILD_DIR. If we're using reference blobs,
96# we copy them to the build directory and then run as usual.
97#
98set PTEXT=ptext
99set RPTEXT=${BUILD_DIR}/rptext
100
101set OTHER_CERT0=GTE_SGC.cer
102set OTHER_CERT1=dmitchIChat.cer
103set CERT_FILEBASE=${BUILD_DIR}/outcert
104
105set STD_SIGN_CMD="$CMSTOOL sign $SRCH_KC -S $SIGNER $QUIET_ARG $MULTI_UPDATE"
106set STD_ENCR_CMD="$CMSTOOL envel $SRCH_KC -r $RECIP $QUIET_ARG $MULTI_UPDATE"
107set STD_SIGN_ENCR_CMD="$CMSTOOL signEnv $SRCH_KC -S $SIGNER -r $RECIP $QUIET_ARG $MULTI_UPDATE"
108set STD_PARSE_CMD="$CMSTOOL parse -o $RPTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL $QUIET_ARG $MULTI_UPDATE"
109set STD_CMP_CMD="cmp $PTEXT $RPTEXT"
110
111# vanilla
112set O_SIGN=${BUILD_DIR}/sign.p7
113set O_ENV=${BUILD_DIR}/env.p7
114set O_SIGN_ENV=${BUILD_DIR}/signEnv.p7
115# eContentType = auth
116set O_SIGN_AUTH=${BUILD_DIR}/sign_auth.p7
117set O_SIGN_ENV_AUTH=${BUILD_DIR}/signEnv_auth.p7
118# detached content
119set O_SIGN_DETACH=${BUILD_DIR}/sign_det.p7
120# two signers
121set O_SIGN_TWO=${BUILD_DIR}/sign_two.p7
122set O_SIGN_ENV_TWO_SIGN=${BUILD_DIR}/signEnv_twoSign.p7
123# two recipients
124set O_ENV_TWO=${BUILD_DIR}/env_two.p7
125set O_SIGN_ENV_TWO_SIGN_TWO_RECIP=${BUILD_DIR}/signEnv_twoSign_twoRecip.p7
126# additional certs - one signed, sone signed/encryped, one certs only
127set O_SIGN_ADD_CERTS=${BUILD_DIR}/sign_certs.p7
128set O_SIGN_ENV_ADD_CERTS=${BUILD_DIR}/signEnv_certs.p7
129set O_SIGN_ONLY_CERTS=${BUILD_DIR}/certsOnly.p7
130# cert chain options
131set O_SIGN_NONE=${BUILD_DIR}/sign_nocerts.p7
132set O_SIGN_SIGNER=${BUILD_DIR}/sign_signer.p7
133set O_SIGN_WITHROOT=${BUILD_DIR}/sign_withroot.p7
134
135if($USE_REF_BLOBS == YES) then
136	if($QUIET == NO) then
137		echo copying reference blobs to Build directory...
138		echo "cp *.p7 ${BUILD_DIR}/"
139	endif
140	cp *.p7 ${BUILD_DIR} || exit(1)
141else 
142	if($QUIET == NO) then
143		echo generating blobs in Build directory...
144	endif
145
146	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN"
147	if($QUIET == NO) then
148		echo $cmd
149	endif
150	$cmd || exit(1)
151	
152	set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV"
153	if($QUIET == NO) then
154		echo $cmd
155	endif
156	$cmd || exit(1)
157	
158	set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV"
159	if($QUIET == NO) then
160		echo $cmd
161	endif
162	$cmd || exit(1)
163	
164	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_AUTH -e a"
165	if($QUIET == NO) then
166		echo $cmd
167	endif
168	$cmd || exit(1)
169	
170	set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_AUTH -e a"
171	if($QUIET == NO) then
172		echo $cmd
173	endif
174	$cmd || exit(1)
175	
176	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_DETACH -d"
177	if($QUIET == NO) then
178		echo $cmd
179	endif
180	$cmd || exit(1)
181	
182	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_TWO -S $SIGNER2"
183	if($QUIET == NO) then
184		echo $cmd
185	endif
186	$cmd || exit(1)
187
188	set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN -S $SIGNER2"
189	if($QUIET == NO) then
190		echo $cmd
191	endif
192	$cmd || exit(1)
193	
194	set cmd="$STD_ENCR_CMD -i $PTEXT -o $O_ENV_TWO -r $RECIP2"
195	if($QUIET == NO) then
196		echo $cmd
197	endif
198	$cmd || exit(1)
199	
200	set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -S $SIGNER2 -r $RECIP2"
201	if($QUIET == NO) then
202		echo $cmd
203	endif
204	$cmd || exit(1)
205	
206	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
207	if($QUIET == NO) then
208		echo $cmd
209	endif
210	$cmd || exit(1)
211	
212	set cmd="$STD_SIGN_ENCR_CMD -i $PTEXT -o $O_SIGN_ENV_ADD_CERTS -C $OTHER_CERT0 -C $OTHER_CERT1"
213	if($QUIET == NO) then
214		echo $cmd
215	endif
216	$cmd || exit(1)
217	
218	set cmd="$CMSTOOL certs -o $O_SIGN_ONLY_CERTS $QUIET_ARG -C $OTHER_CERT0 -C $OTHER_CERT1"
219	if($QUIET == NO) then
220		echo $cmd
221	endif
222	$cmd || exit(1)
223	
224	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_NONE -t none"
225	if($QUIET == NO) then
226		echo $cmd
227	endif
228	$cmd || exit(1)
229
230	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_SIGNER -t signer"
231	if($QUIET == NO) then
232		echo $cmd
233	endif
234	$cmd || exit(1)
235
236	set cmd="$STD_SIGN_CMD -i $PTEXT -o $O_SIGN_WITHROOT -t chainWithRoot"
237	if($QUIET == NO) then
238		echo $cmd
239	endif
240	$cmd || exit(1)
241
242endif
243
244if($QUIET == NO) then
245	echo verifying blobs in Build directory...
246endif
247
248# Note we expect there to be twp certs per signer...true for the current
249# Thawte certs.
250
251# signed
252set cmd="$STD_PARSE_CMD -i $O_SIGN -v sign -E d -s 1 -N 2"
253if($QUIET == NO) then
254	echo $cmd
255endif
256$cmd || exit(1)
257set cmd="$STD_CMP_CMD"
258if($QUIET == NO) then
259	echo $cmd
260endif
261$cmd || exit(1)
262if($QUIET == NO) then
263	echo rm $RPTEXT
264endif
265rm $RPTEXT
266
267# enveloped
268set cmd="$STD_PARSE_CMD -i $O_ENV -v encr -N 0"
269if($QUIET == NO) then
270	echo $cmd
271endif
272$cmd || exit(1)
273set cmd="$STD_CMP_CMD"
274if($QUIET == NO) then
275	echo $cmd
276endif
277$cmd || exit(1)
278if($QUIET == NO) then
279	echo rm $RPTEXT
280endif
281rm $RPTEXT
282
283# signed & enveloped
284set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV -v signEnv -E d -s 1 -N 2"
285if($QUIET == NO) then
286	echo $cmd
287endif
288$cmd || exit(1)
289set cmd="$STD_CMP_CMD"
290if($QUIET == NO) then
291	echo $cmd
292endif
293$cmd || exit(1)
294if($QUIET == NO) then
295	echo rm $RPTEXT
296endif
297rm $RPTEXT
298
299# signed, eContentType auth
300set cmd="$STD_PARSE_CMD -i $O_SIGN_AUTH -v sign -E a -s 1 -N 2"
301if($QUIET == NO) then
302	echo $cmd
303endif
304$cmd || exit(1)
305set cmd="$STD_CMP_CMD"
306if($QUIET == NO) then
307	echo $cmd
308endif
309$cmd || exit(1)
310if($QUIET == NO) then
311	echo rm $RPTEXT
312endif
313rm $RPTEXT
314
315# signed & enveloped, eContentType auth
316set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_AUTH -v signEnv -E a -s 1 -N 2"
317if($QUIET == NO) then
318	echo $cmd
319endif
320$cmd || exit(1)
321set cmd="$STD_CMP_CMD"
322if($QUIET == NO) then
323	echo $cmd
324endif
325$cmd || exit(1)
326if($QUIET == NO) then
327	echo rm $RPTEXT
328endif
329rm $RPTEXT
330	
331# signed, detached content - no output
332set cmd="$CMSTOOL parse -i $O_SIGN_DETACH -D $PTEXT $SRCH_KC $ANCHOR_CERT $MANUAL_EVAL -v sign -E d -s 1 $QUIET_ARG $MULTI_UPDATE -N 2"
333if($QUIET == NO) then
334	echo $cmd
335endif
336$cmd || exit(1)
337
338# signed, two signers
339set cmd="$STD_PARSE_CMD -i $O_SIGN_TWO -v sign -E d -s 2 -N 4"
340if($QUIET == NO) then
341	echo $cmd
342endif
343$cmd || exit(1)
344set cmd="$STD_CMP_CMD"
345if($QUIET == NO) then
346	echo $cmd
347endif
348$cmd || exit(1)
349if($QUIET == NO) then
350	echo rm $RPTEXT
351endif
352rm $RPTEXT
353
354# signed & enveloped, two signers
355set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN -v signEnv -E d -s 2 -N 4"
356if($QUIET == NO) then
357	echo $cmd
358endif
359$cmd || exit(1)
360set cmd="$STD_CMP_CMD"
361if($QUIET == NO) then
362	echo $cmd
363endif
364$cmd || exit(1)
365if($QUIET == NO) then
366	echo rm $RPTEXT
367endif
368rm $RPTEXT
369	
370# enveloped, two recipients
371set cmd="$STD_PARSE_CMD -i $O_ENV_TWO -v encr -N 0"
372if($QUIET == NO) then
373	echo $cmd
374endif
375$cmd || exit(1)
376set cmd="$STD_CMP_CMD"
377if($QUIET == NO) then
378	echo $cmd
379endif
380$cmd || exit(1)
381if($QUIET == NO) then
382	echo rm $RPTEXT
383endif
384rm $RPTEXT
385
386# signed & enveloped, two signers, two recipients
387set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_TWO_SIGN_TWO_RECIP -v signEnv -E d -s 2 -N 4"
388if($QUIET == NO) then
389	echo $cmd
390endif
391$cmd || exit(1)
392set cmd="$STD_CMP_CMD"
393if($QUIET == NO) then
394	echo $cmd
395endif
396$cmd || exit(1)
397	
398# additional certs with signer
399set cmd="$STD_PARSE_CMD -i $O_SIGN_ADD_CERTS -v sign -E d -s 1 -N 4"
400if($QUIET == NO) then
401	echo $cmd
402endif
403$cmd || exit(1)
404set cmd="$STD_CMP_CMD"
405if($QUIET == NO) then
406	echo $cmd
407endif
408$cmd || exit(1)
409if($QUIET == NO) then
410	echo rm $RPTEXT
411endif
412rm $RPTEXT
413
414# additional certs with signer & recipient
415set cmd="$STD_PARSE_CMD -i $O_SIGN_ENV_ADD_CERTS -v signEnv -E d -s 1 -N 4"
416if($QUIET == NO) then
417	echo $cmd
418endif
419$cmd || exit(1)
420set cmd="$STD_CMP_CMD"
421if($QUIET == NO) then
422	echo $cmd
423endif
424$cmd || exit(1)
425if($QUIET == NO) then
426	echo rm $RPTEXT
427endif
428rm $RPTEXT
429
430# cert chain options - first, no certs
431set cmd="$STD_PARSE_CMD -i $O_SIGN_NONE -v sign -E d -s 1 -N 0"
432if($QUIET == NO) then
433	echo $cmd
434endif
435$cmd || exit(1)
436set cmd="$STD_CMP_CMD"
437if($QUIET == NO) then
438	echo $cmd
439endif
440$cmd || exit(1)
441if($QUIET == NO) then
442	echo rm $RPTEXT
443endif
444rm $RPTEXT
445
446# cert chain options - signer certs
447set cmd="$STD_PARSE_CMD -i $O_SIGN_SIGNER -v sign -E d -s 1 -N 1"
448if($QUIET == NO) then
449	echo $cmd
450endif
451$cmd || exit(1)
452set cmd="$STD_CMP_CMD"
453if($QUIET == NO) then
454	echo $cmd
455endif
456$cmd || exit(1)
457if($QUIET == NO) then
458	echo rm $RPTEXT
459endif
460rm $RPTEXT
461
462# cert chain options - chain with root
463set cmd="$STD_PARSE_CMD -i $O_SIGN_WITHROOT -v sign -E d -s 1 -N 3"
464if($QUIET == NO) then
465	echo $cmd
466endif
467$cmd || exit(1)
468set cmd="$STD_CMP_CMD"
469if($QUIET == NO) then
470	echo $cmd
471endif
472$cmd || exit(1)
473if($QUIET == NO) then
474	echo rm $RPTEXT
475endif
476rm $RPTEXT
477
478# certs only
479set cmd="$CMSTOOL parse -i $O_SIGN_ONLY_CERTS $QUIET_ARG $MULTI_UPDATE -v sign -s 0 -N 2 -f $CERT_FILEBASE"
480if($QUIET == NO) then
481	echo $cmd
482endif
483$cmd || exit(1)
484# the order here is affected by the size of the certs: the certs are encoded in the
485# p7 blob as a SET OF, which when DER-encoded (as opposed to BER encoded), is ordered,
486# with the length octets happening to determine the order (if the certs are different 
487# sizes). We know that OTHER_CERT1 is smaller that OTHER_CERT0...
488set cmd="cmp $OTHER_CERT1 ${CERT_FILEBASE}_0.cer"
489if($QUIET == NO) then
490	echo $cmd
491endif
492$cmd || exit(1)
493set cmd="cmp $OTHER_CERT0 ${CERT_FILEBASE}_1.cer"
494if($QUIET == NO) then
495	echo $cmd
496endif
497$cmd || exit(1)
498set cmd="rm ${CERT_FILEBASE}_0.cer ${CERT_FILEBASE}_1.cer"
499if($QUIET == NO) then
500	echo $cmd
501endif
502$cmd || exit(1)
503
504if($QUIET == NO) then
505	echo === cmstest Succeeded ===
506endif
507