1#! /bin/csh -f 2# 3# verify all of the certs in specified directory as intermediates. They must 4# verify against the system roots. 5# 6if ( $#argv < 1 ) then 7 echo "Usage: intermedSourceTest directory [q(uiet)] [t(rustSettings)]" 8 echo A good directory would be ../../../security_certificates/certs/ 9 exit(1) 10endif 11# 12set BUILD_DIR=$LOCAL_BUILD_DIR 13set CERTS_DIR=$argv[1] 14 15set QUIET=0 16set TRUST_SETTINGS_ARG= 17shift 18while ( $#argv > 0 ) 19 switch ( "$argv[1]" ) 20 case q: 21 set QUIET = 1 22 shift 23 breaksw 24 case t: 25 set TRUST_SETTINGS_ARG = -g 26 shift 27 breaksw 28 default: 29 echo Usage: intermedSourceTest directory 30 exit(1) 31 endsw 32end 33 34# 35# binaries we need 36# 37set CERTCRL=$BUILD_DIR/certcrl 38set CERTS_FROM_DB=$BUILD_DIR/certsFromDb 39foreach targ ($CERTCRL $CERTS_FROM_DB) 40 if(! -e $targ) then 41 echo === $targ is missing. Try building clxutil. 42 exit(1) 43 endif 44end 45 46set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain 47 48echo starting intermedSourceTest 49# 50# certcrl args: 51# 52# -c cert to eval 53# -s use system anchors 54# -a allow certs unverified by CRLs 55# -n no network fetch of CRLs 56# -N no network fetch of certs 57# -f leaf cert is a CA 58# -d SYSTEM_CERTS -- use additional certs from there 59# -L silent 60# -g use Trust Settings 61# 62cd $CERTS_DIR 63foreach certFile (*) 64 if ( -f "$certFile" ) then 65 if($QUIET == 0) then 66 echo testing $certFile.... 67 endif 68 $CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG 69 set ERR=$status 70 if($ERR == 1) then 71 echo "Note: $certFile is expired" 72 else 73 if($ERR != 0) then 74 echo "++++++++ Verification error on $certFile ($ERR)" 75 $CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG 76 exit(1) 77 endif 78 endif 79end 80 81if($QUIET == 0) then 82 echo "...intermedSourceTest complete" 83endif 84 85