1#! /bin/csh -f 2# 3# verify contents of /System/Library/Keychains/SystemCACertificates.keychain 4# 5set BUILD_DIR=$LOCAL_BUILD_DIR 6set QUIET=NO 7# 8set CERT_KC=/System/Library/Keychains/SystemCACertificates.keychain 9# 10# the contents of SystemCACertificates gets dumped here as a pile of certs. 11# We delete on successful exit, else we leave them there. 12# 13set CERTS_DIR=$BUILD_DIR/intermediateCerts 14# 15# binaries we need 16# 17set CERTCRL=$BUILD_DIR/certcrl 18set CERTS_FROM_DB=$BUILD_DIR/certsFromDb 19foreach targ ($CERTCRL $CERTS_FROM_DB) 20 if(! -e $targ) then 21 echo === $targ is missing. Try building clxutil. 22 exit(1) 23 endif 24end 25 26# 27set TRUST_SETTINGS_ARG= 28# 29while ( $#argv > 0 ) 30 switch ( "$argv[1]" ) 31 case q: 32 set QUIET=YES 33 shift 34 breaksw 35 case 't': 36 set TRUST_SETTINGS_ARG=-g 37 shift 38 breaksw 39 default: 40 echo "Usage: intermedTest [q(uiet)] [t(rustSettings)]" 41 exit(1) 42 endsw 43end 44# 45echo Starting intermedTest 46 47if ($QUIET == NO) then 48 echo Initializing $CERTS_DIR... 49endif 50set cmd="rm -rf $CERTS_DIR" 51if ($QUIET == NO) then 52 echo $cmd 53endif 54$cmd || exit(1) 55set cmd="mkdir -p $CERTS_DIR" 56if ($QUIET == NO) then 57 echo $cmd 58endif 59$cmd || exit(1) 60 61if ($QUIET == NO) then 62 echo Extracting certs from $CERT_KC... === 63endif 64set cmd="$CERTS_FROM_DB $CERT_KC f $CERTS_DIR/intermed q" 65if ($QUIET == NO) then 66 echo $cmd 67endif 68$cmd || exit(1) 69 70# 71# certcrl args: 72# 73# -s use system anchors 74# -a allow certs unverified by CRLs 75# -f leaf cert is a CA 76# -L silent 77# -g use Trust Settings 78# 79# We can also specify an evaluation date prior to the expiration of 80# various intermediate certs via the EVAL_TIME string: 81# 82#set EVAL_TIME="-T 20081201000000" 83#echo "### Verification date for intermedTest is 2008-12-01" 84set EVAL_TIME="" 85 86set GOT_ERROR=0 87foreach certFile ($CERTS_DIR/*) 88 set cmd="$CERTCRL -c $certFile -s -a -f -L $TRUST_SETTINGS_ARG $EVAL_TIME" 89 if ($QUIET == NO) then 90 echo $cmd 91 endif 92 93 set CERTNAM=`basename "$certFile"` 94 set CERTNUM=`echo -n "$CERTNAM" | sed -e 's/^intermed_\([0-9].*\)/\1/g'` 95 # skip DOD intermediates in this range as AIA fetch is timing out! 96 if($CERTNUM > 43 && $CERTNUM < 54) then 97 echo "******** Note: skipping $CERTNAM due to unreachable AIA location" 98 set ERR=0 99 else 100 $cmd 101 set ERR=$status 102 endif 103 104 if($ERR == 1) then 105 echo "******** Note: $CERTNAM is expired" 106 else 107 if($ERR != 0) then 108 echo "++++++++ Verification error on $CERTNAM" 109 $CERTCRL -c $certFile -s -a -f -v 110 set GOT_ERROR=1 111 endif 112 endif 113end 114 115if($GOT_ERROR == 1) then 116 echo ++++ TEST FAILED ++++ 117 exit(1) 118endif 119 120set cmd="rm -rf $CERTS_DIR" 121if ($QUIET == NO) then 122 echo $cmd 123endif 124# $cmd || exit(1) 125 126if ($QUIET == NO) then 127 echo "...intermedTest complete" 128endif 129