importExportPkcs12 [plain text]
#! /bin/csh -f
source setupCommon
set GEN_PKCS12_PFX=${BUILD_DIR}/generated.p12
set PKCS12_PARSED_PEM=${BUILD_DIR}/parsed.p12.pem
set GEN_OPENSSL_PKCS12_PFX=${BUILD_DIR}/generatedOpenssl.p12
set PKCS12_PASSPHRASE=somePassphrase
set QUIET=NO
set QUIET_ARG=
set KEYSIZE=512
set NOACL=NO
set NOACL_ARG=
set SECURE_PASSPHR=
set NOCLEAN=NO
if( ( ! -e $KCIMPORT ) || \
( ! -e $KCEXPORT ) ) then
echo === You do not seem to have all of the required executables.
echo === Please build all of cspxutils and clxutils.
echo === See the README files in those directories for info.
exit(1)
endif
while ( $ switch ( "$argv[1]" )
case q:
set QUIET=YES
set QUIET_ARG=-q
shift
breaksw
case n:
set NOACL=YES
set NOACL_ARG=-n
shift
breaksw
case s:
set SECURE_PASSPHR=-Z
shift
breaksw
case N:
set NOCLEAN=YES
shift
breaksw
default:
echo Usage: importExportPkcs12 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
exit(1)
endsw
end
echo === Begin PKCS12 test ===
if ($QUIET == NO) then
echo Creating keypair and cert with certtool...
echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$CERTTOOL c k=$KEYCHAIN_PATH Z"
if ($QUIET == NO) then
echo $cmd
endif
$cmd > /dev/null || exit(1)
if ($QUIET == NO) then
echo ...Exporting private key and cert as PKCS12...
endif
set cmd="$KCEXPORT $KEYCHAIN -t identities -f pkcs12 -o $GEN_PKCS12_PFX -z $PKCS12_PASSPHRASE $SECURE_PASSPHR -q"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($QUIET == NO) then
echo ...Importing PKCS12, explicit format...
endif
if ($QUIET == NO) then
echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -f pkcs12 -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($QUIET == NO) then
echo ...Importing PKCS12, format inferred from filename...
endif
if ($QUIET == NO) then
echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$KCIMPORT $GEN_PKCS12_PFX -k $KEYCHAIN -z $PKCS12_PASSPHRASE -C 0 -K 0 -I 1 -T agg -F pkcs12 -q $NOACL_ARG $SECURE_PASSPHR"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($QUIET == NO) then
echo $CLEANKC
endif
$CLEANKC || exit(1)
if ($QUIET == NO) then
echo ...parsing our P12 PFX with openssl...
endif
set cmd="$RM -f $PKCS12_PARSED_PEM"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
set cmd="$OPENSSL pkcs12 -in $GEN_PKCS12_PFX -passin pass:$PKCS12_PASSPHRASE -nodes -out $PKCS12_PARSED_PEM"
if ($QUIET == NO) then
echo $cmd
endif
$cmd >& /dev/null|| exit(1)
if ($QUIET == NO) then
echo ...parsing openssl PEM sequence
echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$KCIMPORT $PKCS12_PARSED_PEM -k $KEYCHAIN -z $PKCS12_PASSPHRASE -q $NOACL_ARG $SECURE_PASSPHR"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($QUIET == NO) then
echo ...creating PKCS12 with openssl, import to empty keychain
endif
set cmd="$OPENSSL pkcs12 -in $PKCS12_PARSED_PEM -out $GEN_OPENSSL_PKCS12_PFX -passout pass:$PKCS12_PASSPHRASE -export"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($QUIET == NO) then
echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$KCIMPORT $GEN_OPENSSL_PKCS12_PFX -z $PKCS12_PASSPHRASE -k $KEYCHAIN -K 0 -C 0 -I 1 -q $SECURE_PASSPHR"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
if ($NOCLEAN == NO) then
set cmd="rm -f $GEN_PKCS12_PFX $PKCS12_PARSED_PEM $GEN_OPENSSL_PKCS12_PFX"
if ($QUIET == NO) then
echo $cmd
endif
$cmd || exit(1)
endif
if ($QUIET == NO) then
echo === PKCS12 test complete ===
endif