You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3718 lines
218 KiB
3718 lines
218 KiB
@echo off
|
|
|
|
REM @SETLOCAL ENABLEEXTENSIONS
|
|
|
|
set _old_v=%v%
|
|
set _old_l=%l%
|
|
set _old_p=%p%
|
|
set _old_pe=%pe%
|
|
set _old_s=%s%
|
|
set _old_n=%n%
|
|
set _old_t=%t%
|
|
set _old_CDB_=%_CDB_%
|
|
set _old_DEBUG_MASK=%DEBUG_MASK%
|
|
set _old_DEBUG_PRINT_MASK=%DEBUG_PRINT_MASK%
|
|
|
|
set _old_LCN=%LCN%
|
|
set _old_RCN=%RCN%
|
|
set _old_SID=%SID%
|
|
set _old_SLEEP0=%SLEEP0%
|
|
|
|
set v=
|
|
set l=
|
|
set p=
|
|
set pe=
|
|
set s=
|
|
set n=
|
|
set t="all"
|
|
set _CDB_=
|
|
set DEBUG_MASK=
|
|
set DEBUG_PRINT_MASK=
|
|
|
|
set ENABLE_STREAM_SCA=
|
|
|
|
set _old_UNC_PREFIX=%UNC_PREFIX%
|
|
set UNC_PREFIX=\\scratch\scratch\philh
|
|
|
|
|
|
:loop
|
|
if "%1" == "-d" goto do_d
|
|
if "%1" == "-v" goto do_v
|
|
if "%1" == "-l" goto do_l
|
|
if "%1" == "-p" goto do_p
|
|
if "%1" == "-pe" goto do_pe
|
|
if "%1" == "-s" goto do_s
|
|
if "%1" == "-n" goto do_n
|
|
if "%1" == "-t" goto do_t
|
|
if "%1" == "" goto doit
|
|
echo Usage: regress [switches] [-t test]
|
|
echo -d enable all debug_print_masks
|
|
echo -v verbose (don't suppress echo)
|
|
echo -l check for memory leaks (default=no)
|
|
echo -p use enhanced RSA and DSS crypto providers (default=no)
|
|
echo -pe -p plus Explicitly use RSA Enhanced (set on NT4 and Win9x)
|
|
echo -s create new cert store (default=no)
|
|
echo -n enable network related tests (default=no)
|
|
echo -t select specific set of tests
|
|
echo all (default)
|
|
echo sca
|
|
echo streamsca
|
|
echo crmsg
|
|
echo cms
|
|
echo cms2
|
|
echo cert
|
|
echo store
|
|
echo keystore
|
|
echo newstore
|
|
echo relstore
|
|
echo remotestore
|
|
echo avstore
|
|
echo ctl
|
|
echo spc
|
|
echo findclt
|
|
echo pvkhlpr
|
|
echo oidfunc
|
|
echo revfunc
|
|
echo encode
|
|
echo decode
|
|
echo timestamp
|
|
echo xenroll
|
|
echo signcode
|
|
echo pkcs8
|
|
echo trust
|
|
echo keyid
|
|
echo url
|
|
goto exeunt
|
|
|
|
:do_v
|
|
set v=%1
|
|
shift
|
|
goto loop
|
|
|
|
:do_d
|
|
set DEBUG_PRINT_MASK=0xFFFFFFFF
|
|
shift
|
|
goto loop
|
|
|
|
:do_l
|
|
set _CDB_=cdb -g -G
|
|
set DEBUG_MASK=0x20
|
|
shift
|
|
goto loop
|
|
|
|
:do_p
|
|
set p=%1
|
|
shift
|
|
goto loop
|
|
:do_pe
|
|
set p=-p
|
|
set pe=-PEnhanced
|
|
shift
|
|
goto loop
|
|
:do_s
|
|
set s=%1
|
|
shift
|
|
goto loop
|
|
:do_n
|
|
set n=%1
|
|
shift
|
|
goto loop
|
|
:do_t
|
|
set t="%2"
|
|
shift
|
|
shift
|
|
goto loop
|
|
|
|
:doit
|
|
if "%os%"=="" goto os_syntax
|
|
if "%os%"=="Windows_NT" goto os_nt
|
|
if "%os%"=="win95" goto os_win95
|
|
|
|
:os_syntax
|
|
echo OS must be set to "Windows_NT" or "win95"
|
|
goto exeunt
|
|
|
|
:os_nt
|
|
set store=nt.store
|
|
set SLEEP0=sleep 0
|
|
goto os_after
|
|
|
|
:os_win95
|
|
set store=win95.store
|
|
set SLEEP0=
|
|
|
|
:os_after
|
|
@if not "%v%"=="" echo on
|
|
if exist regress.out del regress.out
|
|
ttrust -DisableUntrustedRootLogging -DisablePartialChainLogging -EnableAuthRoot -RegistryOnlyExit >> regress.out
|
|
@rem following removes these registry key values
|
|
ttrust -DisableAIAUrlRetrieval 0xFFFFFFFF -MaxAIAUrlCountInCert 0xFFFFFFFF -MaxAIAUrlRetrievalCountPerChain 0xFFFFFFFF -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 0xFFFFFFFF -RegistryOnlyExit >> regress.out
|
|
|
|
@if "%s%"=="" goto StoreOK
|
|
if exist %store% del %store% >> regress.out
|
|
regsvr32 -s setx509.dll
|
|
@rem regsvr32 -s signcde.dll
|
|
@if not "%p%"=="" goto store_providers
|
|
tstore2 %store% >> regress.out
|
|
goto store_after
|
|
:store_providers
|
|
tstore2 %store% -P >> regress.out
|
|
:store_after
|
|
|
|
tfindcer -S -o2.5.4.3 -aroot -ptemp.cert %store% >> regress.out
|
|
tfindcer -S -o2.5.4.3 -aroot -s testroot -d >> regress.out
|
|
tstore -atemp.cert -s testroot >> regress.out
|
|
del temp.cert >> regress.out
|
|
:StoreOK
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem SCA
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="sca" if not %t%=="all" goto ScaDone
|
|
%_CDB_% tsca -l %store% >> regress.out
|
|
%_CDB_% tsca -l %store% -SilentKey >> regress.out
|
|
%_CDB_% tsca -l %store% -X >> regress.out
|
|
%_CDB_% tsca -l %store% -D >> regress.out
|
|
%_CDB_% tsca -l %store% -I SignAndEnvelope >> regress.out
|
|
%_CDB_% tsca -l %store% -A Sign >> regress.out
|
|
%_CDB_% tsca -l %store% -0 Sign >> regress.out
|
|
%_CDB_% tsca -l %store% -0 -A Sign >> regress.out
|
|
%_CDB_% tsca -l %store% -0 -A -Hsha Sign >> regress.out
|
|
|
|
@rem md2 is broken in rsa
|
|
@rem %_CDB_% tsca -l %store% -Hmd2 >> regress.out
|
|
%_CDB_% tsca -l %store% -Hmd4 >> regress.out
|
|
%_CDB_% tsca -l %store% -Hmd5 >> regress.out
|
|
%_CDB_% tsca -l %store% -Hmd5 -X >> regress.out
|
|
%_CDB_% tsca -l %store% -Hmd5 -D >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -e40 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e40 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e40 -NoSalt >> regress.out
|
|
|
|
@rem create a signed message containing only certs and CRLs
|
|
tfindcer %store% -S -ame -axchg -pme.cer >> regress.out
|
|
tfindcer %store% -S -aCA -pca.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -Aroot -proot.cer >> regress.out
|
|
tstore %store% -R -i0 -proot.crl >> regress.out
|
|
tstore %store% -R -i1 -pca.crl >> regress.out
|
|
%_CDB_% cert2spc me.cer ca.cer root.cer ca.crl root.crl tmp.spc >> regress.out
|
|
%_CDB_% tstore tmp.spc >> regress.out
|
|
%_CDB_% tstore -R tmp.spc >> regress.out
|
|
%_CDB_% tsca %store% sign -l -rtmp.spc -ctmp.store >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S -ame -c >> regress.out
|
|
%_CDB_% tfindcer tmp.spc -S -ame -c >> regress.out
|
|
|
|
del tmp.store >> regress.out
|
|
%_CDB_% tsca %store% sign -l -ctmp.store >> regress.out
|
|
%_CDB_% tstore -b tmp.store >> regress.out
|
|
del tmp.spc >> regress.out
|
|
%_CDB_% tstore -b tmp.store -7tmp.spc >> regress.out
|
|
%_CDB_% tstore -b tmp.spc >> regress.out
|
|
del tmp.store >> regress.out
|
|
%_CDB_% tsca %store% sign -l -rtmp.spc -ctmp.store >> regress.out
|
|
%_CDB_% tstore -b tmp.store >> regress.out
|
|
|
|
@if "%ENABLE_STREAM_SCA%"=="" goto stream_sca_after
|
|
@rem the following using the streaming ifdef'ed version of sca
|
|
%_CDB_% tsca -l %store% sign -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -s -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -mtmp.msg -D >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -D -s -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -mtmp.msg -0 >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -s -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -s -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -S -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -s -D -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -D -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -S -D -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -D -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -s -0 -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -S -0 -mtmp.msg >> regress.out
|
|
%_CDB_% tsca -l %store% sign -rtmp.msg -v >> regress.out
|
|
%_CDB_% tsca -l %store% sign -Hmd4 -s >> regress.out
|
|
%_CDB_% tsca -l %store% sign -Hmd5 -S >> regress.out
|
|
%_CDB_% tsca -l %store% sign -Hmd5 -X -s >> regress.out
|
|
%_CDB_% tsca -l %store% sign -Hmd5 -D -S >> regress.out
|
|
:stream_sca_after
|
|
|
|
%_CDB_% tsca -l %store% -p13 -Hsha >> regress.out
|
|
%_CDB_% tsca -l %store% -p13 -Hsha -D >> regress.out
|
|
%_CDB_% tsca -l %store% -p13 -Hsha -I SignAndEnvelope >> regress.out
|
|
|
|
%_CDB_% tsca -l %store% -Erc2 -e40 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -e56 >> regress.out
|
|
%_CDB_% tsca -l %store% -Edes >> regress.out
|
|
%_CDB_% tsca -l %store% -Edes -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e56 -NoSalt >> regress.out
|
|
|
|
@if "%p%"=="" goto ScaDone
|
|
%_CDB_% tsca -l %store% -P512 >> regress.out
|
|
%_CDB_% tsca -l %store% -P1024 >> regress.out
|
|
%_CDB_% tsca -l %store% -P2048 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -e64 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -e128 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc2 -e128 -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Edes -P2048 >> regress.out
|
|
%_CDB_% tsca -l %store% -E3des >> regress.out
|
|
%_CDB_% tsca -l %store% -E3des -i >> regress.out
|
|
%_CDB_% tsca -l %store% -E3des -i -P1024 >> regress.out
|
|
%_CDB_% tsca -l %store% -p13 -Hsha -P512 >> regress.out
|
|
%_CDB_% tsca -l %store% -p13 -Hsha -E3des -i >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e56 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e64 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e64 -NoSalt >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e128 >> regress.out
|
|
%_CDB_% tsca -l %store% -Erc4 -e128 -NoSalt >> regress.out
|
|
:ScaDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem CRMSG
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="crmsg" if not %t%=="all" goto CrmsgDone
|
|
@cd tcrmsg
|
|
%_CDB_% tcrmsg -l sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -R envelope >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -Erc2 -I envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc2 -I -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -I envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -I -PDefault envelope >> ..\regress.out
|
|
|
|
@rem NoSignature
|
|
%_CDB_% tcrmsg -l sign -NoSignature -c >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign -NoSignature -c -M >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign -NoSignature -c -A >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign -NoSignature -c -M -NMultiple >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign -NoSignature -c -A -M -CertInfoKeyId -NMultiple >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -R envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -R envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -M sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -M digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -N sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -N -D sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S -A sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -R envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE -i stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE -i -R stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE -R stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sEdS -i stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sEdS -i -R stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sEdS stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sEdS -R stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -Erc2 -e40 -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc2 -e40 -I envelope >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -Erc4 -e40 -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e40 -NoSalt envelope >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -A -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S -A -p13 sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -p13 countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -p13 countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -p13 countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -p13 countersign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sSdS -i -p13 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdS -p13 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdS -i -p13 -PDefault stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdS -p13 -PDefault stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -Erc2 -e56 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e56 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e56 -NoSalt envelope >> ..\regress.out
|
|
|
|
@if "%p%"=="" goto CrmsgBack
|
|
%_CDB_% tcrmsg -l -Erc2 -e56 -PEnhanced -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc2 -e128 -PEnhanced -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc2 -e128 -I -PEnhanced -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e64 envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e128 envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e56 -PDefault envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Erc4 -e128 -PDefault envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Edes -I -PEnhanced envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Edes -PEnhanced -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -Edes -I -PEnhanced -PDefault -K"Regression 1024" envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -E3des -I -PEnhanced envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -E3des -PEnhanced -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -E3des -I -PEnhanced -PDefault -K"Regression 2048" envelope >> ..\regress.out
|
|
|
|
|
|
%_CDB_% tcrmsg -l -sSdE -i -Erc2 -e40 -I -PDefault stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE -i -E3des -I -PEnhanced -PDefault -K"Regression 1024" stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sSdE -Edes -I -PEnhanced -PDefault -K"Regression 2048" stream >> ..\regress.out
|
|
:CrmsgBack
|
|
@cd ..
|
|
:CrmsgDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem CMS
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="cms" if not %t%=="all" goto CmsDone
|
|
|
|
@cd tcrmsg
|
|
%_CDB_% tcrmsg -l -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -EncapsulatedContent sign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -EncapsulatedContent digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -AttrCert -Crl sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -AttrCert -Crl sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -EncapsulatedContent digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -EncapsulatedContent sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -EncapsulatedContent digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -C -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -EncapsulatedContent sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -C -EncapsulatedContent sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -EncapsulatedContent digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -C -EncapsulatedContent digest >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -N -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -N -D -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -S -A -AttrCert sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -EncapsulatedContent countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -EncapsulatedContent countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -EncapsulatedContent countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -D -EncapsulatedContent countersign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sS -i -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -C -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -C -EncapsulatedContent stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sS -i -AttrCert -Crl -f..\tmp.msg stream >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg -R >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -AttrCert -Crl stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -C -AttrCert -Crl stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -C -AttrCert -Crl stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -NMultiple sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId -C sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NMultiple -CertInfoKeyId sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NMultiple -M sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NMultiple -PDSS_DH -PDefault sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NMultiple -CertInfoKeyId -PDSS_DH -PDefault sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NMultiple -M -PDSS_DH -PDefault sign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -SignerId sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -NMultiple sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -NMultiple -HashEncryptionAlgorithm sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -CertInfoKeyId sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -CertInfoKeyId -C sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -CertInfoKeyId -NMultiple sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -CertInfoKeyId -NMultiple -HashEncryptionAlgorithm sign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -SignerId -A sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -A -NMultiple sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -A -NMultiple -HashEncryptionAlgorithm sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -A -CertInfoKeyId sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -A -CertInfoKeyId -NMultiple sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -SignerId -A -CertInfoKeyId -NMultiple -HashEncryptionAlgorithm sign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId -SignerId countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId -A countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId -C countersign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId -D countersign >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sS -NMultiple stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -CertInfoKeyId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -CertInfoKeyId -C stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -CertInfoKeyId -C -i stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -CertInfoKeyId -SignerId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -CertInfoKeyId -SignerId -A stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -CertInfoKeyId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -CertInfoKeyId -SignerId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -CertInfoKeyId -SignerId -A stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -M stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -PDSS_DH -PDefault stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -NMultiple -M -PDSS_DH -PDefault stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -NMultiple stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -NMultiple -M stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -NMultiple -PDSS_DH -PDefault stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sS -i -NMultiple -M -PDSS_DH -PDefault stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -OriginatorInfo -Crl -f..\tmp.msg envelope >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg -R >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -OriginatorInfo -AttrCert envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -OriginatorInfo envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -B -OriginatorInfo -AttrCert -Crl envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -KeyTrans envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -RecipientKeyId envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -KeyTrans -RecipientKeyId envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -CertInfoKeyId envelope >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sE -i -KeyTrans stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -KeyTrans -RecipientKeyId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -CertInfoKeyId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -KeyTrans stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -KeyTrans -RecipientKeyId stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -CertInfoKeyId stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -sE -i -OriginatorInfo stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -OriginatorInfo stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -OriginatorInfo -AttrCert stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -OriginatorInfo -AttrCert -Crl -f..\tmp.msg stream >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg >> ..\regress.out
|
|
%_CDB_% tstore ..\tmp.msg -R >> ..\regress.out
|
|
|
|
%_CDB_% regsvr32 /s sp3crmsg.dll >> ..\regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tcrmsg -l envelope >> ..\regress.out
|
|
|
|
%_CDB_% regsvr32 /s /i /n sp3crmsg.dll >> ..\regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tcrmsg -l envelope >> ..\regress.out
|
|
|
|
%_CDB_% regsvr32 /u /s sp3crmsg.dll >> ..\regress.out
|
|
%SLEEP0%
|
|
|
|
@cd ..
|
|
|
|
%_CDB_% tsca -l %store% -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% -RecipientKeyId -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% -I SignAndEnvelope -RecipientKeyId -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% -I SignAndEnvelope -EncapsulatedContent -RecipientKeyId -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% -EncapsulatedContent >> regress.out
|
|
%_CDB_% tsca -l %store% -D -EncapsulatedContent >> regress.out
|
|
%_CDB_% tsca -l %store% -I SignAndEnvelope -EncapsulatedContent >> regress.out
|
|
%_CDB_% regsvr32 /s sp3crmsg.dll >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsca -l %store% Envelope >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -SP3Encrypt >> regress.out
|
|
%_CDB_% regsvr32 /u /s sp3crmsg.dll >> regress.out
|
|
%SLEEP0%
|
|
|
|
if exist inherit.store del inherit.store
|
|
%_CDB_% tstore2 -I inherit.store >> regress.out
|
|
%_CDB_% tfindcer inherit.store Rollover -d >> regress.out
|
|
%_CDB_% tstore -b -cSign inherit.store >> regress.out
|
|
%_CDB_% tsca -l -p13 -HSha1 inherit.store sign DssEnd >> regress.out
|
|
%_CDB_% tsca -l -p13 -HSha1 -HashEncryptionAlgorithm inherit.store sign DssEnd >> regress.out
|
|
%_CDB_% tsca -l -p13 -HSha1 -DefaultGetSigner inherit.store sign DssEnd >> regress.out
|
|
%_CDB_% tsca -l -p13 -HSha1 -D -DefaultGetSigner inherit.store sign DssEnd >> regress.out
|
|
|
|
@rem GeneralTime is DSS without parameter inheritance
|
|
%_CDB_% tsca -l -p13 -HSha1 inherit.store sign GeneralTime >> regress.out
|
|
%_CDB_% tsca -l -p13 -HSha1 -DefaultGetSigner inherit.store sign GeneralTime >> regress.out
|
|
|
|
@rem the following test calling CryptVerifyCertificateSignatureEx
|
|
@rem and CryptMsgControl(CMSG_CTRL_VERIFY_SIGNATURE_EX) with
|
|
@rem a signer of type CHAIN.
|
|
@cd tcrmsg
|
|
%_CDB_% tcrmsg -l -HashEncryptionAlgorithm sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -AlgorithmParameters sign >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign ..\inherit.store TestSigner >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign ..\inherit.store DssEnd >> ..\regress.out
|
|
%_CDB_% tcrmsg -l sign ..\inherit.store GeneralRoot >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -HashEncryptionAlgorithm sign ..\inherit.store DssEnd >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -HashEncryptionAlgorithm -AlgorithmParameters sign ..\inherit.store DssEnd >> ..\regress.out
|
|
@cd ..
|
|
|
|
@rem check DSS certificates and signatures with and without parameter
|
|
@rem inheritance
|
|
|
|
@cd ttrust\testfile
|
|
@rem Enable Trust Test Root, disable revocation
|
|
setreg -q 1 TRUE 3 FALSE >> ..\..\regress.out
|
|
|
|
@rem on 4-April-2002 changed to never allow setreg's Trust Test Root
|
|
@rem CERT_E_UNTRUSTEDTESTROOT 0x800b010d
|
|
%_CDB_% ttrust -q dssend.cer -Sdss.spc -q0x800b010d >> ..\..\regress.out
|
|
@rem explicitly trust the "Root Agency" testroot
|
|
%_CDB_% tstore -s lm:root -a..\..\rooto.cer >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust -q dssend.cer -Sdss.spc >> ..\..\regress.out
|
|
@rem -f1 enable cache of end cert
|
|
%_CDB_% ttrust -q -f1 dssend.cer -Sdss.spc >> ..\..\regress.out
|
|
%_CDB_% ttrust -q dssinend.cer -Sdssin.spc >> ..\..\regress.out
|
|
%_CDB_% ttrust -q -f1 dssinend.cer -Sdssin.spc >> ..\..\regress.out
|
|
%_CDB_% ttrust -q -file dss.cab >> ..\..\regress.out
|
|
%_CDB_% ttrust -q -file dssin.cab >> ..\..\regress.out
|
|
|
|
%_CDB_% tctlfunc -U1.2.3.4 dssroot.cer -cdss.stl >> ..\..\regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.4 dssroot.cer -cdssin.stl >> ..\..\regress.out
|
|
|
|
@rem the following has a DSS signer of a CTL containing dssroot.cer.
|
|
@rem the DSS signer certificate inherits its public key algorithm
|
|
@rem parameters
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tstore tmp.store -T -adss.stl >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust -q dssroot.cer -Stmp.store -u1.2.3.4 >> ..\..\regress.out
|
|
@rem explicitly trust the "Root Agency" testroot
|
|
%_CDB_% tstore -s lm:root -a..\..\rooto.cer >> ..\..\regress.out
|
|
|
|
@rem now the signer chain has a trusted root. This is higher quality
|
|
%_CDB_% ttrust -q dssroot.cer -Stmp.store -u1.2.3.4 >> ..\..\regress.out
|
|
@rem ensure the test root is removed
|
|
%_CDB_% tfindcer -S -s lm:root -a"Root Agency" -d >> ..\..\regress.out
|
|
@cd ..\..
|
|
|
|
|
|
@cd tcrmsg
|
|
%_CDB_% tcrmsg -l -EncapsulatedContent envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -EncapsulatedContent -OriginatorInfo envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -C -EncapsulatedContent envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -EncapsulatedContent -OriginatorInfo stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -EncapsulatedContent -OriginatorInfo stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -C -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -C -EncapsulatedContent stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -n0 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NoRecipients envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -NoRecipients -n0 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -NoRecipients stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -NoRecipients stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -NoRecipients -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -NoRecipients -n0 stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -A envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -n0 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -NoRecipients envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -A -NoRecipients -n0 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -i stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -i -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -NoRecipients stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -i -NoRecipients stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -NoRecipients -n0 stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -A -i -NoRecipients -n0 stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -NoRecipients -n0 -OriginatorInfo envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -NoRecipients -n0 -OriginatorInfo stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -i -NoRecipients -n0 -OriginatorInfo stream >> ..\regress.out
|
|
|
|
@cd ..
|
|
|
|
%_CDB_% tsca -l %store% Envelope -NoRecipients >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -0 >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -NoRecipients -0 >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -rnoenv.msg >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -rnoenv3.msg >> regress.out
|
|
|
|
%_CDB_% makecert -sy 1 -sky exchange -sk testrsa1 testrsa1.cer >> regress.out
|
|
%_CDB_% tpvkdel -p1 -ctestrsa1 -d >> regress.out
|
|
%_CDB_% makecert -sy 1 -sky exchange -sk testrsa1 -len 512 -n "CN=Test RSA 1" testrsa1.cer >> regress.out
|
|
if exist testrsa.store del testrsa.store
|
|
%_CDB_% tstore testrsa.store -b -atestrsa1.cer >> regress.out
|
|
%_CDB_% tstore testrsa.store -PKey >> regress.out
|
|
%_CDB_% tstore testrsa.store >> regress.out
|
|
|
|
%_CDB_% tsca -l testrsa.store -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testrsa.store -RecipientKeyId -AllRecipients Envelope >> regress.out
|
|
|
|
@if "%p%"=="" goto CmsDone
|
|
%_CDB_% tsca -l testrsa.store -E3deS -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testrsa.store -Erc2 -e56 -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testrsa.store -Erc2 -e64 -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testrsa.store -Erc2 -e64 -AllRecipients -RecipientKeyId Envelope >> regress.out
|
|
%_CDB_% tsca -l testrsa.store -Erc2 -e128 -AllRecipients Envelope >> regress.out
|
|
|
|
:CmsDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem CMS2
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="cms2" if not %t%=="all" goto Cms2Done
|
|
|
|
%_CDB_% makecert -sy 13 -sky exchange -sk testdh1 testdh1.cer >> regress.out
|
|
%_CDB_% makecert -sy 13 -sky exchange -sk testdh2 testdh2.cer >> regress.out
|
|
%_CDB_% makecert -sy 1 -sky exchange -sk testrsa2 testrsa2.cer >> regress.out
|
|
%_CDB_% tpvkdel -p13 -ctestdh1 -d >> regress.out
|
|
%_CDB_% tpvkdel -p13 -ctestdh2 -d >> regress.out
|
|
%_CDB_% tpvkdel -p1 -ctestrsa2 -d >> regress.out
|
|
%_CDB_% makecert -sy 13 -sky exchange -sk testdh1 -len 512 -n "CN=Test Hellman 1" testdh1.cer >> regress.out
|
|
%_CDB_% makecert -sy 13 -sky exchange -sk testdh2 -dhp testdh1.cer -n "CN=Test Hellman 2" testdh2.cer >> regress.out
|
|
%_CDB_% makecert -sy 1 -sky exchange -sk testrsa2 -len 512 -n "CN=Test RSA 2" testrsa2.cer >> regress.out
|
|
%_CDB_% tstore -v testdh1.cer >> regress.out
|
|
%_CDB_% tstore -v testdh2.cer >> regress.out
|
|
if exist testdh.store del testdh.store
|
|
%_CDB_% tstore testdh.store -b -atestdh1.cer >> regress.out
|
|
%_CDB_% tstore testdh.store -b -atestdh2.cer >> regress.out
|
|
%_CDB_% tstore testdh.store -PKey >> regress.out
|
|
%_CDB_% tstore testdh.store >> regress.out
|
|
|
|
if exist testdh1.store del testdh1.store
|
|
%_CDB_% tstore testdh1.store -b -atestdh1.cer >> regress.out
|
|
%_CDB_% tstore testdh1.store -PSilentKey >> regress.out
|
|
%_CDB_% tsca -l testdh1.store -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh1.store -AllRecipients -RecipientKeyId Envelope >> regress.out
|
|
if exist testdh2.store del testdh2.store
|
|
%_CDB_% tstore testdh2.store -b -atestdh2.cer >> regress.out
|
|
%_CDB_% tstore testdh2.store -PKey >> regress.out
|
|
%_CDB_% tsca -l testdh2.store -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh2.store -AllRecipients -RecipientKeyId Envelope >> regress.out
|
|
|
|
%_CDB_% tsca -l testdh.store -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -RecipientKeyId -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -p13 -AllRecipients -RecipientKeyId Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -Erc2 -e56 -AllRecipients -RecipientKeyId Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -p13 -Erc2 -e56 -AllRecipients Envelope >> regress.out
|
|
|
|
if exist testdhrsa.store del testdhrsa.store
|
|
%_CDB_% tcopycer testdh.store testdhrsa.store >> regress.out
|
|
%_CDB_% tstore testdhrsa.store -b -atestrsa2.cer >> regress.out
|
|
%_CDB_% tsca -l testdhrsa.store -v -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdhrsa.store -v -RecipientKeyId -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tstore testdhrsa.store -PKey >> regress.out
|
|
%_CDB_% tsca -l testdhrsa.store -v -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdhrsa.store -v -RecipientKeyId -AllRecipients Envelope >> regress.out
|
|
|
|
|
|
@cd tcrmsg
|
|
|
|
@rem tests export/import of symmetric key from CSP to another
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient -RecipientKeyId envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -KeyTrans -PRecipient stream >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -sE -KeyTrans -RecipientKeyId -PRecipient stream >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e40 >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e40 -I >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e56 >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e56 -NoSalt >> ..\regress.out
|
|
|
|
@rem tests for MailList recipients
|
|
%_CDB_% tcrmsg -l -MailList envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e40 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e56 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e40 -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e56 -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -PRecipient envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -KeyTrans envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -KeyTrans -PRecipient -RecipientKeyId envelope >> ..\regress.out
|
|
@rem tests for KeyAgree recipients
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -RecipientKeyId envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -e40 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -e56 -I envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -PRecipient envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -PRecipient envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -PRecipient envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -PRecipient -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -PRecipient -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -PDefault envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -PDefault -RecipientKeyId envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -MailList -p13 envelope >> ..\regress.out
|
|
@cd ..
|
|
|
|
@if "%p%"=="" goto Cms2Done
|
|
%_CDB_% tsca -l testdh.store -E3deS -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -Erc2 -e64 -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -Erc2 -e128 -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -p13 -E3des -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -p13 -Erc2 -e64 -AllRecipients Envelope >> regress.out
|
|
%_CDB_% tsca -l testdh.store -p13 -Erc2 -e128 -AllRecipients Envelope >> regress.out
|
|
|
|
@cd tcrmsg
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e64 %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyTrans -PRecipient envelope -Erc4 -e128 %pe% >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -MailList -e64 envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e128 envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -Edes -PEnhanced envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -E3des -PEnhanced envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -Edes envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -E3des envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -Edes -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -E3des -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e64 -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -MailList -e128 -p13 envelope >> ..\regress.out
|
|
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -Edes envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -E3des envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -e64 -I envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -p13 -e128 -I envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -MailList -Edes -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -MailList -E3des -p13 envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -Edes envelope >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -E3des -PDefault envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -Edes envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -E3des -PDefault envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -E3des -PDefault -PRecipient envelope %pe% >> ..\regress.out
|
|
%_CDB_% tcrmsg -l -KeyAgree -KeyTrans -MailList -E3des -PEnhanced -PDefault -PRecipient envelope >> ..\regress.out
|
|
@cd ..
|
|
|
|
:Cms2Done
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem STREAMSCA
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="streamsca" goto StreamScaDone
|
|
%_CDB_% tsca -l %store% Sign -s >> regress.out
|
|
%_CDB_% tsca -l %store% Sign -S >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -s >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -S >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -s >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -S >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -s -EncapsulatedContent -I >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -S -EncapsulatedContent -I >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -s -NoRecipients >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -S -NoRecipients >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -s -0 >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -S -0 >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -s -NoRecipients -0 >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -S -NoRecipients -0 >> regress.out
|
|
|
|
%_CDB_% tsca -l %store% Envelope -rnoenv.msg -s >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -rnoenv3.msg -s >> regress.out
|
|
|
|
%_CDB_% tsca -l %store% Sign -s -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% Sign -S -SignerKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -s -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% Envelope -S -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -s -SignerKeyId -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -S -SignerKeyId -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -s -EncapsulatedContent -I -SignerKeyId -RecipientKeyId >> regress.out
|
|
%_CDB_% tsca -l %store% SignAndEnvelope -S -EncapsulatedContent -I -SignerKeyId -RecipientKeyId >> regress.out
|
|
|
|
:StreamScaDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem CERT
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="cert" if not %t%=="all" goto CertDone
|
|
%_CDB_% tcert -fAll -wtmp.cer >> regress.out
|
|
%_CDB_% tstore tmp.cer >> regress.out
|
|
%_CDB_% tcert -f crl >> regress.out
|
|
%_CDB_% tcert -f certReq >> regress.out
|
|
%_CDB_% tcert -N >> regress.out
|
|
%_CDB_% tcert -N -fAll >> regress.out
|
|
%_CDB_% tcert crl -N >> regress.out
|
|
%_CDB_% tcert certReq -N >> regress.out
|
|
%_CDB_% tcert certReq -o1.2.840.113549.2.5 >> regress.out
|
|
%_CDB_% tcert keygenReq -N >> regress.out
|
|
%_CDB_% tcert ContentInfo -N >> regress.out
|
|
%_CDB_% tcert -rvsgood.cer -fAll -N>> regress.out
|
|
|
|
%_CDB_% tcert CertPair -wtmp.pair -N >> regress.out
|
|
%_CDB_% tstore tmp.pair >> regress.out
|
|
%_CDB_% tcrobu file://tmp.pair cert -m >> regress.out
|
|
%_CDB_% tcert CertPair -wtmp.pair -N -Rvsrevoke.cer >> regress.out
|
|
%_CDB_% tstore tmp.pair >> regress.out
|
|
%_CDB_% tcrobu file://tmp.pair cert -m >> regress.out
|
|
%_CDB_% tcert CertPair -wtmp.pair -N -Fvsgood.cer >> regress.out
|
|
%_CDB_% tstore tmp.pair >> regress.out
|
|
%_CDB_% tcrobu file://tmp.pair cert -m >> regress.out
|
|
%_CDB_% tcert CertPair -wtmp.pair -Fvsgood.cer -Rvsrevoke.cer >> regress.out
|
|
%_CDB_% tcert CertPair -wtmp.pair -N -Fvsgood.cer -Rvsrevoke.cer >> regress.out
|
|
%_CDB_% tstore tmp.pair >> regress.out
|
|
%_CDB_% tcrobu file://tmp.pair cert -m >> regress.out
|
|
|
|
@rem modified self-signed der.cer
|
|
@rem ber1.cer - changed time to have 0 seconds
|
|
@rem ber2.cer - serial number has leading 0's
|
|
@rem ber3.cer - serial number has leading FF's
|
|
@rem badder.cer - removed last 40 bytes from file
|
|
%_CDB_% tcert -rder.cer >> regress.out
|
|
%_CDB_% tcert -rber1.cer >> regress.out
|
|
%_CDB_% tcert -rber2.cer >> regress.out
|
|
%_CDB_% tcert -rber3.cer >> regress.out
|
|
@rem OSS bug:: the following shortened file should return OSS error
|
|
@rem following doesn't fail, use Asn1UtilExtractValues instead of OSS
|
|
@rem %_CDB_% tcert -rbadder.cer >> regress.out
|
|
%_CDB_% tx500str -v >> regress.out
|
|
%_CDB_% tx500str -nCN=Joe -f0x1 -e0x80070057 >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -fAll >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -fAll -I >> regress.out
|
|
|
|
%_CDB_% tfindcer %store% -I -q -pnoname1.cer NoNameIssuer1 >> regress.out
|
|
%_CDB_% tfindcer %store% -I -q -pnoname2.cer NoNameIssuer2 >> regress.out
|
|
|
|
@rem -g0x10000 - CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG
|
|
@rem -g0x10000 - CERT_NAME_DISABLE_IE4_UTF8_FLAG
|
|
%_CDB_% tx500str -cnoname1.cer -S -g9 -e0x80070057 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -S -g1 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -S -g2 -e0x80092004 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -S -g3 -e0x80092004 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -S -g4 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g1 -e0x80092004 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g2 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g2 -f2 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g2 -f3 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g3 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g3 -a1.2.2 >> regress.out
|
|
%_CDB_% tx500str -cnoname1.cer -I -g4 >> regress.out
|
|
|
|
%_CDB_% tx500str -cnoname2.cer -S -g1 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g2 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g0x10002 -f2 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g0x10002 -f3 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g3 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g3 -a2.5.4.11 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g3 -a2.5.4.3 -e0x80092004 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -S -g4 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g1 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g2 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g2 -f2 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g2 -f3 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g3 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g3 -a2.5.4.11 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g3 -a2.5.4.3 >> regress.out
|
|
%_CDB_% tx500str -cnoname2.cer -I -g4 >> regress.out
|
|
|
|
%_CDB_% tx500str -cvsgood.cer -S -g0x10001 -v >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -S -g0x10002 -v >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -S -g2 -f0x10000 -v >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -S -g0x10003 -v >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -S -g0x10004 -v >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -I -g1 -e0x80092004 >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -I -g2 >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -I -g3 >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -I -g3 >> regress.out
|
|
%_CDB_% tx500str -cvsgood.cer -I -g4 >> regress.out
|
|
|
|
@rem the following files contain Unicode base64 encoded certs with a
|
|
@rem leading L'\xfeff inserted by notepad.exe.
|
|
%_CDB_% tstore unicode64.cer >> regress.out
|
|
%_CDB_% tstore unicode64a.cer >> regress.out
|
|
%_CDB_% tstore unicode64b.cer >> regress.out
|
|
:CertDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem STORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="store" if not %t%=="all" goto StoreDone
|
|
@del tmp.store >nul
|
|
|
|
regsvr32 -s setx509.dll
|
|
@rem regsvr32 -s signcde.dll
|
|
%_CDB_% tstore2 tmp.store >> regress.out
|
|
del tmp.spc >> regress.out
|
|
%_CDB_% tcopycer tmp.store tmp.spc -7 >> regress.out
|
|
%_CDB_% tstore tmp.store >> regress.out
|
|
%_CDB_% tstore tmp.spc >> regress.out
|
|
%_CDB_% tstore -R tmp.store >> regress.out
|
|
%_CDB_% tstore -R tmp.spc >> regress.out
|
|
%_CDB_% tstore -v tmp.store >> regress.out
|
|
%_CDB_% tstore -F tmp.store >> regress.out
|
|
%_CDB_% tcrobu file://tmp.spc cert -m >> regress.out
|
|
%_CDB_% tcrobu file://tmp.spc crl -m >> regress.out
|
|
%_CDB_% tcrobu file://tmp.spc pkcs7 >> regress.out
|
|
%_CDB_% tcrobu file://tmp.store any >> regress.out
|
|
@rem -f0x4 Defer close
|
|
%_CDB_% tstore -b -f0x4 tmp.store >> regress.out
|
|
%_CDB_% tfindcer tmp.store Rollover -d >> regress.out
|
|
%_CDB_% tstore -cSign tmp.store >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S -aPhilPub -c >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S -APhilPub -c >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S -aphilpub -C >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S -ApHILpUB -C >> regress.out
|
|
%_CDB_% tfindcer tmp.store -S recipient >> regress.out
|
|
%_CDB_% tfindcer tmp.store -I testroot >> regress.out
|
|
|
|
%_CDB_% tstore -dALL -s Test >> regress.out
|
|
%_CDB_% tstore -dALL -R -s Test >> regress.out
|
|
%_CDB_% tstore -dALL -T -s Test >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s Test >> regress.out
|
|
%_CDB_% tstore -R -v -s Test -i2 >> regress.out
|
|
|
|
tstore -dALL -s Test >> regress.out
|
|
tstore -dALL -R -s Test >> regress.out
|
|
%_CDB_% tcopycer -R tmp.store -s Test >> regress.out
|
|
%_CDB_% tstore -R -v -s Test -i2 >> regress.out
|
|
|
|
@rem CERT_STORE_MAXIMUM_ALLOWED_FLAG -f0x1000
|
|
tstore -dALL -s lm:Test >> regress.out
|
|
tstore -dALL -s Test >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s lm:Test -aduplicate1 >> regress.out
|
|
%_CDB_% tstore -v -s Test >> regress.out
|
|
%_CDB_% tstore -v -f0x1000 -s Test >> regress.out
|
|
%_CDB_% tstore -v -s Test -dAll -E >> regress.out
|
|
%_CDB_% tstore -v -s Test -f0x1000 -dAll >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s lm:Test -aduplicate1 >> regress.out
|
|
%_CDB_% tstore -v -s phy:Test\.LocalMachine >> regress.out
|
|
%_CDB_% tstore -v -f0x1000 -s phy:Test\.LocalMachine >> regress.out
|
|
%_CDB_% tstore -s phy:Test\.LocalMachine -dAll -E >> regress.out
|
|
%_CDB_% tstore -f0x1000 -s phy:Test\.LocalMachine -dAll >> regress.out
|
|
|
|
%_CDB_% tcopycer tmp.store -s Test -aduplicate1 >> regress.out
|
|
%_CDB_% tstore -v -s Test >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s Test -aduplicate2 >> regress.out
|
|
%_CDB_% tstore -v -s Test >> regress.out
|
|
%_CDB_% tcopycer -R tmp.store -s Test -aduplicate2 >> regress.out
|
|
%_CDB_% tstore -v -s Test >> regress.out
|
|
%_CDB_% tcopycer -A tmp.store -s Test -aduplicate1 >> regress.out
|
|
%_CDB_% tstore -v -s Test >> regress.out
|
|
|
|
%_CDB_% tstore -P -i0 -s Test >> regress.out
|
|
%_CDB_% tstore -P -i0 -s Test -f0x18000 -E >> regress.out
|
|
%_CDB_% tstore -d -P -i0 -s Test -f0x18000 -E >> regress.out
|
|
%_CDB_% tstore -d -P -i0 -s Test >> regress.out
|
|
|
|
%_CDB_% tstore -P -i0 -s Test -R >> regress.out
|
|
%_CDB_% tstore -P -i0 -s Test -f0x18000 -E -R >> regress.out
|
|
|
|
%_CDB_% tstore -i0 -ptest.cer -s Test >> regress.out
|
|
%_CDB_% tstore test.cer >> regress.out
|
|
%_CDB_% tcrobu file://test.cer cert >> regress.out
|
|
%_CDB_% tcrobu file://test.cer cert -m >> regress.out
|
|
%_CDB_% tstore -i0 -ptest.crl -s Test -R >> regress.out
|
|
%_CDB_% tcrobu file://test.crl crl >> regress.out
|
|
%_CDB_% tcrobu file://test.crl crl -m >> regress.out
|
|
%_CDB_% tstore -d -i0 -s Test -f0x18000 -E >> regress.out
|
|
%_CDB_% tstore -d -i0 -s Test >> regress.out
|
|
%_CDB_% tstore -d -i0 -s Test -f0x18000 -E -R >> regress.out
|
|
%_CDB_% tstore -d -i0 -s Test -R >> regress.out
|
|
%_CDB_% tfindcer -d -s Test duplicate >> regress.out
|
|
%_CDB_% tstore -atest.cer -s Test -f0x18000 -E >> regress.out
|
|
%_CDB_% tstore -atest.cer -s Test >> regress.out
|
|
%_CDB_% tstore -Atest.cer -s Test >> regress.out
|
|
%_CDB_% tstore -atest.crl -s Test -R -f0x18000 -E >> regress.out
|
|
%_CDB_% tstore -atest.crl -s Test -R >> regress.out
|
|
%_CDB_% tstore -Atest.crl -s Test -R >> regress.out
|
|
|
|
%_CDB_% tcopycer tmp.store -s Test -ame >> regress.out
|
|
%_CDB_% tfindcer -s Test -S -q -ame -axchg -pme.cer >> regress.out
|
|
%_CDB_% tfindcer -s Test -S -ame -axchg -v >> regress.out
|
|
%_CDB_% tstore -b -P -s Test >> regress.out
|
|
%_CDB_% tstore -b -Ime.cer -s Test >> regress.out
|
|
%_CDB_% tfindcer -s Test -S -ame -axchg -v >> regress.out
|
|
%_CDB_% tstore -b -Ame.cer -s Test >> regress.out
|
|
%_CDB_% tfindcer -s Test -S -ame -axchg -v >> regress.out
|
|
%_CDB_% tstore -b -P -s Test >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s Test -ame -I >> regress.out
|
|
%_CDB_% tfindcer -s Test -S -ame -axchg -v >> regress.out
|
|
|
|
%_CDB_% tstore3 >> regress.out
|
|
%_CDB_% makecert -eku "2.3.2.3,2.2.2.2" teku.cer >> regress.out
|
|
%_CDB_% teku -fteku.cer >> regress.out
|
|
|
|
@rem check ADD_NEWER
|
|
if exist tmp2.store del tmp2.store
|
|
%_CDB_% tcopycer tmp.store tmp2.store -R >> regress.out
|
|
del tmp2.store
|
|
%_CDB_% tcopycer tmp.store tmp2.store -I >> regress.out
|
|
@rem following commit reverses entries in store
|
|
%_CDB_% tstore -b -C tmp.store >> regress.out
|
|
del tmp2.store
|
|
%_CDB_% tcopycer tmp.store tmp2.store -R >> regress.out
|
|
del tmp2.store
|
|
%_CDB_% tcopycer tmp.store tmp2.store -I >> regress.out
|
|
|
|
@rem check file commits
|
|
@rem -f0x4000 - Open existing
|
|
@rem -f0x2000 - Create new
|
|
if exist tmp.p7c del tmp.p7c
|
|
if exist tmp.spc del tmp.spc
|
|
if exist tmp.str del tmp.str
|
|
%_CDB_% tstore -avsgood.cer -C -f0x2000 tmp.p7c >> regress.out
|
|
%_CDB_% tstore -avsrevoke.cer -CClear -f0x4000 tmp.p7c >> regress.out
|
|
%_CDB_% tstore -b tmp.p7c >> regress.out
|
|
%_CDB_% tstore -avsrevoke.cer -C -f0x4000 tmp.p7c >> regress.out
|
|
%_CDB_% tstore -b tmp.p7c >> regress.out
|
|
%_CDB_% tstore -avsgood.cer -CForce tmp.spc >> regress.out
|
|
%_CDB_% tstore -b tmp.spc >> regress.out
|
|
%_CDB_% tstore -avsgood.cer -C -f0x2000 tmp.str >> regress.out
|
|
%_CDB_% tstore -avsrevoke.cer -CClear -f0x4000 tmp.str >> regress.out
|
|
%_CDB_% tstore -b tmp.str >> regress.out
|
|
%_CDB_% tstore -avsrevoke.cer -C -f0x4000 tmp.str >> regress.out
|
|
%_CDB_% tstore -b tmp.str >> regress.out
|
|
%_CDB_% tstore -i0 -d -C tmp.str >> regress.out
|
|
%_CDB_% tstore -b tmp.str >> regress.out
|
|
%_CDB_% tstore -P -C tmp.p7c >> regress.out
|
|
%_CDB_% tstore -i0 -d -C tmp.p7c >> regress.out
|
|
%_CDB_% tstore -v tmp.p7c >> regress.out
|
|
%_CDB_% tstore -P -C tmp.str >> regress.out
|
|
%_CDB_% tstore -v tmp.str >> regress.out
|
|
|
|
@rem -f0x800 - CERT_STORE_SHARE_FLAG
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tcopycer -A vsgood.cer tmp.store >> regress.out
|
|
%_CDB_% tcopycer -A vsgood.cer tmp.store >> regress.out
|
|
%_CDB_% tcopycer -A vsgood.cer tmp.store >> regress.out
|
|
%_CDB_% tstore tmp.store -S >> regress.out
|
|
%_CDB_% tstore tmp.store -f0x800 >> regress.out
|
|
|
|
%_CDB_% tstore vsgood.cer -PKeyProvParam >> regress.out
|
|
|
|
@if "%p%"=="" goto StoreDone
|
|
%_CDB_% tstore -cSign -v dss512.cer >> regress.out
|
|
%_CDB_% tstore -cSign -v dss768.cer >> regress.out
|
|
%_CDB_% tstore -cSign -v dss1024.cer >> regress.out
|
|
:StoreDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem KEYSTORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="keystore" if not %t%=="all" goto KSDone
|
|
%_CDB_% tprov >> regress.out
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tstore -avsgood.cer -b tmp.store >> regress.out
|
|
%_CDB_% tstore -PKey -E tmp.store >> regress.out
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tstore -adss1024.cer -b tmp.store >> regress.out
|
|
%_CDB_% tstore -PKey -E tmp.store >> regress.out
|
|
if exist tmp.store del tmp.store
|
|
if exist mach.store del mach.store
|
|
@if "%p%"=="" goto ksproviders
|
|
%_CDB_% tstore2 -P tmp.store >> regress.out
|
|
%_CDB_% tstore2 -P -M mach.store >> regress.out
|
|
goto ksafter
|
|
:ksproviders
|
|
%_CDB_% tstore2 tmp.store >> regress.out
|
|
%_CDB_% tstore2 -M mach.store >> regress.out
|
|
:ksafter
|
|
%_CDB_% tfindcer tmp.store -I default -d -q >> regress.out
|
|
%_CDB_% tfindcer mach.store -I default -d -q >> regress.out
|
|
%_CDB_% tstore -PSilentKey mach.store >> regress.out
|
|
%_CDB_% tstore -PKey mach.store >> regress.out
|
|
%_CDB_% tstore -PKey tmp.store >> regress.out
|
|
%_CDB_% tstore -PSilentKey tmp.store >> regress.out
|
|
:KSDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem NEWSTORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="newstore" if not %t%=="all" goto NewStoreDone
|
|
regsvr32 -s textstor.dll
|
|
|
|
@rem CertStore dwFlags definitions
|
|
@rem CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
|
|
@rem CERT_SYSTEM_STORE_LOCAL_MACHINE 0x00020000
|
|
@rem CERT_SYSTEM_STORE_DOMAIN_POLICY 0x00030000
|
|
@rem CERT_SYSTEM_STORE_CURRENT_SERVICE 0x00040000
|
|
@rem CERT_SYSTEM_STORE_SERVICES 0x00050000
|
|
@rem CERT_SYSTEM_STORE_USERS 0x00060000
|
|
@rem CERT_STORE_NO_CRYPT_RELEASE_FLAG 0x00000001
|
|
@rem CERT_STORE_DELETE_FLAG 0x00000010
|
|
@rem CERT_STORE_READONLY_FLAG 0x00008000
|
|
@rem CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
|
|
@rem CERT_STORE_CREATE_NEW_FLAG 0x00002000
|
|
@rem CERT_STORE_MAXIMUM_ALLOWED_FLAG 0x00001000
|
|
@rem PhysicalStore dwFlags definitions
|
|
@rem CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG 0x1
|
|
@rem CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG 0x2
|
|
@rem CERT_PHYSICAL_STORE_REMOTE_OPEN_DISABLE_FLAG 0x4
|
|
@rem CERT_PHYSICAL_STORE_INSERT_COMPUTER_NAME_ENABLE_FLAG 0x8
|
|
@rem Error definitions
|
|
@rem E_INVALID_ARG 0x80070057
|
|
@rem ERROR_FILE_EXISTS 80
|
|
@rem ERROR_FILE_NOT_FOUND 2
|
|
%_CDB_% tsstore unregsys TestCollection >> regress.out
|
|
%_CDB_% tsstore unregsys TestCollection2 >> regress.out
|
|
%_CDB_% tsstore unregsys TestCollection3 >> regress.out
|
|
%_CDB_% tsstore unregsys TestSibling100 >> regress.out
|
|
%_CDB_% tsstore unregsys TestSibling200 >> regress.out
|
|
%_CDB_% tsstore -f0x14000 -e0x80070057 regsys TestCollection >> regress.out
|
|
%_CDB_% tsstore -f0x12000 regsys TestCollection >> regress.out
|
|
%_CDB_% tsstore -f0x12000 -e80 regsys TestCollection >> regress.out
|
|
%_CDB_% tsstore regsys TestCollection >> regress.out
|
|
%_CDB_% tsstore enumphy TestCollection >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection TestSibling100 -pOpenStoreProvider System -pOpenParameters TestSibling100 -pOpenEncodingType 0x00010001 -pOpenFlags 0x10000 -pFlags 0x1 -pPriority 100 >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection TestSibling200 -pOpenStoreProvider TestExt -pOpenParameters TestSibling200 -pOpenFlags 0x10000 -pFlags 0x1 -pPriority 200 >> regress.out
|
|
|
|
tsstore regphy -f0x14000 -e0x80070057 TestCollection TestSibling500 -pOpenStoreProvider System -pOpenParameters TestSibling500 -pPriority 500 >> regress.out
|
|
tsstore regphy -f0x12000 TestCollection TestSibling500 -pOpenStoreProvider System -pOpenParameters TestSibling500 -pPriority 500 >> regress.out
|
|
tsstore regphy -f0x12000 -e80 TestCollection TestSibling500 -pOpenStoreProvider System -pOpenParameters TestSibling500 -pPriority 500 >> regress.out
|
|
|
|
%_CDB_% tsstore regphy TestCollection TestSibling600 -pOpenStoreProvider System -pOpenParameters TestSibling600 -pPriority 600 >> regress.out
|
|
|
|
%_CDB_% tsstore -v enumphy TestCollection >> regress.out
|
|
%_CDB_% tsstore unregphy -f0x14000 TestCollection TestSibling500 >> regress.out
|
|
%_CDB_% tsstore unregphy -f0x14000 -e2 TestCollection TestSibling500 >> regress.out
|
|
%_CDB_% tsstore unregphy TestCollection TestSibling600 >> regress.out
|
|
%_CDB_% tsstore -v enumphy TestCollection >> regress.out
|
|
%_CDB_% tsstore -v -f0x1000 enumphy TestCollection >> regress.out
|
|
|
|
%_CDB_% tstore -s TestCollection -avsgood.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling200 -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling100 -avsrevoke.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -b >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -aMSPub -pmspub.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -aPhilPub -pphilpub.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -ame -axchg -pme.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -amspub.cer >> regress.out
|
|
%_CDB_% tstore -s TestSibling100 -aphilpub.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -b >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection TestSibling300 -pOpenStoreProvider File -pOpenParameters me.cer -pOpenEncodingType 0x00010001 -pOpenFlags 0x8000 -pFlags 0x0 -pPriority 300 >> regress.out
|
|
%_CDB_% tsstore -v enumphy TestCollection >> regress.out
|
|
%_CDB_% tstore -s TestCollection -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling200 -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling100 -b >> regress.out
|
|
%_CDB_% tstore -s TestCollection -Aphilpub.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -Avsrevoke.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling200 -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling100 -b >> regress.out
|
|
|
|
@del test.store >nul
|
|
%_CDB_% tstore %store% -R -i0 -proot.crl >> regress.out
|
|
%_CDB_% tstore %store% -R -i1 -pca.crl >> regress.out
|
|
%_CDB_% tstore %store% -R -i4 -ptest.crl >> regress.out
|
|
%_CDB_% tfindcer %store% -q -ptest.cer TestRecipient >> regress.out
|
|
%_CDB_% tcopycer %store% test.store >> regress.out
|
|
%_CDB_% tfindcer test.store -I -d -q default >> regress.out
|
|
%_CDB_% tfindctl test.store -d -q -LHttp2 >> regress.out
|
|
%_CDB_% tfindctl test.store -d -q -LCtl2 >> regress.out
|
|
%_CDB_% tstore test.store -R -dAll >> regress.out
|
|
%_CDB_% tstore test.store -R -aroot.crl >> regress.out
|
|
%_CDB_% tstore test.store -R -aca.crl >> regress.out
|
|
%_CDB_% tstore test.store -R -atest.crl >> regress.out
|
|
|
|
%_CDB_% tsstore regphy TestCollection2 TestCollection -pOpenStoreProvider System -pOpenParameters TestCollection -pOpenFlags 0x10000 -pFlags 0x1 >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection2 .Default -pOpenStoreProvider System -pOpenParameters TestCollection2 -pOpenFlags 0x10000 -pFlags 0x0 -pPriority 1000 >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection3 TestCollection2 -pOpenStoreProvider System -pOpenParameters TestCollection2 -pOpenFlags 0x10000 -pFlags 0x1 >> regress.out
|
|
%_CDB_% tsstore regphy TestCollection3 .Default -pOpenStoreProvider System -pOpenParameters DontOpen -pOpenFlags 0x0 -pFlags 0x2 -pPriority 2000 >> regress.out
|
|
%_CDB_% tsstore regphy TestSibling200 TestSibling200 -pOpenStoreProvider System -pOpenParameters TestSibling200 -pOpenFlags 0x10000 -pFlags 0x1 >> regress.out
|
|
|
|
%_CDB_% tstore -s TestSibling100 -atest.cer >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -P -b >> regress.out
|
|
%_CDB_% tfindcer -s TestCollection3 -v TestRecipient >> regress.out
|
|
%_CDB_% tcopycer test.store -s TestCollection3 >> regress.out
|
|
%_CDB_% tfindcer -s TestCollection3 -v TestRecipient >> regress.out
|
|
%_CDB_% tfindcer -s TestCollection3 -I -d -q verisign >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -P -b >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -P -d -i1 >> regress.out
|
|
%_CDB_% tstore -s TestSibling200 -b >> regress.out
|
|
%_CDB_% tstore -s TestSibling100 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x12000 TestCollection3 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x1C000 TestCollection3 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x18000 TestCollection2 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x14000 TestCollection -b >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -T >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -R >> regress.out
|
|
%_CDB_% tstore -s TestCollection3 -F -b >> regress.out
|
|
@rem -f0x4 Defer close
|
|
%_CDB_% tstore -s -f0x10004 TestCollection3 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x10010 TestCollection3 >> regress.out
|
|
%_CDB_% tstore -s -f0x14000 TestCollection3 -b >> regress.out
|
|
|
|
%_CDB_% tsstore unregphy TestCollection TestSibling300 >> regress.out
|
|
|
|
@rem #13 is the SYSTEM_REGISTRY_W provider
|
|
%_CDB_% tstore -s prov:#13:TestSibling100 -f0x10000 >> regress.out
|
|
%_CDB_% tstore5 -L -P -b TestSibling100 me.cer prov:testext:TestSibling200 TestSibling200 >> regress.out
|
|
%_CDB_% tstore5 -L -C -P -b TestSibling100 me.cer prov:testext:TestSibling200 TestSibling200 >> regress.out
|
|
|
|
|
|
%_CDB_% tstore -s TestCollection -R -N -dall >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection -T -N -dall >> regress.out
|
|
|
|
%_CDB_% tfindcer -s TestSibling100 -S -d -q PhilPub >> regress.out
|
|
%_CDB_% tstore5 -L test.cer TestSibling100 -v >> regress.out
|
|
%_CDB_% tstore5 -L TestSibling100 test.cer -v >> regress.out
|
|
%_CDB_% tstore5 -L test.cer TestSibling100 -R -v >> regress.out
|
|
%_CDB_% tstore5 -L TestSibling100 test.cer -R -v >> regress.out
|
|
%_CDB_% tstore5 -L test.cer TestSibling100 -A -v >> regress.out
|
|
%_CDB_% tstore5 -C -b me.cer vsgood.cer TestSibling100 prov:testext:TestSibling200 >> regress.out
|
|
%_CDB_% tstore5 -C -b me.cer vsgood.cer prov:testext:TestSibling200 TestSibling100 >> regress.out
|
|
%_CDB_% tstore5 -C -b me.cer vsgood.cer vsrevoke.cer >> regress.out
|
|
|
|
%_CDB_% tstore -s prov:testext:TestCollection -N -dall >> regress.out
|
|
|
|
|
|
%_CDB_% tstore -s prov:testext:TestSibling100 -avsrevoke.cer >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection -Avsrevoke.cer >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestSibling100 -atest.cer >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -P -b >> regress.out
|
|
%_CDB_% tfindcer -s prov:testext:TestCollection2 -v TestRecipient >> regress.out
|
|
%_CDB_% tcopycer test.store -s prov:testext:TestCollection2 >> regress.out
|
|
%_CDB_% tfindcer -s prov:testext:TestCollection2 -v TestRecipient >> regress.out
|
|
%_CDB_% tfindcer -s prov:testext:TestCollection2 -I -d -q verisign >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -P -b >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -P -d -i1 >> regress.out
|
|
%_CDB_% tfindcer -s prov:testext:TestCollection2 -v TestRecipient >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestSibling200 -b >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestSibling100 -b >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -F -b >> regress.out
|
|
@rem -f0x4 Defer close
|
|
%_CDB_% tstore -s -f0x10004 prov:testext:TestCollection2 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x12000 prov:testext:TestCollection2 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x1C000 prov:testext:TestCollection2 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x18000 prov:testext:TestCollection2 -b >> regress.out
|
|
%_CDB_% tstore -s -f0x14000 prov:testext:TestCollection -b >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -T >> regress.out
|
|
%_CDB_% tstore -s prov:testext:TestCollection2 -R >> regress.out
|
|
%_CDB_% tstore -s -f0x10010 prov:testext:TestCollection2 >> regress.out
|
|
%_CDB_% tstore -s -f0x14000 prov:testext:TestCollection2 -b >> regress.out
|
|
|
|
|
|
@rem -f0x800 CERT_STORE_BACKUP_RESTORE_FLAG
|
|
%_CDB_% tsstore enumphy root -f0x800 -v >> regress.out
|
|
%_CDB_% tsstore enumphy root -f0x800 -v -lLocalMachine >> regress.out
|
|
%_CDB_% tsstore enumphy root -f0x800 -v -lLocalMachine >> regress.out
|
|
%_CDB_% tstore -sFile -f0x800 %store% -i0 >> regress.out
|
|
%_CDB_% tstore -s -f0x800 root -i0 >> regress.out
|
|
%_CDB_% tstore -s -f0x800 request -i0 >> regress.out
|
|
|
|
:NewStoreDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem RELSTORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="relstore" if not %t%=="all" goto RelStoreDone
|
|
@rem create a "big" registry Serialized store
|
|
%_CDB_% tcopycer %store% -s lmgp:testgroup -A >> regress.out
|
|
%_CDB_% tcopycer %store% -s lmgp:testgroup -A >> regress.out
|
|
%_CDB_% tcopycer %store% -s lmgp:rel:hklm:testgroup -A >> regress.out
|
|
%_CDB_% tcopycer %store% -s lmgp:rel:hklm:testgroup -A >> regress.out
|
|
@rem should be 4 identical PhilPub certs
|
|
%_CDB_% tfindcer -s lmgp:testgroup -S -aMSPub -b >> regress.out
|
|
%_CDB_% tfindcer -s lmgp:rel:hklm:testgroup -S -aMSPub -b >> regress.out
|
|
|
|
%_CDB_% tstore -s cugp:rel:hkcu:testgroup -dAll >> regress.out
|
|
%_CDB_% tstore -s cugp:rel:hkcu:testgroup -dAll -T >> regress.out
|
|
%_CDB_% tstore -s cugp:rel:hkcu:testgroup -dAll -R >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -dAll >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -dAll -T >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -dAll -R >> regress.out
|
|
%_CDB_% tstore -s cu:phy:testgroup\.default -dAll >> regress.out
|
|
%_CDB_% tstore -s cu:phy:testgroup\.default -dAll -T >> regress.out
|
|
%_CDB_% tstore -s cu:phy:testgroup\.default -dAll -R >> regress.out
|
|
%_CDB_% tstore -s lm:phy:testgroup\.default -dAll >> regress.out
|
|
%_CDB_% tstore -s lm:phy:testgroup\.default -dAll -T >> regress.out
|
|
%_CDB_% tstore -s lm:phy:testgroup\.default -dAll -R >> regress.out
|
|
%_CDB_% tstore -s testgroup -b >> regress.out
|
|
%_CDB_% tstore -s testgroup -b -T >> regress.out
|
|
%_CDB_% tstore -s testgroup -b -R >> regress.out
|
|
|
|
%_CDB_% tsstore -RNULL -lLMGP enumsys -e0x80070057 >> regress.out
|
|
%_CDB_% tsstore -RHKLM -lLMGP -v enumsys >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCUGP unregsys TestGroup2 >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCUGP regsys TestGroup2 >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCUGP -v enumsys >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCurrentUser enumphy TestCollection -v >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCurrentUser enumphy TestCollection2 >> regress.out
|
|
%_CDB_% tsstore -RHKCU -lCurrentUser enumphy TestSibling200 -v >> regress.out
|
|
|
|
%_CDB_% tcopycer test.store -s cugp:rel:hkcu:testgroup >> regress.out
|
|
%_CDB_% tstore -s cugp:rel:hkcu:testgroup -b >> regress.out
|
|
%_CDB_% tstore -s cugp:relsys:hkcu:testgroup -b -T >> regress.out
|
|
%_CDB_% tstore -s cugp:relphy:hkcu:testgroup\.Default -b -R >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -aphilpub.cer >> regress.out
|
|
%_CDB_% tstore -s testgroup -b >> regress.out
|
|
%_CDB_% tstore -s testgroup -b -T >> regress.out
|
|
%_CDB_% tstore -s testgroup -b -R >> regress.out
|
|
%_CDB_% tstore -s cu:relphy:hkcu:testgroup\.GroupPolicy -b >> regress.out
|
|
%_CDB_% tstore -s cu:relphy:hkcu:testgroup\.Default -b >> regress.out
|
|
%_CDB_% tstore -s lm:rel:hklm:testgroup -b >> regress.out
|
|
%_CDB_% tstore -s cu:relphy:hkcu:testgroup\.GroupPolicy -b -T >> regress.out
|
|
%_CDB_% tstore -s lm:rel:hklm:testgroup -b -T >> regress.out
|
|
%_CDB_% tstore -s cu:relphy:hkcu:testgroup\.GroupPolicy -b -R >> regress.out
|
|
%_CDB_% tstore -s lm:rel:hklm:testgroup -b -R >> regress.out
|
|
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -b >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -ame.cer -CClear >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -b >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -Ame.cer -C -N >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -v >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -P >> regress.out
|
|
%_CDB_% tstore -s lmgp:rel:hklm:testgroup -v >> regress.out
|
|
:RelStoreDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem REMOTESTORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="remotestore" if not %t%=="all" goto RemoteStoreDone
|
|
@if "%LocalComputerName%"=="" goto RemoteStoreDone
|
|
@if "%CurrentUserSID%"=="" goto RemoteStoreDone
|
|
set LCN=%LocalComputerName%
|
|
set SID=%CurrentUserSID%
|
|
|
|
%_CDB_% tsstore unregsys -lLocalMachine %LCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lLocalMachine MacSib0 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lLocalMachine %LCN%\MacSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lLocalMachine MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lCurrentService SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %SID%\SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %LCN%\%SID%\SerSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lCurrentService SerSib3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lCurrentService SerSib4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lUsers %SID%\UseCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lCurrentUser UseSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lUsers %LCN%\%SID%\UseSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lUsers %SID%\UseSib3 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x4000 -e0x80070057 %LCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x2000 %LCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x2000 -e80 %LCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine %LCN%\MacSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lCurrentService SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lServices %SID%\SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lServices %LCN%\%SID%\SerSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lUsers %SID%\UseCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lCurrentUser UseSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lUsers %LCN%\%SID%\UseSib2 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -P%LCN% >> regress.out
|
|
%SLEEP0%
|
|
|
|
@rem CERT_STORE_PROV_SYSTEM_A ((LPCSTR) 9)
|
|
@rem CERT_STORE_PROV_SYSTEM_W ((LPCSTR) 10)
|
|
@rem CERT_STORE_PROV_SYSTEM_REGISTRY_A ((LPCSTR) 12)
|
|
@rem CERT_STORE_PROV_SYSTEM_REGISTRY_W ((LPCSTR) 13)
|
|
@rem CERT_STORE_PROV_PHYSICAL_W ((LPCSTR) 14)
|
|
|
|
@rem PhysicalStore dwFlags definitions
|
|
@rem CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG 0x1
|
|
@rem CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG 0x2
|
|
@rem CERT_PHYSICAL_STORE_REMOTE_OPEN_DISABLE_FLAG 0x4
|
|
@rem CERT_PHYSICAL_STORE_INSERT_COMPUTER_NAME_ENABLE_FLAG 0x8
|
|
|
|
%_CDB_% tsstore -lLocalMachine regphy %LCN%\MacCol MacSib1 -pOpenStoreProvider System -pOpenParameters %LCN%\MacSib1 -pOpenFlags 0x20000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine regphy %LCN%\MacCol MacSib2 -pOpenStoreProvider #9 -pOpenParameters MacSib2 -pOpenFlags 0x20000 -pFlags 0x1 -pPriority 2 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine regphy MacCol ServiceStuff -pOpenStoreProvider System -pOpenParameters %SID%\SerSib4 -pOpenFlags 0x58000 -pFlags 0x0 -pPriority 4 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lServices regphy %LCN%\%SID%\SerCol SerSib1 -pOpenStoreProvider #12 -pOpenParameters %LCN%\%SID%\SerSib1 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService regphy SerCol SerSib2 -pOpenStoreProvider #10 -pOpenParameters SerSib2 -pOpenFlags 0x40000 -pFlags 0x1 -pPriority 2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %LCN%\%SID%\SerCol SerSib3 -pOpenStoreProvider Physical -pOpenParameters %LCN%\%SID%\SerSib3\SerSib3 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %SID%\SerCol SerSib4 -pOpenStoreProvider Physical -pOpenParameters %SID%\SerSib4\.Default -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService regphy SerCol LocalMachineStuff -pOpenStoreProvider System -pOpenParameters MacSib0 -pOpenFlags 0x28000 -pFlags 0x0 -pPriority 0 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lCurrentService regphy SerSib1 SerSib1 -pOpenStoreProvider #9 -pOpenParameters %LCN%\%SID%\SerSib1 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService regphy SerSib2 SerSib2 -pOpenStoreProvider System -pOpenParameters %SID%\SerSib2 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService regphy SerSib3 SerSib3 -pOpenStoreProvider SystemRegistry -pOpenParameters SerSib3 -pOpenFlags 0x40000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService regphy SerSib4 SerSib4 -pOpenStoreProvider Physical -pOpenParameters SerSib4\.Default -pOpenFlags 0x40000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lUsers regphy %LCN%\%SID%\UseCol UseSib1 -pOpenStoreProvider System -pOpenParameters %LCN%\%SID%\UseSib1 -pOpenFlags 0x60000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser regphy UseCol UseSib2 -pOpenStoreProvider System -pOpenParameters UseSib2 -pOpenFlags 0x10000 -pFlags 0x1 -pPriority 2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers regphy %LCN%\%SID%\UseCol UseSib3 -pOpenStoreProvider Physical -pOpenParameters %SID%\UseSib3\.Default -pOpenFlags 0x60000 -pFlags 0x5 -pPriority 3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser regphy UseCol LocalMachineStuff -pOpenStoreProvider System -pOpenParameters %LCN%\MacSib0 -pOpenFlags 0x20000 -pFlags 0x1 -pPriority 0 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser regphy UseCol ServiceStuff -pOpenStoreProvider System -pOpenParameters SerSib3 -pOpenFlags 0x48000 -pFlags 0x0 -pPriority 3 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lCurrentUser regphy UseSib1 UseSib1 -pOpenStoreProvider #9 -pOpenParameters %LCN%\%SID%\UseSib1 -pOpenFlags 0x60000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser regphy UseSib2 UseSib2 -pOpenStoreProvider System -pOpenParameters %SID%\UseSib2 -pOpenFlags 0x60000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -P%LCN% >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -P%LCN% -v >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lCurrentService enumphy SerCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %SID%\SerCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %LCN%\%SID%\SerCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService enumphy SerSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %SID%\SerSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %LCN%\%SID%\SerSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService enumphy SerSib2 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %SID%\SerSib2 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService enumphy SerSib3 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %LCN%\%SID%\SerSib3 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentService enumphy SerSib4 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices enumphy %SID%\SerSib4 -v >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lCurrentUser enumphy UseCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers enumphy %SID%\UseCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers enumphy %LCN%\%SID%\UseCol -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser enumphy UseSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers enumphy %SID%\UseSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers enumphy %LCN%\%SID%\UseSib1 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lCurrentUser enumphy UseSib2 -v >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lUsers enumphy %SID%\UseSib2 -v >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tfindcer %store% -S -q -aMSPub -pmspub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tfindcer %store% -S -q -aPhilPub -pphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tfindcer %store% -S -q -ame -axchg -pme.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tfindcer %store% -S -q -akevin -asign -pkevin.cer >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s LocalMachine:%LCN%\MacCol -amspub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%LCN%\MacSib1 -aphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:PHY:%LCN%\MacCol\MacSib1 -ame.cer >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s Services:PHY:%LCN%\%SID%\SerCol\SerSib1 -amspub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:PHY:%SID%\SerCol\SerSib2 -aphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:PHY:SerCol\SerSib3 -ame.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerCol -avsgood.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%LCN%\%SID%\SerCol -avsrevoke.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Users:%LCN%\%SID%\UseCol -amspub.cer >> regress.out
|
|
%_CDB_% tstore -b -s Users:%SID%\UseCol -aphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Users:PHY:%LCN%\%SID%\UseCol\UseSib1 -avsgood.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentUser:PHY:UseCol\LocalMachineStuff -akevin.cer >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s LocalMachine:MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%LCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%LCN%\MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:MacSib0 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s Services:%SID%\SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%LCN%\%SID%\SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerSib4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerSib3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentService:SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s Users:%SID%\UseCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Users:%LCN%\%SID%\UseCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentUser:UseCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentUser:UseSib3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentUser:UseSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s CurrentUser:UseSib1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
@if "%RemoteComputerName%"=="" goto RemoteStoreDone
|
|
set RCN=%RemoteComputerName%
|
|
|
|
%_CDB_% tsstore unregsys -lLocalMachine %RCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lLocalMachine %RCN%\MacSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lLocalMachine %RCN%\MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerSib3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerSib4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore unregsys -lServices %RCN%\Remote\SerSib5 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x4000 -e0x80070057 %RCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x2000 %RCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine -f0x2000 -e80 %RCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lLocalMachine %RCN%\MacSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lServices %RCN%\Remote\SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore regsys -lServices %RCN%\Remote\SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine -P%RCN% enumsys >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices -P%RCN% enumsys >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine regphy %RCN%\MacCol MacSib1 -pOpenStoreProvider System -pOpenParameters %RCN%\MacSib1 -pOpenFlags 0x20000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine regphy %RCN%\MacCol MacSib2 -pOpenStoreProvider #9 -pOpenParameters MacSib2 -pOpenFlags 0x20000 -pFlags 0x1 -pPriority 2 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerCol SerSib1 -pOpenStoreProvider #12 -pOpenParameters %RCN%\Remote\SerSib1 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerCol SerSib2 -pOpenStoreProvider #10 -pOpenParameters SerSib2 -pOpenFlags 0x40000 -pFlags 0x1 -pPriority 2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerCol SerSib3 -pOpenStoreProvider Physical -pOpenParameters Remote\SerSib3\SerSib3 -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerCol SerSib4 -pOpenStoreProvider Physical -pOpenParameters %RCN%\Remote\SerSib4\.Default -pOpenFlags 0x50000 -pFlags 0x1 -pPriority 4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerCol SerSib5 -pOpenStoreProvider System -pOpenParameters SerSib5 -pOpenFlags 0x40000 -pFlags 0x5 -pPriority 5 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices regphy %RCN%\Remote\SerSib3 SerSib3 -pOpenStoreProvider System -pOpenParameters SerSib3 -pOpenFlags 0x40000 -pFlags 0x1 -pPriority 1 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tsstore -lLocalMachine -P%RCN% enumsys >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices -P%RCN% enumsys >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lLocalMachine -P%RCN% -v enumsys >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tsstore -lServices -P%RCN% -v enumsys >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s LocalMachine:%RCN%\MacCol -amspub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%RCN%\MacSib1 -aphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:PHY:%RCN%\MacCol\MacSib1 -ame.cer >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s Services:PHY:%RCN%\Remote\SerCol\SerSib1 -amspub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib2 -aphilpub.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:PHY:%RCN%\Remote\SerCol\SerSib3 -ame.cer >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerCol -avsgood.cer >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s LocalMachine:%RCN%\MacCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%RCN%\MacSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s LocalMachine:%RCN%\MacSib2 >> regress.out
|
|
%SLEEP0%
|
|
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerCol >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib1 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib2 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib3 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib4 >> regress.out
|
|
%SLEEP0%
|
|
%_CDB_% tstore -b -s Services:%RCN%\Remote\SerSib5 >> regress.out
|
|
%SLEEP0%
|
|
|
|
|
|
:RemoteStoreDone
|
|
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem AVSTORE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="avstore" if not %t%=="all" goto AVStoreDone
|
|
%_CDB_% tstore -s reg:wow2 -avsgood.cer >> regress.out
|
|
%_CDB_% tstore -7 avstore.p7b -avsgood.cer >> regress.out
|
|
%_CDB_% tstore avstore.sst -avsgood.cer >> regress.out
|
|
|
|
|
|
@rem CERT_STORE_PROV_MSG with NULL paramter
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #1 AV_MsgNull .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_MsgNull >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_MsgNull >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_FILE with NULL parameter
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #3 AV_FileNull .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_FileNull >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_FileNull >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_REG with NULL parameter
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #4 AV_RegNull .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_RegNull >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_RegNull >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_PKCS7 with NULL parameter
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #5 AV_Pkcs7Null .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_Pkcs7Null >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_Pkcs7Null >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_SERIALIZED with NULL parameter
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #6 AV_SerializedNull .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SerializedNull >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SerializedNull >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_MEMORY is allowed
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #2 Good_Memory .Default >> regress.out
|
|
%_CDB_% tstore -b -s Good_Memory >> regress.out
|
|
%_CDB_% tsstore UnregSys Good_Memory >> regress.out
|
|
|
|
@rem CERT_STORE_PROV_COLLECTION is allowed
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #11 Good_Collection .Default >> regress.out
|
|
%_CDB_% tstore -b -s Good_Collection >> regress.out
|
|
%_CDB_% tsstore UnregSys Good_Collection >> regress.out
|
|
|
|
@rem Filename (Serialized store) is allowed
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider File -pOpenParameters avstore.sst Good_Filename .Default >> regress.out
|
|
%_CDB_% tstore -b -s Good_Filename >> regress.out
|
|
|
|
@rem Filename (PKCS7) is allowed
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider File -pOpenParameters avstore.p7b Good_Filename .Default >> regress.out
|
|
%_CDB_% tstore -b -s Good_Filename >> regress.out
|
|
%_CDB_% tsstore UnregSys Good_Filename >> regress.out
|
|
|
|
@rem SmartCard not allowed
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider SmartCard AV_SmartCard .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SmartCard >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SmartCard >> regress.out
|
|
|
|
|
|
@rem following flags not allowed:
|
|
@rem #define CERT_STORE_NO_CRYPT_RELEASE_FLAG 0x00000001
|
|
@rem #define CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG 0x00000004
|
|
@rem #define CERT_STORE_DELETE_FLAG 0x00000010
|
|
@rem #define CERT_STORE_SHARE_STORE_FLAG 0x00000040
|
|
@rem #define CERT_STORE_SHARE_CONTEXT_FLAG 0x00000080
|
|
@rem #define CERT_STORE_MANIFOLD_FLAG 0x00000100
|
|
@rem #define CERT_STORE_BACKUP_RESTORE_FLAG 0x00000800
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Memory -pOpenFlags 0x00001 Bad_OpenFlags .Default >> regress.out
|
|
%_CDB_% tstore -b -s Bad_OpenFlags >> regress.out
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Memory -pOpenFlags 0x00010 Bad_OpenFlags .Default >> regress.out
|
|
%_CDB_% tstore -b -s Bad_OpenFlags >> regress.out
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Memory -pOpenFlags 0x000c0 Bad_OpenFlags .Default >> regress.out
|
|
%_CDB_% tstore -b -s Bad_OpenFlags >> regress.out
|
|
%_CDB_% tsstore UnregSys Bad_OpenFlags >> regress.out
|
|
|
|
@rem following flags are allowed:
|
|
@rem #define CERT_STORE_SET_LOCALIZED_NAME_FLAG 0x00000002
|
|
@rem #define CERT_STORE_UNSAFE_PHYSICAL_FLAG 0x00000020
|
|
@rem #define CERT_STORE_ENUM_ARCHIVED_FLAG 0x00000200
|
|
@rem #define CERT_STORE_UPDATE_KEYID_FLAG 0x00000400
|
|
@rem #define CERT_STORE_READONLY_FLAG 0x00008000
|
|
@rem #define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
|
|
@rem #define CERT_STORE_CREATE_NEW_FLAG 0x00002000
|
|
@rem #define CERT_STORE_MAXIMUM_ALLOWED_FLAG 0x00001000
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Memory -pOpenFlags 0x0000F622 Good_OpenFlags .Default >> regress.out
|
|
%_CDB_% tstore -b -s Good_OpenFlags >> regress.out
|
|
%_CDB_% tsstore UnregSys Good_OpenFlags >> regress.out
|
|
|
|
|
|
@rem set the relocate parameter for SystemRegistry
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider SystemRegistry -pOpenParameters wow2 -pOpenFlags 0x80010000 AV_SystemRegistryRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRegistryRelocate >> regress.out
|
|
@rem remove the relocate flag
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider SystemRegistry -pOpenParameters wow2 -pOpenFlags 0x00010000 AV_SystemRegistryRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRegistryRelocate >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SystemRegistryRelocate >> regress.out
|
|
|
|
@rem set the relocate parameter for SystemRegistryA
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #12 -pOpenParameters wow2 -pOpenFlags 0x80010000 AV_SystemRegistryRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRegistryRelocate >> regress.out
|
|
@rem remove the relocate flag
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #12 -pOpenParameters wow2 -pOpenFlags 0x00010000 AV_SystemRegistryRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRegistryRelocate >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SystemRegistryRelocate >> regress.out
|
|
|
|
@rem set the relocate parameter for System
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider System -pOpenParameters wow2 -pOpenFlags 0x80010000 AV_SystemRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRelocate >> regress.out
|
|
@rem remove the relocate flag
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider System -pOpenParameters wow2 -pOpenFlags 0x00010000 AV_SystemRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRelocate >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SystemRelocate >> regress.out
|
|
|
|
@rem set the relocate parameter for SystemA
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #9 -pOpenParameters wow2 -pOpenFlags 0x80010000 AV_SystemRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRelocate >> regress.out
|
|
@rem remove the relocate flag
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider #9 -pOpenParameters wow2 -pOpenFlags 0x00010000 AV_SystemRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_SystemRelocate >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_SystemRelocate >> regress.out
|
|
|
|
@rem set the relocate parameter for Physical
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Physical -pOpenParameters wow2\.Default -pOpenFlags 0x80010000 AV_PhysicalRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_PhysicalRelocate >> regress.out
|
|
@rem remove the relocate flag
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Physical -pOpenParameters wow2\.Default -pOpenFlags 0x00010000 AV_PhysicalRelocate .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_PhysicalRelocate >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_PhysicalRelocate >> regress.out
|
|
|
|
@rem #define CERT_LDAP_STORE_OPENED_FLAG 0x40000
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Ldap -pOpenParameters "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -pOpenFlags 0x48000 AV_LdapOpened .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_LdapOpened >> regress.out
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Ldap -pOpenFlags 0x48000 AV_LdapOpened .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_LdapOpened >> regress.out
|
|
|
|
@rem without OPENED should be OK
|
|
%_CDB_% tsstore RegPhy -pOpenStoreProvider Ldap -pOpenParameters "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -pOpenFlags 0x8000 AV_LdapOpened .Default >> regress.out
|
|
%_CDB_% tstore -b -s AV_LdapOpened >> regress.out
|
|
%_CDB_% tsstore UnregSys AV_LdapOpened >> regress.out
|
|
:AVStoreDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem CTL
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="ctl" if not %t%=="all" goto CtlDone
|
|
@rem %_CDB_% regsvr32 -s msctl.dll
|
|
|
|
@rem find certs according to EnhancedKeyUsage extension and property
|
|
|
|
@rem dwFindFlag definitions
|
|
@rem CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG 0x1
|
|
@rem CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG 0x2
|
|
@rem CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG 0x4
|
|
@rem CERT_FIND_NO_ENHKEY_USAGE_FLAG 0x8
|
|
@rem CERT_FIND_OR_ENHKEY_USAGE_FLAG 0x10
|
|
@rem CERT_FIND_VALID_ENHKEY_USAGE_FLAG 0x20
|
|
|
|
%_CDB_% tfindcer %store% -U >> regress.out
|
|
%_CDB_% tfindcer %store% -U -F2 >> regress.out
|
|
%_CDB_% tfindcer %store% -U -F4 >> regress.out
|
|
%_CDB_% tfindcer %store% -U -F8 >> regress.out
|
|
|
|
@rem none should be found for the following
|
|
%_CDB_% tfindcer %store% -U -F6 >> regress.out
|
|
|
|
%_CDB_% tfindcer %store% -U1.2.3.0 -U1.2.3.1 -U1.2.3.2 -U1.2.3.2.1 >> regress.out
|
|
@rem none should be found for the following
|
|
%_CDB_% tfindcer %store% -U1.2.3.0.0 >> regress.out
|
|
|
|
%_CDB_% tfindcer %store% -U1.2.3.0 >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.3.0 -F1 >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.3.1 >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.3.2 -U1.2.3.2.1 >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.3.2 >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.3.2.1 >> regress.out
|
|
|
|
@rem only all ext
|
|
%_CDB_% tfindcer %store% -U1.2.3.2 -U1.2.3.2.1 -U1.2.3.1 -b >> regress.out
|
|
@rem "OR" of all usages
|
|
%_CDB_% tfindcer %store% -U1.2.3.2 -U1.2.3.2.1 -U1.2.3.1 -F0x10 -b >> regress.out
|
|
%_CDB_% tfindcer %store% -U1.2.8 -U1.2.3.2 -U1.2.3.2.1 -U1.2.3.1 -U1.2.10 -F0x10 -b >> regress.out
|
|
@rem none should be found for following
|
|
%_CDB_% tfindcer %store% -U1.2.8 -U1.2.10 -F0x10 -b >> regress.out
|
|
|
|
if exist tmp.store del tmp.store
|
|
copy %store% tmp.store >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2 -F0x8 -d -q >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2 -U1.2.3.2.1 -F0x20 -b >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2.1 -U1.2.3.2 -F0x20 -b >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2.1 -U1.2.3.2.1 -U1.2.3.2 -U1.2.3.2 -U1.2.3.2.1 -F0x20 -b >> regress.out
|
|
@rem "OR" of all usages
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2 -U1.2.3.2.1 -F0x30 -b >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.8 -U1.2.3.2 -U1.2.3.2.1 -U1.2.3.1 -U1.2.10 -F0x30 -b >> regress.out
|
|
@rem none should be found for following 3 tests
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2 -U1.2.3.2.1 -U1.2.3.1 -F0x20 -b >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.8 -U1.2.10 -F0x30 -b >> regress.out
|
|
%_CDB_% tfindcer tmp.store -U1.2.3.2 -U1.2.10 -F0x20 -b >> regress.out
|
|
|
|
|
|
@rem get signer and subject certs
|
|
%_CDB_% tfindcer %store% -S -q -aCtl1 -pctl1.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -aCtl2 -pctl2.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -a"all ext" -pallext.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -aMSPub -pmspub.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -aPhilPub -pphilpub.cer >> regress.out
|
|
|
|
%_CDB_% tstore -T %store% >> regress.out
|
|
%_CDB_% tstore -T -c %store% >> regress.out
|
|
%_CDB_% tstore -T -v %store% >> regress.out
|
|
|
|
@rem find CTLs according to Usage, ListIdentifier
|
|
%_CDB_% tfindctl %store% -U1.2.3.0 >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.0 -L -I >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.0 -fTimeValid >> regress.out
|
|
|
|
@rem none should be found for the following
|
|
%_CDB_% tfindctl %store% -U1.2.3.0 -fTimeInvalid >> regress.out
|
|
|
|
@rem none should be found for the following
|
|
%_CDB_% tfindctl %store% -U1.2.3.0 -Ictl1.cer >> regress.out
|
|
|
|
%_CDB_% tfindctl %store% -Ictl1.cer -b >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2.1 -U1.2.3.2 -b >> regress.out
|
|
%_CDB_% tfindctl %store% -LCtl2 -b >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -Ictl2.cer -b >> regress.out
|
|
|
|
%_CDB_% tfindctl %store% -U1.2.3.2.1 -U1.2.3.2 -b -fSameUsage >> regress.out
|
|
@rem none should be found for the following 2 finds
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -b -fSameUsage >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2.1 -b -fSameUsage >> regress.out
|
|
|
|
@rem find Subjects
|
|
%_CDB_% tfindctl %store% -Smspub.cer -fTimeValid >> regress.out
|
|
%_CDB_% tfindctl %store% -Smspub.cer -fTimeValid -A >> regress.out
|
|
%_CDB_% tfindctl %store% -Sphilpub.cer -fTimeValid >> regress.out
|
|
%_CDB_% tfindctl %store% -Sallext.cer -fTimeValid >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -Ictl2.cer -Sallext.cer -fTimeValid -fSameUsage >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -Ictl2.cer -Sallext.cer -fTimeValid -fSameUsage -A >> regress.out
|
|
|
|
@rem none should be found for the following
|
|
%_CDB_% tfindctl %store% -Sctl1.cer -fTimeValid >> regress.out
|
|
|
|
@rem get store without any time invalid or http CTLs
|
|
if exist ctl.store del ctl.store >> regress.out
|
|
%_CDB_% tcopycer %store% ctl.store -A >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -fTimeInvalid -q >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -LHttp2 -q >> regress.out
|
|
%_CDB_% tstore -b -T ctl.store >> regress.out
|
|
|
|
@rem clean out Trust store
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.0 -q >> regress.out
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.1 -q >> regress.out
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.2 -q >> regress.out
|
|
%_CDB_% tstore -b -T -s Trust >> regress.out
|
|
|
|
if exist file1.ctl del file1.ctl >> regress.out
|
|
if exist file2.ctl del file2.ctl >> regress.out
|
|
|
|
@rem expected error definitions
|
|
@rem CRYPT_E_NO_VERIFY_USAGE_DLL 0x80092027L
|
|
@rem CRYPT_E_NO_VERIFY_USAGE_CHECK 0x80092028L
|
|
@rem CRYPT_E_VERIFY_USAGE_OFFLINE 0x80092029L
|
|
@rem CRYPT_E_NOT_IN_CTL 0x8009202AL
|
|
@rem CRYPT_E_NO_TRUSTED_SIGNER 0x8009202BL
|
|
|
|
@rem flag definitions
|
|
@rem CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG 0x1
|
|
@rem CERT_VERIFY_TRUSTED_SIGNERS_FLAG 0x2
|
|
@rem CERT_VERIFY_NO_TIME_CHECK_FLAG 0x4
|
|
@rem CERT_VERIFY_ALLOW_MORE_USAGE_FLAG 0x8
|
|
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2.1 -U1.2.3.2 philpub.cer -A -cctl.store >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 philpub.cer -A -cctl.store -e0x80092028 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 philpub.cer -cctl.store -f8 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2.1 philpub.cer -A -cctl.store -f8 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 -LCtl2 philpub.cer -cctl.store >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2.8 philpub.cer -cctl.store -e0x80092028 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2.8 philpub.cer -cctl.store -cctl.store -c%store% -e0x80092028 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 mspub.cer -cctl.store -e0x8009202a >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.1 -cctl.store allext.cer >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.0 -cctl.store allext.cer -e0x8009202b >> regress.out
|
|
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -cctl.store -sctl.store -f2 allext.cer >> regress.out
|
|
%_CDB_% tstore ctl.store -dAll >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -cctl.store -sctl.store -sctl.store -f2 -e0x8009202b allext.cer >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -cctl.store -cctl.store -sctl.store -s%store% -f2 allext.cer >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 -LCtl2 -cctl.store -sctl.store -sctl.store -s%store% allext.cer >> regress.out
|
|
|
|
|
|
@rem get store without any time valid or http CTLs
|
|
if exist ctl.store del ctl.store >> regress.out
|
|
%_CDB_% tcopycer %store% ctl.store -A >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -fTimeValid -q >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -LHttp2 -q >> regress.out
|
|
%_CDB_% tstore -b -T ctl.store >> regress.out
|
|
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -e0x80092029 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -f4 >> regress.out
|
|
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -LCtl2 -fTimeInvalid -pfile2.ctl -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -e0x80092029 >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -LCtl2 -fTimeValid -pfile1.ctl -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store >> regress.out
|
|
|
|
@rem only look in default CTL stores (Trust)
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -e0x80092028 >> regress.out
|
|
%_CDB_% tstore -T -afile2.ctl -s Trust -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer philpub.cer -b >> regress.out
|
|
@rem its property should not have been updated
|
|
%_CDB_% tstore -T -s Trust -v >> regress.out
|
|
|
|
%_CDB_% tstore -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tstore -R -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tstore -T -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -e0x80092028 >> regress.out
|
|
|
|
@rem update TestTrust with only time invalid CTLs.
|
|
%_CDB_% tcopycer %store% -s TestTrust -A >> regress.out
|
|
%_CDB_% tfindctl -s TestTrust -d -fTimeValid -q >> regress.out
|
|
%_CDB_% tfindctl -s TestTrust -d -LHttp2 -q >> regress.out
|
|
%_CDB_% tstore -b -T -s TestTrust >> regress.out
|
|
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -f1 -b >> regress.out
|
|
%_CDB_% tstore -T -s TestTrust -v >> regress.out
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -b >> regress.out
|
|
@rem its property should have also been updated
|
|
%_CDB_% tstore -T -s TestTrust -v >> regress.out
|
|
|
|
@rem only do the following if network tests are enabled
|
|
@if "%n%"=="" goto CtlDone
|
|
@rem
|
|
@rem HTTP tests
|
|
|
|
@rem clean out Trust store
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.0 -q >> regress.out
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.1 -q >> regress.out
|
|
%_CDB_% tfindctl -s Trust -d -U1.2.3.2 -q >> regress.out
|
|
%_CDB_% tstore -b -T -s Trust >> regress.out
|
|
|
|
if exist file1.ctl del file1.ctl >> regress.out
|
|
if exist file2.ctl del file2.ctl >> regress.out
|
|
if exist \\timestamp\ctltest\http1.ctl del \\timestamp\ctltest\http1.ctl >> regress.out
|
|
if exist \\timestamp\ctltest\http2.ctl del \\timestamp\ctltest\http2.ctl >> regress.out
|
|
|
|
@rem flush URL caches
|
|
%_CDB_% turlcache -d http://timestamp/ctltest/http1.ctl >> regress.out
|
|
%_CDB_% turlcache -d http://timestamp/ctltest/http2.ctl >> regress.out
|
|
|
|
@rem get store with only time invalid http ctls
|
|
if exist ctl.store del ctl.store >> regress.out
|
|
%_CDB_% tcopycer %store% ctl.store -A >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -fTimeValid -q >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -LCtl1 -q >> regress.out
|
|
%_CDB_% tfindctl ctl.store -d -LCtl2 -q >> regress.out
|
|
%_CDB_% tstore -b -T ctl.store >> regress.out
|
|
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -e0x80092029 >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -f4 >> regress.out
|
|
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -U1.2.3.2.1 -LHttp2 -fTimeInvalid -p\\timestamp\ctltest\http1.ctl -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store -e0x80092029 >> regress.out
|
|
%_CDB_% tfindctl %store% -U1.2.3.2 -U1.2.3.2.1 -LHttp2 -fTimeValid -p\\timestamp\ctltest\http2.ctl -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer -cctl.store >> regress.out
|
|
|
|
@rem only look in default CTL stores (Trust)
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -e0x80092028 >> regress.out
|
|
%_CDB_% tstore -T -a\\timestamp\ctltest\http2.ctl -s Trust -b >> regress.out
|
|
%_CDB_% tctlfunc -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer philpub.cer -b >> regress.out
|
|
%_CDB_% tstore -T -s Trust -v >> regress.out
|
|
|
|
%_CDB_% tstore -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tstore -R -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tstore -T -s TestTrust -dAll >> regress.out
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -e0x80092028 >> regress.out
|
|
|
|
@rem update TestTrust with only time invalid http ctls
|
|
%_CDB_% tcopycer %store% -s TestTrust -A >> regress.out
|
|
%_CDB_% tfindctl -s TestTrust -d -fTimeValid -q >> regress.out
|
|
%_CDB_% tfindctl -s TestTrust -d -LCtl2 -q >> regress.out
|
|
%_CDB_% tfindctl -s TestTrust -d -U1.2.3.1 -q >> regress.out
|
|
%_CDB_% tstore -b -T -s TestTrust >> regress.out
|
|
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -f1 -b >> regress.out
|
|
@rem TestTrust still has time invalid ctl
|
|
%_CDB_% tstore -T -s TestTrust -b >> regress.out
|
|
%_CDB_% tctlfunc -CTestTrust -U1.2.3.2 -U1.2.3.2.1 philpub.cer allext.cer -b >> regress.out
|
|
%_CDB_% tstore -T -s TestTrust -b >> regress.out
|
|
:CtlDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem SPC
|
|
@rem ----------------------------------------------------------------
|
|
|
|
@if not %t%=="spc" if not %t%=="all" goto SpcDone
|
|
@copy torgpe.exe testpe.exe >nul
|
|
@copy torg.cla animator.class >nul
|
|
@copy torg2.cab test2.cab >nul
|
|
|
|
@del test.spc >nul
|
|
@del test.cer >nul
|
|
%_CDB_% makecert -sv test.pvk -n "CN=regress;C=US;O=Microsoft;T=Mr Regress" -l "http://www.microsoft.com" test.cer >> regress.out
|
|
%_CDB_% cert2spc test.cer rooto.cer test.spc >> regress.out
|
|
@rem the following reports an erroneous memory leak for a redir allocation
|
|
@rem %_CDB_% signcode -spc test.spc -v test.pvk -n "Regress Program" testpe.exe >> regress.out
|
|
@rem %_CDB_% gentest2 -t -u testpe.exe >> regress.out
|
|
%_CDB_% pesigmgr -l testpe.exe >> regress.out
|
|
:SpcDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem DIGSIG (digsig.dll wouldn't be included in NT 5.0)
|
|
@rem ----------------------------------------------------------------
|
|
@rem @if not %t%=="digsig" if not %t%=="all" goto DigsigDone
|
|
@rem %_CDB_% digtest -v >> regress.out
|
|
@rem :DigsigDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem TIMESTAMP
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="timestamp" if not %t%=="all" goto TimeStampDone
|
|
%_CDB_% tsca xxx timestamp >> regress.out
|
|
:TimeStampDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem XENROLL
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="xenroll" if not %t%=="all" goto XenrollDone
|
|
%_CDB_% txenrol >> regress.out
|
|
:XenrollDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem FINDCLT
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="findclt" if not %t%=="all" goto FindCltDone
|
|
|
|
@rem add CrossCert DP property
|
|
%_CDB_% tfindcer -s lm:ca "root agency" -x60 -xfile://abc.cer -xfile://vsgood.cer -xfile://%store% -v >> regress.out
|
|
|
|
@rem update my with TestRoot certificate from default store
|
|
tfindcer -s my -S -aTestRoot -d >> regress.out
|
|
tcopycer %store% -s my -aTestRoot >> regress.out
|
|
@rem update "my" store with "my" certificates from default store
|
|
tfindcer -s my -S -aTestSigner -d >> regress.out
|
|
tfindcer -s my -S -aTestRecipient -d >> regress.out
|
|
tfindcer -s my -S -ame -d >> regress.out
|
|
tcopycer %store% -s my -aTestSigner >> regress.out
|
|
tcopycer %store% -s my -aTestRecipient >> regress.out
|
|
tcopycer %store% -s my -ame >> regress.out
|
|
@rem save root cert to use in tfindclt
|
|
tfindcer %store% -S -aTestRoot -ptemp.cert >> regress.out
|
|
@rem create all chains having the testroot as an issuer
|
|
@rem tests FindClientAuthCertsByIssuer API
|
|
%_CDB_% tfindclt temp.cert >> regress.out
|
|
%_CDB_% tfindclt temp.cert sign >> regress.out
|
|
%_CDB_% tfindclt temp.cert xchg >> regress.out
|
|
@rem %_CDB_% tfindclt >> regress.out
|
|
@rem %_CDB_% tfindclt "" sign >> regress.out
|
|
@rem %_CDB_% tfindclt "" xchg >> regress.out
|
|
|
|
tfindcer %store% -S -Aroot -proot.cer >> regress.out
|
|
tfindcer %store% -S -ame -axchg -pme.cer >> regress.out
|
|
%_CDB_% tfindclt -cmy temp.cert -b >> regress.out
|
|
|
|
@rem add a time invalid CTL having a NextUpdate time and location
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeInvalid -ptestupdate1.ctl -q >> regress.out
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tstore -s reg:trust -T -atestupdate1.ctl >> regress.out
|
|
%_CDB_% tfindclt -cmy temp.cert -b >> regress.out
|
|
|
|
@rem Update the CTL's URL
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeValid -ptestupdate1.ctl >> regress.out
|
|
%_CDB_% tfindclt -cmy temp.cert -b >> regress.out
|
|
|
|
|
|
%_CDB_% tfindclt -cmy -CompareKey -CacheOnly -ComplexChain temp.cert -b >> regress.out
|
|
%_CDB_% tfindclt -cmy temp.cert sign -b >> regress.out
|
|
%_CDB_% tfindclt -cmy temp.cert xchg -b >> regress.out
|
|
|
|
%_CDB_% tfindclt -C%store% -Stemp.cert -b >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Stemp.cert -u1.2.3.1 -v "" sign >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Stemp.cert -u1.2.3.8 -v "" sign >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Sme.cer -Stemp.cert -b >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Sme.cer -Stemp.cert -u1.2.3.1 -b >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Sme.cer -Stemp.cert -u1.2.3.1 -b "" sign >> regress.out
|
|
%_CDB_% tfindclt -C%store% -Sme.cer -Stemp.cert -u1.2.3.1 -b "" xchg >> regress.out
|
|
%_CDB_% tfindclt -C%store% -CompareKey -Sme.cer -Stemp.cert -u1.2.3.2 -b >> regress.out
|
|
|
|
@rem remove CrossCert DP property
|
|
%_CDB_% tfindcer -s lm:ca "root agency" -xDelete -v >> regress.out
|
|
|
|
@rem remove the Ctl with a NextUpdate time and location
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
|
|
@rem should find the lower quality chain matching root2cert for the
|
|
@rem Microsoft publisher cert
|
|
%_CDB_% tfindcer nokeyclt.sst Root2Cert -q -pnokeyclt.cer >> regress.out
|
|
%_CDB_% tfindclt -Cnokeyclt.sst -NoKey nokeyclt.cer >> regress.out
|
|
|
|
@rem del temp.cert >nul
|
|
:FindCltDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem PVKHLPR
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="pvkhlpr" if not %t%=="all" goto PvkHlprDone
|
|
%_CDB_% tpvkload test.pvk -cregress_container sign >> regress.out
|
|
%_CDB_% tpvkload test.pvk -F -E -cregress_container sign >> regress.out
|
|
%_CDB_% tpvkdel -d -cregress_container >> regress.out
|
|
%_CDB_% tpvkload test.pvk -m -E -cregress_container sign >> regress.out
|
|
%_CDB_% tpvkload test.pvk -m -F -cregress_container sign >> regress.out
|
|
%_CDB_% tpvkdel -d -cregress_container >> regress.out
|
|
:PvkHlprDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem OIDFUNC
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="oidfunc" if not %t%=="all" goto OIDFuncDone
|
|
%_CDB_% regsvr32 -s setx509.dll
|
|
%_CDB_% regsvr32 -s setx509.dll
|
|
%_CDB_% toidfunc enum >> regress.out
|
|
%_CDB_% toidfunc enuminfo >> regress.out
|
|
%_CDB_% toidfunc enuminfo -G5 >> regress.out
|
|
%_CDB_% toidfunc enuminfo -G6 >> regress.out
|
|
%_CDB_% tfindcer %store% -v -S "all ext" >> regress.out
|
|
|
|
%_CDB_% regsvr32 -u -s setx509.dll
|
|
%_CDB_% toidfunc enum >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.1 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1AccountAliasEncode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.1 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1AccountAliasDecode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.2 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1HashedRootKeyEncode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.2 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1HashedRootKeyDecode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.3 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1CertificateTypeEncode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.3 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1CertificateTypeDecode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.4 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1MerchantDataEncode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.4 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1MerchantDataDecode >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.4 -fCryptDllEncodeObject -e1 -vREG_DWORD WordValue 0x12345678 >> regress.out
|
|
%_CDB_% toidfunc register -o2.99999.4 -fCryptDllEncodeObject -e1 -vREG_EXPAND_SZ ExpandValue example.dll >> regress.out
|
|
|
|
%_CDB_% toidfunc register -O1000 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1AccountAliasEncode >> regress.out
|
|
%_CDB_% toidfunc register -O1000 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1AccountAliasDecode >> regress.out
|
|
%_CDB_% toidfunc register -O1001 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1HashedRootKeyEncode >> regress.out
|
|
%_CDB_% toidfunc register -O1001 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1HashedRootKeyDecode >> regress.out
|
|
%_CDB_% toidfunc register -O1002 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1CertificateTypeEncode >> regress.out
|
|
%_CDB_% toidfunc register -O1002 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1CertificateTypeDecode >> regress.out
|
|
%_CDB_% toidfunc register -O1003 -fCryptDllEncodeObject -e1 -dsetx509.dll -FSetAsn1MerchantDataEncode >> regress.out
|
|
%_CDB_% toidfunc register -O1003 -fCryptDllDecodeObject -e1 -dsetx509.dll -FSetAsn1MerchantDataDecode >> regress.out
|
|
%_CDB_% toidfunc register -O1003 -fCryptDllEncodeObject -e1 -vREG_DWORD WordValue 0x12345678 >> regress.out
|
|
%_CDB_% toidfunc register -O1003 -fCryptDllEncodeObject -e1 -vREG_EXPAND_SZ ExpandValue example.dll >> regress.out
|
|
|
|
%_CDB_% toidfunc enum >> regress.out
|
|
%_CDB_% tfindcer %store% -v -S "all ext" >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.1 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.2 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.3 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.4 -fCryptDllEncodeObject -e1 >> regress.out
|
|
|
|
%_CDB_% toidfunc unregister -O1000 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1001 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1002 -fCryptDllEncodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1003 -fCryptDllEncodeObject -e1 >> regress.out
|
|
|
|
%_CDB_% toidfunc unregister -o2.99999.1 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.2 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.3 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -o2.99999.4 -fCryptDllDecodeObject -e1 >> regress.out
|
|
|
|
%_CDB_% toidfunc unregister -O1000 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1001 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1002 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc unregister -O1003 -fCryptDllDecodeObject -e1 >> regress.out
|
|
%_CDB_% toidfunc enum >> regress.out
|
|
%_CDB_% regsvr32 -s setx509.dll
|
|
:OIDFuncDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem REVFUNC
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="revfunc" if not %t%=="all" goto RevFuncDone
|
|
%_CDB_% regsvr32 -s setx509.dll
|
|
tfindcer %store% -S "setkeith" -pset.cer >> regress.out
|
|
tfindcer %store% -S "all ext" -psetall.cer >> regress.out
|
|
tfindcer %store% -S "setrevoked" -psetrevoke.cer >> regress.out
|
|
tfindcer %store% -S "MSPub" -psetnot.cer >> regress.out
|
|
tstore -s test -dAll >> regress.out
|
|
tstore -s test -dAll -R >> regress.out
|
|
%_CDB_% trevfunc set.cer -e0x80092013 -i0 >> regress.out
|
|
tcopycer %store% -s test >> regress.out
|
|
%_CDB_% trevfunc set.cer -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc setall.cer -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc setrevoke.cer -e0x80092010 -i0 >> regress.out
|
|
%_CDB_% trevfunc set.cer setall.cer setrevoke.cer setnot.cer -e0x80092010 -i2 >> regress.out
|
|
%_CDB_% trevfunc setnot.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc set.cer setall.cer setnot.cer setrevoke.cer -e0x80092013 -i2 >> regress.out
|
|
tstore -s test -dAll >> regress.out
|
|
tstore -s test -dAll -R >> regress.out
|
|
%_CDB_% trevfunc -S%store% set.cer -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc -S%store% setall.cer -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc -S%store% setrevoke.cer -e0x80092010 -i0 >> regress.out
|
|
%_CDB_% trevfunc -S%store% set.cer setall.cer setrevoke.cer setnot.cer -e0x80092010 -i2 >> regress.out
|
|
%_CDB_% trevfunc -S%store% setnot.cer -e0 -i0 >> regress.out
|
|
|
|
@rem Freshness time of 1 second with accumulative and regular timeout
|
|
%_CDB_% trevfunc -S%store% setnot.cer -f1 -T5000 -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc -S%store% setnot.cer -f1 -t5000 -e0x80092013 -i0 >> regress.out
|
|
|
|
%_CDB_% trevfunc -S%store% set.cer setall.cer setnot.cer setrevoke.cer -e0x80092010 -i3 >> regress.out
|
|
tcopycer %store% -s test >> regress.out
|
|
@rem verisign revocation has been turned off
|
|
@rem %_CDB_% trevfunc vsgood.cer -e0 -i0 >> regress.out
|
|
@rem %_CDB_% trevfunc vsrevoke.cer -e0x80092010 -i0 >> regress.out
|
|
@rem %_CDB_% trevfunc set.cer vsgood.cer setall.cer vsrevoke.cer -e0x80092010 -i3 >> regress.out
|
|
|
|
if exist delta.store del delta.store
|
|
if exist crltest1.p7b del crltest1.p7b
|
|
if exist crltest2.p7b del crltest2.p7b
|
|
%_CDB_% tfindcer %store% -ACA -S -pca.cer >> regress.out
|
|
%_CDB_% tstore delta.store -aca.cer >> regress.out
|
|
@rem deltanovalid doesn't have a basic constraints extension
|
|
%_CDB_% tfindcer %store% DeltaNoValid -pdeltanovalid.cer -b >> regress.out
|
|
@rem deltaendvalid has a freshest CRL extensions
|
|
%_CDB_% tfindcer %store% DeltaEndValid -pdeltaendvalid.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% DeltaEndRevoked -pdeltaendrevoked.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% DeltaCAValid -pdeltacavalid.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% DeltaCARevoked -pdeltacarevoked.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% NoCDPValid -pnocdpvalid.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% NoCDPRevoked -pnocdprevoked.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% UnsupportedCDP -punsupportedCDP.cer -b >> regress.out
|
|
%_CDB_% tfindcer %store% "time invalid" -ptimeinvalid.cer -b >> regress.out
|
|
|
|
@rem CRYPT_E_REVOKED 0x80092010
|
|
@rem CRYPT_E_NO_REVOCATION_CHECK 0x80092012
|
|
@rem CRYPT_E_REVOCATION_OFFLINE 0x80092013
|
|
|
|
@rem on 4-8-01 reverted back to W2K semantics: expired certificate
|
|
@rem containing CDP is treated same as a time valid certificates
|
|
%_CDB_% trevfunc timeinvalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
|
|
@rem a CDP having only unsupported distribution points is considered no check
|
|
%_CDB_% trevfunc unsupportedcdp.cer -Sca.cer -e0x80092012 -i0 >> regress.out
|
|
|
|
@rem // Users Only: Base and Delta
|
|
@rem 1, ONLY_USERS_CRL_FLAG,
|
|
@rem 1, ONLY_USERS_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b1 -f1 >> regress.out
|
|
@rem if cert isn't in IDP, always considered as offline
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer -Sca.cer -e0x80092013 -i2 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacarevoked.cer -Sca.cer -e0x80092013 -i2 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltaendrevoked.cer -Sca.cer -e0x80092010 -i2 >> regress.out
|
|
|
|
@rem // CAs Only: Base and Delta
|
|
@rem 2, ONLY_CAS_CRL_FLAG,
|
|
@rem 2, ONLY_CAS_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b2 -f2 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer deltaendvalid.cer -Sca.cer -e0x80092013 -i1 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer deltaendrevoked.cer -Sca.cer -e0x80092013 -i1 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer deltacarevoked.cer -Sca.cer -e0x80092010 -i1 >> regress.out
|
|
|
|
@rem // Base has hold entries, Delta has no entries
|
|
@rem 3, HOLD_CRL_FLAG,
|
|
@rem 3, NO_ENTRIES_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b3 -f3 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltacarevoked.cer -Sca.cer -e0x80092010 -i3 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem // Base has no entries, Delta has entries
|
|
@rem 4, NO_ENTRIES_CRL_FLAG,
|
|
@rem 4, FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b4 -f4 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer -Sca.cer -e0x80092010 -i3 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
@rem 8-April-02: PartialChain doesn't do revocation checking, sets offline
|
|
%_CDB_% ttrust deltacarevoked.cer -Sca.cer -chain -f0x10000000 -e0x1010040 -i0x200 >> regress.out
|
|
|
|
@rem // Base has hold entries, Delta has remove entries
|
|
@rem 5, HOLD_CRL_FLAG,
|
|
@rem 5, REMOVE_FROM_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b5 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
@rem 8-April-02: PartialChain doesn't do revocation checking, sets offline
|
|
|
|
%_CDB_% ttrust deltacarevoked.cer -Sca.cer -chain -f0x10000000 -e0x1010040 -i0x200 >> regress.out
|
|
%_CDB_% ttrust deltacarevoked.cer -Sca.cer -chain -f0x10000000 -r1 -t1000 -e0x1010040 -i0x200 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b5 -f5 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer deltacarevoked.cer -Sca.cer -e0 >> regress.out
|
|
%_CDB_% ttrust deltacarevoked.cer -Sca.cer -chain -f0x10000000 -e0x1010040 -i0x200 >> regress.out
|
|
%_CDB_% ttrust deltacarevoked.cer -Sca.cer -chain -f0x10000000 -r1 -e0x1010040 -i0x200 >> regress.out
|
|
|
|
@rem base higher than delta indicator is OK
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b6 -f5 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer deltacarevoked.cer -Sca.cer -e0 >> regress.out
|
|
|
|
@rem base higher than delta indicator, however not hold entries, still revoked
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b8 -f5 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer deltacarevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem delta indicator > base number, delta and base are considered offline
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b3 -f5 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
@rem honor the remove, however, still treat as offline
|
|
%_CDB_% trevfunc deltacarevoked.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
|
|
@rem // Valid base, delta has unsupported IDP options
|
|
@rem 6, HOLD_CRL_FLAG,
|
|
@rem 6, FRESHEST_CRL_FLAG | UNSUPPORTED_IDP_OPTIONS_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b6 -f6 >> regress.out
|
|
@rem unsupported IDP, always considered as offline, however, in this case
|
|
@rem the base is still valid for revoked
|
|
%_CDB_% trevfunc deltanovalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltaendvalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem // Expired base, valid delta
|
|
@rem 7, EXPIRED_CRL_FLAG,
|
|
@rem 7, FRESHEST_CRL_FLAG,
|
|
@rem if delta is valid, then, the base is considered to be valid
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b7 -f7 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltacarevoked.cer -Sca.cer -e0x80092010 -i3 >> regress.out
|
|
|
|
@rem case where get valid base #6 from store, get delta #7 from wire and
|
|
@rem retrieve time invalid #7 from wire. Since delta is valid, base is
|
|
@rem considered as being valid
|
|
%_CDB_% tcopycer %store% delta.store -b6 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer -Sdelta.store -e0x80092010 -i3 >> regress.out
|
|
|
|
@rem case where one of the URLs has a time valid base CRL. However,
|
|
@rem it doesn't have the base CRL number needed by the delta CRL.
|
|
@rem
|
|
@rem cryptnet.dll was fixed on 26-Sep-01 to continue on to the next
|
|
@rem CDP URL looking for a CRL having the necessary base number
|
|
@rem
|
|
@rem crltest2.p7b is the first one to be checked
|
|
%_CDB_% tcopycer %store% crltest2.p7b -7 -b6 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer deltaendvalid.cer deltacavalid.cer deltaendrevoked.cer -Sdelta.store -e0x80092010 -i3 >> regress.out
|
|
if exist crltest2.p7b del crltest2.p7b
|
|
|
|
@rem case where delta is > base number, delta and base are
|
|
@rem always offline
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b6 -f7 >> regress.out
|
|
%_CDB_% trevfunc deltaendvalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltacarevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem base 4 has no entries
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b4 -f7 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem // Valid base, expired delta
|
|
@rem 8, 0,
|
|
@rem 8, EXPIRED_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b8 -f8 >> regress.out
|
|
@rem offline except for revoked
|
|
%_CDB_% trevfunc deltacavalid.cer -Sca.cer -e0x80092013 -i0 -L6 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 -L3 >> regress.out
|
|
|
|
@rem // Expired base, without a freshest CDP extension
|
|
@rem 9, EXPIRED_CRL_FLAG | NO_FRESHEST_CDP_CRL_FLAG,
|
|
@rem 9, FRESHEST_CRL_FLAG,
|
|
@rem deltaendvalid has freshestCrl ext
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b9 -f9 >> regress.out
|
|
%_CDB_% trevfunc deltaendvalid.cer -Sca.cer -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltanovalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltacavalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
%_CDB_% trevfunc deltaendrevoked.cer -Sca.cer -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem // Base without IDP and no freshest, delta CRL
|
|
@rem 10, NO_IDP_CRL_FLAG | NO_FRESHEST_CDP_CRL_FLAG,
|
|
%_CDB_% tstore delta.store -R -dAll >> regress.out
|
|
%_CDB_% trevfunc nocdpvalid.cer -Sdelta.store -e0x80092012 -i0 >> regress.out
|
|
%_CDB_% tcopycer %store% delta.store -b10 >> regress.out
|
|
%_CDB_% trevfunc nocdpvalid.cer -Sdelta.store -e0 -i0 >> regress.out
|
|
%_CDB_% trevfunc nocdprevoked.cer -Sdelta.store -e0x80092010 -i0 >> regress.out
|
|
|
|
@rem // Base and Delta CRL with unsupported critical ext
|
|
@rem 11, UNSUPPORTED_CRITICAL_EXT_CRL_FLAG,
|
|
@rem 11, UNSUPPORTED_CRITICAL_EXT_CRL_FLAG | FRESHEST_CRL_FLAG,
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b11 -f9 >> regress.out
|
|
%_CDB_% trevfunc deltaendvalid.cer -Sca.cer -e0x80092012 -i0 >> regress.out
|
|
@rem unsupported delta, treats the base as offline
|
|
%_CDB_% tcopycer %store% crltest1.p7b -7 -b100 -f11 >> regress.out
|
|
%_CDB_% trevfunc deltaendvalid.cer -Sca.cer -e0x80092013 -i0 >> regress.out
|
|
|
|
@rem // Valid base with number > above delta indicators
|
|
@rem 100, 0,
|
|
|
|
|
|
|
|
@rem CERT_E_EXPIRED 0x800b0101
|
|
@rem CERT_E_REVOKED 0x800b010c
|
|
@rem CERT_E_REVOCATION_FAILURE 0x800b010e
|
|
@rem CERT_E_UNTRUSTEDROOT 0x800b0109
|
|
@rem CERT_E_ROLE 0x800b0103
|
|
@rem CERT_E_PURPOSE 0x800b0106
|
|
|
|
@rem get a store without any CRLs
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tcopycer %store% tmp.store >> regress.out
|
|
%_CDB_% tstore tmp.store -R -dAll >> regress.out
|
|
|
|
@rem enable expiration check
|
|
setreg -q 2 TRUE >> regress.out
|
|
@rem disable revocation check
|
|
setreg -q 3 FALSE >> regress.out
|
|
@rem disable individual and commercial offline OK
|
|
setreg -q 4 FALSE >> regress.out
|
|
setreg -q 5 FALSE >> regress.out
|
|
@rem 8-April-02: UntrustedRoot doesn't do revocation checking
|
|
%_CDB_% ttrust setrevoke.cer -Stmp.store -RevokeChain -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust setnot.cer -Stmp.store -RevokeChain -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -RevokeChain -q0x800b0101 >> regress.out
|
|
|
|
@rem enable revocation check
|
|
setreg -q 3 TRUE >> regress.out
|
|
%_CDB_% ttrust setrevoke.cer -Stmp.store -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust setnot.cer -S%store% -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
|
|
@rem disable expiration check
|
|
setreg -q 2 FALSE >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b010e >> regress.out
|
|
|
|
@rem enable individual offline OK
|
|
setreg -q 4 TRUE >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q >> regress.out
|
|
|
|
@rem disable individual offline OK
|
|
setreg -q 4 FALSE >> regress.out
|
|
@rem enable expiration check
|
|
setreg -q 2 TRUE >> regress.out
|
|
@rem disable revocation check
|
|
setreg -q 3 FALSE >> regress.out
|
|
|
|
@rem 8-April-02: UntrustedRoot doesn't do revocation checking, sets offline
|
|
%_CDB_% ttrust setrevoke.cer -Stmp.store -https -RevokeChain -q0x80092013 -httpsIgnoreUnknownCA >> regress.out
|
|
@rem setnot.cer has no issuance policy which takes precedence
|
|
@rem over offline revocation
|
|
%_CDB_% ttrust setnot.cer -Stmp.store -e0x2000430 -i0x500 >> regress.out
|
|
%_CDB_% ttrust setnot.cer -Stmp.store -https -RevokeChain -q0x800b0106 -HttpsIgnoreWrongUsage -httpsIgnoreUnknownCA >> regress.out
|
|
%_CDB_% ttrust setnot.cer -Stmp.store -https -q0x800b0106 -HttpsIgnoreWrongUsage -httpsIgnoreUnknownCA >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -https -RevokeChain -q0x800b0101 -HttpsIgnoreWrongUsage -httpsIgnoreUnknownCA >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -https -RevokeChain -q0x80092012 -httpsIgnoreCertDateInvalid -HttpsIgnoreWrongUsage -httpsIgnoreUnknownCA >> regress.out
|
|
|
|
@rem CERT_CHAIN_REVOCATION_CHECK_END_CERT 0x10000000
|
|
@rem CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x20000000
|
|
@rem CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x40000000
|
|
@rem CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x80000000
|
|
|
|
%_CDB_% ttrust setrevoke.cer -S%store% -chain -f0x10000000 -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust setrevoke.cer -S%store% -chain -f0x20000000 -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust setrevoke.cer -S%store% -chain -f0x40000000 -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -chain -f0x20000000 -q0x800b0101 >> regress.out
|
|
|
|
@rem by itself the CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY should be ignored
|
|
@rem #define CERT_TRUST_IS_NOT_TIME_VALID 0x00000001
|
|
%_CDB_% ttrust vsgood.cer -chain -e0x1 >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -chain -f0x80000000 -e0x1 >> regress.out
|
|
|
|
:RevFuncDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem ENCODE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="encode" if not %t%=="all" goto EncodeDone
|
|
%_CDB_% tencode >> regress.out
|
|
:EncodeDone
|
|
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem SIGNCODE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="signcode" if not %t%=="all" goto SignCodeDone
|
|
|
|
@rem
|
|
@rem Trust the test root
|
|
@rem
|
|
%_CDB_% setreg -q 1 TRUE 2 TRUE 3 TRUE 4 TRUE 5 TRUE 6 TRUE 7 TRUE >> regress.out
|
|
%SLEEP0%
|
|
|
|
@rem explicitly trust the "Root Agency" testroot
|
|
%_CDB_% tstore -s lm:root -arooto.cer >> regress.out
|
|
|
|
@copy texe.exe testexe.exe >nul
|
|
@copy texe.exe test.exe >nul
|
|
@copy tdll.dll testdll.dll >nul
|
|
@copy tcab.cab testcab.cab >nul
|
|
|
|
@rem
|
|
@rem sign an exe file with certificates in the store
|
|
@rem
|
|
@echo ------- signcode (exe) -------- >> regress.out
|
|
%_CDB_% makecert -sq foo.p10 signexe.cer >> regress.out
|
|
%_CDB_% certmgr signexe.cer >> regress.out
|
|
%_CDB_% makecert -sq foo.p10 -n "CN=xiaohs" signexe.cer >> regress.out
|
|
%_CDB_% certmgr signexe.cer >> regress.out
|
|
%_CDB_% makecert signexe.cer >> regress.out
|
|
%_CDB_% certmgr -add -all -c signexe.cer -s foosign >> regress.out
|
|
%_CDB_% certmgr -add -all -c signexe.cer -s signCab >> regress.out
|
|
%_CDB_% certmgr -del -all -c -s foosign >> regress.out
|
|
%_CDB_% makecert -ss foosign -$ commercial -n "CN=foosign's cert" signexe.cer >> regress.out
|
|
@rem %_CDB_% signcode -spc softkey.spc -v softkey.pvk testexe.exe >> regress.out
|
|
%_CDB_% signcode -s foosign -cn "foosign" -a md5 -i "http://xiaohs1" -n "xiaohong's test" -$ commercial testexe.exe >> regress.out
|
|
%_CDB_% chktrust -q -h0x0 testexe.exe >> regress.out
|
|
%_CDB_% signcode -s foosign -cn "foosign" -i "http://xiaohs1" -n "xiaohong's test" -$ commercial testexe.exe >> regress.out
|
|
%_CDB_% chktrust -q -h0x0 testexe.exe >> regress.out
|
|
|
|
@rem
|
|
@rem sign a dll file with pvk file and spc file
|
|
@rem
|
|
@echo ------- signcode (dll) -------- >> regress.out
|
|
%_CDB_% makecert -b 11/21/1996 -m 700 -sv test.pvk signdll.cer >> regress.out
|
|
%_CDB_% cert2spc signdll.cer signdll.spc >> regress.out
|
|
%_CDB_% signcode -spc signdll.spc -v test.pvk testdll.dll >> regress.out
|
|
%_CDB_% cert2spc signdll.spc signexe.cer signexe.spc >> regress.out
|
|
|
|
@rem
|
|
@rem sign a CTL file
|
|
@rem
|
|
@echo ------- signcode (ctl) -------- >> regress.out
|
|
%_CDB_% makecert -sk signCTL -b 02/02/1999 signCTL.cer >> regress.out
|
|
%_CDB_% makecert -ik signCTL -ic signCTL.cer -b 02/04/1999 sign2.cer >> regress.out
|
|
%_CDB_% cert2spc signCTL.cer signCTL.spc >> regress.out
|
|
%_CDB_% makeCTL signdll.spc signexe.cer testctl.ctl >> regress.out
|
|
%_CDB_% signcode -k signCTL -spc signCTL.spc -t http://timestamp.verisign.com/scripts/timstamp.dll -$ individual testctl.ctl >> regress.out
|
|
%_CDB_% chktrust -q -h0x0 testctl.ctl >> regress.out
|
|
%_CDB_% signcode -x -t http://timestamp.verisign.com/scripts/timstamp.dll testctl.ctl >> regress.out
|
|
%_CDB_% chktrust -q -h0x0 testctl.ctl >> regress.out
|
|
|
|
@rem
|
|
@rem sign a cab file
|
|
@rem
|
|
@echo ------- signcode (cab) -------- >> regress.out
|
|
%_CDB_% certmgr -del -all -c -s signCab >> regress.out
|
|
%_CDB_% makecert -sk signCab -ss ca signcab.cer -cy authority -n "CN=SIGNCAB.CER" >> regress.out
|
|
%_CDB_% makecert -is ca -ic signcab.cer -ss signCab -n "CN=SignCab cert in signCab store" >> regress.out
|
|
%_CDB_% signcode -s signCab -$ individual testcab.cab >> regress.out
|
|
%_CDB_% chktrust -q -h0x0 testcab.cab >> regress.out
|
|
|
|
@rem
|
|
@rem test CertMgr
|
|
@rem
|
|
@echo ------- signcode (certmgr) -------- >> regress.out
|
|
%_CDB_% certmgr %store% -v >> regress.out
|
|
%_CDB_% certmgr %store% -v -m >> regress.out
|
|
%_CDB_% certmgr -eku "1.3.6.2.5.5.7.3.2,1.2.3.4.5.6.7" -add -c -all signcab.cer signcab.cer >> regress.out
|
|
%_CDB_% certmgr -s signCab >> regress.out
|
|
%_CDB_% certmgr -del -c -all %store% -s signcab >> regress.out
|
|
%_CDB_% certmgr -add -crl -all %store% -s signcab >> regress.out
|
|
%_CDB_% certmgr -add -all -c -s signCab sign.cer >> regress.out
|
|
%_CDB_% certmgr -del -all -c -s signCab >> regress.out
|
|
%_CDB_% certmgr -del -all sign.cer sign.mgr >> regress.out
|
|
%_CDB_% certmgr -v testexe.exe >> regress.out
|
|
%_CDB_% certmgr testctl.ctl >> regress.out
|
|
%_CDB_% certmgr signexe.spc >> regress.out
|
|
%_CDB_% makecert -sq foo.p10 -n "CN=xiaohs" -eku "1.2.3,2.3.4" -ss signcab >> regress.out
|
|
|
|
@rem ensure the test root is removed
|
|
%_CDB_% tfindcer -S -s lm:root -a"Root Agency" -d >> regress.out
|
|
|
|
@rem
|
|
@rem cleanup the files and registry
|
|
@rem
|
|
@echo ------- signcode (cleanup) -------- >> regress.out
|
|
@del sign.mgr
|
|
@del sign.cer
|
|
@del signcab.cer
|
|
%_CDB_% certmgr -del -all -c -s signcab >> regress.out
|
|
%_CDB_% tstore -T -s signcab -dAll >> regress.out
|
|
@del testctl.ctl
|
|
@del signctl.spc
|
|
@del sign2.cer
|
|
@del signctl.cer
|
|
@del signexe.spc
|
|
@del signdll.spc
|
|
@del signdll.cer
|
|
@del signexe.cer
|
|
%_CDB_% certmgr -del -all -c -s foosign >>regress.out
|
|
@del testcab.cab
|
|
@del testdll.dll
|
|
@del test.exe
|
|
@del testexe.exe
|
|
|
|
:SignCodeDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem DECODE
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="decode" if not %t%=="all" goto DecodeDone
|
|
@echo ------- Decode -------- >> regress.out
|
|
%_CDB_% tdecode Ctdecode1.cer >> regress.out
|
|
%_CDB_% tdecode Ctdecode2.cer >> regress.out
|
|
%_CDB_% tdecode Stdecode3.spc >> regress.out
|
|
%_CDB_% tdecode Ctdecode4.cer >> regress.out
|
|
%_CDB_% tdecode Ctdecode5.spc >> regress.out
|
|
%_CDB_% tdecode Stdecode5.spc >> regress.out
|
|
:DecodeDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem PKCS8
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="pkcs8" if not %t%=="all" goto PKCS8Done
|
|
%_CDB_% pkcs8im -cpkcs8test -E pkcs8tst.pkcs8 Xchg >> regress.out
|
|
%_CDB_% pkcs8ex -cpkcs8test -d pkcs8out.pkcs8 Xchg >> regress.out
|
|
|
|
:PKCS8Done
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem TRUST
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="trust" if not %t%=="all" goto TrustDone
|
|
|
|
|
|
@rem
|
|
@rem get certs to be used for building chains
|
|
@rem
|
|
%_CDB_% tfindcer %store% -S -q -a"all ext" -pallext.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -akevin -asign -pkevin.cer >> regress.out
|
|
%_CDB_% tfindcer %store% -S -q -ame -axchg -pme.cer >> regress.out
|
|
%_CDB_% tfindcer %store% notpermitted -pnotpermitted.cer >> regress.out
|
|
%_CDB_% tfindcer %store% excluded -pexcluded.cer >> regress.out
|
|
%_CDB_% tfindcer %store% missingncend -pmissingncend.cer >> regress.out
|
|
%_CDB_% tfindcer %store% DssEnd -pdssend.cer >> regress.out
|
|
%_CDB_% tfindcer %store% Duplicate1 -pduplicate1.cer >> regress.out
|
|
%_CDB_% tfindcer %store% InvalidKeyUsageEnd -pinvalidKUend.cer >> regress.out
|
|
%_CDB_% tfindcer %store% InvalidKeyUsageCA -pinvalidKUCA.cer >> regress.out
|
|
|
|
@rem ensure TestRoot is removed from the root store
|
|
%_CDB_% tfindcer -s lm:root -S -o2.5.4.3 -aTestRoot -d >> regress.out
|
|
|
|
|
|
@rem #define CERT_NAME_DNS_TYPE 6
|
|
@rem #define CERT_NAME_URL_TYPE 7
|
|
@rem #define CERT_NAME_UPN_TYPE 8
|
|
%_CDB_% tx500str -callext.cer -g6 >> regress.out
|
|
%_CDB_% tx500str -cme.cer -g6 >> regress.out
|
|
%_CDB_% tx500str -callext.cer -g7 >> regress.out
|
|
%_CDB_% tx500str -callext.cer -g8 >> regress.out
|
|
%_CDB_% tx500str -cme.cer -g8 >> regress.out
|
|
|
|
@rem disable revocation checking
|
|
%_CDB_% setreg -q 3 false >> regress.out
|
|
|
|
@rem ensure we don't have any cached authroot stuff
|
|
%_CDB_% turlcache -d http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt >> regress.out
|
|
%_CDB_% turlcache -d http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab >> regress.out
|
|
%_CDB_% tstore -s lm:authroot -dAll >> regress.out
|
|
|
|
@rem remove any VeriSign Publisher roots that could have been copied to
|
|
@rem the ca store
|
|
%_CDB_% tfindcer -s reg:ca "VeriSign Individual Software Publishers CA" -d >> regress.out
|
|
|
|
@rem with authroot auto update disabled the following should return
|
|
@rem CERT_E_CHAINING
|
|
%_CDB_% ttrust -DisableRootAutoUpdate vsgood.cer -q0x800b010a >> regress.out
|
|
|
|
@rem with authroot auto update disabled the following should return
|
|
@rem CERT_E_UNTRUSTEDROOT
|
|
%_CDB_% ttrust -DisableRootAutoUpdate testsslroot.cer -q0x800b0109 >> regress.out
|
|
|
|
@rem enabling authroot auto update should fetch the ctl
|
|
%_CDB_% ttrust -EnableRootAutoUpdate testsslroot.cer -q >> regress.out
|
|
%_CDB_% turlcache -e -1 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt >> regress.out
|
|
%_CDB_% turlcache -e -1 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab >> regress.out
|
|
|
|
@rem with authroot auto update enabled, the following should be
|
|
@rem CERT_E_EXPIRED
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
|
|
@rem fetch some Verisign 3rd party roots. Also, the following 3 certs
|
|
@rem will have 2 possible roots. Make sure the newer root is picked
|
|
|
|
@rem newer root has sha1 thumb=90AEA269 85FF1480 4C434952 ECE96084 77AF556F
|
|
%_CDB_% ttrust -chain -f0x80 vsclass1ca.cer >> regress.out
|
|
@rem newer root has sha1 thumb=6782AAE0 EDEEE21A 5839D3C0 CD14680A 4F60142A
|
|
%_CDB_% ttrust -chain -f0x80 vsclass2ca.cer >> regress.out
|
|
@rem newer root has sha1 thumb=742C3192 E607E424 EB454954 2BE1BBC5 3E6174E2
|
|
%_CDB_% ttrust -chain -f0x80 vsclass3ca.cer >> regress.out
|
|
|
|
|
|
@rem verify that we can fetch the verisign CRL.
|
|
@rem first ensure its removed from the cache
|
|
%_CDB_% turlcache -d -e http://crl.verisign.com/class1.crl >> regress.out
|
|
@rem around 8-8-02 verisign removed expired certs from the CRL
|
|
%_CDB_% ttrust -chain -f0x10000000 vsrevoke2.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 -e http://crl.verisign.com/class1.crl >> regress.out
|
|
|
|
@rem flush the above CRL from the cache using CryptFlushTimeValidObject()
|
|
%_CDB_% ttrust -chain vsrevoke2.cer -FlushCrl >> regress.out
|
|
%_CDB_% turlcache -0 -e http://crl.verisign.com/class1.crl >> regress.out
|
|
|
|
|
|
@rem verify we can create a CTL with property entries. Verify these
|
|
@rem can be added back to certs. Make an explicit check for the
|
|
@rem KEY_PROV_INFO property
|
|
if exist tmp.store del tmp.store
|
|
if exist tmp.stl del tmp.stl
|
|
%_CDB_% makerootctl -a %store% -c tmp.stl >> regress.out
|
|
%_CDB_% tstore -T -atmp.stl tmp.store >> regress.out
|
|
%_CDB_% tfindcer %store% TestRecipient2 >> regress.out
|
|
%_CDB_% tfindcer tmp.store TestRecipient2 >> regress.out
|
|
%_CDB_% makerootctl -d %store% tmp.stl >> regress.out
|
|
%_CDB_% tstore -T -atmp.stl tmp.store >> regress.out
|
|
%_CDB_% tstore tmp.store >> regress.out
|
|
|
|
@rem
|
|
@rem build chains and check the chain's TrustStatus
|
|
@rem
|
|
|
|
@rem TrustErrorStatus
|
|
|
|
@rem CERT_TRUST_NO_ERROR 0x00000000
|
|
@rem CERT_TRUST_IS_NOT_TIME_VALID 0x00000001
|
|
@rem CERT_TRUST_IS_NOT_TIME_NESTED 0x00000002
|
|
@rem CERT_TRUST_IS_REVOKED 0x00000004
|
|
@rem CERT_TRUST_IS_NOT_SIGNATURE_VALID 0x00000008
|
|
@rem CERT_TRUST_IS_NOT_VALID_FOR_USAGE 0x00000010
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT 0x00000020
|
|
@rem CERT_TRUST_REVOCATION_STATUS_UNKNOWN 0x00000040
|
|
@rem CERT_TRUST_IS_CYCLIC 0x00000080
|
|
@rem CERT_TRUST_INVALID_EXTENSION 0x00000100
|
|
@rem CERT_TRUST_INVALID_POLICY_CONSTRAINTS 0x00000200
|
|
@rem CERT_TRUST_INVALID_BASIC_CONSTRAINTS 0x00000400
|
|
@rem CERT_TRUST_INVALID_NAME_CONSTRAINTS 0x00000800
|
|
@rem CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT 0x00001000
|
|
@rem CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000
|
|
@rem CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000
|
|
@rem CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000
|
|
@rem CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000
|
|
@rem CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000
|
|
@rem CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000
|
|
@rem CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000
|
|
@rem CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000
|
|
|
|
@rem TrustInfoStatus
|
|
@rem CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001
|
|
@rem CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002
|
|
@rem CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004
|
|
@rem CERT_TRUST_IS_SELF_SIGNED 0x00000008
|
|
@rem CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100
|
|
@rem CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200
|
|
@rem CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400
|
|
@rem CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000
|
|
|
|
@rem ensure the test root is removed
|
|
%_CDB_% tfindcer -S -s lm:root -a"Root Agency" -d >> regress.out
|
|
%_CDB_% tfindcer -S -s unprotected:root -a"Root Agency" -d >> regress.out
|
|
|
|
@rem allext.cer and kevin.cer have valid name constraints
|
|
|
|
@rem check both issuance and application usage
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -u1.2.3.2 -u1.2.3.1 -p1.1.1 -p1.1.22 -p1.1.4444 -e0x20 -i0x700 -DeleteSaferRegKey >> regress.out
|
|
@rem check issuance usage
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -p1.1.22 -e0x20 -i0x700 >> regress.out
|
|
@rem check application usage
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -u1.2.3.1 -e0x20 -i0x700 >> regress.out
|
|
@rem end usage without being mapped
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -u1.1.55555 -e0x30 -i0x700 >> regress.out
|
|
|
|
@rem cert has any application usage, therefore, will match any issuance usage
|
|
%_CDB_% ttrust kevin.cer -S%store% -chain -u1.1.1 -u1.1.666666 -e0x20 -i0x700 >> regress.out
|
|
|
|
@rem do "or" matching of issuance policy
|
|
%_CDB_% ttrust kevin.cer -S%store% -chain -p1.1.1 -p1.1.666666 -p1.1.55555 -e0x30 -i0x700 >> regress.out
|
|
%_CDB_% ttrust kevin.cer -S%store% -chain -OrPolicy -p1.1.1 -p1.1.666666 -p1.1.55555 -e0x20 -i0x700 >> regress.out
|
|
|
|
@rem dssend.cer doesn't have required issuance chain policy
|
|
@rem for dssend.cer OrUsage must be selected to have valid usage
|
|
|
|
@rem DssCA certificate doesn't have the mandatory basic constraint ext
|
|
%_CDB_% ttrust dssend.cer -DisableMandatoryBasicConstraints 1 -S%store% -chain -p1.1.4444 -e0x20 -i0x100 >> regress.out
|
|
%_CDB_% ttrust dssend.cer -S%store% -chain -u1.2.3.0 -u1.2.3.2 -e0x30 -i0x100 >> regress.out
|
|
%_CDB_% ttrust dssend.cer -S%store% -chain -OrUsage -u1.2.3.0 -u1.2.3.2 -e0x20 -i0x100 >> regress.out
|
|
|
|
%_CDB_% ttrust dssend.cer -DisableMandatoryBasicConstraints 0xFFFFFFFF -S%store% -chain -p1.1.4444 -e0x420 -i0x100 >> regress.out
|
|
%_CDB_% ttrust dssend.cer -S%store% -chain -u1.2.3.0 -u1.2.3.2 -e0x430 -i0x100 >> regress.out
|
|
%_CDB_% ttrust dssend.cer -S%store% -chain -OrUsage -u1.2.3.0 -u1.2.3.2 -e0x420 -i0x100 >> regress.out
|
|
|
|
@rem following has both not supported and not permitted name constraints
|
|
%_CDB_% ttrust notpermitted.cer -S%store% -chain -e0x5020 -i0x300 >> regress.out
|
|
|
|
@rem following has an excluded name constraint
|
|
%_CDB_% ttrust excluded.cer -S%store% -chain -e0x8020 -i0x300 >> regress.out
|
|
|
|
if exist misingnc.store del missingnc.store
|
|
%_CDB_% tcopycer %store% missingnc.store >> regress.out
|
|
|
|
@rem Following has not supported constraints
|
|
%_CDB_% ttrust missingncend.cer -Smissingnc.store -chain -e0x1020 -i0x300 -DisableNotDefinedNameConstraint >> regress.out
|
|
@rem Following has not defined and not supported constraints. However,
|
|
@rem root's nameconstraint will suppress the not defined error.
|
|
%_CDB_% ttrust missingncend.cer -Smissingnc.store -chain -e0x1020 -i0x300 -EnableNotDefinedNameConstraint >> regress.out
|
|
|
|
@rem Remove the root. The not defined error should now be set when enabled.
|
|
@rem Also, with root removed, CERT_TRUST_IS_PARTIAL_CHAIN is now set.
|
|
%_CDB_% tfindcer missingnc.store -S -aroot -d >> regress.out
|
|
%_CDB_% ttrust missingncend.cer -Smissingnc.store -chain -e0x11000 -i0x0 -DisableNotDefinedNameConstraint >> regress.out
|
|
%_CDB_% ttrust missingncend.cer -Smissingnc.store -chain -e0x13000 -i0x0 -EnableNotDefinedNameConstraint >> regress.out
|
|
|
|
@rem following only does key matching
|
|
%_CDB_% ttrust me.cer -S%store% -chain -e0x20 -i0x0 >> regress.out
|
|
|
|
@rem enable revocation checking, no revocation errors, url timeout (5 seconds)
|
|
@rem 8-April-02: UntrustedRoot doesn't do revocation checking, sets offline
|
|
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -f0x20000000 -t5000 -e0x1000060 -i0x700 >> regress.out
|
|
@rem enable revocation checking with invalid freshness (1 second)
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -f0x20000000 -r1 -e0x1000060 -i0x700 >> regress.out
|
|
@rem enable revocation checking with valid freshness (1 year)
|
|
%_CDB_% ttrust allext.cer -S%store% -chain -f0x20000000 -r31536000 -e0x1000060 -i0x700 >> regress.out
|
|
|
|
@rem enable resync and revocation
|
|
%_CDB_% tchain allext.cer -A%store% -r1000 -i20 -f0x20000000 -t2 >> regress.out
|
|
|
|
@rem InvalidKUCA cert doesn't have the KEY_CERT usage bit set. The end
|
|
@rem certificate should have CERT_TRUST_IS_NOT_VALID_FOR_USAGE.
|
|
@rem However, when the CA cert is explicitly checked, no USAGE error
|
|
%_CDB_% ttrust invalidKUEnd.cer -S%store% -chain -e0x30 -i0x100 >> regress.out
|
|
%_CDB_% ttrust invalidKUCA.cer -S%store% -chain -e0x20 -i0x100 >> regress.out
|
|
|
|
@rem
|
|
@rem We will get (CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000) for allext.cer
|
|
@rem Given different AIA config parameters we will get different
|
|
@rem debugger output error messages
|
|
@rem
|
|
|
|
@rem ensure CTL containing any test CA certs is removed
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tfindctl -LUpdateCtl2 -s reg:trust -d -q >> regress.out
|
|
|
|
@rem Exceeded MaxAIAUrlCountInCert
|
|
%_CDB_% ttrust allext.cer -chain -e0x10000 >> regress.out
|
|
|
|
@rem Exceeded MaxUrlRetrievalByteCount for: http://crl.verisign.com/class1.crl
|
|
@rem Invalid AIA content, no caching: http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl
|
|
%_CDB_% ttrust allext.cer -chain -e0x10000 -MaxAIAUrlCountInCert 15 >> regress.out
|
|
|
|
@rem Exceeded MaxAIAUrlRetrievalCountPerChain
|
|
%_CDB_% ttrust allext.cer -chain -e0x10000 -MaxAIAUrlCountInCert 15 -MaxAIAUrlRetrievalCountPerChain 6 >> regress.out
|
|
|
|
@rem restore defaults
|
|
ttrust -DisableAIAUrlRetrieval 0xFFFFFFFF -MaxAIAUrlCountInCert 0xFFFFFFFF -MaxAIAUrlRetrievalCountPerChain 0xFFFFFFFF -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 0xFFFFFFFF -RegistryOnlyExit >> regress.out
|
|
|
|
@rem ensure the VBL03CA cert isn't in any system store. Want to force
|
|
@rem AIA retrieval
|
|
%_CDB_% tfindcer -s ep:ca -S -a"Microsoft Windows VBL03CA" -d >> regress.out
|
|
%_CDB_% tfindcer -s lm:reg:ca -S -a"Microsoft Windows VBL03CA" -d >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca -S -a"Microsoft Windows VBL03CA" -d >> regress.out
|
|
%_CDB_% tfindcer -s ca -S -a"Microsoft Windows VBL03CA" >> regress.out
|
|
|
|
@rem the following should fetch the cert and store in the cache. Since
|
|
@rem not able to build a chain, shouldn't be installed in the CA store
|
|
%_CDB_% turlcache "20VBL03CA.crt" -d >> regress.out
|
|
%_CDB_% ttrust kevin.cer -chain -e0x10000 >> regress.out
|
|
%_CDB_% turlcache "20VBL03CA.crt" -1 >> regress.out
|
|
|
|
@rem the CA certificate shouldn't be in the CA store
|
|
%_CDB_% tfindcer -s ca -S -a"Microsoft Windows VBL03CA" >> regress.out
|
|
|
|
@rem ensure the test root is installed
|
|
%_CDB_% tstore -s lm:reg:root -avbl03AIAroot.cer >> regress.out
|
|
|
|
%_CDB_% turlcache "20VBL03CA.crt" -d >> regress.out
|
|
|
|
%_CDB_% ttrust vbl03AIAend.cer -chain -e0x10000 -DisableAIAUrlRetrieval 1 >> regress.out
|
|
@rem the CA certificate shouldn't be in the CA store
|
|
%_CDB_% tfindcer -s ca -S -a"Microsoft Windows VBL03CA" >> regress.out
|
|
|
|
@rem Exceeded MaxUrlRetrievalByteCount for: Ldap Url
|
|
@rem Exceeded MaxUrlRetrievalByteCount for: http://vbl03ca.ntdev.microsoft.com/CertEnroll/vbl03ca.ntdev.microsoft.com_Microsoft%20Windows%20VBL03CA.crt
|
|
%_CDB_% ttrust vbl03AIAend.cer -chain -e0x10000 -MaxAIAUrlRetrievalByteCount 100 -DisableAIAUrlRetrieval 0xFFFFFFFF >> regress.out
|
|
@rem the CA certificate shouldn't be added to the CA store
|
|
%_CDB_% tfindcer -s ca -S -a"Microsoft Windows VBL03CA" >> regress.out
|
|
|
|
%_CDB_% ttrust vbl03AIAend.cer -chain -e0x0 -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF >> regress.out
|
|
@rem the CA certificate should be added to the CA store
|
|
%_CDB_% tfindcer -s ca -S -a"Microsoft Windows VBL03CA" >> regress.out
|
|
|
|
@rem
|
|
@rem Test AIA URL retrieval
|
|
@rem
|
|
if exist testAIACA.p7b del testAIACA.p7b
|
|
%_CDB_% tfindcer -s reg:ca "TestAIA" -d >> regress.out
|
|
%_CDB_% tfindcer -s lm:reg:root "TestAIA" -d >> regress.out
|
|
if exist testAIA.store del testAIA.store
|
|
%_CDB_% tcopycer %store% testAIA.store >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIARoot -ptestAIAroot.cer >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIAEnd -ptestAIAend.cer >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIARoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIAExpireRoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIACA -ptestAIACArevoke.cer >> regress.out
|
|
|
|
if exist testAIA.store del testAIA.store
|
|
%_CDB_% tcopycer %store% testAIA.store >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIARoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIARevokeRoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIACA -ptestAIACAexpire.cer >> regress.out
|
|
|
|
if exist testAIA.store del testAIA.store
|
|
%_CDB_% tcopycer %store% testAIA.store >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIARevokeRoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store -I TestAIAExpireRoot -d >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIACA -ptestAIACAgood.cer >> regress.out
|
|
|
|
if exist testAIA.store del testAIA.store
|
|
%_CDB_% tcopycer %store% testAIA.store >> regress.out
|
|
%_CDB_% tfindcer testAIA.store TestAIACA -d >> regress.out
|
|
|
|
@rem CERT_TRUST_IS_PARTIAL_CHAIN
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -e0x10000 -i0x0 >> regress.out
|
|
%_CDB_% tstore testAIACA.p7b -atestAIACArevoke.cer -7 >> regress.out
|
|
@rem CERT_TRUST_INVALID_BASIC_CONSTRAINTS
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_HAS_PREFERRED_ISSUER
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -e0x420 -i0x100 >> regress.out
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION, CERT_TRUST_HAS_PREFERRED_ISSUER
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -f0x20000000 -e0x1000460 -i0x100 >> regress.out
|
|
%_CDB_% tstore testAIACA.p7b -atestAIACAgood.cer -7 >> regress.out
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION, CERT_TRUST_HAS_PREFERRED_ISSUER
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -f0x20000000 -e0x1000460 -i0x100 >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca "TestAIA" -d >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca -I TestAIARoot -d >> regress.out
|
|
|
|
if exist testAIACA.p7b del testAIACA.p7b
|
|
%_CDB_% tstore testAIACA.p7b -atestAIACAexpire.cer -7 >> regress.out
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_IS_NOT_TIME_VALID,
|
|
@rem CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION,
|
|
@rem CERT_TRUST_HAS_PREFERRED_ISSUER
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -f0x20000000 -e0x1000461 -i0x100 >> regress.out
|
|
%_CDB_% tstore testAIACA.p7b -atestAIACAgood.cer -7 >> regress.out
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION, CERT_TRUST_HAS_PREFERRED_ISSUER
|
|
%_CDB_% ttrust testAIAend.cer -StestAIA.store -chain -f0x20000000 -e0x1000460 -i0x100 >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca "TestAIA" >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca -I TestAIARoot -d >> regress.out
|
|
|
|
|
|
@rem Invalid File(TestAIACA.p7b):: Attributes: 0x20 Size: 761
|
|
%_CDB_% ttrust testAIAend.cer -chain -e0x10000 -MaxAIAUrlRetrievalByteCount 100 >> regress.out
|
|
|
|
@rem Exceeded MaxAIAUrlRetrievalCertCount
|
|
%_CDB_% ttrust testAIAend.cer -chain -e0x10000 -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 1 >> regress.out
|
|
|
|
@rem Install the TestAIA's root
|
|
%_CDB_% tstore -s lm:reg:root -atestAIAroot.cer >> regress.out
|
|
|
|
@rem Exceeded MaxAIAUrlRetrievalCertCount
|
|
%_CDB_% ttrust testAIAend.cer -chain -e0x10000 -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 1 >> regress.out
|
|
|
|
%_CDB_% tfindcer -s reg:ca "TestAIA" -d >> regress.out
|
|
|
|
%_CDB_% ttrust testAIAend.cer -chain -e0x400 -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 0xFFFFFFFF >> regress.out
|
|
|
|
@rem should be a certificate in the CA store
|
|
%_CDB_% tfindcer -s reg:ca "TestAIA" >> regress.out
|
|
|
|
@rem
|
|
@rem Revocation of a CA. Shouldn't do revocation checking for certs
|
|
@rem lower in the chain.
|
|
@rem
|
|
|
|
@rem with trusted root and revocation of a CA cert
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION,
|
|
@rem CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_REVOKED
|
|
%_CDB_% tfindcer nt.store -S -aNetscape -pnetescapeend.cer >> regress.out
|
|
%_CDB_% ttrust netescapeend.cer -chain -Snt.store -f0x20000000 -e0x1000044 >> regress.out
|
|
|
|
@rem with untrusted root and revocation of a CA cert, no rev check
|
|
@rem CERT_TRUST_IS_OFFLINE_REVOCATION,
|
|
@rem CERT_TRUST_REVOCATION_STATUS_UNKNOWN,
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT
|
|
%_CDB_% tfindcer -s lm:reg:root "TestAIA" -d >> regress.out
|
|
%_CDB_% ttrust netescapeend.cer -chain -Snt.store -f0x20000000 -e0x1000060 >> regress.out
|
|
|
|
|
|
@rem
|
|
@rem Test Rollover URL retrieval
|
|
@rem
|
|
if exist rolloverAIAroot.p7b del rolloverAIAroot.p7b
|
|
if exist rollover.store del rollover.store
|
|
%_CDB_% tfindcer -s ca Rollover -d >> regress.out
|
|
|
|
%_CDB_% tstore2 -P rollover.store >> regress.out
|
|
%_CDB_% tcopycer rollover.store rolloverAIAroot.p7b -7 -aRolloverRoot >> regress.out
|
|
%_CDB_% tfindcer rolloverAIAroot.p7b -I TestRoot -prollovercross.cer >> regress.out
|
|
%_CDB_% tfindcer rolloverAIAroot.p7b -I TestRoot -d -7 >> regress.out
|
|
%_CDB_% tstore rolloverAIAroot.p7b -i0 -prollovermap.cer >> regress.out
|
|
%_CDB_% tstore rolloverAIAroot.p7b -i1 -prolloverroot.cer >> regress.out
|
|
%_CDB_% tfindcer rollover.store TestRoot -pTestRoot.cer >> regress.out
|
|
%_CDB_% tfindcer rollover.store RollOverEnd -prolloverend.cer >> regress.out
|
|
%_CDB_% tfindcer rollover.store RollOverRoot -d >> regress.out
|
|
%_CDB_% tstore rollover.store -arolloverroot.cer >> regress.out
|
|
|
|
@rem following should be untrusted root using the original RollOverRoot
|
|
%_CDB_% ttrust rolloverend.cer -Srollover.store -chain -e0x420 -i0x100 >> regress.out
|
|
%_CDB_% tstore -s lm:root -aTestRoot.cer >> regress.out
|
|
%_CDB_% tstore -s ca -arollovercross.cer >> regress.out
|
|
%_CDB_% tfindcer -s ca Rollover >> regress.out
|
|
|
|
@rem following should do AIA retrieval to get the rollovermap.cer
|
|
%_CDB_% ttrust rolloverend.cer -Srollover.store -chain -e0x400 -i0x100 >> regress.out
|
|
@rem rollovermap.cer should be added. Not, rolloverroot.cer
|
|
%_CDB_% tfindcer -s ca Rollover >> regress.out
|
|
|
|
%_CDB_% tfindcer -s lm:root -S -o2.5.4.3 -aTestRoot -d >> regress.out
|
|
|
|
@rem
|
|
@rem time invalid chain (end cert is time invalid)
|
|
@rem
|
|
%_CDB_% tfindcer %store% "time invalid" -ptimeinvalid.cer -b >> regress.out
|
|
@rem CERT_TRUST_IS_UNTRUSTED_ROOT, CERT_TRUST_IS_NOT_TIME_VALID,
|
|
@rem CERT_TRUST_HAS_PREFERRED_ISSUER, CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY,
|
|
@rem CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
|
|
%_CDB_% ttrust timeinvalid.cer -S%store% -chain -e0x21 -i0x700 >> regress.out
|
|
|
|
@rem
|
|
@rem test Cross Cert Distribution Point and CTL's with NextUpdate time
|
|
@rem and location
|
|
@rem
|
|
if exist %UNC_PREFIX%\tmp.store del %UNC_PREFIX%\tmp.store
|
|
if exist testupdate1.ctl del testupdate1.ctl
|
|
if exist testupdate2.ctl del testupdate2.ctl
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tfindctl -LUpdateCtl2 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% turlcache -d file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
%_CDB_% tstore %UNC_PREFIX%\tmp.store -aallext.cer >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -0 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
@rem Cross Cert Distribution Point are only valid for HKLM certs
|
|
%_CDB_% tstore -s reg:ca -arooto.cer >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca "root agency" -x3600 -xfile://nonexistant1.cer -Xfile://nonexistant2.cer -Xfile://%UNC_PREFIX%\tmp.store -Xfile://nonexistant3.cer -xfile://noexistant4.cer -xfile://%store% -v >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -0 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% tfindcer -s reg:ca "root agency" -d >> regress.out
|
|
|
|
%_CDB_% tfindcer -s lm:ca "root agency" -x3600 -xfile://nonexistant1.cer -Xfile://nonexistant2.cer -Xfile://%UNC_PREFIX%\tmp.store -Xfile://nonexistant3.cer -xfile://noexistant4.cer -xfile://%store% -v >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
@rem set sync time back 2 hours. This should force a resync
|
|
%_CDB_% turlcache -1 -S-7200 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
@rem remove Distribution point from Url store
|
|
%_CDB_% tstore %UNC_PREFIX%\tmp.store -dAll >> regress.out
|
|
%_CDB_% turlcache -1 -S-7200 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
@rem Add Distribution point to Url store
|
|
%_CDB_% tstore %UNC_PREFIX%\tmp.store -aallext.cer >> regress.out
|
|
%_CDB_% turlcache -1 -S-7200 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% turlcache -1 file://%UNC_PREFIX%\tmp.store >> regress.out
|
|
|
|
@rem
|
|
@rem 06-May-02: updated chain building not to do CTL Next Update
|
|
@rem retrieval. Therefore, shouldn't see the time valid CTL's added to
|
|
@rem the reg:trust store.
|
|
@rem
|
|
|
|
@rem time invalid CTL without an URL
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeInvalid -ptestupdate1.ctl -q >> regress.out
|
|
%_CDB_% tstore -s reg:trust -T -atestupdate1.ctl >> regress.out
|
|
del testupdate1.ctl
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
|
|
@rem time invalid CTL with time invalid URL
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeInvalid -ptestupdate1.ctl >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
|
|
@rem time invalid CTL with time valid URL
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeValid -ptestupdate1.ctl >> regress.out
|
|
%_CDB_% tstore -s reg:Trust -T >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% tstore -s reg:Trust -T >> regress.out
|
|
|
|
@rem 2 time invalid CTLs with time valid URLs
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeInvalid -ptestupdate1.ctl -q >> regress.out
|
|
%_CDB_% tstore -s reg:trust -T -atestupdate1.ctl >> regress.out
|
|
%_CDB_% tfindctl %store% -LUpdateCtl1 -fTimeValid -ptestupdate1.ctl >> regress.out
|
|
%_CDB_% tfindctl %store% -LUpdateCtl2 -fTimeInvalid -ptestupdate2.ctl -q >> regress.out
|
|
%_CDB_% tstore -s reg:trust -T -atestupdate2.ctl >> regress.out
|
|
%_CDB_% tfindctl %store% -LUpdateCtl2 -fTimeValid -ptestupdate2.ctl >> regress.out
|
|
%_CDB_% tstore -s reg:Trust -T >> regress.out
|
|
%_CDB_% ttrust vsgood.cer -q0x800b0101 >> regress.out
|
|
%_CDB_% tstore -s reg:Trust -T >> regress.out
|
|
|
|
%_CDB_% tfindctl -LUpdateCtl1 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tfindctl -LUpdateCtl2 -s reg:trust -d -q >> regress.out
|
|
%_CDB_% tfindcer -s lm:ca "root agency" -xDelete -v >> regress.out
|
|
|
|
@rem
|
|
@rem Trust the test root
|
|
@rem
|
|
%_CDB_% setreg -q 1 true >> ..\..\regress.out
|
|
|
|
@rem CERT_E_EXPIRED 0x800b0101
|
|
@rem CERT_E_VALIDITYPERIODNESTING 0x800b0102
|
|
@rem CERT_E_WRONG_USAGE 0x800b0110
|
|
@rem CERT_E_CN_NO_MATCH 0x800b010f
|
|
@rem CERT_E_ROLE 0x800b0103
|
|
@rem CERT_E_UNTRUSTEDTESTROOT 0x800b010d
|
|
@rem CERT_E_PURPOSE 0x800b0106
|
|
@rem TRUST_E_BASIC_CONSTRAINTS 0x80096019
|
|
@rem CERT_E_CHAINING 0x800b010a
|
|
|
|
@rem CERT_E_UNTRUSTEDROOT 0x800b0109
|
|
@rem CERT_E_UNTRUSTEDCA 0x800b0112
|
|
@rem TRUST_E_CERT_SIGNATURE 0x80096004
|
|
@rem TRUST_E_NOSIGNATURE 0x800b0100
|
|
|
|
@rem Match name as a DNS Name choice in an alternate name extension
|
|
%_CDB_% tfindcer %store% -S -q -a"all ext" -pallext.cer >> regress.out
|
|
%_CDB_% ttrust allext.cer -https -server -q -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"DNS name" >> regress.out
|
|
%_CDB_% ttrust allext.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"DNS nameX" >> regress.out
|
|
@rem in allext.cer AltName has a DNS choice, therefore, don't look
|
|
@rem for CN in subject name
|
|
%_CDB_% ttrust allext.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"all ext" >> regress.out
|
|
@rem in kevin.cer AltName doesn't have a DNS choice, therefore, look
|
|
@rem for CN in subject name
|
|
%_CDB_% ttrust kevin.cer -https -server -q -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"kevin" >> regress.out
|
|
%_CDB_% ttrust kevin.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"kevin2" >> regress.out
|
|
|
|
@rem in dssend.cer doesn't have an AltName extension, therefore, look
|
|
@rem for CN in subject name
|
|
%_CDB_% ttrust dssend.cer -DisableMandatoryBasicConstraints 1 -https -server -q -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"dssend" >> regress.out
|
|
%_CDB_% ttrust dssend.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"not dssend" >> regress.out
|
|
|
|
%_CDB_% ttrust dssend.cer -DisableMandatoryBasicConstraints 0xFFFFFFFF -https -server -q0x800b0103 -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"dssend" >> regress.out
|
|
%_CDB_% ttrust dssend.cer -https -server -q0x800b0103 -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"not dssend" >> regress.out
|
|
|
|
@rem not permitted, not supported name constraint
|
|
%_CDB_% ttrust notpermitted.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"www.excluded.dns.not" >> regress.out
|
|
|
|
@rem not excluded name constraint
|
|
%_CDB_% ttrust excluded.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -n"www.excluded.dns.com" >> regress.out
|
|
|
|
@rem not permitted name constraint. Also has an
|
|
@rem invalid policy constraint. For https, mapped to CERT_E_PURPOSE
|
|
%_CDB_% ttrust duplicate1.cer -https -server -q0x800b010f -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA >> regress.out
|
|
%_CDB_% ttrust duplicate1.cer -https -server -q0x800b0106 -S%store% -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA -HttpsIgnoreCertCNInvalid >> regress.out
|
|
|
|
@rem without an additional store, use the AuthorityInfoAccess extension
|
|
@rem to find the issuer certificate. In this case, none of the URLs
|
|
@rem exist
|
|
%_CDB_% ttrust allext.cer -q0x800b010a >> regress.out
|
|
|
|
@rem test CryptInstallDefaultContext
|
|
%_CDB_% ttrust dss1024.cer -q0x800b0109 >> regress.out
|
|
%_CDB_% ttrust dss1024.cer -q0x800b0109 -InstallThreadDefaultContext >> regress.out
|
|
%_CDB_% ttrust dss1024.cer -q0x80096004 -InstallThreadDefaultContext -NullDefaultContext >> regress.out
|
|
|
|
@rem Test NTAuthNameConstraint policy
|
|
@rem CERT_E_UNTRUSTEDCA 0x800b0112
|
|
@rem TRUST_E_BASIC_CONSTRAINTS 0x80096019
|
|
@rem allext.cer has valid name constraints, dssend.cer doesn't
|
|
@rem -NTAuthNameConstraint sets CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG
|
|
%_CDB_% ttrust -DisableNTAuthRequired -chain -NTAuthNameConstraint allext.cer -q -S%store% >> regress.out
|
|
%_CDB_% ttrust -EnableNTAuthRequired -chain -NTAuthNameConstraint allext.cer -q0x800b0112 -S%store% >> regress.out
|
|
|
|
%_CDB_% ttrust -DisableMandatoryBasicConstraints 1 -DisableNTAuthRequired -chain -NTAuthNameConstraint dssend.cer -q0x800b0112 -S%store% >> regress.out
|
|
%_CDB_% ttrust -EnableNTAuthRequired -chain -NTAuthNameConstraint dssend.cer -q0x800b0112 -S%store% >> regress.out
|
|
|
|
%_CDB_% ttrust -DisableMandatoryBasicConstraints 0xFFFFFFFF -DisableNTAuthRequired -chain -NTAuthNameConstraint dssend.cer -q0x80096019 -S%store% >> regress.out
|
|
%_CDB_% ttrust -EnableNTAuthRequired -chain -NTAuthNameConstraint dssend.cer -q0x80096019 -S%store% >> regress.out
|
|
|
|
@cd ttrust\testfile
|
|
|
|
@rem driver and https no longer use setreg's trust test root
|
|
@rem driver no requires it to be the Microsoft root or the Microsoft
|
|
@rem test root
|
|
%_CDB_% ttrust indasind.cab -q0x800b0109 -driver >> ..\..\regress.out
|
|
%_CDB_% ttrust comend3.cer -Scomend3.spc -q0x800b0109 -https -server -HttpsIgnoreWrongUsage >> ..\..\regress.out
|
|
|
|
@rem explicitly trust the "Root Agency" testroot
|
|
%_CDB_% tstore -s lm:root -a..\..\rooto.cer >> ..\..\regress.out
|
|
|
|
@rem Test CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_MICROSOFT_ROOT)
|
|
%_CDB_% ttrust -chain -e0x0 -NotMicrosoftRoot ..\..\rooto.cer >> ..\..\regress.out
|
|
%_CDB_% ttrust -chain -e0x1 -NotMicrosoftRoot ..\..\vsgood.cer >> ..\..\regress.out
|
|
%_CDB_% ttrust -chain -e0x0 -MicrosoftRoot msroot01.cer >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust timestmp.dll -q -file -DisplayKnownUsages >> ..\..\regress.out
|
|
%_CDB_% ttrust timestmp.dll -q -file -chain >> ..\..\regress.out
|
|
@rem with LifetimeSigning, timestamped signatures can expire
|
|
%_CDB_% ttrust timestmp.dll -q0x800b0101 -file -LifetimeSigning >> ..\..\regress.out
|
|
|
|
@rem following timestamped cab, also has LIFTIME_SIGNING OID
|
|
%_CDB_% ttrust lifetime.cab -q0x800b0101 -file >> ..\..\regress.out
|
|
|
|
@rem following certs are valid before timestamp.
|
|
@rem First also has LIFETIME_SIGNING OID
|
|
%_CDB_% ttrust beforets.cab -q0x800b0101 -file >> ..\..\regress.out
|
|
%_CDB_% ttrust beforets2.cab -q0x800b0101 -file >> ..\..\regress.out
|
|
|
|
@rem following certs are valid after timestamp. Should be valid now
|
|
@rem First also has LIFETIME_SIGNING OID
|
|
%_CDB_% ttrust afterts.cab -q0x800b0101 -file >> ..\..\regress.out
|
|
%_CDB_% ttrust afterts2.cab -q0x800b0101 -file >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust indasind.cab -q -file >> ..\..\regress.out
|
|
%_CDB_% ttrust indasind.cab -q -file -chain >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust indasind.cab -q0x800b0109 -driver >> ..\..\regress.out
|
|
@rem individual cert signed as being commercial
|
|
|
|
@rem July 30, 2000 removed all the individual, commerical comparison junk
|
|
|
|
%_CDB_% ttrust indascom.cab -q -file >> ..\..\regress.out
|
|
%_CDB_% ttrust indascom.cab -q -file -chain >> ..\..\regress.out
|
|
@rem commercial cert signed as being individual
|
|
%_CDB_% ttrust comasind.cab -q -file >> ..\..\regress.out
|
|
@rem commercial cert issued by individual CA
|
|
%_CDB_% ttrust comend2.cer -Scomend2.spc -q >> ..\..\regress.out
|
|
@rem signed by commercial cert issued by individual CA
|
|
%_CDB_% ttrust indissue.cab -q -file >> ..\..\regress.out
|
|
|
|
@rem following was signed using a CA certificate
|
|
%_CDB_% ttrust notend.cab -q0x80096019 -file >> ..\..\regress.out
|
|
|
|
@rem Note, not a BASIC_CONSTRAINTS error to verify chain starting with CA
|
|
%_CDB_% ttrust indca.cer -q >> ..\..\regress.out
|
|
%_CDB_% ttrust comca.cer -q >> ..\..\regress.out
|
|
|
|
@rem Intermediate cert had a max depth of 0
|
|
%_CDB_% ttrust comend3.cer -Scomend3.spc -q0x80096019 >> ..\..\regress.out
|
|
%_CDB_% ttrust pathlen.cab -q0x80096019 -file >> ..\..\regress.out
|
|
%_CDB_% ttrust comend3.cer -q0x800b010a >> ..\..\regress.out
|
|
@rem https policy converts to CERT_E_ROLE
|
|
%_CDB_% ttrust comend3.cer -Scomend3.spc -q0x800b0103 -https -server -HttpsIgnoreWrongUsage >> ..\..\regress.out
|
|
|
|
@rem End certificate signing another certificate
|
|
%_CDB_% ttrust end2.cer -Send.spc -q0x80096019 >> ..\..\regress.out
|
|
|
|
@rem Sign with an email certificate (wrong usage)
|
|
%_CDB_% ttrust email.cer -q0x800b0110 >> ..\..\regress.out
|
|
%_CDB_% ttrust email.cer -u1.3.6.1.5.5.7.3.4 -q >>..\..\regress.out
|
|
%_CDB_% ttrust email.cab -q0x800b0110 -file >> ..\..\regress.out
|
|
|
|
@rem Code Signing EKU cert signed as being individual
|
|
%_CDB_% ttrust csasind.cab -q -file >> ..\..\regress.out
|
|
|
|
@rem Code Signing EKU cert signed as being commercial
|
|
%_CDB_% ttrust csascom.cab -q -file >> ..\..\regress.out
|
|
|
|
@rem Commercial EKU cert issued by CodeSigning EKU CA
|
|
%_CDB_% ttrust comend4.cer -Scomend4.spc -q >> ..\..\regress.out
|
|
%_CDB_% ttrust comend4.cer -q0x800b010a >> ..\..\regress.out
|
|
%_CDB_% ttrust csissue.cab -q -file >> ..\..\regress.out
|
|
|
|
@rem Commercial EKU cert issued by Commercial EKU CA
|
|
%_CDB_% ttrust comend5.cer -Scomend5.spc -q >> ..\..\regress.out
|
|
%_CDB_% ttrust comcsiss.cab -q -file >> ..\..\regress.out
|
|
|
|
@rem Commercial EKU cert issued by Individual EKU CA
|
|
%_CDB_% ttrust comend6.cer -Scomend6.spc -q >> ..\..\regress.out
|
|
%_CDB_% ttrust indcsiss.cab -q -file >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust expired.cer -q0x800b0101 >> ..\..\regress.out
|
|
%_CDB_% ttrust expired.cer -chain -q0x800b0101 >> ..\..\regress.out
|
|
%_CDB_% ttrust expired.cer -https -q0x800b0101 >> ..\..\regress.out
|
|
%_CDB_% ttrust expired.cer -https -q -HttpsIgnoreCertDateInvalid >> ..\..\regress.out
|
|
@rem on Sep 10, 1998 disabled time nesting checking in authenticode and
|
|
@rem and SSL chain policy (-q0x800b0102)
|
|
%_CDB_% ttrust timenest.cer -q >> ..\..\regress.out
|
|
%_CDB_% ttrust timenest.cer -chain -q >> ..\..\regress.out
|
|
%_CDB_% ttrust timenest.cer -https -q >> ..\..\regress.out
|
|
%_CDB_% ttrust timenest.cer -https -q -HttpsIgnoreCertDateInvalid >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust client.cer -cert -q0x800b0110 >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -chain -q >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -chain -u1.2.3.4 -q0x800b0110 >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -server -q0x800b0110 >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -server -q -HttpsIgnoreWrongUsage >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -server -q -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q -nClient >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q -n"LDAP/LDAP/Client@MoreLDAP" >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q -n"LDAP/Client@MoreLDAP" >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q -n"////LDAP/Client@Mo@reL@DAP" >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q0x800b010f -nCleent >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q0x800b010f -nCleent -RevokeChain >> ..\..\regress.out
|
|
%_CDB_% ttrust client.cer -https -client -q -HttpsIgnoreCertCNInvalid -nCleent >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -server -q >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -client -q0x800b0110 >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -client -q -HttpsIgnoreWrongUsage >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -client -q -HttpsIgnoreWrongUsage -HttpsIgnoreUnknownCA >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -server -q -nServer >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -server -q0x800b010f -nServerx >> ..\..\regress.out
|
|
%_CDB_% ttrust server.cer -https -server -q -HttpsIgnoreCertCNInvalid -nServerx >> ..\..\regress.out
|
|
%_CDB_% ttrust sgc.cer -https -server -q >> ..\..\regress.out
|
|
%_CDB_% ttrust sgcnet.cer -https -server -q >> ..\..\regress.out
|
|
|
|
@rem test CryptInstallDefaultContext
|
|
%_CDB_% ttrust indca.cer -q -InstallThreadDefaultContext >> ..\..\regress.out
|
|
%_CDB_% ttrust indca.cer -q -InstallThreadDefaultContext -MultiDefaultContext >> ..\..\regress.out
|
|
%_CDB_% ttrust indca.cer -q -InstallThreadDefaultContext -MultiDefaultContext -AutoReleaseDefaultContext >> ..\..\regress.out
|
|
%_CDB_% ttrust indca.cer -q -InstallThreadDefaultContext -NULLDefaultContext >> ..\..\regress.out
|
|
|
|
%_CDB_% ttrust indca.cer -q -InstallProcessDefaultContext >> ..\..\regress.out
|
|
%_CDB_% ttrust indca.cer -q -InstallProcessDefaultContext -MultiDefaultContext >> ..\..\regress.out
|
|
%_CDB_% ttrust indca.cer -q -InstallProcessDefaultContext -MultiDefaultContext -AutoReleaseDefaultContext >> ..\..\regress.out
|
|
|
|
@rem Test NTAuth policy
|
|
%_CDB_% ttrust indasind.cab -q0x800b0112 -file -NTAuth >> ..\..\regress.out
|
|
%_CDB_% ttrust indasind.cab -q0x80092012 -file -NTAuth -RevokeChain >> ..\..\regress.out
|
|
%_CDB_% ttrust pathlen.cab -q0x80096019 -file -NTAuth >> ..\..\regress.out
|
|
%_CDB_% ttrust end2.cer -Send.spc -q0x80096019 -NTAuth >> ..\..\regress.out
|
|
%_CDB_% ttrust expired.cer -q0x800b0101 -NTAuth >> ..\..\regress.out
|
|
|
|
@rem Test Safer
|
|
|
|
@rem remove all TestSafer roots and trusted publishers
|
|
%_CDB_% tfindcer -s lm:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s lm:Root TestSafer -d >> ..\..\regress.out
|
|
@rem remove all TestSafer disallowewd publishers
|
|
%_CDB_% tfindcer -s lm:Disallowed TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:Disallowed TestSafer -d >> ..\..\regress.out
|
|
|
|
|
|
@rem TRUST_E_NO_SIGNATURE
|
|
%_CDB_% ttrust -file -Safer -DeleteSaferRegKey -q0x800b0100 torg2.cab >> ..\..\regress.out
|
|
|
|
@rem Safer maps TRUST_E_BAD_DIGEST to TRUST_E_NO_SIGNATURE
|
|
%_CDB_% ttrust -file -Safer -q0x800b0100 b_dig.cab >> ..\..\regress.out
|
|
@rem TRUST_E_BAD_DIGEST (without safer)
|
|
%_CDB_% ttrust -file -q0x80096010 b_dig.cab >> ..\..\regress.out
|
|
|
|
@rem TRUST_E_CERT_SIGNATURE
|
|
%_CDB_% ttrust -file -Safer -q0x80096004 bad_sign.cab >> ..\..\regress.out
|
|
|
|
@rem TRUST_E_COUNTER_SIGNER
|
|
%_CDB_% ttrust -file -Safer -q0x80096003 tscert.cab >> ..\..\regress.out
|
|
|
|
@rem CERT_E_UNTRUSTEDROOT
|
|
%_CDB_% ttrust -file -Safer -q0x800b0109 saferuntrusted.cab >> ..\..\regress.out
|
|
%_CDB_% ttrust -file -Safer -q0x800b0109 saferuntrusted2.cab >> ..\..\regress.out
|
|
%_CDB_% ttrust -file -Safer -q0x800b0109 saferuser.cab >> ..\..\regress.out
|
|
|
|
@rem explicitly trust publisher
|
|
%_CDB_% tstore -s reg:TrustedPublisher -asaferuser.cer >> ..\..\regress.out
|
|
@rem remains untrusted root
|
|
%_CDB_% ttrust -file -Safer -q0x800b0109 saferuser.cab >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
|
|
%_CDB_% tstore -s lm:Root -asaferroot.cer >> ..\..\regress.out
|
|
@rem
|
|
@rem the safer certs have expired on 7/30/01. Therefore needed to change
|
|
@rem numerous expected errors to expired.
|
|
@rem
|
|
%_CDB_% ttrust -file -DeleteSaferRegKey -Safer -q0x800b0101 saferfull.cab >> ..\..\regress.out
|
|
|
|
@rem AuthenticodeFlags definitions
|
|
@rem CERT_TRUST_PUB_ALLOW_TRUST_MASK 0x00000003
|
|
@rem CERT_TRUST_PUB_ALLOW_END_USER_TRUST 0x00000000
|
|
@rem CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST 0x00000001
|
|
@rem CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST 0x00000002
|
|
@rem CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100
|
|
@rem CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200
|
|
|
|
@rem Expired overrides: CRYPT_E_SECURITY_SETTINGS, don't allow end user trust
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x1 -q0x800b0101 saferfull.cab >> ..\..\regress.out
|
|
|
|
@rem both SAFER and default ignore NO_REVOCATION check
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x300 -q0x800b0101 saferfull.cab >> ..\..\regress.out
|
|
%_CDB_% ttrust -file -AuthenticodeFlags 0x300 -q0x800b0101 saferfull.cab >> ..\..\regress.out
|
|
|
|
@rem explicitly trust publisher
|
|
%_CDB_% tstore -s reg:TrustedPublisher -asaferuser.cer >> ..\..\regress.out
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x0 -q0x800b0101 saferuser.cab >> ..\..\regress.out
|
|
@rem Expired overrides: don't trust end user, should get CRYPT_E_SECURITY_SETTINGS
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x1 -q0x800b0101 saferuser.cab >> ..\..\regress.out
|
|
@rem shouldn't appear in TrustedPublisher store
|
|
%_CDB_% tstore -s TrustedPublisher >> ..\..\regress.out
|
|
|
|
@rem explicitly distrust publisher
|
|
%_CDB_% tstore -s reg:Disallowed -asaferuser.cer >> ..\..\regress.out
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x0 -q0x800b0111 saferuser.cab >> ..\..\regress.out
|
|
@rem should get TRUST_E_EXPLICIT_DISTRUST (0x800b0111) for all options
|
|
%_CDB_% ttrust -file -q0x800b0111 saferuser.cab >> ..\..\regress.out
|
|
%_CDB_% ttrust -q0x800b0111 saferuser.cer >> ..\..\regress.out
|
|
|
|
@rem Https will treat as CRYPT_E_REVOKED (0x80092010)
|
|
%_CDB_% ttrust -Https -q0x80092010 -Ssaferca.cer saferuser.cer >> ..\..\regress.out
|
|
@rem Chain will treat as CERT_E_REVOKED (0x800b010c)
|
|
%_CDB_% ttrust -Chain -q0x800b010c -Ssaferca.cer saferuser.cer >> ..\..\regress.out
|
|
|
|
@rem remove trusted publisher from CurrentUser and add to HKLM
|
|
%_CDB_% tfindcer -s reg:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:Disallowed TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tstore -s lm:TrustedPublisher -asaferuser.cer >> ..\..\regress.out
|
|
|
|
@rem Expired overrides: don't allow end user trust, however trusted in HKLM
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x1 -q0x800b0101 saferuser.cab >> ..\..\regress.out
|
|
|
|
|
|
@rem Expired overrides: CRYPT_E_SECURITY_SETTINGS, don't allow machine trust
|
|
%_CDB_% ttrust -file -Safer -AuthenticodeFlags 0x2 -q0x800b0101 saferuser.cab >> ..\..\regress.out
|
|
|
|
@rem remove TestSafer stuff
|
|
%_CDB_% ttrust -file -Safer -DeleteSaferRegKey -q0x800b0100 torg2.cab >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s lm:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:TrustedPublisher TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s lm:Root TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s lm:Disallowed TestSafer -d >> ..\..\regress.out
|
|
%_CDB_% tfindcer -s reg:Disallowed TestSafer -d >> ..\..\regress.out
|
|
|
|
@rem
|
|
@rem Test for cyclic
|
|
@rem
|
|
@rem CERT_TRUST_IS_CYCLIC 0x00000080
|
|
@rem CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000
|
|
@rem
|
|
%_CDB_% ttrust -chain cycleend.cer -Scycle.p7b -e0x10080 >> ..\..\regress.out
|
|
|
|
@rem ensure the test root is removed
|
|
%_CDB_% tfindcer -S -s lm:root -a"Root Agency" -d >> ..\..\regress.out
|
|
|
|
@cd ..\..
|
|
:TrustDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem KEYID
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="keyid" if not %t%=="all" goto KeyIdDone
|
|
if exist tmp.store del tmp.store
|
|
%_CDB_% tcopycer %store% tmp.store -aTestRecipient2 >> regress.out
|
|
%_CDB_% tsca -l tmp.store envelope -mtmp.msg -v >> regress.out
|
|
|
|
%_CDB_% tcopycer %store% tmp.store -aTestSigner2 >> regress.out
|
|
%_CDB_% tcopycer %store% tmp.store -aTestSigner >> regress.out
|
|
%_CDB_% tcopycer %store% tmp.store -aTestSigner3 >> regress.out
|
|
%_CDB_% tcopycer %store% tmp.store -aTestRecipient >> regress.out
|
|
%_CDB_% tstore tmp.store -b >> regress.out
|
|
|
|
%_CDB_% tfindcer -s archived:my TestSigner -d -q >> regress.out
|
|
%_CDB_% tfindcer -s archived:my TestRecipient -d -q >> regress.out
|
|
%_CDB_% tfindcer -s archived:lm:my TestSigner -d -q >> regress.out
|
|
%_CDB_% tfindcer -s archived:lm:my TestRecipient -d -q >> regress.out
|
|
|
|
%_CDB_% tcopycer tmp.store -s my >> regress.out
|
|
%_CDB_% tcopycer tmp.store -s lm:my >> regress.out
|
|
|
|
%_CDB_% tstore -s my -b >> regress.out
|
|
%_CDB_% tstore -s archived:my -b >> regress.out
|
|
%_CDB_% tstore -s lm:my -b >> regress.out
|
|
%_CDB_% tstore -s archived:lm:my -b >> regress.out
|
|
|
|
|
|
|
|
@rem CERT_STORE_MANIFOLD_FLAG 0x00000100
|
|
@rem CERT_STORE_ENUM_ARCHIVED_FLAG 0x00000200
|
|
|
|
%_CDB_% tstore tmp.store -b -f0x100 >> regress.out
|
|
%_CDB_% tstore tmp.store -f0x300 -S >> regress.out
|
|
%_CDB_% tstore tmp.store -b >> regress.out
|
|
%_CDB_% tstore tmp.store -b -f0x200 >> regress.out
|
|
%_CDB_% tsca -l tmp.store envelope -rtmp.msg -v >> regress.out
|
|
|
|
%_CDB_% tfindcer tmp.store TestSigner -ptestsign.cer >> regress.out
|
|
%_CDB_% tfindcer tmp.store TestRecipient -ptestxchg.cer >> regress.out
|
|
|
|
%_CDB_% tkeyid set -Stmp.store -ctestxchg.cer >> regress.out
|
|
%_CDB_% tkeyid set -Stmp.store -ctestsign.cer >> regress.out
|
|
%_CDB_% tkeyid enum -b >> regress.out
|
|
%_CDB_% tkeyid enum -v >> regress.out
|
|
%_CDB_% tkeyid delete -ctestxchg.cer -p20 >> regress.out
|
|
%_CDB_% tkeyid delete -ctestsign.cer -p4 >> regress.out
|
|
%_CDB_% tkeyid delete -ctestsign.cer -p3 >> regress.out
|
|
%_CDB_% tkeyid delete -ctestsign.cer -p15 >> regress.out
|
|
%_CDB_% tkeyid get -ctestxchg.cer -V >> regress.out
|
|
%_CDB_% tkeyid get -ctestsign.cer -V >> regress.out
|
|
|
|
%_CDB_% tfindcer -s archived:lm:my TestRecipient -d -q >> regress.out
|
|
if exist mach.store del mach.store
|
|
%_CDB_% tstore2 -M mach.store >> regress.out
|
|
%_CDB_% tfindcer mach.store -S -aTestRecipient -ptestxchg.cer >> regress.out
|
|
%_CDB_% tkeyid set -M -Smach.store -ctestxchg.cer >> regress.out
|
|
%_CDB_% tkeyid enum -M -b >> regress.out
|
|
%_CDB_% tkeyid enum -M -v >> regress.out
|
|
%_CDB_% tstore -s lm:my -atestxchg.cer >> regress.out
|
|
%_CDB_% tkeyid enum -M -v >> regress.out
|
|
%_CDB_% tkeyid delete -M -ctestxchg.cer -p20 >> regress.out
|
|
%_CDB_% tkeyid delete -M -ctestxchg.cer -p4 >> regress.out
|
|
%_CDB_% tkeyid get -M -ctestxchg.cer -V >> regress.out
|
|
%_CDB_% tkeyid get -M -ctestxchg.cer -V -p2 >> regress.out
|
|
%_CDB_% tkeyid get -M -ctestxchg.cer -V -p3 >> regress.out
|
|
|
|
:KeyIdDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem URL
|
|
@rem ----------------------------------------------------------------
|
|
@if not %t%=="url" if not %t%=="all" goto UrlDone
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" cert -m -k >> regress.out
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" crl -m >> regress.out
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" any -m -t 20000 >> regress.out
|
|
%_CDB_% tstore -s "prov:ldap:ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -f0x18000 >> regress.out
|
|
%_CDB_% tstore -R -s "prov:ldap:ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -f0x8000 >> regress.out
|
|
|
|
@rem flags:
|
|
@rem CERT_LDAP_STORE_OPENED_FLAG 0x40000
|
|
@rem CERT_LDAP_STORE_UNBIND_FLAG 0x80000
|
|
%_CDB_% tstore -s "prov:ldap:ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -f0x48000 >> regress.out
|
|
%_CDB_% tstore -R -s "prov:ldap:ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com??sub" -f0xc8000 >> regress.out
|
|
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com?caCertificate?sub?objectclass=certificationAuthority" cert -m >> regress.out
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com?certificateRevocationList,authorityrevocationlist?sub?objectclass=cRlDistributionPoint" crl -m >> regress.out
|
|
|
|
@rem don't support multiple host names
|
|
%_CDB_% tcrobu "ldap://ntdev.microsoft.com ntdev.microsoft.com/CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com?certificateRevocationList,authorityrevocationlist?sub?objectclass=cRlDistributionPoint" crl -m -Error 0x80070057 >> regress.out
|
|
|
|
@rem CRYPT_AIA_RETRIEVAL 0x00080000
|
|
@rem when the above flag is set, a nonCert URL retrieval shouldn't be
|
|
@rem cached
|
|
%_CDB_% turlcache "VBL03CA.crl" -d >> regress.out
|
|
%_CDB_% tcrobu "http://vbl03ca.ntdev.microsoft.com/CertEnroll/Microsoft Windows VBL03CA.crl" crl -Flags 0x80000 -Error 0 >> regress.out
|
|
%_CDB_% turlcache "VBL03CA.crl" -0 >> regress.out
|
|
%_CDB_% tcrobu "http://vbl03ca.ntdev.microsoft.com/CertEnroll/Microsoft Windows VBL03CA.crl" crl -Error 0 >> regress.out
|
|
%_CDB_% turlcache "VBL03CA.crl" -1 >> regress.out
|
|
|
|
@rem dwMaxUrlRetrievalByteCount
|
|
%_CDB_% tcrobu "ldap:///CN=Microsoft Windows VBL03CA,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority" cert -m -Size 2700 -Error 13 >> regress.out
|
|
%_CDB_% tcrobu "ldap:///CN=Microsoft Windows VBL03CA,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=ntdev,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority" cert -m -Size 3000 -Error 0 >> regress.out
|
|
|
|
%_CDB_% tcrobu "http://vbl03ca.ntdev.microsoft.com/CertEnroll/vbl03ca.ntdev.microsoft.com_Microsoft Windows VBL03CA.crt" cert -Size 2700 -Error 13 >> regress.out
|
|
%_CDB_% tcrobu "http://vbl03ca.ntdev.microsoft.com/CertEnroll/vbl03ca.ntdev.microsoft.com_Microsoft Windows VBL03CA.crt" cert -Size 3000 -Error 0 >> regress.out
|
|
|
|
%_CDB_% tcrobu file://vsgood.cer cert -Size 2560 -Error 13 >> regress.out
|
|
%_CDB_% tcrobu file://vsgood.cer cert -Size 2660 -Error 0 >> regress.out
|
|
|
|
goto UrlDone
|
|
%_CDB_% tcrobu "ldap://157.59.132.34/c=us??sub" cert -m >> regress.out
|
|
%_CDB_% tcrobu "ldap://157.59.132.34/c=us??sub" crl -m >> regress.out
|
|
%_CDB_% tcrobu "ldap://157.59.132.34/c=us??sub" any -m >> regress.out
|
|
|
|
|
|
:UrlDone
|
|
|
|
@rem ----------------------------------------------------------------
|
|
@rem **** END ****
|
|
@rem ----------------------------------------------------------------
|
|
|
|
ttrust -EnableUntrustedRootLogging -EnablePartialChainLogging -RegistryOnlyExit
|
|
ttrust -DisableAIAUrlRetrieval 0xFFFFFFFF -MaxAIAUrlCountInCert 0xFFFFFFFF -MaxAIAUrlRetrievalCountPerChain 0xFFFFFFFF -MaxAIAUrlRetrievalByteCount 0xFFFFFFFF -MaxAIAUrlRetrievalCertCount 0xFFFFFFFF -RegistryOnlyExit
|
|
|
|
setreg -q 1 FALSE 2 TRUE 3 TRUE 4 TRUE 5 TRUE 6 TRUE 7 TRUE
|
|
|
|
@rem ensure the test root is removed
|
|
@tfindcer -S -s lm:root -a"Root Agency" -d >nul
|
|
|
|
@qgrep -y "pass succe" regress.out
|
|
@echo ****************************
|
|
@qgrep -y "leak fail" regress.out | qgrep -v -e "returned expected"
|
|
@qgrep -y -e "expected return:" regress.out
|
|
@qgrep -y -B -e "error:" regress.out
|
|
@rem @qgrep -e "Error at" regress.out
|
|
@echo ****************************
|
|
|
|
:exeunt
|
|
@echo off
|
|
set v=%_old_v%
|
|
set l=%_old_l%
|
|
set p=%_old_p%
|
|
set pe=%_old_pe%
|
|
set s=%_old_s%
|
|
set n=%_old_n%
|
|
set t=%_old_t%
|
|
set _CDB_=%_old_CDB_%
|
|
set DEBUG_MASK=%_old_DEBUG_MASK%
|
|
set DEBUG_PRINT_MASK=%_old_DEBUG_PRINT_MASK%
|
|
|
|
set LCN=%_old_LCN%
|
|
set RCN=%_old_RCN%
|
|
set SID=%_old_SID%
|
|
set SLEEP0=%_old_SLEEP0%
|
|
set UNC_PREFIX=%_old_UNC_PREFIX%
|
|
|
|
set _old_v=
|
|
set _old_l=
|
|
set _old_p=
|
|
set _old_pe=
|
|
set _old_s=
|
|
set _old_n=
|
|
set _old_t=
|
|
set _old_CDB_=
|
|
set _old_DEBUG_MASK=
|
|
|
|
set _old_LCN=
|
|
set _old_RCN=
|
|
set _old_SID=
|
|
set _old_SLEEP0=
|
|
set _old_UNC_PREFIX=
|
|
|
|
REM @ENDLOCAL
|