[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-25-cms-skid.m

/*
 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#include "shared_regressions.h"

#import <AssertMacros.h>
#import <Foundation/Foundation.h>

#import <Security/SecCMS.h>
#import <Security/SecTrust.h>
#import <Security/SecTrustPriv.h>
#include <utilities/SecCFRelease.h>

#import "si-25-cms-skid.h"

static void test_cms_verification(void)
{
    NSData *content = [NSData dataWithBytes:_content length:sizeof(_content)];
    NSData *signedData = [NSData dataWithBytes:_signedData length:sizeof(_signedData)];

    SecPolicyRef policy = SecPolicyCreateBasicX509();
    SecTrustRef trust = NULL;
    CFArrayRef certificates = NULL;

    ok_status(SecCMSVerify((__bridge CFDataRef)signedData, (__bridge CFDataRef)content, policy, &trust, NULL), "verify CMS message");

    /* verify that CMS stack found the certs in the CMS (using the SKID) and stuck them in the trust ref */
    ok_status(SecTrustCopyInputCertificates(trust, &certificates), "copy input certificates");
#if TARGET_OS_OSX
    // macOS implementation of CMS puts the leaf first and then adds all certs (so the signer cert is included twice)
    is(CFArrayGetCount(certificates), 4, "4 certs in the cms");
#else
    // embedded implementation of CMS just orders the certs so the signer cert is first
    is(CFArrayGetCount(certificates), 3, "3 certs in the cms");
#endif

    CFReleaseNull(policy);
    CFReleaseNull(trust);
    CFReleaseNull(certificates);
}

int si_25_cms_skid(int argc, char *const *argv)
{
    plan_tests(3);

    test_cms_verification();

    return 0;
}
Commit	Line	Data
3a7be6fd A	1	/*
	2	* Copyright (c) 2016 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#include "shared_regressions.h"
	25
	26	#import <AssertMacros.h>
	27	#import <Foundation/Foundation.h>
	28
	29	#import <Security/SecCMS.h>
	30	#import <Security/SecTrust.h>
805875f8	31	#import <Security/SecTrustPriv.h>
3a7be6fd A	32	#include <utilities/SecCFRelease.h>
	33
	34	#import "si-25-cms-skid.h"
	35
	36	static void test_cms_verification(void)
	37	{
	38	NSData *content = [NSData dataWithBytes:_content length:sizeof(_content)];
	39	NSData *signedData = [NSData dataWithBytes:_signedData length:sizeof(_signedData)];
	40
	41	SecPolicyRef policy = SecPolicyCreateBasicX509();
	42	SecTrustRef trust = NULL;
805875f8	43	CFArrayRef certificates = NULL;
3a7be6fd A	44
	45	ok_status(SecCMSVerify((__bridge CFDataRef)signedData, (__bridge CFDataRef)content, policy, &trust, NULL), "verify CMS message");
	46
805875f8 A	47	/* verify that CMS stack found the certs in the CMS (using the SKID) and stuck them in the trust ref */
	48	ok_status(SecTrustCopyInputCertificates(trust, &certificates), "copy input certificates");
	49	#if TARGET_OS_OSX
	50	// macOS implementation of CMS puts the leaf first and then adds all certs (so the signer cert is included twice)
	51	is(CFArrayGetCount(certificates), 4, "4 certs in the cms");
	52	#else
	53	// embedded implementation of CMS just orders the certs so the signer cert is first
	54	is(CFArrayGetCount(certificates), 3, "3 certs in the cms");
	55	#endif
3a7be6fd	56
805875f8 A	57	CFReleaseNull(policy);
	58	CFReleaseNull(trust);
	59	CFReleaseNull(certificates);
3a7be6fd A	60	}
	61
	62	int si_25_cms_skid(int argc, char const argv)
	63	{
805875f8	64	plan_tests(3);
3a7be6fd A	65
	66	test_cms_verification();
	67
	68	return 0;
	69	}