[apple/security.git] / SecurityTool / sharedTool / trust_update.m

/*
 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 *
 * trust_update.m
 */

#import <Foundation/Foundation.h>

#import <utilities/SecCFWrappers.h>
#import <Security/SecTrustPriv.h>

#include "SecurityCommands.h"

static int check_OTA_Supplementals_asset(void) {
    CFErrorRef error = NULL;
    uint64_t version = SecTrustOTAPKIGetUpdatedAsset(&error);
    if (error) {
        CFStringRef errorDescription = CFErrorCopyDescription(error);
        if (errorDescription) {
            char *errMsg = CFStringToCString(errorDescription);
            fprintf(stdout, "Update failed: %s\n", errMsg);
            if (errMsg) { free(errMsg); }
            CFRelease(errorDescription);
        } else {
            fprintf(stdout, "Update failed: no description\n");
        }
        CFRelease(error);
    } else {
        fprintf(stdout, "Updated succeeded\n");
    }
    if (version != 0) {
        fprintf(stdout, "Asset Content Version: %llu\n", version);
    } else {
        return 1;
    }
    return 0;
}

static int check_OTA_sec_experiment_asset(void) {
    CFErrorRef error = NULL;
    uint64_t version = SecTrustOTASecExperimentGetUpdatedAsset(&error);
    if (error) {
        CFStringRef errorDescription = CFErrorCopyDescription(error);
        if (errorDescription) {
            char *errMsg = CFStringToCString(errorDescription);
            fprintf(stdout, "Update failed: %s\n", errMsg);
            if (errMsg) { free(errMsg); }
            CFRelease(errorDescription);
        } else {
            fprintf(stdout, "Update failed: no description\n");
        }
        CFRelease(error);
    } else {
        fprintf(stdout, "Updated succeeded\n");
    }
    if (version != 0) {
        fprintf(stdout, "Asset Content Version: %llu\n", version);
    } else {
        return 1;
    }
    return 0;
}

static int check_valid_update(void) {
    CFErrorRef error = NULL;
    bool result = SecTrustTriggerValidUpdate(&error);
    if (!result) {
        CFStringRef errorDescription = error ? CFErrorCopyDescription(error) : NULL;
        if (errorDescription) {
            char *errMsg = CFStringToCString(errorDescription);
            fprintf(stdout, "Update failed: %s\n", errMsg ? errMsg : "no error message");
            free(errMsg);
            CFRelease(errorDescription);
        } else {
            fprintf(stdout, "Update failed: no description\n");
        }
        CFReleaseNull(error);
    } else {
        fprintf(stdout, "Updated triggered\n");
    }
    return 0;
}

int check_trust_update(int argc, char * const *argv) {
    int arg;

    if (argc == 1) {
        return SHOW_USAGE_MESSAGE;
    }

    while ((arg = getopt(argc, argv, "ser")) != -1) {
        switch(arg) {
            case 's':
                return check_OTA_Supplementals_asset();
            case 'e':
                return check_OTA_sec_experiment_asset();
            case 'r':
                return check_valid_update();
            case '?':
            default:
                return SHOW_USAGE_MESSAGE;
        }
    }

    return 0;
}
Commit	Line	Data
ecaf5866 A	1	/*
	2	* Copyright (c) 2017 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*
	23	* trust_update.m
	24	*/
	25
	26	#import <Foundation/Foundation.h>
	27
	28	#import <utilities/SecCFWrappers.h>
	29	#import <Security/SecTrustPriv.h>
	30
	31	#include "SecurityCommands.h"
	32
	33	static int check_OTA_Supplementals_asset(void) {
	34	CFErrorRef error = NULL;
	35	uint64_t version = SecTrustOTAPKIGetUpdatedAsset(&error);
	36	if (error) {
	37	CFStringRef errorDescription = CFErrorCopyDescription(error);
	38	if (errorDescription) {
	39	char *errMsg = CFStringToCString(errorDescription);
	40	fprintf(stdout, "Update failed: %s\n", errMsg);
	41	if (errMsg) { free(errMsg); }
	42	CFRelease(errorDescription);
	43	} else {
	44	fprintf(stdout, "Update failed: no description\n");
	45	}
	46	CFRelease(error);
	47	} else {
	48	fprintf(stdout, "Updated succeeded\n");
	49	}
	50	if (version != 0) {
	51	fprintf(stdout, "Asset Content Version: %llu\n", version);
	52	} else {
	53	return 1;
	54	}
	55	return 0;
	56	}
	57
b54c578e A	58	static int check_OTA_sec_experiment_asset(void) {
	59	CFErrorRef error = NULL;
	60	uint64_t version = SecTrustOTASecExperimentGetUpdatedAsset(&error);
	61	if (error) {
	62	CFStringRef errorDescription = CFErrorCopyDescription(error);
	63	if (errorDescription) {
	64	char *errMsg = CFStringToCString(errorDescription);
	65	fprintf(stdout, "Update failed: %s\n", errMsg);
	66	if (errMsg) { free(errMsg); }
	67	CFRelease(errorDescription);
	68	} else {
	69	fprintf(stdout, "Update failed: no description\n");
	70	}
	71	CFRelease(error);
	72	} else {
	73	fprintf(stdout, "Updated succeeded\n");
	74	}
	75	if (version != 0) {
	76	fprintf(stdout, "Asset Content Version: %llu\n", version);
	77	} else {
	78	return 1;
	79	}
	80	return 0;
	81	}
	82
d64be36e A	83	static int check_valid_update(void) {
	84	CFErrorRef error = NULL;
	85	bool result = SecTrustTriggerValidUpdate(&error);
	86	if (!result) {
	87	CFStringRef errorDescription = error ? CFErrorCopyDescription(error) : NULL;
	88	if (errorDescription) {
	89	char *errMsg = CFStringToCString(errorDescription);
	90	fprintf(stdout, "Update failed: %s\n", errMsg ? errMsg : "no error message");
	91	free(errMsg);
	92	CFRelease(errorDescription);
	93	} else {
	94	fprintf(stdout, "Update failed: no description\n");
	95	}
	96	CFReleaseNull(error);
	97	} else {
	98	fprintf(stdout, "Updated triggered\n");
	99	}
	100	return 0;
	101	}
	102
ecaf5866 A	103	int check_trust_update(int argc, char * const *argv) {
ecaf5866 A	104	int arg;
ecaf5866 A	105
	106	if (argc == 1) {
	107	return SHOW_USAGE_MESSAGE;
	108	}
	109
d64be36e	110	while ((arg = getopt(argc, argv, "ser")) != -1) {
ecaf5866 A	111	switch(arg) {
ecaf5866 A	112	case 's':
b54c578e A	113	return check_OTA_Supplementals_asset();
	114	case 'e':
	115	return check_OTA_sec_experiment_asset();
d64be36e A	116	case 'r':
d64be36e A	117	return check_valid_update();
ecaf5866 A	118	case '?':
	119	default:
	120	return SHOW_USAGE_MESSAGE;
	121	}
	122	}
	123
ecaf5866 A	124	return 0;
ecaf5866 A	125	}