[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-30-xara-helpers.h

/*
 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#ifndef kc_30_xara_helpers_h
#define kc_30_xara_helpers_h

#include <Security/Security.h>
#include <Security/cssmapi.h>
#include <security_utilities/debugging.h>
#include "utilities/SecCFRelease.h"

static char keychainFile[1000];
static char keychainName[1000];

#if TARGET_OS_MAC

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunused-variable"
#pragma clang diagnostic ignored "-Wunused-function"

/* name is the name of the test, not the name of the keychain */
static SecKeychainRef newKeychain(const char * name) {
    SecKeychainRef kc = NULL;
    char* password = "password";

    // Kill the test keychain if it exists.
    unlink(keychainFile);

    ok_status(SecKeychainCreate(keychainName, (UInt32) strlen(password), password, false, NULL, &kc), "%s: SecKeychainCreate", name);
    return kc;
}
#define newKeychainTests 1

/* name is the name of the test, not the name of the keychain */
static SecKeychainRef newCustomKeychain(const char * name, const char * path, const char * password) {
    SecKeychainRef kc = NULL;

    // Kill the keychain if it exists.
    unlink(path);

    ok_status(SecKeychainCreate(path, (UInt32) strlen(password), password, false, NULL, &kc), "%s: SecKeychainCreate", name);
    return kc;
}
#define newCustomKeychainTests 1

static SecKeychainRef openCustomKeychain(const char * name, const char * path, const char * password) {
    SecKeychainRef kc = NULL;
    ok_status(SecKeychainOpen(path, &kc), "%s: SecKeychainOpen", name);

    if(password) {
        ok_status(SecKeychainUnlock(kc, (UInt32) strlen(password), password, true), "%s: SecKeychainUnlock", name);
    } else {
        pass("make test count right");
    }

    return kc;
}
#define openCustomKeychainTests 2

static SecKeychainRef openKeychain(const char * name) {
    return openCustomKeychain(name, "test.keychain", NULL);
}
#define openKeychainTests (openCustomKeychainTests)

#define getIntegrityHashTests 3
static CFStringRef getIntegrityHash(const char* name, SecKeychainItemRef item) {
    if(!item) {
        for(int i = 0; i < getIntegrityHashTests; i++) {
            fail("%s: getIntegrityHash not passed an item", name);
        }
        return NULL;
    }
    SecAccessRef access = NULL;
    ok_status(SecKeychainItemCopyAccess(item, &access), "%s: SecKeychainItemCopyAccess", name);

    CFArrayRef acllist = NULL;
    ok_status(SecAccessCopyACLList(access, &acllist), "%s: SecAccessCopyACLList", name);

    int hashesFound = 0;
    CFStringRef output = NULL;

    if(acllist) {
        for(int i = 0; i < CFArrayGetCount(acllist); i++) {
            SecACLRef acl = (SecACLRef) CFArrayGetValueAtIndex(acllist, i);

            CFArrayRef auths = SecACLCopyAuthorizations(acl);
            CFRange searchrange = {0, CFArrayGetCount(auths)};
            if(CFArrayContainsValue(auths, searchrange, kSecACLAuthorizationIntegrity)) {

                CFArrayRef applications = NULL;
                CFStringRef description = NULL;
                SecKeychainPromptSelector selector;
                SecACLCopyContents(acl, &applications, &description, &selector);

                // found a hash. match it.
                hashesFound++;

                output = description;
            }

            CFReleaseNull(auths);
        }

        CFReleaseNull(acllist);
    }

    is(hashesFound, 1, "%s: Wrong number of hashes found", name);
    return output;
}

// Pulls the Integrity hash out of an item and compares it against the given one.
static void checkIntegrityHash(const char* name, SecKeychainItemRef item, CFStringRef expectedHash) {
    CFStringRef hash = getIntegrityHash(name, item);

    if(!hash) {
        fail("No hash to match");
        return;
    }

    // We can't use use the ok macro here, because we
    // might run it too many times and mess up the test count.
    if(CFStringCompare(expectedHash, hash, 0) == kCFCompareEqualTo) {
        pass("Hashes match.");
    } else {
        printf("%s: Hashes didn't match. Was: ", name);
        fflush(stdout);
        CFShow(hash);
        fail("Hashes don't match");
    }
}
#define checkIntegrityHashTests (getIntegrityHashTests + 1)

static void checkHashesMatch(const char* name, SecKeychainItemRef item, SecKeychainItemRef comp) {
    CFStringRef itemhash    = getIntegrityHash(name, item);
    CFStringRef comparehash = getIntegrityHash(name, comp);

    if(!itemhash) {
        fail("%s: original item not passed in", name);
        return;
    }
    if(!comparehash) {
        fail("%s: compare item not passed in", name);
        return;
    }

    is(CFStringCompare(itemhash, comparehash, 0), kCFCompareEqualTo, "%s: hashes do not match", name);
    if(CFStringCompare(itemhash, comparehash, 0) != kCFCompareEqualTo) {
        fflush(stdout);
        CFShow(itemhash);
        CFShow(comparehash);
    }
}
#define checkHashesMatchTests (getIntegrityHashTests + getIntegrityHashTests + 1)

/* Checks to be sure there are N elements in this search, and returns the first
 * if it exists. */
static SecKeychainItemRef checkN(char* testName, const CFDictionaryRef query, uint32_t n) {
    CFArrayRef results = NULL;
    if(n > 0) {
        ok_status(SecItemCopyMatching(query, (CFTypeRef*) &results), "%s: SecItemCopyMatching", testName);
    } else {
        is(SecItemCopyMatching(query, (CFTypeRef*) &results), errSecItemNotFound, "%s: SecItemCopyMatching (for no items)", testName);
    }
    CFRelease(query);

    SecKeychainItemRef item = NULL;
    if(results) {
        is(CFArrayGetCount(results), n, "%s: Wrong number of results", testName);
        if(n >= 1) {
            ok(item = (SecKeychainItemRef) CFArrayGetValueAtIndex(results, 0), "%s: Couldn't get item", testName);
        } else {
            pass("make test numbers match");
        }
    } else if((!results) && n == 0) {
        pass("%s: no results found (and none expected)", testName);
        pass("make test numbers match");
    } else {
        fail("%s: no results found (and %d expected)", testName, n);
        pass("make test numbers match");
    }
    return item;
}
#define checkNTests 3

#pragma clang pop
#else

#endif /* TARGET_OS_MAC */

#endif /* kc_30_xara_helpers_h */
Commit	Line	Data
e3d460c9 A	1	/*
	2	* Copyright (c) 2015 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#ifndef kc_30_xara_helpers_h
	25	#define kc_30_xara_helpers_h
	26
	27	#include <Security/Security.h>
	28	#include <Security/cssmapi.h>
	29	#include <security_utilities/debugging.h>
	30	#include "utilities/SecCFRelease.h"
	31
	32	static char keychainFile[1000];
	33	static char keychainName[1000];
	34
	35	#if TARGET_OS_MAC
	36
	37	#pragma clang diagnostic push
	38	#pragma clang diagnostic ignored "-Wunused-variable"
	39	#pragma clang diagnostic ignored "-Wunused-function"
	40
	41	/* name is the name of the test, not the name of the keychain */
	42	static SecKeychainRef newKeychain(const char * name) {
	43	SecKeychainRef kc = NULL;
	44	char* password = "password";
	45
	46	// Kill the test keychain if it exists.
	47	unlink(keychainFile);
	48
	49	ok_status(SecKeychainCreate(keychainName, (UInt32) strlen(password), password, false, NULL, &kc), "%s: SecKeychainCreate", name);
	50	return kc;
	51	}
	52	#define newKeychainTests 1
	53
	54	/* name is the name of the test, not the name of the keychain */
	55	static SecKeychainRef newCustomKeychain(const char * name, const char * path, const char * password) {
	56	SecKeychainRef kc = NULL;
	57
	58	// Kill the keychain if it exists.
	59	unlink(path);
	60
	61	ok_status(SecKeychainCreate(path, (UInt32) strlen(password), password, false, NULL, &kc), "%s: SecKeychainCreate", name);
	62	return kc;
	63	}
	64	#define newCustomKeychainTests 1
65
66	static SecKeychainRef openCustomKeychain(const char * name, const char * path, const char * password) {
67	SecKeychainRef kc = NULL;
68	ok_status(SecKeychainOpen(path, &kc), "%s: SecKeychainOpen", name);
69
70	if(password) {
71	ok_status(SecKeychainUnlock(kc, (UInt32) strlen(password), password, true), "%s: SecKeychainUnlock", name);
72	} else {
73	pass("make test count right");
74	}
75
76	return kc;
77	}
78	#define openCustomKeychainTests 2
79
80	static SecKeychainRef openKeychain(const char * name) {
81	return openCustomKeychain(name, "test.keychain", NULL);
82	}
83	#define openKeychainTests (openCustomKeychainTests)
84
85	#define getIntegrityHashTests 3
86	static CFStringRef getIntegrityHash(const char* name, SecKeychainItemRef item) {
87	if(!item) {
88	for(int i = 0; i < getIntegrityHashTests; i++) {
89	fail("%s: getIntegrityHash not passed an item", name);
90	}
91	return NULL;
92	}
93	SecAccessRef access = NULL;
94	ok_status(SecKeychainItemCopyAccess(item, &access), "%s: SecKeychainItemCopyAccess", name);
95
96	CFArrayRef acllist = NULL;
97	ok_status(SecAccessCopyACLList(access, &acllist), "%s: SecAccessCopyACLList", name);
98
99	int hashesFound = 0;
100	CFStringRef output = NULL;
101
102	if(acllist) {
103	for(int i = 0; i < CFArrayGetCount(acllist); i++) {
104	SecACLRef acl = (SecACLRef) CFArrayGetValueAtIndex(acllist, i);
105
106	CFArrayRef auths = SecACLCopyAuthorizations(acl);
107	CFRange searchrange = {0, CFArrayGetCount(auths)};
108	if(CFArrayContainsValue(auths, searchrange, kSecACLAuthorizationIntegrity)) {
109
110	CFArrayRef applications = NULL;
111	CFStringRef description = NULL;
112	SecKeychainPromptSelector selector;
113	SecACLCopyContents(acl, &applications, &description, &selector);
114
115	// found a hash. match it.
116	hashesFound++;
117
118	output = description;
119	}
120
121	CFReleaseNull(auths);
122	}
123
124	CFReleaseNull(acllist);
125	}
126
127	is(hashesFound, 1, "%s: Wrong number of hashes found", name);
128	return output;
129	}
130
131	// Pulls the Integrity hash out of an item and compares it against the given one.
132	static void checkIntegrityHash(const char* name, SecKeychainItemRef item, CFStringRef expectedHash) {
133	CFStringRef hash = getIntegrityHash(name, item);
134
135	if(!hash) {
136	fail("No hash to match");
137	return;
138	}
139
140	// We can't use use the ok macro here, because we
141	// might run it too many times and mess up the test count.
142	if(CFStringCompare(expectedHash, hash, 0) == kCFCompareEqualTo) {
143	pass("Hashes match.");
144	} else {
145	printf("%s: Hashes didn't match. Was: ", name);
146	fflush(stdout);
147	CFShow(hash);
148	fail("Hashes don't match");
149	}
150	}
151	#define checkIntegrityHashTests (getIntegrityHashTests + 1)
152
153	static void checkHashesMatch(const char* name, SecKeychainItemRef item, SecKeychainItemRef comp) {
154	CFStringRef itemhash = getIntegrityHash(name, item);
155	CFStringRef comparehash = getIntegrityHash(name, comp);
156
157	if(!itemhash) {
158	fail("%s: original item not passed in", name);
159	return;
160	}
161	if(!comparehash) {
162	fail("%s: compare item not passed in", name);
163	return;
164	}
165
166	is(CFStringCompare(itemhash, comparehash, 0), kCFCompareEqualTo, "%s: hashes do not match", name);
167	if(CFStringCompare(itemhash, comparehash, 0) != kCFCompareEqualTo) {
168	fflush(stdout);
169	CFShow(itemhash);
170	CFShow(comparehash);
171	}
172	}
173	#define checkHashesMatchTests (getIntegrityHashTests + getIntegrityHashTests + 1)
174
175	/* Checks to be sure there are N elements in this search, and returns the first
176	* if it exists. */
177	static SecKeychainItemRef checkN(char* testName, const CFDictionaryRef query, uint32_t n) {
178	CFArrayRef results = NULL;
179	if(n > 0) {
180	ok_status(SecItemCopyMatching(query, (CFTypeRef*) &results), "%s: SecItemCopyMatching", testName);
181	} else {
182	is(SecItemCopyMatching(query, (CFTypeRef*) &results), errSecItemNotFound, "%s: SecItemCopyMatching (for no items)", testName);
183	}
184	CFRelease(query);
185
186	SecKeychainItemRef item = NULL;
187	if(results) {
188	is(CFArrayGetCount(results), n, "%s: Wrong number of results", testName);
189	if(n >= 1) {
190	ok(item = (SecKeychainItemRef) CFArrayGetValueAtIndex(results, 0), "%s: Couldn't get item", testName);
191	} else {
192	pass("make test numbers match");
193	}
194	} else if((!results) && n == 0) {
195	pass("%s: no results found (and none expected)", testName);
196	pass("make test numbers match");
197	} else {
198	fail("%s: no results found (and %d expected)", testName, n);
199	pass("make test numbers match");
200	}
201	return item;
202	}
203	#define checkNTests 3
204
205	#pragma clang pop
206	#else
207
208	#endif /* TARGET_OS_MAC */
209
210	#endif /* kc_30_xara_helpers_h */