[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-88-sectrust-vpnprofile.c

/*
 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecPolicyPriv.h>

#include "utilities/SecCFRelease.h"
#include "utilities/SecCFWrappers.h"

#include "Security_regressions.h"


#include "si-88-sectrust-vpnprofile.h"

static void tests(void)
{
    SecTrustRef trust = NULL;
    SecPolicyRef policy = NULL;
    SecCertificateRef cert0, cert1, cert2, cert3, rootcert;
    SecTrustResultType trustResult;
    
    //Evaluation should succeed for cert0 and cert1
    
    isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0");
    isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1");
    isnt(rootcert = SecCertificateCreateWithBytes(NULL, root, sizeof(root)), NULL, "create root cert");
    
    const void *v_certs[] = { cert0, cert1 };
    CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
    CFArrayRef anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);

    /* Set explicit verify date: 15 Dec 2015 */
    CFDateRef date = NULL;
    isnt(date = CFDateCreate(NULL, 471907305.0), NULL, "Create verify date");
    
    /* Create AppleTV VPN profile signing policy instance. */
    isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
    
    /* Create trust reference. */
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
    ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");
    
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
    is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
    
    
    CFReleaseSafe(trust);
    CFReleaseSafe(policy);
    CFReleaseSafe(certs);
    CFReleaseSafe(cert1);
    CFReleaseSafe(cert0);
    
    //Evaluation should fail for cert2 and cert3 (wrong OID, not Apple anchor)
    
    isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2");
    isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3");
    
    const void *v_certs2[] = { cert2, cert3 };
    certs = CFArrayCreate(NULL, v_certs2, sizeof(v_certs2)/sizeof(*v_certs2), &kCFTypeArrayCallBacks);
    
    isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");

    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");

    CFReleaseSafe(trust);
    CFReleaseSafe(policy);
    CFReleaseSafe(certs);
    CFReleaseSafe(cert3);
    CFReleaseSafe(cert2);
    CFReleaseSafe(anchor_certs);
    CFReleaseSafe(rootcert);
    CFReleaseSafe(date);
}


int si_88_sectrust_vpnprofile(int argc, char *const *argv);

int si_88_sectrust_vpnprofile(int argc, char *const *argv)
{
    plan_tests(18);
    
    tests();
    
    return 0;
}
Commit	Line	Data
822b670c A	1	/*
	2	* Copyright (c) 2015 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#include <CoreFoundation/CoreFoundation.h>
	25	#include <Security/Security.h>
	26	#include <Security/SecCertificatePriv.h>
	27	#include <Security/SecPolicyPriv.h>
	28
	29	#include "utilities/SecCFRelease.h"
	30	#include "utilities/SecCFWrappers.h"
	31
	32	#include "Security_regressions.h"
	33
	34
	35	#include "si-88-sectrust-vpnprofile.h"
	36
	37	static void tests(void)
	38	{
	39	SecTrustRef trust = NULL;
	40	SecPolicyRef policy = NULL;
	41	SecCertificateRef cert0, cert1, cert2, cert3, rootcert;
	42	SecTrustResultType trustResult;
	43
	44	//Evaluation should succeed for cert0 and cert1
	45
	46	isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0");
	47	isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1");
	48	isnt(rootcert = SecCertificateCreateWithBytes(NULL, root, sizeof(root)), NULL, "create root cert");
	49
	50	const void *v_certs[] = { cert0, cert1 };
	51	CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
	52	CFArrayRef anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);
e3d460c9 A	53
	54	/* Set explicit verify date: 15 Dec 2015 */
	55	CFDateRef date = NULL;
	56	isnt(date = CFDateCreate(NULL, 471907305.0), NULL, "Create verify date");
822b670c A	57
	58	/* Create AppleTV VPN profile signing policy instance. */
	59	isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
	60
	61	/* Create trust reference. */
	62	ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
822b670c	63	ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
e3d460c9	64	ok_status(SecTrustSetVerifyDate(trust, date), "set date");
822b670c A	65
	66	ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
	67	is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
	68	is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
	69
	70
	71	CFReleaseSafe(trust);
	72	CFReleaseSafe(policy);
	73	CFReleaseSafe(certs);
	74	CFReleaseSafe(cert1);
	75	CFReleaseSafe(cert0);
	76
	77	//Evaluation should fail for cert2 and cert3 (wrong OID, not Apple anchor)
	78
	79	isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2");
	80	isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3");
	81
	82	const void *v_certs2[] = { cert2, cert3 };
	83	certs = CFArrayCreate(NULL, v_certs2, sizeof(v_certs2)/sizeof(*v_certs2), &kCFTypeArrayCallBacks);
	84
	85	isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
	86	ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
e3d460c9	87	ok_status(SecTrustSetVerifyDate(trust, date), "set date");
822b670c A	88
	89	ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
	90	is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");
	91
	92	CFReleaseSafe(trust);
	93	CFReleaseSafe(policy);
	94	CFReleaseSafe(certs);
	95	CFReleaseSafe(cert3);
	96	CFReleaseSafe(cert2);
e3d460c9 A	97	CFReleaseSafe(anchor_certs);
	98	CFReleaseSafe(rootcert);
	99	CFReleaseSafe(date);
822b670c A	100	}
	101
	102
	103
	104	int si_88_sectrust_vpnprofile(int argc, char const argv);
	105
	106	int si_88_sectrust_vpnprofile(int argc, char const argv)
	107	{
e3d460c9	108	plan_tests(18);
822b670c A	109
	110	tests();
	111
	112	return 0;
	113	}