]> git.saurik.com Git - apple/security.git/blame - OSX/sec/securityd/Regressions/secd-35-keychain-migrate-inet.c
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / sec / securityd / Regressions / secd-35-keychain-migrate-inet.c
CommitLineData
d8f41ccd
A		 1/*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5c19dc3a 5 *
d8f41ccd
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
5c19dc3a 12 *
d8f41ccd
A		 13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
5c19dc3a 20 *
d8f41ccd
A		 21 * @APPLE_LICENSE_HEADER_END@
22 */
23
427c49bc
A		 24
25#include "secd_regressions.h"
26
27#include <securityd/SecDbItem.h>
28#include <utilities/array_size.h>
29#include <utilities/SecCFWrappers.h>
30#include <utilities/SecFileLocations.h>
31#include <utilities/fileIo.h>
32
427c49bc
A		 33#include <securityd/SecItemServer.h>
34
35#include <Security/SecBasePriv.h>
36
37#include <TargetConditionals.h>
38#include <AssertMacros.h>
39
427c49bc
A		 40#if TARGET_OS_IPHONE && USE_KEYSTORE
41#include <libaks.h>
42
43#include "SecdTestKeychainUtilities.h"
44
5c19dc3a 45#include "ios8-inet-keychain-2.h"
427c49bc 46
5c19dc3a
A		 47void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
48CFArrayRef SecAccessGroupsGetCurrent();
427c49bc 49
5c19dc3a 50int secd_35_keychain_migrate_inet(int argc, char *const *argv)
427c49bc 51{
5c19dc3a 52 plan_tests(11 + kSecdTestSetupTestCount);
427c49bc
A		 53
54 __block keybag_handle_t keybag;
55 __block keybag_state_t state;
56 char *passcode="password";
57 int passcode_len=(int)strlen(passcode);
58
59 /* custom keychain dir */
5c19dc3a 60 secd_test_setup_temp_keychain("secd_35_keychain_migrate_inet", ^{
427c49bc 61 CFStringRef keychain_path_cf = __SecKeychainCopyPath();
5c19dc3a 62
427c49bc 63 CFStringPerformWithCString(keychain_path_cf, ^(const char *keychain_path) {
5c19dc3a
A		 64 writeFile(keychain_path, ios8_inet_keychain_2_db, ios8_inet_keychain_2_db_len);
65
427c49bc
A		 66 /* custom notification */
67 SecItemServerSetKeychainChangedNotification("com.apple.secdtests.keychainchanged");
5c19dc3a
A		 68
69 /* Create and lock custom keybag */
427c49bc
A		 70 ok(kIOReturnSuccess==aks_create_bag(passcode, passcode_len, kAppleKeyStoreDeviceBag, &keybag), "create keybag");
71 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
72 ok(!(state&keybag_state_locked), "keybag unlocked");
73 SecItemServerSetKeychainKeybag(keybag);
5c19dc3a 74
427c49bc
A		 75 /* lock */
76 ok(kIOReturnSuccess==aks_lock_bag(keybag), "lock keybag");
77 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
78 ok(state&keybag_state_locked, "keybag locked");
79 });
5c19dc3a 80
427c49bc
A		 81 CFReleaseSafe(keychain_path_cf);
82 });
83
5c19dc3a
A		 84 CFArrayRef old_ag = SecAccessGroupsGetCurrent();
85 CFMutableArrayRef test_ag = CFArrayCreateMutableCopy(NULL, 0, old_ag);
86 CFArrayAppendValue(test_ag, CFSTR("com.apple.cfnetwork"));
87 SecAccessGroupsSetCurrent(test_ag);
427c49bc 88
5c19dc3a
A		 89 /* querying a password */
90 const void *keys[] = {
91 kSecClass,
92 kSecAttrAccessGroup,
93 kSecAttrSynchronizable,
94 kSecMatchLimit,
95 kSecReturnAttributes,
96 };
97 const void *values[] = {
98 kSecClassInternetPassword,
99 CFSTR("com.apple.cfnetwork"),
100 kSecAttrSynchronizableAny,
101 kSecMatchLimitAll,
102 kCFBooleanTrue,
103 };
104 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
105 array_size(keys), NULL, NULL);
106 CFTypeRef results = NULL;
107 is_status(SecItemCopyMatching(query, &results), errSecInteractionNotAllowed);
427c49bc
A		 108
109 ok(kIOReturnSuccess==aks_unlock_bag(keybag, passcode, passcode_len), "lock keybag");
110 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
111 ok(!(state&keybag_state_locked), "keybag unlocked");
112
5c19dc3a
A		 113 // We should be able to query 2 inet items from the DB here. But the database is encrypted
114 // by keybag which we do not know, so no item can be actually retrieved. The test could be
115 // improved by crafting DB to update using keybag hardcoded in the test, that way it would be possible
116 // to check that 2 inet items are really retrieved here.
117 is_status(SecItemCopyMatching(query, &results), errSecItemNotFound);
427c49bc
A		 118
119 /* Reset keybag */
120 SecItemServerResetKeychainKeybag();
121
5c19dc3a
A		 122 // Reset server accessgroups.
123 SecAccessGroupsSetCurrent(old_ag);
124 CFReleaseSafe(test_ag);
125
126 CFReleaseSafe(results);
127 CFReleaseSafe(query);
427c49bc
A		 128 return 0;
129}
130
131#else
132
5c19dc3a 133int secd_35_keychain_migrate_inet(int argc, char *const *argv)
427c49bc
A		 134{
135 plan_tests(1);
136
137 todo("Not yet working in simulator");
138
139TODO: {
140 ok(false);
141}
142 /* not implemented in simulator (no keybag) */
143 /* Not implemented in OSX (no upgrade scenario) */
5c19dc3a 144 return 0;
427c49bc
A		 145}
146#endif
mirror of Security