]> git.saurik.com Git - apple/security.git/blob - SecurityTool/macOS/trusted_cert_dump.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / SecurityTool / macOS / trusted_cert_dump.c
1 /*
2 * Copyright (c) 2003-2009,2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * trusted_cert_dump.c
24 */
25
26 #include "security_tool.h"
27
28 #include "trusted_cert_dump.h"
29 #include "trusted_cert_utils.h"
30
31 #include <errno.h>
32 #include <unistd.h>
33 #include <Security/Security.h>
34 #include <Security/cssmapple.h>
35 #include <Security/SecTrustSettings.h>
36 #include <Security/oidsalg.h>
37 #include <security_cdsa_utils/cuFileIo.h>
38 #include <CoreFoundation/CoreFoundation.h>
39
40 /*
41 * Display a Trust Settings array as obtained from
42 * SecTrustSettingsCopyTrustSettings().
43 */
44 static int displayTrustSettings(
45 CFArrayRef trustSettings)
46 {
47 /* must always be there though it may be empty */
48 if(trustSettings == NULL) {
49 fprintf(stderr, "***displayTrustSettings: missing trust settings array");
50 return -1;
51 }
52 if(CFGetTypeID(trustSettings) != CFArrayGetTypeID()) {
53 fprintf(stderr, "***displayTrustSettings: malformed trust settings array");
54 return -1;
55 }
56
57 int ourRtn = 0;
58 CFIndex numUseConstraints = CFArrayGetCount(trustSettings);
59 indentIncr();
60 indent(); printf("Number of trust settings : %ld\n", (long)numUseConstraints);
61 OSStatus ortn;
62 SecPolicyRef certPolicy;
63 SecTrustedApplicationRef certApp;
64 CFDictionaryRef ucDict;
65 CFStringRef policyStr;
66 CFNumberRef cfNum;
67 CFIndex ucDex;
68
69 /* grind thru the trust settings dictionaries */
70 for(ucDex=0; ucDex<numUseConstraints; ucDex++) {
71 indent(); printf("Trust Setting %ld:\n", (long)ucDex);
72 indentIncr();
73
74 ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, ucDex);
75 if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
76 fprintf(stderr, "***displayTrustSettings: malformed usage constraints dictionary");
77 ourRtn = -1;
78 goto nextAp;
79 }
80
81 /* policy - optional */
82 certPolicy = (SecPolicyRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
83 if(certPolicy != NULL) {
84 if(CFGetTypeID(certPolicy) != SecPolicyGetTypeID()) {
85 fprintf(stderr, "***displayTrustSettings: malformed certPolicy");
86 ourRtn = -1;
87 goto nextAp;
88 }
89 CSSM_OID policyOid;
90 ortn = SecPolicyGetOID(certPolicy, &policyOid);
91 if(ortn) {
92 cssmPerror("SecPolicyGetOID", ortn);
93 ourRtn = -1;
94 goto nextAp;
95 }
96 indent(); printf("Policy OID : %s\n",
97 oidToOidString(&policyOid));
98 }
99
100 /* app - optional */
101 certApp = (SecTrustedApplicationRef)CFDictionaryGetValue(ucDict,
102 kSecTrustSettingsApplication);
103 if(certApp != NULL) {
104 if(CFGetTypeID(certApp) != SecTrustedApplicationGetTypeID()) {
105 fprintf(stderr, "***displayTrustSettings: malformed certApp");
106 ourRtn = -1;
107 goto nextAp;
108 }
109 CFDataRef appPath = NULL;
110 ortn = SecTrustedApplicationCopyData(certApp, &appPath);
111 if(ortn) {
112 cssmPerror("SecTrustedApplicationCopyData", ortn);
113 ourRtn = -1;
114 goto nextAp;
115 }
116 indent(); printf("Application : %s", CFDataGetBytePtr(appPath));
117 printf("\n");
118 CFRelease(appPath);
119 }
120
121 /* policy string */
122 policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
123 if(policyStr != NULL) {
124 if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
125 fprintf(stderr, "***displayTrustSettings: malformed policyStr");
126 ourRtn = -1;
127 goto nextAp;
128 }
129 indent(); printf("Policy String : ");
130 printCfStr(policyStr); printf("\n");
131 }
132
133 /* Allowed error */
134 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
135 if(cfNum != NULL) {
136 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
137 fprintf(stderr, "***displayTrustSettings: malformed allowedError");
138 ourRtn = -1;
139 goto nextAp;
140 }
141 indent(); printf("Allowed Error : ");
142 printCssmErr(cfNum); printf("\n");
143 }
144
145 /* ResultType */
146 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
147 if(cfNum != NULL) {
148 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
149 fprintf(stderr, "***displayTrustSettings: malformed ResultType");
150 ourRtn = -1;
151 goto nextAp;
152 }
153 indent(); printf("Result Type : ");
154 printResultType(cfNum); printf("\n");
155 }
156
157 /* key usage */
158 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
159 if(cfNum != NULL) {
160 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
161 fprintf(stderr, "***displayTrustSettings: malformed keyUsage");
162 ourRtn = -1;
163 goto nextAp;
164 }
165 indent(); printf("Key Usage : ");
166 printKeyUsage(cfNum); printf("\n");
167 }
168
169 nextAp:
170 indentDecr();
171 }
172 indentDecr();
173 return ourRtn;
174 }
175
176 int
177 trusted_cert_dump(int argc, char * const *argv)
178 {
179 CFArrayRef certArray = NULL;
180 OSStatus ortn = noErr;
181 CFIndex numCerts;
182 CFIndex dex;
183 CFArrayRef trustSettings;
184 int ourRtn = 0;
185 SecTrustSettingsDomain domain = kSecTrustSettingsDomainUser;
186
187 extern char *optarg;
188 extern int optind;
189 int arg;
190
191 optind = 1;
192 while ((arg = getopt(argc, argv, "sdh")) != -1) {
193 switch (arg) {
194 case 's':
195 domain = kSecTrustSettingsDomainSystem;
196 break;
197 case 'd':
198 domain = kSecTrustSettingsDomainAdmin;
199 break;
200 default:
201 case 'h':
202 return SHOW_USAGE_MESSAGE;
203 }
204 }
205
206 if(optind != argc) {
207 return SHOW_USAGE_MESSAGE;
208 }
209
210 ortn = SecTrustSettingsCopyCertificates(domain, &certArray);
211 if(ortn) {
212 cssmPerror("SecTrustSettingsCopyCertificates", ortn);
213 return 1;
214 }
215 numCerts = CFArrayGetCount(certArray);
216 printf("Number of trusted certs = %ld\n", (long)numCerts);
217
218 for(dex=0; dex<numCerts; dex++) {
219 SecCertificateRef certRef =
220 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, dex);
221 if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
222 fprintf(stderr, "***Bad CFGetTypeID for cert %ld\n", (long)dex);
223 ourRtn = -1;
224 break;
225 }
226
227 /* always print the cert's label */
228 printf("Cert %ld: ", dex);
229 printCertLabel(certRef);
230 printf("\n");
231
232 /* see if the cert has any usage constraints (it should!) */
233 ortn = SecTrustSettingsCopyTrustSettings(certRef, domain, &trustSettings);
234 if(ortn) {
235 cssmPerror("SecTrustSettingsCopyTrustSettings", ortn);
236 ourRtn = -1;
237 continue;
238 }
239 if(displayTrustSettings(trustSettings)) {
240 ourRtn = -1;
241 }
242 }
243 CFRelease(certArray);
244
245 return ourRtn;
246 }
mirror of Security