SecurityTool/requirement.c

   1 /*
   2  * Copyright (c) 2019 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include <stdio.h>
  25
  26 #include <CoreFoundation/CoreFoundation.h>
  27 #include <Security/SecRequirement.h>
  28 #include <Security/SecRequirementPriv.h>
  29
  30 #include "security_tool.h"
  31 #include "trusted_cert_utils.h"
  32 #include "requirement.h"
  33
  34 #define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) {  CFRelease(_cf); } }
  35
  36 int requirement_evaluate(int argc, char * const *argv)
  37 {
  38     int err = 0;
  39     CFErrorRef error = NULL;
  40     CFStringRef reqStr = NULL;
  41     SecRequirementRef req = NULL;
  42     CFMutableArrayRef certs = NULL;
  43
  44     if (argc < 3) {
  45         return SHOW_USAGE_MESSAGE;
  46     }
  47
  48     // Create Requirement
  49
  50     reqStr = CFStringCreateWithCString(NULL, argv[1], kCFStringEncodingUTF8);
  51
  52     OSStatus status = SecRequirementCreateWithStringAndErrors(reqStr,
  53                                                               kSecCSDefaultFlags, &error, &req);
  54
  55     if (status != errSecSuccess) {
  56         CFStringRef errorDesc = CFErrorCopyDescription(error);
  57         CFIndex errorLength = CFStringGetMaximumSizeForEncoding(CFStringGetLength(errorDesc),
  58                                                                 kCFStringEncodingUTF8);
  59         char *errorStr = malloc(errorLength+1);
  60
  61         CFStringGetCString(errorDesc, errorStr, errorLength+1, kCFStringEncodingUTF8);
  62
  63         fprintf(stderr, "parsing requirement failed (%d): %s\n", status, errorStr);
  64
  65         free(errorStr);
  66
  67         err = 1;
  68     }
  69
  70     // Create cert chain
  71
  72     const int num_certs = argc - 2;
  73
  74     certs = CFArrayCreateMutable(NULL, num_certs, &kCFTypeArrayCallBacks);
  75
  76     for (int i = 0; i < num_certs; ++i) {
  77         SecCertificateRef cert = NULL;
  78
  79         if (readCertFile(argv[2 + i], &cert) != 0) {
  80             fprintf(stderr, "Error reading certificate at '%s'\n", argv[2 + i]);
  81             err = 2;
  82             goto out;
  83         }
  84
  85         CFArrayAppendValue(certs, cert);
  86         CFRelease(cert);
  87     }
  88
  89     // Evaluate!
  90
  91     if (req != NULL) {
  92         status = SecRequirementEvaluate(req, certs, NULL, kSecCSDefaultFlags);
  93         printf("%d\n", status);
  94         err = status == 0 ? 0 : 3;
  95     }
  96
  97 out:
  98     CFReleaseSafe(certs);
  99     CFReleaseSafe(req);
 100     CFReleaseSafe(reqStr);
 101     CFReleaseSafe(error);
 102
 103     return err;
 104 }