tlsnke/tlsnketest/ssl-utils.c

   1 //
   2 //  ssl-utils.c
   3 //  libsecurity_ssl
   4 //
   5 //  Created by Fabrice Gautier on 8/7/12.
   6 //
   7 //
   8
   9 #include <Security/Security.h>
  10 #include <AssertMacros.h>
  11
  12 #include "ssl-utils.h"
  13
  14 #if TARGET_OS_IPHONE
  15
  16
  17 #include <Security/Security.h>
  18 #include <Security/SecRSAKey.h>
  19 #include <Security/SecECKey.h>
  20 #include <Security/SecCertificatePriv.h>
  21 #include <Security/SecIdentityPriv.h>
  22
  23
  24 #include "privkey-1.h"
  25 #include "cert-1.h"
  26
  27 static
  28 CFArrayRef chain_from_der(const unsigned char *cert_der, size_t cert_der_len, const unsigned char *pkey_der, size_t pkey_der_len)
  29 {
  30     SecKeyRef pkey = NULL;
  31     SecCertificateRef cert = NULL;
  32     SecIdentityRef ident = NULL;
  33     CFArrayRef items = NULL;
  34
  35     require(pkey = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault, pkey_der, pkey_der_len, kSecKeyEncodingPkcs1), errOut);
  36     require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
  37     require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
  38     require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
  39
  40 errOut:
  41     CFReleaseSafe(pkey);
  42     CFReleaseSafe(cert);
  43     CFReleaseSafe(ident);
  44     return items;
  45 }
  46
  47 #else
  48
  49 #include "identity-1.h"
  50 #define P12_PASSWORD "password"
  51
  52 static
  53 CFArrayRef chain_from_p12(const unsigned char *p12_data, size_t p12_len)
  54 {
  55     char keychain_path[] = "/tmp/keychain.XXXXXX";
  56
  57     SecKeychainRef keychain;
  58     CFArrayRef list;
  59     CFDataRef data;
  60
  61     require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser, &list), errOut);
  62     require(mktemp(keychain_path), errOut);
  63     require_noerr(SecKeychainCreate (keychain_path, strlen(P12_PASSWORD), P12_PASSWORD,
  64                                      FALSE, NULL, &keychain), errOut);
  65     require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser, list), errOut);     // restores the previous search list
  66     require(data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, p12_data, p12_len, kCFAllocatorNull), errOut);
  67
  68     SecExternalFormat format=kSecFormatPKCS12;
  69     SecExternalItemType type=kSecItemTypeAggregate;
  70     SecItemImportExportFlags flags=0;
  71     SecKeyImportExportParameters params = {0,};
  72     CFArrayRef out = NULL;
  73
  74     params.passphrase=CFSTR("password");
  75     params.keyAttributes = CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE;
  76
  77     require_noerr(SecKeychainItemImport(data, CFSTR(".p12"), &format, &type, flags,
  78                                         &params, keychain, &out), errOut);
  79
  80 errOut:
  81     CFReleaseSafe(keychain);
  82     CFReleaseSafe(list);
  83
  84     return out;
  85 }
  86
  87 #endif
  88
  89 CFArrayRef server_chain(void)
  90 {
  91 #if TARGET_OS_IPHONE
  92     return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
  93 #else
  94     return chain_from_p12(identity_1_p12, identity_1_p12_len);
  95 #endif
  96 }
  97
  98 CFArrayRef client_chain(void)
  99 {
 100 #if TARGET_OS_IPHONE
 101     return chain_from_der(privkey_1_der, privkey_1_der_len, cert_1_der, cert_1_der_len);
 102 #else
 103     return chain_from_p12(identity_1_p12, identity_1_p12_len);
 104 #endif
 105 }
 106
 107