2 * si-65-cms-cert-policy.c
5 * Created by Conrad Sauerwald on 9/28/10.
6 * Copyright 2010 Apple Inc. All rights reserved.
9 #include <CoreFoundation/CoreFoundation.h>
10 #include <Security/Security.h>
11 #include <Security/SecCMS.h>
12 #include <Security/SecInternal.h>
13 #include <Security/SecPolicyPriv.h>
14 #include <CommonCrypto/CommonDigest.h>
15 #include "Security_regressions.h"
18 const uint8_t root_ca
[] = {
19 0x30, 0x82, 0x03, 0x59, 0x30, 0x82, 0x02, 0x41, 0xa0, 0x03, 0x02, 0x01,
20 0x02, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
21 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x44, 0x31, 0x0b, 0x30,
22 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
23 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70,
24 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06,
25 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
26 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68,
27 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x30,
28 0x39, 0x32, 0x39, 0x32, 0x32, 0x31, 0x30, 0x31, 0x38, 0x5a, 0x17, 0x0d,
29 0x31, 0x30, 0x31, 0x30, 0x32, 0x39, 0x32, 0x32, 0x31, 0x30, 0x31, 0x38,
30 0x5a, 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
31 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
32 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63,
33 0x2e, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17,
34 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f,
35 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30,
36 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
37 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
38 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xab, 0xb2, 0x30, 0x5a,
39 0xf7, 0x0b, 0xe5, 0xb1, 0xcf, 0xd8, 0x21, 0xe8, 0x13, 0x0a, 0x73, 0x31,
40 0x5e, 0x8d, 0xbb, 0xf8, 0xb4, 0xcf, 0x7a, 0x6c, 0xb3, 0xa4, 0x57, 0x7b,
41 0xa3, 0xea, 0x0c, 0x89, 0xe3, 0x4f, 0x03, 0x41, 0x02, 0xd0, 0xcd, 0x29,
42 0x43, 0x20, 0x56, 0xc5, 0x4f, 0xda, 0xb7, 0xeb, 0x43, 0x7e, 0xcd, 0x39,
43 0xca, 0xbe, 0x6f, 0xdb, 0x7e, 0x31, 0x04, 0x5e, 0xa9, 0x9e, 0x1c, 0x57,
44 0xb3, 0x2f, 0x8d, 0xa9, 0x32, 0x51, 0x22, 0xae, 0xd4, 0xc2, 0xec, 0xc3,
45 0xc4, 0xfd, 0xd8, 0xc4, 0xb1, 0xc9, 0x69, 0xe5, 0x49, 0xad, 0x50, 0xbe,
46 0xc5, 0x36, 0xfe, 0x1f, 0x36, 0x37, 0x18, 0x1a, 0x0e, 0xee, 0x1f, 0x5a,
47 0xcc, 0xa7, 0x83, 0x76, 0xc4, 0x58, 0x78, 0xdc, 0xd5, 0xd9, 0x41, 0xd9,
48 0x24, 0xe3, 0x31, 0xa3, 0x35, 0xa0, 0xe5, 0x0e, 0xae, 0xaa, 0x8b, 0xda,
49 0x71, 0xd2, 0xa4, 0xfc, 0x8c, 0xd2, 0x0e, 0x70, 0x83, 0x09, 0x19, 0x26,
50 0xb2, 0x4a, 0x2b, 0x92, 0xed, 0x4f, 0x09, 0x46, 0x5e, 0xe9, 0x50, 0x9d,
51 0xaf, 0x0c, 0x8d, 0x9e, 0xaa, 0x9b, 0xc2, 0x2f, 0xb7, 0xa3, 0x39, 0x22,
52 0x6b, 0xde, 0x97, 0xd9, 0xec, 0xb6, 0x44, 0x07, 0x2e, 0x6b, 0x7a, 0xe6,
53 0xcf, 0x8d, 0x7d, 0xeb, 0xd3, 0xc8, 0x06, 0xdf, 0x09, 0x98, 0x9f, 0x22,
54 0x88, 0x30, 0x29, 0xa7, 0xec, 0xa7, 0x3d, 0x65, 0x18, 0x0d, 0xe9, 0x7d,
55 0x32, 0x95, 0x0a, 0xe3, 0x6b, 0x14, 0x65, 0xb7, 0xa1, 0xd6, 0x83, 0x79,
56 0x07, 0x98, 0x9f, 0xff, 0x90, 0x25, 0x2c, 0xa6, 0x4d, 0xc1, 0xc2, 0x07,
57 0x51, 0x63, 0x5b, 0x3d, 0x77, 0x79, 0xc9, 0x8b, 0xae, 0xdd, 0x16, 0x21,
58 0x7d, 0xc6, 0x3d, 0xa2, 0x73, 0x80, 0x9c, 0xb1, 0x27, 0x81, 0x65, 0x92,
59 0x33, 0xd9, 0xda, 0xf0, 0xe1, 0xc4, 0x7a, 0x2d, 0xbf, 0xe0, 0x76, 0x0d,
60 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x56, 0x30, 0x54, 0x30, 0x12, 0x06,
61 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
62 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
63 0x04, 0x16, 0x04, 0x14, 0x78, 0x2f, 0x9f, 0x48, 0x53, 0x25, 0xe3, 0x8c,
64 0x2f, 0xaf, 0x1d, 0x21, 0x86, 0xdc, 0xb0, 0x50, 0x93, 0xa9, 0x24, 0xc2,
65 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
66 0x14, 0x78, 0x2f, 0x9f, 0x48, 0x53, 0x25, 0xe3, 0x8c, 0x2f, 0xaf, 0x1d,
67 0x21, 0x86, 0xdc, 0xb0, 0x50, 0x93, 0xa9, 0x24, 0xc2, 0x30, 0x0d, 0x06,
68 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
69 0x03, 0x82, 0x01, 0x01, 0x00, 0x5b, 0x89, 0x64, 0x90, 0xa4, 0x22, 0x05,
70 0x55, 0xd7, 0x31, 0x26, 0xd7, 0x38, 0x22, 0x23, 0xac, 0xd6, 0x35, 0xe4,
71 0x0e, 0xfd, 0xb2, 0x53, 0x6c, 0xb8, 0x22, 0x32, 0x91, 0xdf, 0xd1, 0xfc,
72 0x70, 0xb6, 0xa0, 0x2d, 0xa4, 0xea, 0x81, 0x26, 0x48, 0xca, 0x05, 0x4d,
73 0x1b, 0x5a, 0x7d, 0xc8, 0x2e, 0x6c, 0xc4, 0x1a, 0x0d, 0x0a, 0xc8, 0x5b,
74 0x0e, 0xf3, 0xeb, 0xf2, 0x02, 0xad, 0xb7, 0x6d, 0xf9, 0x02, 0xb6, 0xc9,
75 0x0b, 0xbc, 0xf2, 0x0b, 0xb1, 0x31, 0x3f, 0x6a, 0x93, 0x9d, 0x2e, 0x54,
76 0x29, 0xff, 0xc0, 0xa0, 0xd5, 0xe2, 0x1d, 0x1a, 0x62, 0x46, 0x89, 0x58,
77 0x90, 0x6a, 0x39, 0xf8, 0x76, 0x16, 0xa6, 0xde, 0x08, 0xe6, 0x76, 0xf1,
78 0xb1, 0xe1, 0x06, 0x08, 0xb1, 0x41, 0x0f, 0x44, 0x26, 0x7e, 0x9b, 0xc1,
79 0xc1, 0x21, 0x07, 0x70, 0x79, 0x36, 0xe6, 0xc2, 0x27, 0x7c, 0x2d, 0x17,
80 0x4f, 0x46, 0x8c, 0xac, 0x54, 0x4b, 0x6e, 0xbc, 0x5c, 0xca, 0x37, 0xc0,
81 0x32, 0xfe, 0x1b, 0x02, 0xf7, 0x29, 0x6e, 0x30, 0x86, 0xf0, 0x1a, 0xc7,
82 0x62, 0xa1, 0xaa, 0x8a, 0x2e, 0x5f, 0x37, 0xd9, 0xf6, 0xf5, 0x29, 0xf9,
83 0xc9, 0x4a, 0x4e, 0xc7, 0xaf, 0x4f, 0xdc, 0x99, 0xa5, 0x8d, 0x7f, 0x3b,
84 0xf4, 0x04, 0xc5, 0x9d, 0x3e, 0x8e, 0xbe, 0x58, 0x6d, 0x62, 0xd7, 0x62,
85 0x57, 0x68, 0x46, 0x4e, 0x74, 0x17, 0x1f, 0x4e, 0x27, 0x49, 0xf5, 0xc7,
86 0x5c, 0xdb, 0x30, 0x73, 0x77, 0x90, 0x2d, 0xc9, 0xed, 0x4d, 0x46, 0x68,
87 0xe0, 0x91, 0xb8, 0xea, 0xa2, 0xa5, 0x79, 0x32, 0x60, 0xb8, 0xef, 0xcd,
88 0x89, 0x0d, 0xab, 0x18, 0x9b, 0x06, 0xf9, 0xab, 0xac, 0xc1, 0xfb, 0xe3,
89 0xf0, 0xf3, 0x5c, 0xc6, 0x87, 0x2e, 0xf3, 0xec, 0x2b, 0x88, 0x37, 0xaa,
90 0x32, 0x76, 0x33, 0xf9, 0xa2, 0xb9, 0x2e, 0xc1, 0x11
93 unsigned char signed_urlbag
[] = {
94 0x30, 0x82, 0x04, 0xe8, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
95 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0xd9, 0x30, 0x82, 0x04, 0xd5, 0x02,
96 0x01, 0x01, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
97 0x1a, 0x05, 0x00, 0x30, 0x14, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
98 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x07, 0x04, 0x05, 0x66, 0x6f, 0x6f, 0x0d,
99 0x0a, 0xa0, 0x82, 0x03, 0x04, 0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01,
100 0xe8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06,
101 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
102 0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
103 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a,
104 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e,
105 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x43,
106 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
107 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e,
108 0x17, 0x0d, 0x31, 0x30, 0x30, 0x39, 0x32, 0x39, 0x32, 0x32, 0x31, 0x30,
109 0x31, 0x38, 0x5a, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x30, 0x32, 0x39, 0x32,
110 0x32, 0x31, 0x30, 0x31, 0x38, 0x5a, 0x30, 0x4f, 0x31, 0x0b, 0x30, 0x09,
111 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
112 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c,
113 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03,
114 0x55, 0x04, 0x03, 0x13, 0x22, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75,
115 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65,
116 0x2e, 0x63, 0x6f, 0x6d, 0x20, 0x62, 0x61, 0x67, 0x20, 0x73, 0x69, 0x67,
117 0x6e, 0x65, 0x72, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
118 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
119 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb5, 0x4d, 0xea, 0xa2,
120 0xfa, 0x13, 0x1d, 0x80, 0x3d, 0xe5, 0x9d, 0x2b, 0x2f, 0x92, 0xe9, 0xff,
121 0x51, 0x2c, 0xef, 0x09, 0x15, 0x12, 0x72, 0x48, 0x12, 0x87, 0xa9, 0xe4,
122 0x8e, 0x4a, 0x37, 0x46, 0x47, 0xa1, 0xe4, 0x72, 0xb1, 0xba, 0x8f, 0xd5,
123 0xd2, 0x26, 0x8c, 0x1b, 0xf2, 0x0e, 0x36, 0xb0, 0x71, 0xa0, 0x2a, 0x23,
124 0xb6, 0x3b, 0x27, 0x36, 0x8d, 0x1d, 0xa9, 0xc0, 0xba, 0x82, 0xcc, 0x7d,
125 0x97, 0xbe, 0xa5, 0x49, 0x08, 0x26, 0x84, 0x7e, 0x99, 0x55, 0x05, 0x75,
126 0xc8, 0x9c, 0xd0, 0xa2, 0x1b, 0x9b, 0x86, 0x82, 0xd8, 0x51, 0xd1, 0xf9,
127 0x37, 0xee, 0xac, 0x8a, 0xe3, 0x59, 0xc5, 0xcf, 0x22, 0x5e, 0x95, 0x20,
128 0x47, 0x48, 0x85, 0x67, 0xb2, 0xe7, 0x9c, 0x8a, 0xc3, 0x01, 0xbe, 0xf1,
129 0x27, 0x41, 0x4f, 0x70, 0x21, 0x11, 0xff, 0x09, 0x5a, 0x08, 0x14, 0x0b,
130 0xed, 0xdd, 0x81, 0x13, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x76, 0x30,
131 0x74, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04,
132 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
133 0x03, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01, 0xff, 0x04,
134 0x10, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7,
135 0x63, 0x64, 0x05, 0x05, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
136 0x04, 0x16, 0x04, 0x14, 0x30, 0x0f, 0xe5, 0x40, 0x51, 0xc8, 0x26, 0x61,
137 0x3a, 0xba, 0xa1, 0xd0, 0xc0, 0x61, 0x84, 0x97, 0xa6, 0x46, 0xbd, 0x50,
138 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
139 0x14, 0x78, 0x2f, 0x9f, 0x48, 0x53, 0x25, 0xe3, 0x8c, 0x2f, 0xaf, 0x1d,
140 0x21, 0x86, 0xdc, 0xb0, 0x50, 0x93, 0xa9, 0x24, 0xc2, 0x30, 0x0d, 0x06,
141 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
142 0x03, 0x82, 0x01, 0x01, 0x00, 0x60, 0x72, 0x78, 0xf5, 0x1e, 0x3f, 0x30,
143 0x7c, 0x3a, 0xf5, 0xd6, 0xe2, 0x01, 0x62, 0x3b, 0x0e, 0x5d, 0xa1, 0xbb,
144 0x77, 0xb1, 0x68, 0x53, 0xdb, 0x9b, 0x43, 0x5e, 0x82, 0xd4, 0xd7, 0xb7,
145 0x72, 0xa1, 0x24, 0xce, 0x9e, 0x16, 0x3e, 0x91, 0xc7, 0xb0, 0x56, 0xd0,
146 0xe2, 0xd7, 0x86, 0x04, 0x46, 0x15, 0x87, 0xf8, 0xd1, 0x3c, 0x0c, 0xd7,
147 0xdf, 0x6f, 0xbb, 0x58, 0xc0, 0xf2, 0xde, 0x38, 0x0e, 0x20, 0xcc, 0x2b,
148 0x3a, 0x64, 0xee, 0x5c, 0x59, 0x15, 0x05, 0x57, 0x8b, 0x8c, 0xf8, 0x19,
149 0xc0, 0x1d, 0x0f, 0x8d, 0x11, 0xf9, 0x77, 0xc4, 0x90, 0x2b, 0x63, 0x1c,
150 0x5c, 0x36, 0x36, 0x2d, 0x99, 0xa6, 0x4c, 0x0f, 0xad, 0x85, 0xab, 0x26,
151 0x38, 0x19, 0x86, 0xf8, 0x1b, 0xd1, 0x4a, 0x1e, 0xcf, 0x0e, 0x91, 0x5a,
152 0x26, 0x8d, 0x91, 0xc7, 0x2f, 0x5c, 0x53, 0x0e, 0x0c, 0x2b, 0xf9, 0xd0,
153 0x03, 0xf3, 0x0b, 0xb8, 0x85, 0x67, 0x8b, 0xfc, 0x56, 0x1f, 0x6e, 0x2b,
154 0xa0, 0x20, 0x81, 0xe6, 0xd6, 0xc7, 0x1b, 0x68, 0xf6, 0x7a, 0xdb, 0x27,
155 0x95, 0x0d, 0xfd, 0x03, 0xd0, 0x1c, 0x95, 0x31, 0x8f, 0x9d, 0x26, 0xe1,
156 0x30, 0xf1, 0xf5, 0x6f, 0xe2, 0xb6, 0x4a, 0x3c, 0x43, 0xfd, 0x02, 0xd1,
157 0x86, 0x1e, 0x70, 0x71, 0xeb, 0xeb, 0x76, 0x6e, 0xb2, 0x17, 0x10, 0x9e,
158 0x78, 0x83, 0xb9, 0xff, 0x39, 0xa1, 0xeb, 0xf3, 0x63, 0xd6, 0x21, 0xeb,
159 0x6e, 0x27, 0xee, 0x79, 0x02, 0x44, 0x8f, 0xd2, 0x3c, 0x3f, 0x81, 0x74,
160 0x4a, 0x8a, 0xb7, 0x6d, 0x6a, 0x5c, 0x4f, 0x90, 0x58, 0x4b, 0x79, 0xdd,
161 0x80, 0xe3, 0xa6, 0x05, 0xe7, 0x65, 0xd8, 0x6d, 0xb6, 0xe0, 0x6c, 0xdc,
162 0xad, 0xc5, 0x61, 0x16, 0x0b, 0xb6, 0x9e, 0x1e, 0x89, 0x43, 0x3e, 0x93,
163 0x8d, 0x1b, 0x8a, 0x42, 0xa0, 0x00, 0xa8, 0x60, 0x61, 0x31, 0x82, 0x01,
164 0xa3, 0x30, 0x82, 0x01, 0x9f, 0x02, 0x01, 0x01, 0x30, 0x49, 0x30, 0x44,
165 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
166 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a,
167 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x20,
168 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x17, 0x43, 0x6f, 0x6e,
169 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41,
170 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x02, 0x01, 0x01, 0x30,
171 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0xa0, 0x81,
172 0xb1, 0x30, 0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
173 0x09, 0x03, 0x31, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
174 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
175 0x0d, 0x01, 0x09, 0x05, 0x31, 0x0f, 0x17, 0x0d, 0x31, 0x30, 0x30, 0x39,
176 0x32, 0x39, 0x32, 0x33, 0x33, 0x34, 0x33, 0x39, 0x5a, 0x30, 0x23, 0x06,
177 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04, 0x31, 0x16,
178 0x04, 0x14, 0x85, 0x54, 0x26, 0x06, 0x8e, 0xe8, 0x93, 0x9d, 0xf6, 0xbc,
179 0xe2, 0xc2, 0xc4, 0xb1, 0xe7, 0x34, 0x65, 0x32, 0xa1, 0x33, 0x30, 0x52,
180 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0f, 0x31,
181 0x45, 0x30, 0x43, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7,
182 0x0d, 0x03, 0x07, 0x30, 0x0e, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7,
183 0x0d, 0x03, 0x02, 0x02, 0x02, 0x00, 0x80, 0x30, 0x0d, 0x06, 0x08, 0x2a,
184 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x02, 0x02, 0x01, 0x40, 0x30, 0x07,
185 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x07, 0x30, 0x0d, 0x06, 0x08, 0x2a,
186 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x02, 0x02, 0x01, 0x28, 0x30, 0x0d,
187 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
188 0x00, 0x04, 0x81, 0x80, 0x5a, 0xc8, 0x72, 0x37, 0xe4, 0x7a, 0xdd, 0xde,
189 0x47, 0x6e, 0x27, 0x4c, 0x73, 0x70, 0x27, 0x01, 0xf3, 0x2c, 0x52, 0x1f,
190 0xa2, 0xa5, 0xbd, 0xd4, 0x6b, 0x6e, 0x44, 0x1a, 0xfc, 0x43, 0x55, 0xbc,
191 0xe5, 0x9a, 0xdb, 0x06, 0x1c, 0x67, 0x49, 0xb7, 0x06, 0x45, 0x98, 0xd8,
192 0x72, 0xc3, 0xc9, 0x6e, 0x47, 0xc8, 0x29, 0x33, 0xbd, 0x05, 0x2c, 0x9f,
193 0x74, 0x13, 0x2f, 0x57, 0x30, 0x86, 0x07, 0x08, 0xfd, 0xea, 0x38, 0x7f,
194 0xec, 0xcd, 0x47, 0x64, 0xfb, 0xea, 0x60, 0x6e, 0xea, 0xc6, 0xd4, 0x57,
195 0x46, 0xe3, 0x71, 0xc3, 0xa4, 0xfc, 0x7a, 0x2c, 0xed, 0x6b, 0xe7, 0x7f,
196 0x4c, 0xe7, 0x24, 0x8f, 0x9c, 0xd9, 0x9a, 0xa7, 0xdc, 0xf1, 0xc8, 0x20,
197 0x59, 0xd1, 0x1d, 0x26, 0xb9, 0xd3, 0x19, 0x21, 0x68, 0x86, 0x76, 0x6e,
198 0xb8, 0xd8, 0x42, 0x31, 0x2a, 0x32, 0x8d, 0x8b, 0x66, 0xce, 0x65, 0x2c
200 unsigned int signed_urlbag_len
= 1260;
202 static void tests(void)
204 CFDataRef message
= CFDataCreateWithBytesNoCopy(kCFAllocatorDefault
, signed_urlbag
, signed_urlbag_len
, kCFAllocatorNull
);
205 CFMutableDataRef munged_message
= CFDataCreateMutableCopy(kCFAllocatorDefault
, 0, message
);
206 is(*(CFDataGetMutableBytePtr(munged_message
) + 59), '\015', "modifying right byte");
207 *(CFDataGetMutableBytePtr(munged_message
) + 59) = '\012';
209 SecPolicyRef policy
= NULL
;
210 SecTrustRef trust
= NULL
;
211 SecTrustResultType result
;
212 CFDataRef root_ca_data
= CFDataCreateWithBytesNoCopy(kCFAllocatorDefault
, root_ca
, sizeof(root_ca
), kCFAllocatorNull
);
213 SecCertificateRef anchor
= SecCertificateCreateWithData(kCFAllocatorDefault
, root_ca_data
);
214 CFArrayRef anchors
= CFArrayCreate(kCFAllocatorDefault
, (const void **)&anchor
, 1, &kCFTypeArrayCallBacks
);
216 CFReleaseNull(root_ca_data
);
218 policy
= SecPolicyCreateURLBag();
219 ok_status(SecCMSVerifySignedData(message
, NULL
, policy
, &trust
, NULL
, NULL
, NULL
), "validate message");
221 SecTrustSetAnchorCertificates(trust
, anchors
);
222 ok_status(SecTrustEvaluate(trust
, &result
), "evaluate trust");
223 ok(result
== kSecTrustResultUnspecified
, "private root");
225 CFReleaseNull(trust
);
227 is_status(errSecAuthFailed
, SecCMSVerifySignedData(munged_message
, NULL
, policy
, &trust
, NULL
, NULL
, NULL
), "validate message");
229 CFReleaseNull(trust
);
231 CFReleaseNull(policy
);
232 CFReleaseNull(anchors
);
233 CFReleaseNull(message
);
234 CFReleaseNull(munged_message
);
237 int si_65_cms_cert_policy(int argc
, char *const *argv
)
250 # This is a shell archive. Save it in a file, remove anything before
251 # this line, and then unpack it by entering "sh file". Note, it may
252 # create directories; files and directories will be owned by you and
253 # have default permissions.
255 # This archive contains:
261 sed 's/^X//' >Makefile << 'END-of-Makefile'
264 X @echo "No default action"
267 X @openssl genrsa -out CA-key.pem 2048
269 XCA-csr.pem: CA-key.pem
270 X @openssl req -new -key CA-key.pem -sha1 -days 3650 -subj "/C=US/O=Apple Inc./CN=Configuration Authority" -nodes -out CA-csr.pem
272 XCA-cert.pem: CA-csr.pem CA-key.pem
273 X @openssl x509 -req -sha1 -in CA-csr.pem -signkey CA-key.pem -set_serial 0 -out CA-cert.pem -extensions authority -extfile extensions.txt
275 Xleaf-cert.pem: CA-cert.pem CA-key.pem
276 X @openssl req -newkey rsa:1024 -sha1 -days 3650 -subj "/C=US/O=Apple Inc./CN=configuration.apple.com bag signer" -nodes -out leaf-csr.pem -keyout leaf-key.pem
277 X @openssl x509 -req -sha1 -in leaf-csr.pem -CA CA-cert.pem -CAkey CA-key.pem -out leaf-cert.pem -set_serial 1 -extfile extensions.txt -extensions leaf
279 Xcheck: CA-cert.pem leaf-cert.pem
280 X @echo Validate leaf
281 X @openssl verify -CAfile CA-cert.pem leaf-cert.pem
282 X @echo Output SHA-1 for private root
283 X @openssl x509 -in CA-cert.pem -outform DER | openssl dgst -binary -sha1 | xxd -i
285 X @openssl x509 -noout -text -in leaf-cert.pem
287 Xsigned-urlbag: CA-cert.pem leaf-cert.pem content
288 X @cat leaf-cert.pem leaf-key.pem > leaf.pem
289 X @openssl smime -sign -aes128 -outform der -nodetach -signer leaf.pem -CAfile CA-cert.pem -in content -out signed-urlbag
292 X @rm -f leaf-cert.pem leaf-csr.pem leaf-key.pem leaf.pem signed-urlbag
295 X @rm -f CA-key.pem CA-csr.pem CA-cert.pem leaf-cert.pem leaf-csr.pem leaf-key.pem leaf.pem signed-urlbag
297 echo x - extensions.txt
298 sed 's/^X//' >extensions.txt << 'END-of-extensions.txt'
300 XbasicConstraints=critical,CA:true,pathlen:0
301 XsubjectKeyIdentifier=hash
302 XauthorityKeyIdentifier=keyid
305 XextendedKeyUsage=critical,codeSigning
306 XcertificatePolicies=critical,1.2.840.113635.100.5.5.1
307 XsubjectKeyIdentifier=hash
308 XauthorityKeyIdentifier=keyid
311 Xdistinguished_name = req_distinguished_name
313 X[req_distinguished_name]
314 END-of-extensions.txt
projects / apple / security.git / blob