]> git.saurik.com Git - apple/security.git/blob - OSX/sec/securityd/Regressions/secd-35-keychain-migrate-inet.c
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / sec / securityd / Regressions / secd-35-keychain-migrate-inet.c
1 /*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include "secd_regressions.h"
26
27 #include <securityd/SecDbItem.h>
28 #include <utilities/array_size.h>
29 #include <utilities/SecCFWrappers.h>
30 #include <utilities/SecFileLocations.h>
31 #include <utilities/fileIo.h>
32
33 #include <securityd/SecItemServer.h>
34
35 #include <Security/SecBasePriv.h>
36
37 #include <TargetConditionals.h>
38 #include <AssertMacros.h>
39
40 #if TARGET_OS_IPHONE && USE_KEYSTORE
41 #include <libaks.h>
42
43 #include "SecdTestKeychainUtilities.h"
44
45 #include "ios8-inet-keychain-2.h"
46
47 void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
48 CFArrayRef SecAccessGroupsGetCurrent();
49
50 int secd_35_keychain_migrate_inet(int argc, char *const *argv)
51 {
52 plan_tests(11 + kSecdTestSetupTestCount);
53
54 __block keybag_handle_t keybag;
55 __block keybag_state_t state;
56 char *passcode="password";
57 int passcode_len=(int)strlen(passcode);
58
59 /* custom keychain dir */
60 secd_test_setup_temp_keychain("secd_35_keychain_migrate_inet", ^{
61 CFStringRef keychain_path_cf = __SecKeychainCopyPath();
62
63 CFStringPerformWithCString(keychain_path_cf, ^(const char *keychain_path) {
64 writeFile(keychain_path, ios8_inet_keychain_2_db, ios8_inet_keychain_2_db_len);
65
66 /* custom notification */
67 SecItemServerSetKeychainChangedNotification("com.apple.secdtests.keychainchanged");
68
69 /* Create and lock custom keybag */
70 ok(kIOReturnSuccess==aks_create_bag(passcode, passcode_len, kAppleKeyStoreDeviceBag, &keybag), "create keybag");
71 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
72 ok(!(state&keybag_state_locked), "keybag unlocked");
73 SecItemServerSetKeychainKeybag(keybag);
74
75 /* lock */
76 ok(kIOReturnSuccess==aks_lock_bag(keybag), "lock keybag");
77 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
78 ok(state&keybag_state_locked, "keybag locked");
79 });
80
81 CFReleaseSafe(keychain_path_cf);
82 });
83
84 CFArrayRef old_ag = SecAccessGroupsGetCurrent();
85 CFMutableArrayRef test_ag = CFArrayCreateMutableCopy(NULL, 0, old_ag);
86 CFArrayAppendValue(test_ag, CFSTR("com.apple.cfnetwork"));
87 SecAccessGroupsSetCurrent(test_ag);
88
89 /* querying a password */
90 const void *keys[] = {
91 kSecClass,
92 kSecAttrAccessGroup,
93 kSecAttrSynchronizable,
94 kSecMatchLimit,
95 kSecReturnAttributes,
96 };
97 const void *values[] = {
98 kSecClassInternetPassword,
99 CFSTR("com.apple.cfnetwork"),
100 kSecAttrSynchronizableAny,
101 kSecMatchLimitAll,
102 kCFBooleanTrue,
103 };
104 CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
105 array_size(keys), NULL, NULL);
106 CFTypeRef results = NULL;
107 is_status(SecItemCopyMatching(query, &results), errSecInteractionNotAllowed);
108
109 ok(kIOReturnSuccess==aks_unlock_bag(keybag, passcode, passcode_len), "lock keybag");
110 ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
111 ok(!(state&keybag_state_locked), "keybag unlocked");
112
113 // We should be able to query 2 inet items from the DB here. But the database is encrypted
114 // by keybag which we do not know, so no item can be actually retrieved. The test could be
115 // improved by crafting DB to update using keybag hardcoded in the test, that way it would be possible
116 // to check that 2 inet items are really retrieved here.
117 is_status(SecItemCopyMatching(query, &results), errSecItemNotFound);
118
119 /* Reset keybag */
120 SecItemServerResetKeychainKeybag();
121
122 // Reset server accessgroups.
123 SecAccessGroupsSetCurrent(old_ag);
124 CFReleaseSafe(test_ag);
125
126 CFReleaseSafe(results);
127 CFReleaseSafe(query);
128 return 0;
129 }
130
131 #else
132
133 int secd_35_keychain_migrate_inet(int argc, char *const *argv)
134 {
135 plan_tests(1);
136
137 todo("Not yet working in simulator");
138
139 TODO: {
140 ok(false);
141 }
142 /* not implemented in simulator (no keybag) */
143 /* Not implemented in OSX (no upgrade scenario) */
144 return 0;
145 }
146 #endif