]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.1.9.tar.gz
[apple/security.git] / SecurityTests / clxutils / rootStoreTool / parseTrustedRootList.cpp
1 /*
2 * parseTrustedRootList.cpp - parse the contents of a TrustedRootList record.
3 *
4 * Created May 26 2005 by dmitch.
5 */
6
7 #include <stdlib.h>
8 #include <strings.h>
9 #include <stdio.h>
10 #include <unistd.h>
11 #include "parseTrustedRootList.h"
12 #include "rootUtils.h"
13
14 #include <Security/TrustSettingsSchema.h> /* private header */
15 #include <Security/SecTrustSettings.h>
16 #include <CoreFoundation/CoreFoundation.h>
17 #include <security_utilities/cfutilities.h>
18
19 /*
20 * Data is obtained from a SecKeychainItemRef; it's expected to be the XML encoding
21 * of a CFPropertyList (specifically of a CFDictionaryRef).
22 */
23 int parseTrustedRootList(
24 CFDataRef plistData)
25 {
26 /* First decode the XML */
27 CFStringRef errStr = NULL;
28 CFRef<CFPropertyListRef> rawPropList;
29 int ourRtn = 0;
30 OidParser parser;
31
32 rawPropList.take(CFPropertyListCreateFromXMLData(
33 NULL,
34 plistData,
35 kCFPropertyListImmutable,
36 &errStr));
37 CFPropertyListRef cfRawPropList = rawPropList;
38 if(cfRawPropList == NULL) {
39 printf("***parseTrustedRootList: Error decoding TrustedRootList XML data\n");
40 if(errStr != NULL) {
41 printf("Error string: "); CFShow(errStr);
42 CFRelease(errStr);
43 }
44 return -1;
45 }
46 if(errStr != NULL) {
47 CFRelease(errStr);
48 }
49
50 CFDictionaryRef topDict = (CFDictionaryRef)cfRawPropList;
51 if(CFGetTypeID(topDict) != CFDictionaryGetTypeID()) {
52 printf("***parseTrustedRootList: malformed propList");
53 return -1;
54 }
55
56 printf("=== Parsed User Trust Record ===\n");
57
58 /* that dictionary has two entries */
59 CFNumberRef cfVers = (CFNumberRef)CFDictionaryGetValue(topDict, kTrustRecordVersion);
60 if((cfVers == NULL) || (CFGetTypeID(cfVers) != CFNumberGetTypeID())) {
61 printf("***parseTrustedRootList: malformed version");
62 }
63 else {
64 SInt32 vers;
65 if(!CFNumberGetValue(cfVers, kCFNumberSInt32Type, &vers)) {
66 printf("***parseTrustedRootList: malformed version");
67 }
68 else {
69 printf("Version = %ld\n", vers);
70 }
71 }
72
73 CFDictionaryRef certsDict = (CFDictionaryRef)CFDictionaryGetValue(topDict,
74 kTrustRecordTrustList);
75 if((certsDict == NULL) || (CFGetTypeID(certsDict) != CFDictionaryGetTypeID())) {
76 printf("***parseTrustedRootList: malformed mTrustArray");
77 return -1;
78 }
79
80 CFIndex numCerts = CFDictionaryGetCount(certsDict);
81 const void *dictKeys[numCerts];
82 const void *dictValues[numCerts];
83 CFDictionaryGetKeysAndValues(certsDict, dictKeys, dictValues);
84
85 CFDataRef certApp;
86 CFDataRef certPolicy;
87 CFDictionaryRef ucDict;
88 CFArrayRef usageConstraints;
89 CFDataRef cfd;
90 CFIndex numUsageConstraints;
91 CFStringRef policyStr;
92 CFNumberRef cfNum;
93 CFDateRef modDate;
94
95 printf("Number of cert entries: %ld\n", numCerts);
96
97 for(CFIndex dex=0; dex<numCerts; dex++) {
98 printf("Cert %ld:\n", dex);
99 indentIncr();
100
101 /* per-cert key is ASCII representation of SHA1(cert) */
102 CFStringRef certHashStr = (CFStringRef)dictKeys[dex];
103 if(CFGetTypeID(certHashStr) != CFStringGetTypeID()) {
104 printf("***parseTrustedRootList: malformed certsDict key");
105 ourRtn = -1;
106 goto nextCert;
107 }
108 indent(); printf("Cert Hash : ");
109 printCfStr(certHashStr);
110 printf("\n");
111
112 /* get per-cert dictionary */
113 CFDictionaryRef certDict = (CFDictionaryRef)dictValues[dex];
114 if(CFGetTypeID(certDict) != CFDictionaryGetTypeID()) {
115 printf("***parseTrustedRootList: malformed certDict");
116 ourRtn = -1;
117 goto nextCert;
118 }
119
120 /*
121 * That dictionary has exactly four entries...but the first
122 *
123 * First, the issuer. This is in non-normalized form.
124 */
125 cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordIssuer);
126 if(cfd == NULL) {
127 printf("***parseTrustedRootList: missing issuer");
128 ourRtn = -1;
129 goto nextCert;
130 }
131 if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
132 printf("***parseTrustedRootList: malformed issuer");
133 ourRtn = -1;
134 goto nextCert;
135 }
136 indent();
137 if(CFDataGetLength(cfd) == 0) {
138 /* that's for a default setting */
139 printf("Issuer : <none>\n");
140 }
141 else {
142 printf("Issuer : \n");
143 indentIncr(); printCfName(cfd, parser);
144 indentDecr();
145 }
146
147 /* Serial number */
148 cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordSerialNumber);
149 if(cfd == NULL) {
150 printf("***parseTrustedRootList: missing serial number");
151 ourRtn = -1;
152 goto nextCert;
153 }
154 if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
155 printf("***parseTrustedRootList: malformed serial number");
156 ourRtn = -1;
157 goto nextCert;
158 }
159 indent(); printData("Serial Number ", cfd, PD_Hex, parser);
160
161 /* modification date */
162 modDate = (CFDateRef)CFDictionaryGetValue(certDict, kTrustRecordModDate);
163 if(modDate == NULL) {
164 printf("***parseTrustedRootList: missing modification date");
165 ourRtn = -1;
166 goto nextCert;
167 }
168 if(CFGetTypeID(modDate) != CFDateGetTypeID()) {
169 printf("***parseTrustedRootList: malformed modification date");
170 ourRtn = -1;
171 goto nextCert;
172 }
173 indent();
174 printf("Modification Date : ");
175 printCFDate(modDate);
176 printf("\n");
177
178 /*
179 * Array of usageConstraint dictionaries - the array itself must be there,
180 * though it might be empty.
181 */
182 usageConstraints = (CFArrayRef)CFDictionaryGetValue(certDict,
183 kTrustRecordTrustSettings);
184 numUsageConstraints = 0;
185 if(usageConstraints != NULL) {
186 if(CFGetTypeID(usageConstraints) != CFArrayGetTypeID()) {
187 printf("***parseTrustedRootList: malformed Usage Constraints array");
188 ourRtn = -1;
189 goto nextCert;
190 }
191
192 numUsageConstraints = CFArrayGetCount(usageConstraints);
193 }
194 indent(); printf("Num usage constraints : ");
195 if(usageConstraints) {
196 printf("%ld\n", numUsageConstraints);
197 }
198 else {
199 printf("<not present>\n");
200 }
201
202 /* grind thru the usageConstraint dictionaries */
203 for(CFIndex apDex=0; apDex<numUsageConstraints; apDex++) {
204 indent(); printf("Usage constraint %ld:\n", apDex);
205 indentIncr();
206
207 ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(usageConstraints, apDex);
208 if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
209 printf("***parseTrustedRootList: malformed usageConstraint dictionary");
210 ourRtn = -1;
211 goto nextAp;
212 }
213
214 /* policy - optional - an OID */
215 certPolicy = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
216 if(certPolicy != NULL) {
217 if(CFGetTypeID(certPolicy) != CFDataGetTypeID()) {
218 printf("***parseTrustedRootList: malformed certPolicy");
219 ourRtn = -1;
220 goto nextAp;
221 }
222 indent(); printData("Policy OID ", certPolicy, PD_OID, parser);
223 }
224
225 /* app - optional - data - opaque */
226 certApp = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsApplication);
227 if(certApp != NULL) {
228 if(CFGetTypeID(certApp) != CFDataGetTypeID()) {
229 printf("***parseTrustedRootList: malformed certApp");
230 ourRtn = -1;
231 goto nextAp;
232 }
233 indent(); printData("Application ", certApp, PD_Hex, parser);
234 }
235
236 /* policy string */
237 policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
238 if(policyStr != NULL) {
239 if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
240 printf("***parseTrustedRootList: malformed policyStr");
241 ourRtn = -1;
242 goto nextAp;
243 }
244 indent(); printf("Policy String : ");
245 printCfStr(policyStr); printf("\n");
246 }
247
248 /* Allowed error */
249 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
250 if(cfNum != NULL) {
251 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
252 printf("***parseTrustedRootList: malformed allowedError");
253 ourRtn = -1;
254 goto nextAp;
255 }
256 indent(); printf("Allowed Error : ");
257 printCssmErr(cfNum); printf("\n");
258 }
259
260 /* ResultType */
261 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
262 if(cfNum != NULL) {
263 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
264 printf("***parseTrustedRootList: malformed Result");
265 ourRtn = -1;
266 goto nextAp;
267 }
268 indent(); printf("Result Type : ");
269 printResult(cfNum); printf("\n");
270 }
271
272 /* key usage */
273 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
274 if(cfNum != NULL) {
275 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
276 printf("***parseTrustedRootList: malformed keyUsage");
277 ourRtn = -1;
278 goto nextAp;
279 }
280 indent(); printf("Key Usage : ");
281 printKeyUsage(cfNum); printf("\n");
282 }
283
284 nextAp:
285 indentDecr();
286 }
287
288 nextCert:
289 indentDecr();
290 } /* for each cert dictionary in top-level array */
291
292 printf("=== End of Parsed User Trust Record ===\n");
293 return ourRtn;
294
295 }
296
297
mirror of Security