2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 #include <Security/Security.h>
26 #include <AssertMacros.h>
28 #include "ssl-utils.h"
33 #include <Security/Security.h>
34 #include <Security/SecRSAKey.h>
35 #include <Security/SecECKey.h>
36 #include <Security/SecCertificatePriv.h>
37 #include <Security/SecIdentityPriv.h>
40 #include "privkey-1.h"
44 CFArrayRef
chain_from_der(const unsigned char *cert_der
, size_t cert_der_len
, const unsigned char *pkey_der
, size_t pkey_der_len
)
46 SecKeyRef pkey
= NULL
;
47 SecCertificateRef cert
= NULL
;
48 SecIdentityRef ident
= NULL
;
49 CFArrayRef items
= NULL
;
51 require(pkey
= SecKeyCreateRSAPrivateKey(kCFAllocatorDefault
, pkey_der
, pkey_der_len
, kSecKeyEncodingPkcs1
), errOut
);
52 require(cert
= SecCertificateCreateWithBytes(kCFAllocatorDefault
, cert_der
, cert_der_len
), errOut
);
53 require(ident
= SecIdentityCreate(kCFAllocatorDefault
, cert
, pkey
), errOut
);
54 require(items
= CFArrayCreate(kCFAllocatorDefault
, (const void **)&ident
, 1, &kCFTypeArrayCallBacks
), errOut
);
65 #include "identity-1.h"
66 #define P12_PASSWORD "password"
69 CFArrayRef
chain_from_p12(const unsigned char *p12_data
, size_t p12_len
)
71 char keychain_path
[] = "/tmp/keychain.XXXXXX";
73 SecKeychainRef keychain
;
77 require_noerr(SecKeychainCopyDomainSearchList(kSecPreferencesDomainUser
, &list
), errOut
);
78 require(mktemp(keychain_path
), errOut
);
79 require_noerr(SecKeychainCreate (keychain_path
, strlen(P12_PASSWORD
), P12_PASSWORD
,
80 FALSE
, NULL
, &keychain
), errOut
);
81 require_noerr(SecKeychainSetDomainSearchList(kSecPreferencesDomainUser
, list
), errOut
); // restores the previous search list
82 require(data
= CFDataCreateWithBytesNoCopy(kCFAllocatorDefault
, p12_data
, p12_len
, kCFAllocatorNull
), errOut
);
84 SecExternalFormat format
=kSecFormatPKCS12
;
85 SecExternalItemType type
=kSecItemTypeAggregate
;
86 SecItemImportExportFlags flags
=0;
87 SecKeyImportExportParameters params
= {0,};
88 CFArrayRef out
= NULL
;
90 params
.passphrase
=CFSTR("password");
91 params
.keyAttributes
= CSSM_KEYATTR_PERMANENT
| CSSM_KEYATTR_SENSITIVE
;
93 require_noerr(SecKeychainItemImport(data
, CFSTR(".p12"), &format
, &type
, flags
,
94 ¶ms
, keychain
, &out
), errOut
);
97 CFReleaseSafe(keychain
);
105 CFArrayRef
server_chain(void)
108 return chain_from_der(privkey_1_der
, privkey_1_der_len
, cert_1_der
, cert_1_der_len
);
110 return chain_from_p12(identity_1_p12
, identity_1_p12_len
);
114 CFArrayRef
client_chain(void)
117 return chain_from_der(privkey_1_der
, privkey_1_der_len
, cert_1_der
, cert_1_der_len
);
119 return chain_from_p12(identity_1_p12
, identity_1_p12_len
);
projects / apple / security.git / blob