2 * clTool.cpp - menu-driven CL exerciser
5 #include <security_cdsa_utils/cuPrintCert.h>
6 #include <security_cdsa_utils/cuOidParser.h>
7 #include <security_cdsa_utils/cuFileIo.h>
8 #include <clAppUtils/clutils.h>
9 #include <utilLib/common.h>
14 #include <Security/cssmtype.h>
15 #include <Security/cssmapi.h>
16 #include <Security/oidscert.h>
19 * A list of OIDs we inquire about.
21 static const CSSM_OID
*knownOids
[] =
23 &CSSMOID_X509V1Version
, // not always present
24 &CSSMOID_X509V1SerialNumber
,
25 &CSSMOID_X509V1IssuerNameCStruct
,
26 &CSSMOID_X509V1SubjectNameCStruct
,
27 &CSSMOID_CSSMKeyStruct
,
28 &CSSMOID_X509V1SubjectPublicKeyCStruct
,
29 &CSSMOID_X509V1ValidityNotBefore
,
30 &CSSMOID_X509V1ValidityNotAfter
,
31 &CSSMOID_X509V1SignatureAlgorithmTBS
,
32 &CSSMOID_X509V1SignatureAlgorithm
,
33 &CSSMOID_X509V1Signature
,
34 &CSSMOID_X509V3CertificateExtensionCStruct
,
36 &CSSMOID_BasicConstraints
,
37 &CSSMOID_ExtendedKeyUsage
,
38 &CSSMOID_CertificatePolicies
,
39 &CSSMOID_NetscapeCertType
42 #define NUM_KNOWN_OIDS (sizeof(knownOids) / sizeof(CSSM_OID *))
44 static const char *oidNames
[] =
46 "CSSMOID_X509V1Version",
47 "CSSMOID_X509V1SerialNumber",
48 "CSSMOID_X509V1IssuerNameCStruct",
49 "CSSMOID_X509V1SubjectNameCStruct",
50 "CSSMOID_CSSMKeyStruct",
51 "CSSMOID_X509V1SubjectPublicKeyCStruct",
52 "CSSMOID_X509V1ValidityNotBefore",
53 "CSSMOID_X509V1ValidityNotAfter",
54 "CSSMOID_X509V1SignatureAlgorithmTBS",
55 "CSSMOID_X509V1SignatureAlgorithm",
56 "CSSMOID_X509V1Signature",
57 "CSSMOID_X509V3CertificateExtensionCStruct",
59 "CSSMOID_BasicConstraints",
60 "CSSMOID_ExtendedKeyUsage",
61 "CSSMOID_CertificatePolicies",
62 "CSSMOID_NetscapeCertType"
65 static void usage(char **argv
)
67 printf("Usage: %s certFile\n", argv
[0]);
71 int main(int argc
, char **argv
)
73 CSSM_DATA certData
= {0, NULL
};
74 CSSM_CL_HANDLE clHand
= CSSM_INVALID_HANDLE
;
75 CSSM_HANDLE cacheHand
= CSSM_INVALID_HANDLE
;
76 CSSM_HANDLE searchHand
= CSSM_INVALID_HANDLE
;
80 CSSM_DATA_PTR fieldValue
;
83 CSSM_FIELD_PTR fieldPtr
;
90 if(readFile(argv
[1], &certData
.Data
, &len
)) {
91 printf("Can't read file %s' aborting.\n", argv
[1]);
94 certData
.Length
= len
;
98 printf("a load/attach\n");
99 printf("d detach/unload\n");
100 printf("c cache the cert\n");
101 printf("u uncache the cert\n");
102 printf("g get field (uncached)\n");
103 printf("G get field (cached)\n");
104 printf("f get all fields, then free\n");
106 printf("Enter command: ");
110 if(clHand
!= CSSM_INVALID_HANDLE
) {
111 printf("***Multiple attaches; expect leaks\n");
113 clHand
= clStartup();
114 if(clHand
== CSSM_INVALID_HANDLE
) {
115 printf("***Error attaching to CL.\n");
125 * -- this should cause the CL to free up all cached certs
126 * no matter what - even if we've done multiple certCache
127 * ops. However the plugin framework doesn't delete the
128 * session object on detach (yet) so expect leaks in
130 * -- we don't clear out cacheHand or searchHand here; this
131 * allows verification of proper handling of bogus handles.
134 clHand
= CSSM_INVALID_HANDLE
;
140 if(cacheHand
!= CSSM_INVALID_HANDLE
) {
141 printf("***NOTE: a cert is already cached. Expect leaks.\n"); }
142 crtn
= CSSM_CL_CertCache(clHand
, &certData
, &cacheHand
);
144 printError("CSSM_CL_CertCache", crtn
);
153 crtn
= CSSM_CL_CertAbortCache(clHand
, cacheHand
);
155 printError("CSSM_CL_CertAbortCache", crtn
);
158 cacheHand
= CSSM_INVALID_HANDLE
;
164 /* get one field (uncached) */
165 fieldDex
= genRand(0, NUM_KNOWN_OIDS
- 1);
166 crtn
= CSSM_CL_CertGetFirstFieldValue(clHand
,
173 printf("***Error fetching field %s\n", oidNames
[fieldDex
]);
174 printError("CSSM_CL_CertGetFirstFieldValue", crtn
);
177 printf("%s: %u fields found\n", oidNames
[fieldDex
], (unsigned)numFields
);
178 field
.FieldValue
= *fieldValue
;
179 field
.FieldOid
= *(knownOids
[fieldDex
]);
180 printCertField(field
, parser
, CSSM_TRUE
);
181 crtn
= CSSM_CL_FreeFieldValue(clHand
, knownOids
[fieldDex
], fieldValue
);
183 printError("CSSM_CL_FreeFieldValue", crtn
);
186 for(unsigned i
=1; i
<numFields
; i
++) {
187 crtn
= CSSM_CL_CertGetNextFieldValue(clHand
,
191 printError("CSSM_CL_CertGetNextFieldValue", crtn
);
194 field
.FieldValue
= *fieldValue
;
195 printCertField(field
, parser
, CSSM_TRUE
);
196 crtn
= CSSM_CL_FreeFieldValue(clHand
,
197 knownOids
[fieldDex
], fieldValue
);
199 printError("CSSM_CL_FreeFieldValue", crtn
);
202 } /* for additional fields */
204 /* verify one more getField results in error */
205 crtn
= CSSM_CL_CertGetNextFieldValue(clHand
,
208 if(crtn
!= CSSMERR_CL_NO_FIELD_VALUES
) {
209 if(crtn
== CSSM_OK
) {
210 printf("***unexpected success on final GetNextFieldValue\n");
213 printError("Wrong error on final GetNextFieldValue", crtn
);
216 crtn
= CSSM_CL_CertAbortQuery(clHand
, searchHand
);
218 printError("CSSM_CL_CertAbortQuery", crtn
);
223 /* get one field (uncached) */
224 fieldDex
= genRand(0, NUM_KNOWN_OIDS
- 1);
225 crtn
= CSSM_CL_CertGetFirstCachedFieldValue(clHand
,
232 printf("***Error fetching field %s\n", oidNames
[fieldDex
]);
233 printError("CSSM_CL_CertGetFirstCachedFieldValue", crtn
);
236 printf("%s: %u fields found\n", oidNames
[fieldDex
], (unsigned)numFields
);
237 field
.FieldValue
= *fieldValue
;
238 field
.FieldOid
= *(knownOids
[fieldDex
]);
239 printCertField(field
, parser
, CSSM_TRUE
);
240 crtn
= CSSM_CL_FreeFieldValue(clHand
, knownOids
[fieldDex
], fieldValue
);
242 printError("CSSM_CL_FreeFieldValue", crtn
);
245 for(unsigned i
=1; i
<numFields
; i
++) {
246 crtn
= CSSM_CL_CertGetNextCachedFieldValue(clHand
,
250 printError("CSSM_CL_CertGetNextCachedFieldValue", crtn
);
253 field
.FieldValue
= *fieldValue
;
254 printCertField(field
, parser
, CSSM_TRUE
);
255 crtn
= CSSM_CL_FreeFieldValue(clHand
,
256 knownOids
[fieldDex
], fieldValue
);
258 printError("CSSM_CL_FreeFieldValue", crtn
);
261 } /* for additional cached fields */
263 /* verify one more getField results in error */
264 crtn
= CSSM_CL_CertGetNextCachedFieldValue(clHand
,
267 if(crtn
!= CSSMERR_CL_NO_FIELD_VALUES
) {
268 if(crtn
== CSSM_OK
) {
269 printf("***unexpected success on final GetNextCachedFieldValue\n");
272 printError("Wrong error on final GetNextCachedFieldValue", crtn
);
275 crtn
= CSSM_CL_CertAbortQuery(clHand
, searchHand
);
277 printError("CSSM_CL_CertAbortQuery", crtn
);
282 /* get all fields (for leak testing) */
283 crtn
= CSSM_CL_CertGetAllFields(clHand
,
288 printError("CSSM_CL_CertGetAllFields", crtn
);
291 printf("...numFields %u\n", (unsigned)numFields
);
292 crtn
= CSSM_CL_FreeFields(clHand
, numFields
, &fieldPtr
);
294 printError("CSSM_CL_FreeFields", crtn
);
308 if(clHand
!= CSSM_INVALID_HANDLE
) {
projects / apple / security.git / blob