OSX/sec/Security/Regressions/secitem/si-92-sectrust-homekit.c

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include <CoreFoundation/CoreFoundation.h>
  25 #include <Security/Security.h>
  26 #include <Security/SecCertificatePriv.h>
  27 #include <Security/SecPolicyPriv.h>
  28
  29 #include "utilities/SecCFRelease.h"
  30 #include "utilities/SecCFWrappers.h"
  31
  32 #include "Security_regressions.h"
  33
  34 #include "si-92-sectrust-homekit.h"
  35
  36 static void tests(void)
  37 {
  38     SecTrustRef trust = NULL;
  39     SecPolicyRef policy = NULL;
  40     SecCertificateRef cert0 = NULL, cert1 = NULL, rootcert = NULL;
  41     SecTrustResultType trustResult;
  42     CFArrayRef certs = NULL, anchor_certs = NULL;
  43
  44     isnt(cert0 = SecCertificateCreateWithBytes(NULL, _AppleHomeKitUATServer, sizeof(_AppleHomeKitUATServer)), NULL, "create cert0");
  45     isnt(cert1 = SecCertificateCreateWithBytes(NULL, _AppleHomeKitCA, sizeof(_AppleHomeKitCA)), NULL, "create cert1");
  46     isnt(rootcert = SecCertificateCreateWithBytes(NULL, _AppleG3Root, sizeof(_AppleG3Root)), NULL, "create root cert");
  47
  48     const void *v_certs[] = { cert0, cert1 };
  49     certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
  50     anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);
  51
  52     /* Set explicit verify date: 12 February 2016 */
  53     CFDateRef date = NULL;
  54     isnt(date = CFDateCreate(NULL, 476992610.0), NULL, "Create verify date");
  55
  56     /* Evaluate production certs with policy. Should succeed.*/
  57     isnt(policy = SecPolicyCreateAppleHomeKitServerAuth(CFSTR("homekit.accessories-qa.apple.com")), NULL, "create policy");
  58
  59     ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
  60     ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
  61     ok_status(SecTrustSetVerifyDate(trust, date), "set date");
  62
  63     ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
  64     is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
  65     is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
  66
  67     CFReleaseSafe(trust);
  68     CFReleaseSafe(certs);
  69     CFReleaseSafe(cert0);
  70     CFReleaseSafe(cert1);
  71     CFReleaseSafe(anchor_certs);
  72     CFReleaseSafe(rootcert);
  73
  74     /* Evaluate certs with a different profile against this test. Should fail. */
  75     isnt(cert0 = SecCertificateCreateWithBytes(NULL, _testLeaf, sizeof(_testLeaf)), NULL, "create cert0");
  76     isnt(cert1 = SecCertificateCreateWithBytes(NULL, _testServerAuthCA, sizeof(_testServerAuthCA)), NULL, "create cert1");
  77     isnt(rootcert = SecCertificateCreateWithBytes(NULL, _testRoot, sizeof(_testRoot)), NULL, "create root cert");
  78
  79     const void *v_certs2[] = { cert0, cert1 };
  80     certs = CFArrayCreate(NULL, v_certs2, sizeof(v_certs2)/sizeof(*v_certs2), &kCFTypeArrayCallBacks);
  81     anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);
  82
  83     ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
  84     ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
  85     ok_status(SecTrustSetVerifyDate(trust, date), "set date");
  86
  87     ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
  88     is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");
  89
  90     CFReleaseSafe(date);
  91     CFReleaseSafe(trust);
  92     CFReleaseSafe(policy);
  93     CFReleaseSafe(certs);
  94     CFReleaseSafe(cert0);
  95     CFReleaseSafe(cert1);
  96     CFReleaseSafe(anchor_certs);
  97     CFReleaseSafe(rootcert);
  98
  99 }
 100
 101
 102 int si_92_sectrust_homekit(int argc, char *const *argv)
 103 {
 104     plan_tests(19);
 105
 106     tests();
 107
 108     return 0;
 109 }