]> git.saurik.com Git - apple/security.git/blob - tests/TrustTests/FrameworkTests/TrustInterfaceTests.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.61.1.tar.gz
[apple/security.git] / tests / TrustTests / FrameworkTests / TrustInterfaceTests.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 */
24
25 #include <AssertMacros.h>
26 #import <XCTest/XCTest.h>
27 #include <Security/SecCertificatePriv.h>
28 #include <Security/SecPolicyPriv.h>
29 #include <Security/SecTrustPriv.h>
30 #include <Security/SecTrustInternal.h>
31 #include "OSX/utilities/SecCFWrappers.h"
32 #include "OSX/utilities/array_size.h"
33 #include "OSX/sec/ipc/securityd_client.h"
34
35 #include "../TestMacroConversions.h"
36 #include "../TrustEvaluationTestHelpers.h"
37 #include "TrustFrameworkTestCase.h"
38 #include "TrustInterfaceTests_data.h"
39
40 @interface TrustInterfaceTests : TrustFrameworkTestCase
41 @end
42
43 @implementation TrustInterfaceTests
44
45 - (void)testCreateWithCertificates {
46 SecTrustRef trust = NULL;
47 CFArrayRef certs = NULL;
48 SecCertificateRef cert0 = NULL, cert1 = NULL;
49 SecPolicyRef policy = NULL;
50
51 isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
52 NULL, "create cert0");
53 isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
54 NULL, "create cert1");
55 const void *v_certs[] = { cert0, cert1 };
56
57 certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
58 policy = SecPolicyCreateSSL(false, NULL);
59
60 /* SecTrustCreateWithCertificates failures. */
61 is_status(SecTrustCreateWithCertificates(kCFBooleanTrue, policy, &trust),
62 errSecParam, "create trust with boolean instead of cert");
63 is_status(SecTrustCreateWithCertificates(cert0, kCFBooleanTrue, &trust),
64 errSecParam, "create trust with boolean instead of policy");
65
66 NSArray *badValues = @[ [NSData dataWithBytes:_c0 length:sizeof(_c0)], [NSData dataWithBytes:_c1 length:sizeof(_c1)]];
67 XCTAssert(errSecParam == SecTrustCreateWithCertificates((__bridge CFArrayRef)badValues, policy, &trust),
68 "create trust with array of datas instead of certs");
69 XCTAssert(errSecParam == SecTrustCreateWithCertificates(certs, (__bridge CFArrayRef)badValues, &trust),
70 "create trust with array of datas instead of policies");
71
72 /* SecTrustCreateWithCertificates using array of certs. */
73 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
74
75 CFReleaseNull(trust);
76 CFReleaseNull(cert0);
77 CFReleaseNull(cert1);
78 CFReleaseNull(certs);
79 CFReleaseNull(policy);
80 }
81
82 - (void)testGetCertificate {
83 SecTrustRef trust = NULL;
84 CFArrayRef certs = NULL;
85 SecCertificateRef cert0 = NULL, cert1 = NULL;
86 SecPolicyRef policy = NULL;
87
88 isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
89 NULL, "create cert0");
90 isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
91 NULL, "create cert1");
92 const void *v_certs[] = { cert0, cert1 };
93
94 certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
95 policy = SecPolicyCreateSSL(false, NULL);
96
97 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
98
99 /* NOTE: prior to <rdar://11810677 SecTrustGetCertificateCount would return 1 at this point.
100 * Now, however, we do an implicit SecTrustEvaluate to build the chain if it has not yet been
101 * evaluated, so we now expect the full chain length. */
102 #if !TARGET_OS_BRIDGE
103 is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
104 #else
105 /* bridgeOS has no system anchors, so trustd never finds the root */
106 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
107 #endif
108 is(SecTrustGetCertificateAtIndex(trust, 0), cert0, "cert 0 is leaf");
109
110 CFReleaseNull(trust);
111 CFReleaseNull(cert0);
112 CFReleaseNull(cert1);
113 CFReleaseNull(certs);
114 CFReleaseNull(policy);
115 }
116
117 - (void)testRestoreOS {
118 SecTrustRef trust = NULL;
119 CFArrayRef certs = NULL;
120 SecCertificateRef cert0 = NULL, cert1 = NULL;
121 SecPolicyRef policy = NULL;
122 CFDateRef date = NULL;
123 SecTrustResultType trustResult = kSecTrustResultOtherError;
124
125 /* Apr 14 2018. */
126 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2018, 4, 14, 12, 0, 0),
127 NULL, "create verify date");
128 if (!date) { goto errOut; }
129
130 isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
131 NULL, "create cert0");
132 isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
133 NULL, "create cert1");
134 const void *v_certs[] = { cert0, cert1 };
135
136 certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
137 policy = SecPolicyCreateSSL(false, NULL);
138
139 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
140 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
141
142 // Test Restore OS environment
143 SecServerSetTrustdMachServiceName("com.apple.security.doesn't-exist");
144 ok_status(SecTrustGetTrustResult(trust, &trustResult), "evaluate trust without securityd running");
145 is_status(trustResult, kSecTrustResultInvalid, "trustResult is kSecTrustResultInvalid");
146 is(SecTrustGetCertificateCount(trust), 1, "cert count is 1 without securityd running");
147 SecKeyRef pubKey = NULL;
148 ok(pubKey = SecTrustCopyPublicKey(trust), "copy public key without securityd running");
149 CFReleaseNull(pubKey);
150 SecServerSetTrustdMachServiceName("com.apple.trustd");
151 // End of Restore OS environment tests
152
153 errOut:
154 CFReleaseNull(trust);
155 CFReleaseNull(cert0);
156 CFReleaseNull(cert1);
157 CFReleaseNull(certs);
158 CFReleaseNull(policy);
159 }
160
161 - (void)testAnchorCerts {
162 SecTrustRef trust = NULL;
163 CFArrayRef certs = NULL, anchors = NULL;
164 SecCertificateRef cert0 = NULL, cert1 = NULL;
165 SecPolicyRef policy = NULL;
166 CFDateRef date = NULL;
167
168 /* Apr 14 2018. */
169 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2018, 4, 14, 12, 0, 0),
170 NULL, "create verify date");
171 if (!date) { goto errOut; }
172
173 isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
174 NULL, "create cert0");
175 isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
176 NULL, "create cert1");
177 const void *v_certs[] = { cert0, cert1 };
178
179 certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
180 policy = SecPolicyCreateSSL(false, NULL);
181
182 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
183 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
184
185 anchors = CFArrayCreate(NULL, (const void **)&cert1, 1, &kCFTypeArrayCallBacks);
186 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
187 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
188 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
189
190 CFReleaseNull(anchors);
191 anchors = CFArrayCreate(NULL, NULL, 0, NULL);
192 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set empty anchors list");
193 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
194 CFReleaseNull(anchors);
195
196 ok_status(SecTrustSetAnchorCertificatesOnly(trust, false), "trust passed in anchors and system anchors");
197 #if !TARGET_OS_BRIDGE
198 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
199 #else
200 /* BridgeOS has no system anchors */
201 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
202 #endif
203
204 ok_status(SecTrustSetAnchorCertificatesOnly(trust, true), "only trust passed in anchors (default)");
205 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
206
207 ok_status(SecTrustSetAnchorCertificates(trust, NULL), "reset anchors");
208 #if !TARGET_OS_BRIDGE
209 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
210 is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
211 #else
212 /* bridgeOS has no system anchors */
213 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
214 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
215 #endif
216
217 XCTAssert(errSecParam == SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)@[ [NSData dataWithBytes:_c0 length:sizeof(_c0)]]),
218 "set anchor with data instead of certificate");
219 #if !TARGET_OS_BRIDGE
220 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
221 is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
222 #else
223 /* bridgeOS has no system anchors */
224 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
225 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
226 #endif
227
228 errOut:
229 CFReleaseNull(trust);
230 CFReleaseNull(cert0);
231 CFReleaseNull(cert1);
232 CFReleaseNull(certs);
233 CFReleaseNull(anchors);
234 CFReleaseNull(policy);
235 }
236
237 - (void)testInputCertificates {
238 SecCertificateRef cert0 = NULL, cert1 = NULL;
239 SecPolicyRef policy = NULL;
240 SecTrustRef trust = NULL;
241 CFArrayRef certificates = NULL;
242
243 require(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)), errOut);
244 require(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)), errOut);
245 require(policy = SecPolicyCreateBasicX509(), errOut);
246 require_noerr(SecTrustCreateWithCertificates(cert0, policy, &trust), errOut);
247
248 ok_status(SecTrustCopyInputCertificates(trust, &certificates), "SecTrustCopyInputCertificates failed");
249 is(CFArrayGetCount(certificates), 1, "got too many input certs back");
250 is(CFArrayGetValueAtIndex(certificates, 0), cert0, "wrong input cert");
251 CFReleaseNull(certificates);
252
253 XCTAssert(errSecParam == SecTrustAddToInputCertificates(trust, (__bridge CFDataRef)[NSData dataWithBytes:_c1 length:sizeof(_c1)]),
254 "add data instead of cert");
255 XCTAssert(errSecParam == SecTrustAddToInputCertificates(trust, (__bridge CFArrayRef)@[[NSData dataWithBytes:_c1 length:sizeof(_c1)]]),
256 "add array of data instead of cert");
257
258 ok_status(SecTrustAddToInputCertificates(trust, cert0), "SecTrustAddToInputCertificates failed");
259 ok_status(SecTrustCopyInputCertificates(trust, &certificates), "SecTrustCopyInputCertificates failed");
260 is(CFArrayGetCount(certificates), 2, "got wrong number of input certs back");
261 is(CFArrayGetValueAtIndex(certificates, 0), cert0, "wrong input cert0");
262 is(CFArrayGetValueAtIndex(certificates, 1), cert0, "wrong input cert0");
263
264 ok_status(SecTrustAddToInputCertificates(trust, (__bridge CFArrayRef)@[ (__bridge id)cert1]), "SecTrustAddToInputCertificates failed");
265 ok_status(SecTrustCopyInputCertificates(trust, &certificates), "SecTrustCopyInputCertificates failed");
266 is(CFArrayGetCount(certificates), 3, "got wrong number of input certs back");
267 is(CFArrayGetValueAtIndex(certificates, 0), cert0, "wrong input cert0");
268 is(CFArrayGetValueAtIndex(certificates, 1), cert0, "wrong input cert0");
269 is(CFArrayGetValueAtIndex(certificates, 2), cert1, "wrong input cert1");
270 #if !TARGET_OS_BRIDGE
271 is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
272 #else
273 /* bridgeOS has no system anchors, so trustd never finds the root */
274 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
275 #endif
276
277 errOut:
278 CFReleaseNull(cert0);
279 CFReleaseNull(cert1);
280 CFReleaseNull(policy);
281 CFReleaseNull(trust);
282 CFReleaseNull(certificates);
283 }
284
285 - (void)testSetPolicies {
286 SecCertificateRef cert0 = NULL, cert1 = NULL;
287 SecPolicyRef policy = NULL, replacementPolicy = NULL;
288 SecTrustRef trust = NULL;
289 CFDateRef date = NULL;
290 CFArrayRef anchors = NULL, policies = NULL;
291
292 require(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)), errOut);
293 require(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)), errOut);
294 require(policy = SecPolicyCreateSSL(true, CFSTR("example.com")), errOut);
295 require_noerr(SecTrustCreateWithCertificates(cert0, policy, &trust), errOut);
296
297 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2018, 4, 14, 12, 0, 0),
298 NULL, "create verify date");
299 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
300 anchors = CFArrayCreate(NULL, (const void **)&cert1, 1, &kCFTypeArrayCallBacks);
301 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
302 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
303
304 /* replace with one policy */
305 require(replacementPolicy = SecPolicyCreateSSL(true, CFSTR("store.apple.com")), errOut);
306 ok_status(SecTrustSetPolicies(trust, replacementPolicy));
307 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
308
309 /* replace with policy array */
310 CFReleaseNull(trust);
311 require_noerr(SecTrustCreateWithCertificates(cert0, policy, &trust), errOut);
312 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2018, 4, 14, 12, 0, 0),
313 NULL, "create verify date");
314 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
315 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
316 policies = CFArrayCreate(kCFAllocatorDefault, (CFTypeRef*)&replacementPolicy, 1, &kCFTypeArrayCallBacks);
317 ok_status(SecTrustSetPolicies(trust, policies));
318 XCTAssert(SecTrustEvaluateWithError(trust, NULL), "evaluate trust");
319
320 /* replace with non-policy */
321 XCTAssert(errSecParam == SecTrustSetPolicies(trust, cert0), "set with cert instead of policy");
322 XCTAssert(errSecParam == SecTrustSetPolicies(trust, anchors), "set with array of certs instead of polciies");
323
324 /* copy policies */
325 CFReleaseNull(policies);
326 ok_status(SecTrustCopyPolicies(trust, &policies));
327 XCTAssertEqual(CFArrayGetCount(policies), 1, "one policy set");
328 XCTAssertTrue(CFEqual(CFArrayGetValueAtIndex(policies, 0), replacementPolicy), "set policy is replacement policy");
329
330 errOut:
331 CFReleaseNull(cert0);
332 CFReleaseNull(cert1);
333 CFReleaseNull(policy);
334 CFReleaseNull(trust);
335 CFReleaseNull(date);
336 CFReleaseNull(anchors);
337 CFReleaseNull(replacementPolicy);
338 CFReleaseNull(policies);
339 }
340
341 - (void)testAsyncTrustEval {
342 SecCertificateRef cert0 = NULL, cert1 = NULL;
343 SecPolicyRef policy = NULL;
344 SecTrustRef trust = NULL;
345 CFArrayRef certificates = NULL;
346 CFDateRef date = NULL;
347 dispatch_queue_t queue = dispatch_queue_create("com.apple.trusttests.async", DISPATCH_QUEUE_SERIAL_WITH_AUTORELEASE_POOL);
348
349 XCTestExpectation *blockExpectation = [self expectationWithDescription:@"callback occurs"];
350
351 require(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)), errOut);
352 require(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)), errOut);
353 const void *v_certs[] = {
354 cert0,
355 cert1
356 };
357 certificates = CFArrayCreate(NULL, v_certs,
358 array_size(v_certs),
359 &kCFTypeArrayCallBacks);
360
361 require(policy = SecPolicyCreateBasicX509(), errOut);
362 require_noerr(SecTrustCreateWithCertificates(certificates, policy, &trust), errOut);
363
364 /* Jul 30 2014. */
365 require(date = CFDateCreateForGregorianZuluMoment(NULL, 2014, 7, 30, 12, 0, 0), errOut);
366 require_noerr(SecTrustSetVerifyDate(trust, date), errOut);
367
368 /* This shouldn't crash. */
369 #pragma clang diagnostic push
370 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
371 ok_status(SecTrustEvaluateAsync(trust, queue, ^(SecTrustRef _Nonnull trustRef, SecTrustResultType trustResult) {
372 if ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified)) {
373 // Evaluation succeeded!
374 SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);
375 CFReleaseSafe(publicKey);
376 } else if (trustResult == kSecTrustResultRecoverableTrustFailure) {
377 // Evaluation failed, but may be able to recover . . .
378 } else {
379 // Evaluation failed
380 }
381 [blockExpectation fulfill];
382 }), "evaluate trust asynchronously");
383 CFReleaseNull(trust);
384 #pragma clang diagnostic pop
385
386 [self waitForExpectations:@[blockExpectation] timeout:1.0];
387
388 errOut:
389 CFReleaseNull(cert0);
390 CFReleaseNull(cert1);
391 CFReleaseNull(policy);
392 CFReleaseNull(certificates);
393 CFReleaseNull(date);
394 }
395
396 - (void)testExpiredOnly {
397 SecCertificateRef cert0 = NULL, cert1 = NULL, cert2 = NULL;
398 SecPolicyRef policy = NULL;
399 SecTrustRef trust = NULL;
400 CFArrayRef certificates = NULL, roots = NULL;
401 CFDateRef date = NULL;
402
403 require(cert0 = SecCertificateCreateWithBytes(NULL, _expired_badssl, sizeof(_expired_badssl)), errOut);
404 require(cert1 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_dvss, sizeof(_comodo_rsa_dvss)), errOut);
405 require(cert2 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_root, sizeof(_comodo_rsa_root)), errOut);
406
407 const void *v_certs[] = {cert0, cert1 };
408 certificates = CFArrayCreate(NULL, v_certs,
409 array_size(v_certs),
410 &kCFTypeArrayCallBacks);
411
412 const void *v_roots[] = { cert2 };
413 roots = CFArrayCreate(NULL, v_roots,
414 array_size(v_roots),
415 &kCFTypeArrayCallBacks);
416
417 require(policy = SecPolicyCreateSSL(true, CFSTR("expired.badssl.com")), errOut);
418 require_noerr(SecTrustCreateWithCertificates(certificates, policy, &trust), errOut);
419 require_noerr(SecTrustSetAnchorCertificates(trust, roots), errOut);
420
421 /* Mar 21 2017 (cert expired in 2015, so this will cause a validity error.) */
422 require(date = CFDateCreateForGregorianZuluMoment(NULL, 2017, 3, 21, 12, 0, 0), errOut);
423 require_noerr(SecTrustSetVerifyDate(trust, date), errOut);
424
425 /* SecTrustIsExpiredOnly implicitly evaluates the trust */
426 ok(SecTrustIsExpiredOnly(trust), "REGRESSION: has new error as well as expiration");
427
428 CFReleaseNull(policy);
429 require(policy = SecPolicyCreateSSL(true, CFSTR("expired.terriblessl.com")), errOut);
430 require_noerr(SecTrustSetPolicies(trust, policy), errOut);
431 /* expect a hostname mismatch as well as expiration */
432 ok(!SecTrustIsExpiredOnly(trust), "REGRESSION: should have found multiple errors");
433
434 errOut:
435 CFReleaseNull(trust);
436 CFReleaseNull(cert0);
437 CFReleaseNull(cert1);
438 CFReleaseNull(cert2);
439 CFReleaseNull(policy);
440 CFReleaseNull(certificates);
441 CFReleaseNull(roots);
442 CFReleaseNull(date);
443 }
444
445 - (void)testEvaluateWithError {
446 SecCertificateRef cert0 = NULL, cert1 = NULL, cert2 = NULL;
447 SecPolicyRef policy = NULL;
448 SecTrustRef trust = NULL;
449 CFArrayRef certificates = NULL, roots = NULL;
450 CFDateRef date = NULL, validDate = NULL;
451 CFErrorRef error = NULL;
452
453 require(cert0 = SecCertificateCreateWithBytes(NULL, _expired_badssl, sizeof(_expired_badssl)), errOut);
454 require(cert1 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_dvss, sizeof(_comodo_rsa_dvss)), errOut);
455 require(cert2 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_root, sizeof(_comodo_rsa_root)), errOut);
456
457 const void *v_certs[] = {
458 cert0,
459 cert1,
460 cert2,
461 };
462 certificates = CFArrayCreate(NULL, v_certs,
463 array_size(v_certs),
464 &kCFTypeArrayCallBacks);
465
466 const void *v_roots[] = {
467 cert2
468 };
469 roots = CFArrayCreate(NULL, v_roots,
470 array_size(v_roots),
471 &kCFTypeArrayCallBacks);
472
473 require(policy = SecPolicyCreateSSL(true, CFSTR("expired.badssl.com")), errOut);
474 require_noerr(SecTrustCreateWithCertificates(certificates, policy, &trust), errOut);
475 require_noerr(SecTrustSetAnchorCertificates(trust, roots), errOut);
476
477 /* April 10 2015 (cert expired in 2015) */
478 require(validDate = CFDateCreateForGregorianZuluMoment(NULL, 2015, 4, 10, 12, 0, 0), errOut);
479 require_noerr(SecTrustSetVerifyDate(trust, validDate), errOut);
480
481 is(SecTrustEvaluateWithError(trust, &error), true, "wrong result for valid cert");
482 is(error, NULL, "set error for passing trust evaluation");
483 CFReleaseNull(error);
484
485 /* Mar 21 2017 (cert expired in 2015, so this will cause a validity error.) */
486 require(date = CFDateCreateForGregorianZuluMoment(NULL, 2017, 3, 21, 12, 0, 0), errOut);
487 require_noerr(SecTrustSetVerifyDate(trust, date), errOut);
488
489 /* expect expiration error */
490 is(SecTrustEvaluateWithError(trust, &error), false, "wrong result for expired cert");
491 isnt(error, NULL, "failed to set error for failing trust evaluation");
492 is(CFErrorGetCode(error), errSecCertificateExpired, "Got wrong error code for evaluation");
493 CFReleaseNull(error);
494
495 CFReleaseNull(policy);
496 require(policy = SecPolicyCreateSSL(true, CFSTR("expired.terriblessl.com")), errOut);
497 require_noerr(SecTrustSetPolicies(trust, policy), errOut);
498
499 /* expect a hostname mismatch as well as expiration; hostname mismatch must be a higher priority */
500 is(SecTrustEvaluateWithError(trust, &error), false, "wrong result for expired cert with hostname mismatch");
501 isnt(error, NULL, "failed to set error for failing trust evaluation");
502 is(CFErrorGetCode(error), errSecHostNameMismatch, "Got wrong error code for evaluation");
503 CFReleaseNull(error);
504
505 /* expect only a hostname mismatch*/
506 require_noerr(SecTrustSetVerifyDate(trust, validDate), errOut);
507 is(SecTrustEvaluateWithError(trust, &error), false, "wrong result for valid cert with hostname mismatch");
508 isnt(error, NULL, "failed to set error for failing trust evaluation");
509 is(CFErrorGetCode(error), errSecHostNameMismatch, "Got wrong error code for evaluation");
510 CFReleaseNull(error);
511
512 /* pinning failure */
513 CFReleaseNull(policy);
514 require(policy = SecPolicyCreateAppleSSLPinned(CFSTR("test"), CFSTR("expired.badssl.com"),
515 NULL, CFSTR("1.2.840.113635.100.6.27.1")), errOut);
516 require_noerr(SecTrustSetPolicies(trust, policy), errOut);
517
518 is(SecTrustEvaluateWithError(trust, &error), false, "wrong result for valid cert with pinning failure");
519 isnt(error, NULL, "failed to set error for failing trust evaluation");
520 CFIndex errorCode = CFErrorGetCode(error);
521 // failed checks: AnchorApple, LeafMarkerOid, or IntermediateMarkerOid
522 ok(errorCode == errSecMissingRequiredExtension || errorCode == errSecInvalidRoot, "Got wrong error code for evaluation");
523 CFReleaseNull(error);
524
525 /* trust nothing, trust errors higher priority than hostname mismatch */
526 CFReleaseNull(policy);
527 require(policy = SecPolicyCreateSSL(true, CFSTR("expired.terriblessl.com")), errOut);
528 require_noerr(SecTrustSetPolicies(trust, policy), errOut);
529
530 CFReleaseNull(roots);
531 roots = CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks);
532 require_noerr(SecTrustSetAnchorCertificates(trust, roots), errOut);
533 is(SecTrustEvaluateWithError(trust, &error), false, "wrong result for expired cert with hostname mismatch");
534 isnt(error, NULL, "failed to set error for failing trust evaluation");
535 is(CFErrorGetCode(error), errSecNotTrusted, "Got wrong error code for evaluation");
536 CFReleaseNull(error);
537
538 errOut:
539 CFReleaseNull(trust);
540 CFReleaseNull(cert0);
541 CFReleaseNull(cert1);
542 CFReleaseNull(cert2);
543 CFReleaseNull(policy);
544 CFReleaseNull(certificates);
545 CFReleaseNull(roots);
546 CFReleaseNull(date);
547 CFReleaseNull(validDate);
548 CFReleaseNull(error);
549 }
550
551 - (void)testSerialization {
552 SecCertificateRef cert0 = NULL, cert1 = NULL, root = NULL;
553 SecTrustRef trust = NULL, deserializedTrust = NULL;
554 SecPolicyRef policy = NULL;
555 CFArrayRef certs = NULL, anchors = NULL, deserializedCerts = NULL;
556 CFDateRef date = NULL;
557 CFDataRef serializedTrust = NULL;
558 CFErrorRef error = NULL;
559
560 require_action(cert0 = SecCertificateCreateWithBytes(NULL, _expired_badssl, sizeof(_expired_badssl)), errOut,
561 fail("unable to create cert"));
562 require_action(cert1 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_dvss, sizeof(_comodo_rsa_dvss)), errOut,
563 fail("unable to create cert"));
564 require_action(root = SecCertificateCreateWithBytes(NULL, _comodo_rsa_root, sizeof(_comodo_rsa_root)), errOut,
565 fail("unable to create cert"));
566
567 const void *v_certs[] = { cert0, cert1 };
568 require_action(certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks), errOut,
569 fail("unable to create array"));
570 require_action(anchors = CFArrayCreate(NULL, (const void **)&root, 1, &kCFTypeArrayCallBacks), errOut,
571 fail("unable to create anchors array"));
572 require_action(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 4, 10, 12, 0, 0), errOut, fail("unable to create date"));
573
574 require_action(policy = SecPolicyCreateBasicX509(), errOut, fail("unable to create policy"));
575
576 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "failed to create trust");
577 require_noerr_action(SecTrustSetAnchorCertificates(trust, anchors), errOut,
578 fail("unable to set anchors"));
579 require_noerr_action(SecTrustSetVerifyDate(trust, date), errOut, fail("unable to set verify date"));
580
581 ok(serializedTrust = SecTrustSerialize(trust, NULL), "failed to serialize trust");
582 ok(deserializedTrust = SecTrustDeserialize(serializedTrust, NULL), "Failed to deserialize trust");
583 CFReleaseNull(serializedTrust);
584
585 require_noerr_action(SecTrustCopyCustomAnchorCertificates(deserializedTrust, &deserializedCerts), errOut,
586 fail("unable to get anchors from deserialized trust"));
587 ok(CFEqual(anchors, deserializedCerts), "Failed to get the same anchors after serialization/deserialization");
588 CFReleaseNull(deserializedCerts);
589
590 require_noerr_action(SecTrustCopyInputCertificates(trust, &deserializedCerts), errOut,
591 fail("unable to get input certificates from deserialized trust"));
592 ok(CFEqual(certs, deserializedCerts), "Failed to get same input certificates after serialization/deserialization");
593 CFReleaseNull(deserializedCerts);
594
595 /* correct API behavior */
596 #pragma clang diagnostic push
597 #pragma clang diagnostic ignored "-Wnonnull"
598 is(SecTrustSerialize(NULL, &error), NULL, "serialize succeeded with null input");
599 is(CFErrorGetCode(error), errSecParam, "Incorrect error code for bad serialization input");
600 CFReleaseNull(error);
601 is(SecTrustDeserialize(NULL, &error), NULL, "deserialize succeeded with null input");
602 is(CFErrorGetCode(error), errSecParam, "Incorrect error code for bad deserialization input");
603 CFReleaseNull(error);
604 #pragma clang diagnostic pop
605
606 errOut:
607 CFReleaseNull(cert0);
608 CFReleaseNull(cert1);
609 CFReleaseNull(root);
610 CFReleaseNull(certs);
611 CFReleaseNull(anchors);
612 CFReleaseNull(date);
613 CFReleaseNull(policy);
614 CFReleaseNull(trust);
615 CFReleaseNull(deserializedTrust);
616 }
617
618 - (void)testSerializationSCTs {
619 SecCertificateRef certA = NULL, certCA_alpha = NULL, certCA_beta = NULL;
620 NSURL *trustedLogsURL = [[NSBundle bundleForClass:[self class]] URLForResource:@"CTlogs"
621 withExtension:@"plist"
622 subdirectory:@"si-82-sectrust-ct-data"];
623 CFArrayRef trustedLogs= CFBridgingRetain([NSArray arrayWithContentsOfURL:trustedLogsURL]);
624 SecTrustRef trust = NULL, deserializedTrust = NULL;
625 SecPolicyRef policy = SecPolicyCreateBasicX509(); // <rdar://problem/50066309> Need to generate new certs for CTTests
626 NSData *proofA_1 = NULL, *proofA_2 = NULL;
627 NSDate *date = [NSDate dateWithTimeIntervalSinceReferenceDate:447450000.0]; // March 7, 2015 at 11:40:00 AM PST
628 CFErrorRef error = NULL;
629
630 NSURL *url = [[NSBundle bundleForClass:[self class]] URLForResource:@"serverA" withExtension:@".cer" subdirectory:@"si-82-sectrust-ct-data"];
631 NSData *certData = [NSData dataWithContentsOfURL:url];
632 isnt(certA = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certData), NULL, "create certA");
633
634 url = [[NSBundle bundleForClass:[self class]] URLForResource:@"CA_beta" withExtension:@".cer" subdirectory:@"si-82-sectrust-ct-data"];
635 certData = [NSData dataWithContentsOfURL:url];
636 isnt(certCA_alpha = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certData), NULL, "create ca-alpha cert");
637
638 NSArray *anchors = @[ (__bridge id)certCA_alpha ];
639
640 url = [[NSBundle bundleForClass:[self class]] URLForResource:@"serverA_proof_Alfa_3" withExtension:@".bin" subdirectory:@"si-82-sectrust-ct-data"];
641 isnt(proofA_1 = [NSData dataWithContentsOfURL:url], NULL, "creat proofA_1");
642 url = [[NSBundle bundleForClass:[self class]] URLForResource:@"serverA_proof_Bravo_3" withExtension:@".bin" subdirectory:@"si-82-sectrust-ct-data"];
643 isnt(proofA_2 = [NSData dataWithContentsOfURL:url], NULL, "creat proofA_2");
644 NSArray *scts = @[ proofA_1, proofA_2 ];
645
646 /* Make a SecTrustRef and then serialize it */
647 ok_status(SecTrustCreateWithCertificates(certA, policy, &trust), "failed to create trust object");
648 ok_status(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors), "failed to set anchors");
649 ok_status(SecTrustSetTrustedLogs(trust, trustedLogs), "failed to set trusted logs");
650 ok_status(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date), "failed to set verify date");
651 ok_status(SecTrustSetSignedCertificateTimestamps(trust, (__bridge CFArrayRef)scts), "failed to set SCTS");
652
653 NSData *serializedTrust = CFBridgingRelease(SecTrustSerialize(trust, &error));
654 isnt(serializedTrust, NULL, "failed to serialize trust: %@", error);
655
656 /* Evaluate it to make sure it's CT */
657 ok(SecTrustEvaluateWithError(trust, &error), "failed to evaluate trust: %@", error);
658 NSDictionary *results = CFBridgingRelease(SecTrustCopyResult(trust));
659 isnt(results[(__bridge NSString*)kSecTrustCertificateTransparency], NULL, "failed get CT result");
660 ok([results[(__bridge NSString*)kSecTrustCertificateTransparency] boolValue], "CT failed");
661
662 /* Make a new trust object by deserializing the previous trust object */
663 ok(deserializedTrust = SecTrustDeserialize((__bridge CFDataRef)serializedTrust, &error), "failed to deserialize trust: %@", error);
664
665 /* Evaluate the new one to make sure it's CT (because the SCTs were serialized) */
666 ok(SecTrustEvaluateWithError(deserializedTrust, &error), "failed to evaluate trust: %@", error);
667 results = CFBridgingRelease(SecTrustCopyResult(deserializedTrust));
668 isnt(results[(__bridge NSString*)kSecTrustCertificateTransparency], NULL, "failed get CT result");
669 ok([results[(__bridge NSString*)kSecTrustCertificateTransparency] boolValue], "CT failed");
670
671 CFReleaseNull(certA);
672 CFReleaseNull(certCA_alpha);
673 CFReleaseNull(certCA_beta);
674 CFReleaseNull(trustedLogs);
675 CFReleaseNull(policy);
676 CFReleaseNull(trust);
677 CFReleaseNull(deserializedTrust);
678 CFReleaseNull(error);
679 }
680
681 - (void)testTLSAnalytics {
682 xpc_object_t metric = xpc_dictionary_create(NULL, NULL, 0);
683 ok(metric != NULL);
684
685 const char *TLS_METRIC_PROCESS_IDENTIFIER = "process";
686 const char *TLS_METRIC_CIPHERSUITE = "cipher_name";
687 const char *TLS_METRIC_PROTOCOL_VERSION = "version";
688 const char *TLS_METRIC_SESSION_RESUMED = "resumed";
689
690 xpc_dictionary_set_string(metric, TLS_METRIC_PROCESS_IDENTIFIER, "super awesome unit tester");
691 xpc_dictionary_set_uint64(metric, TLS_METRIC_CIPHERSUITE, 0x0304);
692 xpc_dictionary_set_uint64(metric, TLS_METRIC_PROTOCOL_VERSION, 0x0304);
693 xpc_dictionary_set_bool(metric, TLS_METRIC_SESSION_RESUMED, false);
694 // ... TLS would fill in the rest
695
696 // Invoke the callback
697 CFErrorRef error = NULL;
698 bool reported = SecTrustReportTLSAnalytics(CFSTR("TLSConnectionEvent"), metric, &error);
699 ok(reported, "Failed to report analytics with error %@", error);
700 }
701
702 - (void)testEvaluateFastAsync
703 {
704 SecCertificateRef cert0 = NULL, cert1 = NULL, cert2 = NULL;
705 SecPolicyRef policy = NULL;
706 __block SecTrustRef trust = NULL;
707 NSArray *certificates = nil, *roots = nil;
708 NSDate *validDate = nil;
709 dispatch_queue_t queue = dispatch_queue_create("com.apple.trusttests.EvalAsync", DISPATCH_QUEUE_SERIAL_WITH_AUTORELEASE_POOL);
710 __block XCTestExpectation *blockExpectation = [self expectationWithDescription:@"callback occurs"];
711
712 cert0 = SecCertificateCreateWithBytes(NULL, _expired_badssl, sizeof(_expired_badssl));
713 cert1 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_dvss, sizeof(_comodo_rsa_dvss));
714 cert2 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_root, sizeof(_comodo_rsa_root));
715
716 certificates = @[ (__bridge id)cert0, (__bridge id)cert1 ];
717 roots = @[ (__bridge id)cert2 ];
718
719 policy = SecPolicyCreateSSL(true, CFSTR("expired.badssl.com"));
720 XCTAssert(errSecSuccess == SecTrustCreateWithCertificates((__bridge CFArrayRef)certificates, policy, &trust));
721 XCTAssert(errSecSuccess == SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)roots));
722
723 /* April 10 2015 (cert expired in 2015) */
724 validDate = CFBridgingRelease(CFDateCreateForGregorianZuluMoment(NULL, 2015, 4, 10, 12, 0, 0));
725 XCTAssert(errSecSuccess == SecTrustSetVerifyDate(trust, (__bridge CFDateRef)validDate));
726
727 #pragma clang diagnostic push
728 #pragma clang diagnostic ignored "-Wnonnull"
729 XCTAssert(errSecParam == SecTrustEvaluateFastAsync(trust, NULL, ^(SecTrustRef _Nonnull trustRef, SecTrustResultType trustResult) {
730 XCTAssert(false, "callback called with invalid parameter");
731 }));
732 #pragma clang diagnostic pop
733
734 /* expect success */
735 dispatch_async(queue, ^{
736 XCTAssert(errSecSuccess == SecTrustEvaluateFastAsync(trust, queue, ^(SecTrustRef _Nonnull trustRef, SecTrustResultType trustResult) {
737 XCTAssert(trustRef != NULL);
738 XCTAssert(trustResult == kSecTrustResultUnspecified);
739 [blockExpectation fulfill];
740 }));
741 });
742
743 [self waitForExpectations:@[blockExpectation] timeout:1.0];
744
745 /* Mar 21 2017 (cert expired in 2015, so this will cause a validity error.) */
746 validDate = CFBridgingRelease(CFDateCreateForGregorianZuluMoment(NULL, 2017, 3, 21, 12, 0, 0));
747 XCTAssert(errSecSuccess == SecTrustSetVerifyDate(trust, (__bridge CFDateRef)validDate));
748
749 /* expect failure */
750 blockExpectation = [self expectationWithDescription:@"callback occurs"];
751 dispatch_async(queue, ^{
752 XCTAssert(errSecSuccess == SecTrustEvaluateFastAsync(trust, queue, ^(SecTrustRef _Nonnull trustRef, SecTrustResultType trustResult) {
753 XCTAssert(trustRef != NULL);
754 XCTAssert(trustResult == kSecTrustResultRecoverableTrustFailure);
755 [blockExpectation fulfill];
756 }));
757 });
758
759 [self waitForExpectations:@[blockExpectation] timeout:1.0];
760
761 CFReleaseNull(cert0);
762 CFReleaseNull(cert1);
763 CFReleaseNull(cert2);
764 CFReleaseNull(policy);
765 CFReleaseNull(trust);
766 }
767
768 - (void)testEvaluateAsyncWithError
769 {
770 SecCertificateRef cert0 = NULL, cert1 = NULL, cert2 = NULL;
771 SecPolicyRef policy = NULL;
772 SecTrustRef trust = NULL;
773 NSArray *certificates = nil, *roots = nil;
774 NSDate *validDate = nil;
775 dispatch_queue_t queue = dispatch_queue_create("com.apple.trusttests.EvalAsync", DISPATCH_QUEUE_SERIAL_WITH_AUTORELEASE_POOL);
776 __block XCTestExpectation *blockExpectation = [self expectationWithDescription:@"callback occurs"];
777
778 cert0 = SecCertificateCreateWithBytes(NULL, _expired_badssl, sizeof(_expired_badssl));
779 cert1 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_dvss, sizeof(_comodo_rsa_dvss));
780 cert2 = SecCertificateCreateWithBytes(NULL, _comodo_rsa_root, sizeof(_comodo_rsa_root));
781
782 certificates = @[ (__bridge id)cert0, (__bridge id)cert1 ];
783 roots = @[ (__bridge id)cert2 ];
784
785 policy = SecPolicyCreateSSL(true, CFSTR("expired.badssl.com"));
786 XCTAssert(errSecSuccess == SecTrustCreateWithCertificates((__bridge CFArrayRef)certificates, policy, &trust));
787 XCTAssert(errSecSuccess == SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)roots));
788
789 /* April 10 2015 (cert expired in 2015) */
790 validDate = CFBridgingRelease(CFDateCreateForGregorianZuluMoment(NULL, 2015, 4, 10, 12, 0, 0));
791 XCTAssert(errSecSuccess == SecTrustSetVerifyDate(trust, (__bridge CFDateRef)validDate));
792
793 #pragma clang diagnostic push
794 #pragma clang diagnostic ignored "-Wnonnull"
795 XCTAssert(errSecParam == SecTrustEvaluateAsyncWithError(trust, NULL, ^(SecTrustRef _Nonnull trustRef, bool result, CFErrorRef _Nullable error) {
796 XCTAssert(false, "callback called with invalid parameter");
797 }));
798 #pragma clang diagnostic pop
799
800 /* expect success */
801 dispatch_async(queue, ^{
802 XCTAssert(errSecSuccess == SecTrustEvaluateAsyncWithError(trust, queue, ^(SecTrustRef _Nonnull trustRef, bool result, CFErrorRef _Nullable error) {
803 XCTAssert(trust != NULL);
804 XCTAssertTrue(result);
805 XCTAssert(error == NULL);
806 [blockExpectation fulfill];
807 }));
808 });
809
810 [self waitForExpectations:@[blockExpectation] timeout:1.0];
811
812 /* Mar 21 2017 (cert expired in 2015, so this will cause a validity error.) */
813 validDate = CFBridgingRelease(CFDateCreateForGregorianZuluMoment(NULL, 2017, 3, 21, 12, 0, 0));
814 XCTAssert(errSecSuccess == SecTrustSetVerifyDate(trust, (__bridge CFDateRef)validDate));
815
816 /* expect expiration error */
817 blockExpectation = [self expectationWithDescription:@"callback occurs"];
818 dispatch_async(queue, ^{
819 XCTAssert(errSecSuccess == SecTrustEvaluateAsyncWithError(trust, queue, ^(SecTrustRef _Nonnull trustRef, bool result, CFErrorRef _Nullable error) {
820 XCTAssert(trust != NULL);
821 XCTAssertFalse(result);
822 XCTAssert(error != NULL);
823 XCTAssert(CFErrorGetCode(error) == errSecCertificateExpired);
824 [blockExpectation fulfill];
825 }));
826 });
827
828 [self waitForExpectations:@[blockExpectation] timeout:1.0];
829
830 CFReleaseNull(cert0);
831 CFReleaseNull(cert1);
832 CFReleaseNull(cert2);
833 CFReleaseNull(policy);
834 CFReleaseNull(trust);
835 }
836
837 - (void)testCopyProperties_ios
838 {
839 /* Test null input */
840 #pragma clang diagnostic push
841 #pragma clang diagnostic ignored "-Wnonnull"
842 #if TARGET_OS_IPHONE
843 XCTAssertEqual(NULL, SecTrustCopyProperties(NULL));
844 #else
845 XCTAssertEqual(NULL, SecTrustCopyProperties_ios(NULL));
846 #endif
847 #pragma clang diagnostic pop
848
849 NSURL *testPlist = nil;
850 NSArray *testsArray = nil;
851
852 testPlist = [[NSBundle bundleForClass:[self class]] URLForResource:@"debugging" withExtension:@"plist"
853 subdirectory:@"TestCopyProperties_ios-data"];
854 if (!testPlist) {
855 testPlist = [[NSBundle bundleForClass:[self class]] URLForResource:nil withExtension:@"plist"
856 subdirectory:(NSString *)@"TestCopyProperties_ios-data"];
857 }
858 if (!testPlist) {
859 fail("Failed to get tests plist from TestCopyProperties-data");
860 return;
861 }
862
863 testsArray = [NSArray arrayWithContentsOfURL: testPlist];
864 if (!testsArray) {
865 fail("Failed to create array from plist");
866 return;
867 }
868
869 [testsArray enumerateObjectsUsingBlock:^(NSDictionary *testDict, NSUInteger idx, BOOL * _Nonnull stop) {
870 TestTrustEvaluation *testObj = [[TestTrustEvaluation alloc] initWithTrustDictionary:testDict];
871 XCTAssertNotNil(testObj, "failed to create test object for %lu", (unsigned long)idx);
872
873 #if TARGET_OS_BRIDGE
874 // Skip disabled bridgeOS tests on bridgeOS
875 if (testObj.bridgeOSDisabled) {
876 return;
877 }
878 #endif
879
880 #if TARGET_OS_IPHONE
881 NSArray *properties = CFBridgingRelease(SecTrustCopyProperties(testObj.trust));
882 #else
883 NSArray *properties = CFBridgingRelease(SecTrustCopyProperties_ios(testObj.trust));
884 #endif
885
886 if (testDict[@"ExpectedProperties"]) {
887 XCTAssertEqualObjects(testDict[@"ExpectedProperties"], properties, @"%@ test failed", testObj.fullTestName);
888 } else {
889 XCTAssertNil(properties, @"%@ test failed", testObj.fullTestName);
890 }
891 }];
892 }
893
894 @end
mirror of Security