]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c
Security-57337.20.44.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-87-sectrust-name-constraints.c
1 /*
2 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
3 */
4
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/SecCertificate.h>
7 #include <Security/SecCertificatePriv.h>
8 #include <Security/SecInternal.h>
9 #include <Security/SecPolicyPriv.h>
10 #include <Security/SecTrustPriv.h>
11 #include <Security/SecItem.h>
12 #include <ipc/securityd_client.h>
13 #include <utilities/array_size.h>
14 #include <utilities/SecCFWrappers.h>
15 #include <stdlib.h>
16 #include <unistd.h>
17
18 #include "Security_regressions.h"
19
20 #include "si-87-sectrust-name-constraints.h"
21
22 static void test_att(void)
23 {
24 SecTrustRef trust = NULL;
25 SecPolicyRef policy = NULL;
26 SecCertificateRef leaf, int1, int2, cert3, root;
27 SecTrustResultType trustResult;
28
29 isnt(leaf = SecCertificateCreateWithBytes(NULL, att_leaf, sizeof(att_leaf)), NULL, "create att leaf");
30 isnt(int1 = SecCertificateCreateWithBytes(NULL, att_intermediate1, sizeof(att_intermediate1)), NULL, "create att intermediate 1");
31 isnt(int2 = SecCertificateCreateWithBytes(NULL, att_intermediate2, sizeof(att_intermediate2)), NULL, "create att intermediate 2");
32 isnt(cert3 = SecCertificateCreateWithBytes(NULL, att_intermediate3, sizeof(att_intermediate3)), NULL, "create att intermediate 3");
33 isnt(root = SecCertificateCreateWithBytes(NULL, att_root, sizeof(att_root)), NULL, "create att root");
34
35 const void *v_certs[] = { leaf, int1, int2, cert3 };
36 const void *v_roots[] = { root };
37 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
38 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
39
40 /* Create SSL policy with specific hostname. */
41 isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy");
42
43 /* Create trust reference. */
44 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
45
46 /* Set explicit verify date: Aug 14 2015. */
47 CFDateRef date = NULL;
48 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date");
49 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
50
51 /* Provide root certificate. */
52 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
53
54 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
55 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
56 is(SecTrustGetCertificateCount(trust), 5, "cert count is 5");
57
58 CFReleaseSafe(date);
59 CFReleaseSafe(trust);
60 CFReleaseSafe(policy);
61 CFReleaseSafe(certs);
62 CFReleaseSafe(roots);
63 CFReleaseSafe(root);
64 CFReleaseSafe(cert3);
65 CFReleaseSafe(int2);
66 CFReleaseSafe(int1);
67 CFReleaseSafe(leaf);
68 }
69
70 static void test_intel1(void)
71 {
72 SecTrustRef trust = NULL;
73 SecPolicyRef policy = NULL;
74 SecCertificateRef leaf, int1, int2, root;
75 SecTrustResultType trustResult;
76
77 isnt(leaf = SecCertificateCreateWithBytes(NULL, intel1_leaf, sizeof(intel1_leaf)), NULL, "create intel 1 leaf");
78 isnt(int1 = SecCertificateCreateWithBytes(NULL, intel1_intermediate1, sizeof(intel1_intermediate1)), NULL, "create intel 1 intermediate 1");
79 isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
80 isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
81
82 const void *v_certs[] = { leaf, int1, int2 };
83 const void *v_roots[] = { root };
84 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
85 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
86
87 /* Create SSL policy with specific hostname. */
88 isnt(policy = SecPolicyCreateSSL(true, CFSTR("myctx.intel.com")), NULL, "create policy");
89
90 /* Create trust reference. */
91 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
92
93 /* Set explicit verify date: Sep 3 2015. */
94 CFDateRef date = NULL;
95 isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
96 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
97
98 /* Provide root certificate. */
99 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
100
101 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
102 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
103 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
104
105 CFReleaseSafe(date);
106 CFReleaseSafe(trust);
107 CFReleaseSafe(policy);
108 CFReleaseSafe(certs);
109 CFReleaseSafe(roots);
110 CFReleaseSafe(root);
111 CFReleaseSafe(int2);
112 CFReleaseSafe(int1);
113 CFReleaseSafe(leaf);
114 }
115
116 static void test_intel2(void)
117 {
118 SecTrustRef trust = NULL;
119 SecPolicyRef policy = NULL;
120 SecCertificateRef leaf, int1, int2, root;
121 SecTrustResultType trustResult;
122
123 isnt(leaf = SecCertificateCreateWithBytes(NULL, intel2_leaf, sizeof(intel2_leaf)), NULL, "create intel 2 leaf");
124 isnt(int1 = SecCertificateCreateWithBytes(NULL, intel2_intermediate1, sizeof(intel2_intermediate1)), NULL, "create intel 2 intermediate 1");
125 isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
126 isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
127
128 const void *v_certs[] = { leaf, int1, int2 };
129 const void *v_roots[] = { root };
130 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
131 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
132
133 /* Create SSL policy with specific hostname. */
134 isnt(policy = SecPolicyCreateSSL(true, CFSTR("contact.intel.com")), NULL, "create policy");
135
136 /* Create trust reference. */
137 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
138
139 /* Set explicit verify date: Sep 3 2015. */
140 CFDateRef date = NULL;
141 isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
142 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
143
144 /* Provide root certificate. */
145 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
146
147 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
148 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
149 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
150
151 CFReleaseSafe(date);
152 CFReleaseSafe(trust);
153 CFReleaseSafe(policy);
154 CFReleaseSafe(certs);
155 CFReleaseSafe(roots);
156 CFReleaseSafe(root);
157 CFReleaseSafe(int2);
158 CFReleaseSafe(int1);
159 CFReleaseSafe(leaf);
160 }
161
162 static void test_abb(void)
163 {
164 SecTrustRef trust = NULL;
165 SecPolicyRef policy = NULL;
166 SecCertificateRef leaf, int1, int2, root;
167 SecTrustResultType trustResult;
168
169 isnt(leaf = SecCertificateCreateWithBytes(NULL, _ABB_PKI_cert, sizeof(_ABB_PKI_cert)), NULL, "create ABB leaf");
170 isnt(int1 = SecCertificateCreateWithBytes(NULL, _ABBIssuingCA6, sizeof(_ABBIssuingCA6)), NULL, "create ABB intermediate 1");
171 isnt(int2 = SecCertificateCreateWithBytes(NULL, _ABBIntermediateCA3, sizeof(_ABBIntermediateCA3)), NULL, "create ABB intermediate 2");
172 isnt(root = SecCertificateCreateWithBytes(NULL, _ABBRootCA, sizeof(_ABBRootCA)), NULL, "create ABB root");
173
174 const void *v_certs[] = { leaf, int1, int2 };
175 const void *v_roots[] = { root };
176 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
177 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
178
179 /* Create SSL policy with specific hostname. */
180 isnt(policy = SecPolicyCreateSSL(true, CFSTR("pki.abb.com")), NULL, "create policy");
181
182 /* Create trust reference. */
183 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
184
185 /* Set explicit verify date: Sep 16 2015. */
186 CFDateRef date = NULL;
187 isnt(date = CFDateCreate(NULL, 464128479.0), NULL, "create verify date");
188 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
189
190 /* Provide root certificate. */
191 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
192
193 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
194 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
195 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
196
197 CFReleaseSafe(date);
198 CFReleaseSafe(trust);
199 CFReleaseSafe(policy);
200 CFReleaseSafe(certs);
201 CFReleaseSafe(roots);
202 CFReleaseSafe(root);
203 CFReleaseSafe(int2);
204 CFReleaseSafe(int1);
205 CFReleaseSafe(leaf);
206 }
207
208 static void test_bechtel1(void)
209 {
210 SecTrustRef trust = NULL;
211 SecPolicyRef policy = NULL;
212 SecCertificateRef leaf, int1, int2, root;
213 SecTrustResultType trustResult;
214
215 isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_a, sizeof(_bechtel_leaf_a)), NULL, "create Bechtel leaf a");
216 isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2a, sizeof(_bechtel_int2a)), NULL, "create Bechtel intermediate 2a");
217 isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
218 isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
219
220 const void *v_certs[] = { leaf, int1, int2 };
221 const void *v_roots[] = { root };
222 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
223 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
224
225 /* Create SSL policy with specific hostname. */
226 isnt(policy = SecPolicyCreateSSL(true, CFSTR("supplier.bechtel.com")), NULL, "create policy");
227
228 /* Create trust reference. */
229 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
230
231 /* Set explicit verify date: Sep 29 2015. */
232 CFDateRef date = NULL;
233 isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
234 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
235
236 /* Provide root certificate. */
237 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
238
239 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
240 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
241 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
242
243 CFReleaseSafe(date);
244 CFReleaseSafe(trust);
245 CFReleaseSafe(policy);
246 CFReleaseSafe(certs);
247 CFReleaseSafe(roots);
248 CFReleaseSafe(root);
249 CFReleaseSafe(int2);
250 CFReleaseSafe(int1);
251 CFReleaseSafe(leaf);
252 }
253
254 static void test_bechtel2(void)
255 {
256 SecTrustRef trust = NULL;
257 SecPolicyRef policy = NULL;
258 SecCertificateRef leaf, int1, int2, root;
259 SecTrustResultType trustResult;
260
261 isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_b, sizeof(_bechtel_leaf_b)), NULL, "create Bechtel leaf b");
262 isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2b, sizeof(_bechtel_int2b)), NULL, "create Bechtel intermediate 2b");
263 isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
264 isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
265
266 const void *v_certs[] = { leaf, int1, int2 };
267 const void *v_roots[] = { root };
268 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
269 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
270
271 /* Create SSL policy with specific hostname. */
272 isnt(policy = SecPolicyCreateSSL(true, CFSTR("login.becpsn.com")), NULL, "create policy");
273
274 /* Create trust reference. */
275 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
276
277 /* Set explicit verify date: Sep 29 2015. */
278 CFDateRef date = NULL;
279 isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
280 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
281
282 /* Provide root certificate. */
283 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
284
285 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
286 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
287 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
288
289 CFReleaseSafe(date);
290 CFReleaseSafe(trust);
291 CFReleaseSafe(policy);
292 CFReleaseSafe(certs);
293 CFReleaseSafe(roots);
294 CFReleaseSafe(root);
295 CFReleaseSafe(int2);
296 CFReleaseSafe(int1);
297 CFReleaseSafe(leaf);
298 }
299
300 int si_87_sectrust_name_constraints(int argc, char *const *argv)
301 {
302 plan_tests(73);
303
304 test_att();
305 test_intel1();
306 test_intel2();
307 test_abb();
308 test_bechtel1();
309 test_bechtel2();
310
311 return 0;
312 }