]> git.saurik.com Git - apple/security.git/blob - SecurityTool/trusted_cert_dump.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / SecurityTool / trusted_cert_dump.c
1 /*
2 * Copyright (c) 2003-2009,2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * trusted_cert_dump.c
24 */
25
26 #include "security_tool.h"
27
28 #include "trusted_cert_dump.h"
29 #include "trusted_cert_utils.h"
30
31 #include <errno.h>
32 #include <unistd.h>
33 #include <Security/Security.h>
34 #include <Security/cssmapple.h>
35 #include <Security/SecTrustSettings.h>
36 #include <Security/oidsalg.h>
37 #include <security_cdsa_utils/cuFileIo.h>
38 #include <CoreFoundation/CoreFoundation.h>
39
40 // SecCertificateInferLabel
41 #include <Security/SecCertificatePriv.h>
42
43
44 /* print cert's label (the one SecCertificate infers) */
45 static OSStatus printCertLabel(
46 SecCertificateRef certRef)
47 {
48 OSStatus ortn;
49 CFStringRef label;
50
51 ortn = SecCertificateInferLabel(certRef, &label);
52 if(ortn) {
53 cssmPerror("SecCertificateInferLabel", ortn);
54 return ortn;
55 }
56 printCfStr(label);
57 CFRelease(label);
58 return noErr;
59 }
60
61 /*
62 * Display a Trust Settings array as obtained from
63 * SecTrustSettingsCopyTrustSettings().
64 */
65 static int displayTrustSettings(
66 CFArrayRef trustSettings)
67 {
68 /* must always be there though it may be empty */
69 if(trustSettings == NULL) {
70 fprintf(stderr, "***displayTrustSettings: missing trust settings array");
71 return -1;
72 }
73 if(CFGetTypeID(trustSettings) != CFArrayGetTypeID()) {
74 fprintf(stderr, "***displayTrustSettings: malformed trust settings array");
75 return -1;
76 }
77
78 int ourRtn = 0;
79 CFIndex numUseConstraints = CFArrayGetCount(trustSettings);
80 indentIncr();
81 indent(); printf("Number of trust settings : %ld\n", (long)numUseConstraints);
82 OSStatus ortn;
83 SecPolicyRef certPolicy;
84 SecTrustedApplicationRef certApp;
85 CFDictionaryRef ucDict;
86 CFStringRef policyStr;
87 CFNumberRef cfNum;
88 CFIndex ucDex;
89
90 /* grind thru the trust settings dictionaries */
91 for(ucDex=0; ucDex<numUseConstraints; ucDex++) {
92 indent(); printf("Trust Setting %ld:\n", (long)ucDex);
93 indentIncr();
94
95 ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, ucDex);
96 if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
97 fprintf(stderr, "***displayTrustSettings: malformed usage constraints dictionary");
98 ourRtn = -1;
99 goto nextAp;
100 }
101
102 /* policy - optional */
103 certPolicy = (SecPolicyRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
104 if(certPolicy != NULL) {
105 if(CFGetTypeID(certPolicy) != SecPolicyGetTypeID()) {
106 fprintf(stderr, "***displayTrustSettings: malformed certPolicy");
107 ourRtn = -1;
108 goto nextAp;
109 }
110 CSSM_OID policyOid;
111 ortn = SecPolicyGetOID(certPolicy, &policyOid);
112 if(ortn) {
113 cssmPerror("SecPolicyGetOID", ortn);
114 ourRtn = -1;
115 goto nextAp;
116 }
117 indent(); printf("Policy OID : %s\n",
118 oidToOidString(&policyOid));
119 }
120
121 /* app - optional */
122 certApp = (SecTrustedApplicationRef)CFDictionaryGetValue(ucDict,
123 kSecTrustSettingsApplication);
124 if(certApp != NULL) {
125 if(CFGetTypeID(certApp) != SecTrustedApplicationGetTypeID()) {
126 fprintf(stderr, "***displayTrustSettings: malformed certApp");
127 ourRtn = -1;
128 goto nextAp;
129 }
130 CFDataRef appPath = NULL;
131 ortn = SecTrustedApplicationCopyData(certApp, &appPath);
132 if(ortn) {
133 cssmPerror("SecTrustedApplicationCopyData", ortn);
134 ourRtn = -1;
135 goto nextAp;
136 }
137 indent(); printf("Application : %s", CFDataGetBytePtr(appPath));
138 printf("\n");
139 CFRelease(appPath);
140 }
141
142 /* policy string */
143 policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
144 if(policyStr != NULL) {
145 if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
146 fprintf(stderr, "***displayTrustSettings: malformed policyStr");
147 ourRtn = -1;
148 goto nextAp;
149 }
150 indent(); printf("Policy String : ");
151 printCfStr(policyStr); printf("\n");
152 }
153
154 /* Allowed error */
155 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
156 if(cfNum != NULL) {
157 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
158 fprintf(stderr, "***displayTrustSettings: malformed allowedError");
159 ourRtn = -1;
160 goto nextAp;
161 }
162 indent(); printf("Allowed Error : ");
163 printCssmErr(cfNum); printf("\n");
164 }
165
166 /* ResultType */
167 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
168 if(cfNum != NULL) {
169 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
170 fprintf(stderr, "***displayTrustSettings: malformed ResultType");
171 ourRtn = -1;
172 goto nextAp;
173 }
174 indent(); printf("Result Type : ");
175 printResultType(cfNum); printf("\n");
176 }
177
178 /* key usage */
179 cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
180 if(cfNum != NULL) {
181 if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
182 fprintf(stderr, "***displayTrustSettings: malformed keyUsage");
183 ourRtn = -1;
184 goto nextAp;
185 }
186 indent(); printf("Key Usage : ");
187 printKeyUsage(cfNum); printf("\n");
188 }
189
190 nextAp:
191 indentDecr();
192 }
193 indentDecr();
194 return ourRtn;
195 }
196
197 int
198 trusted_cert_dump(int argc, char * const *argv)
199 {
200 CFArrayRef certArray = NULL;
201 OSStatus ortn = noErr;
202 CFIndex numCerts;
203 CFIndex dex;
204 CFArrayRef trustSettings;
205 int ourRtn = 0;
206 SecTrustSettingsDomain domain = kSecTrustSettingsDomainUser;
207
208 extern char *optarg;
209 extern int optind;
210 int arg;
211
212 optind = 1;
213 while ((arg = getopt(argc, argv, "sdh")) != -1) {
214 switch (arg) {
215 case 's':
216 domain = kSecTrustSettingsDomainSystem;
217 break;
218 case 'd':
219 domain = kSecTrustSettingsDomainAdmin;
220 break;
221 default:
222 case 'h':
223 return SHOW_USAGE_MESSAGE;
224 }
225 }
226
227 if(optind != argc) {
228 return SHOW_USAGE_MESSAGE;
229 }
230
231 ortn = SecTrustSettingsCopyCertificates(domain, &certArray);
232 if(ortn) {
233 cssmPerror("SecTrustSettingsCopyCertificates", ortn);
234 return 1;
235 }
236 numCerts = CFArrayGetCount(certArray);
237 printf("Number of trusted certs = %ld\n", (long)numCerts);
238
239 for(dex=0; dex<numCerts; dex++) {
240 SecCertificateRef certRef =
241 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, dex);
242 if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
243 fprintf(stderr, "***Bad CFGetTypeID for cert %ld\n", (long)dex);
244 ourRtn = -1;
245 break;
246 }
247
248 /* always print the cert's label */
249 printf("Cert %ld: ", dex);
250 printCertLabel(certRef);
251 printf("\n");
252
253 /* see if the cert has any usage constraints (it should!) */
254 ortn = SecTrustSettingsCopyTrustSettings(certRef, domain, &trustSettings);
255 if(ortn) {
256 cssmPerror("SecTrustSettingsCopyTrustSettings", ortn);
257 ourRtn = -1;
258 continue;
259 }
260 if(displayTrustSettings(trustSettings)) {
261 ourRtn = -1;
262 }
263 }
264 CFRelease(certArray);
265
266 return ourRtn;
267 }
mirror of Security