]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_cms/regressions/cms-trust-settings-test.c
Security-58286.1.32.tar.gz
[apple/security.git] / OSX / libsecurity_cms / regressions / cms-trust-settings-test.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <AssertMacros.h>
25
26 #include <utilities/SecCFRelease.h>
27
28 #include <Security/SecBase.h>
29 #include <Security/SecImportExport.h>
30 #include <Security/SecKeychain.h>
31 #include <Security/SecCertificatePriv.h>
32 #include <Security/SecTrustSettings.h>
33 #include <Security/SecItem.h>
34 #include <Security/SecTrust.h>
35 #include <Security/SecPolicy.h>
36 #include <Security/CMSDecoder.h>
37
38 #define kSystemLoginKeychainPath "/Library/Keychains/System.keychain"
39
40 #include "regressions/test/testmore.h"
41 #include "cms-trust-settings-test.h"
42
43 // See <rdar://problem/8115188>
44 static void test(void) {
45 SecCertificateRef cert = NULL;
46 SecKeychainRef kcRef = NULL;
47 CFMutableDictionaryRef query = NULL;
48 CFDictionaryRef trustSettings = NULL;
49 CFArrayRef persistentRef = NULL;
50 CMSDecoderRef decoder = NULL;
51 SecPolicyRef policy = NULL;
52 SecTrustRef trust = NULL;
53 CMSSignerStatus signerStatus = kCMSSignerInvalidIndex;
54 SecTrustResultType trustResult = kSecTrustResultInvalid;
55
56 /* Add cert to keychain */
57 ok(cert = SecCertificateCreateWithBytes(NULL, _cert, sizeof(_cert)), "Create cert");
58 ok_status(SecKeychainOpen(kSystemLoginKeychainPath, &kcRef), "Open system keychain");
59 if (!kcRef) {
60 goto out;
61 }
62 ok(query = CFDictionaryCreateMutable(NULL, 3, &kCFTypeDictionaryKeyCallBacks,
63 &kCFTypeDictionaryValueCallBacks),
64 "Create SecItem dictionary");
65 CFDictionaryAddValue(query, kSecValueRef, cert);
66 CFDictionaryAddValue(query, kSecUseKeychain, kcRef);
67 CFDictionaryAddValue(query, kSecReturnPersistentRef, kCFBooleanTrue);
68 ok_status(SecItemAdd(query, (void *)&persistentRef),
69 "Add cert to system keychain");
70
71 /* Set trust settings */
72 CFStringRef temp = kSecTrustSettingsResult;
73 uint32_t otherTemp = kSecTrustSettingsResultDeny;
74 CFNumberRef deny = CFNumberCreate(NULL, kCFNumberSInt32Type, &otherTemp);
75 trustSettings = CFDictionaryCreate(NULL, (const void **)&temp, (const void **)&deny, 1,
76 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
77 CFReleaseNull(deny);
78 ok_status(SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainAdmin, trustSettings),
79 "Set cert as denied");
80 // Wait for trustd to get the message
81 sleep(1);
82
83 /* Create the Decoder */
84 ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
85 ok_status(CMSDecoderUpdateMessage(decoder, _signed_message, sizeof(_signed_message)),
86 "Update decoder with CMS message");
87 ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
88
89 /* Evaluate trust */
90 ok(policy = SecPolicyCreateBasicX509(), "Create policy");
91 ok_status(CMSDecoderCopySignerStatus(decoder, 0, policy, true, &signerStatus, &trust, NULL),
92 "Copy Signer status");
93 ok_status(SecTrustGetTrustResult(trust, &trustResult), "Get trust result");
94 is(trustResult, kSecTrustResultDeny, "Not denied");
95
96 out:
97 if (persistentRef) {
98 CFTypeRef item = CFArrayGetValueAtIndex(persistentRef, 0);
99 CFDictionaryRef del = CFDictionaryCreate(NULL, (const void **)&kSecValuePersistentRef, &item, 1,
100 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
101 SecItemDelete(del);
102 CFReleaseNull(del);
103 }
104 CFReleaseNull(cert);
105 CFReleaseNull(kcRef);
106 CFReleaseNull(query);
107 CFReleaseNull(persistentRef);
108 CFReleaseNull(trustSettings);
109 CFReleaseNull(decoder);
110 CFReleaseNull(policy);
111 CFReleaseNull(trust);
112 }
113
114 int cms_trust_settings_test(int argc, char *const *argv) {
115 plan_tests(12);
116
117 #if !TARGET_OS_IPHONE
118 if (getuid() != 0) {
119 printf("Test must be run as root on OS X");
120 return 0;
121 }
122 #endif
123
124 test();
125
126 return 0;
127 }