OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.m

   1 /*
   2  * Copyright (c) 2015-2017 Apple Inc. All Rights Reserved.
   3  */
   4
   5 #include <AssertMacros.h>
   6 #import <Foundation/Foundation.h>
   7
   8 #include <Security/SecCertificate.h>
   9 #include <Security/SecCertificatePriv.h>
  10 #include <Security/SecPolicyPriv.h>
  11 #include <Security/SecTrustPriv.h>
  12 #include <Security/SecItem.h>
  13 #include <utilities/SecCFWrappers.h>
  14
  15 #include "shared_regressions.h"
  16
  17 #include "si-87-sectrust-name-constraints.h"
  18
  19
  20 static void tests(void) {
  21     SecCertificateRef root = NULL, subca = NULL, leaf1 = NULL, leaf2 = NULL;
  22     NSArray *certs1 = nil, *certs2, *anchors = nil;
  23     SecPolicyRef policy = SecPolicyCreateBasicX509();
  24     SecTrustRef trust = NULL;
  25     SecTrustResultType trustResult = kSecTrustResultInvalid;
  26     NSDate *date = [NSDate dateWithTimeIntervalSinceReferenceDate:517282600.0]; // 23 May 2017
  27
  28     require_action(root = SecCertificateCreateWithBytes(NULL, _test_root, sizeof(_test_root)), errOut,
  29                    fail("Failed to create root cert"));
  30     require_action(subca = SecCertificateCreateWithBytes(NULL, _test_intermediate, sizeof(_test_intermediate)), errOut,
  31                    fail("Failed to create subca cert"));
  32     require_action(leaf1 = SecCertificateCreateWithBytes(NULL, _test_leaf1, sizeof(_test_leaf1)), errOut,
  33                    fail("Failed to create leaf cert 1"));
  34     require_action(leaf2 = SecCertificateCreateWithBytes(NULL, _test_leaf2, sizeof(_test_leaf2)), errOut,
  35                    fail("Failed to create leaf cert 2"));
  36
  37     certs1 = @[(__bridge id)leaf1, (__bridge id)subca];
  38     certs2 = @[(__bridge id)leaf2, (__bridge id)subca];
  39     anchors = @[(__bridge id)root];
  40
  41     require_noerr_action(SecTrustCreateWithCertificates((__bridge CFArrayRef)certs1,
  42                                                         policy, &trust), errOut,
  43                          fail("Failed to create trust for leaf 1"));
  44     require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date), errOut,
  45                          fail("Failed to set verify date"));
  46     require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors), errOut,
  47                          fail("Failed to set anchors"));
  48     require_noerr_action(SecTrustEvaluate(trust, &trustResult), errOut,
  49                          fail("Failed to evaluate trust"));
  50     is(trustResult, kSecTrustResultUnspecified, "Got wrong trust result for leaf 1");
  51
  52     CFReleaseNull(trust);
  53     trustResult = kSecTrustResultInvalid;
  54
  55     require_noerr_action(SecTrustCreateWithCertificates((__bridge CFArrayRef)certs2,
  56                                                         policy, &trust), errOut,
  57                          fail("Failed to create trust for leaf 1"));
  58     require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)date), errOut,
  59                          fail("Failed to set verify date"));
  60     require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors), errOut,
  61                          fail("Failed to set anchors"));
  62     require_noerr_action(SecTrustEvaluate(trust, &trustResult), errOut,
  63                          fail("Failed to evaluate trust"));
  64     is(trustResult, kSecTrustResultUnspecified, "Got wrong trust result for leaf 1");
  65
  66 errOut:
  67     CFReleaseNull(root);
  68     CFReleaseNull(subca);
  69     CFReleaseNull(leaf1);
  70     CFReleaseNull(leaf2);
  71     CFReleaseNull(policy);
  72     CFReleaseNull(trust);
  73 }
  74
  75 int si_87_sectrust_name_constraints(int argc, char *const *argv)
  76 {
  77         plan_tests(2);
  78         tests();
  79         return 0;
  80 }