]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c
Security-57740.60.18.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-87-sectrust-name-constraints.c
1 /*
2 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
3 */
4
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/SecCertificate.h>
7 #include <Security/SecCertificatePriv.h>
8 #include <Security/SecPolicyPriv.h>
9 #include <Security/SecTrustPriv.h>
10 #include <Security/SecItem.h>
11 #include <utilities/array_size.h>
12 #include <utilities/SecCFWrappers.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15
16 #include "shared_regressions.h"
17
18 #include "si-87-sectrust-name-constraints.h"
19
20 static void test_att(void)
21 {
22 SecTrustRef trust = NULL;
23 SecPolicyRef policy = NULL;
24 SecCertificateRef leaf, int1, int2, cert3, root;
25 SecTrustResultType trustResult;
26
27 isnt(leaf = SecCertificateCreateWithBytes(NULL, att_leaf, sizeof(att_leaf)), NULL, "create att leaf");
28 isnt(int1 = SecCertificateCreateWithBytes(NULL, att_intermediate1, sizeof(att_intermediate1)), NULL, "create att intermediate 1");
29 isnt(int2 = SecCertificateCreateWithBytes(NULL, att_intermediate2, sizeof(att_intermediate2)), NULL, "create att intermediate 2");
30 isnt(cert3 = SecCertificateCreateWithBytes(NULL, att_intermediate3, sizeof(att_intermediate3)), NULL, "create att intermediate 3");
31 isnt(root = SecCertificateCreateWithBytes(NULL, att_root, sizeof(att_root)), NULL, "create att root");
32
33 const void *v_certs[] = { leaf, int1, int2, cert3 };
34 const void *v_roots[] = { root };
35 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
36 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
37
38 /* Create SSL policy with specific hostname. */
39 isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy");
40
41 /* Create trust reference. */
42 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
43
44 /* Set explicit verify date: Aug 14 2015. */
45 CFDateRef date = NULL;
46 isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date");
47 if (!date) { goto errOut; }
48 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
49
50 /* Provide root certificate. */
51 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
52
53 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
54 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
55 is(SecTrustGetCertificateCount(trust), 5, "cert count is 5");
56
57 errOut:
58 CFReleaseSafe(date);
59 CFReleaseSafe(trust);
60 CFReleaseSafe(policy);
61 CFReleaseSafe(certs);
62 CFReleaseSafe(roots);
63 CFReleaseSafe(root);
64 CFReleaseSafe(cert3);
65 CFReleaseSafe(int2);
66 CFReleaseSafe(int1);
67 CFReleaseSafe(leaf);
68 }
69
70 static void test_intel1(void)
71 {
72 SecTrustRef trust = NULL;
73 SecPolicyRef policy = NULL;
74 SecCertificateRef leaf, int1, int2, root;
75 SecTrustResultType trustResult;
76
77 isnt(leaf = SecCertificateCreateWithBytes(NULL, intel1_leaf, sizeof(intel1_leaf)), NULL, "create intel 1 leaf");
78 isnt(int1 = SecCertificateCreateWithBytes(NULL, intel1_intermediate1, sizeof(intel1_intermediate1)), NULL, "create intel 1 intermediate 1");
79 isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
80 isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
81
82 const void *v_certs[] = { leaf, int1, int2 };
83 const void *v_roots[] = { root };
84 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
85 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
86
87 /* Create SSL policy with specific hostname. */
88 isnt(policy = SecPolicyCreateSSL(true, CFSTR("myctx.intel.com")), NULL, "create policy");
89
90 /* Create trust reference. */
91 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
92
93 /* Set explicit verify date: Sep 3 2015. */
94 CFDateRef date = NULL;
95 isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
96 if (!date) { goto errOut; }
97 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
98
99 /* Provide root certificate. */
100 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
101
102 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
103 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
104 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
105
106 errOut:
107 CFReleaseSafe(date);
108 CFReleaseSafe(trust);
109 CFReleaseSafe(policy);
110 CFReleaseSafe(certs);
111 CFReleaseSafe(roots);
112 CFReleaseSafe(root);
113 CFReleaseSafe(int2);
114 CFReleaseSafe(int1);
115 CFReleaseSafe(leaf);
116 }
117
118 static void test_intel2(void)
119 {
120 SecTrustRef trust = NULL;
121 SecPolicyRef policy = NULL;
122 SecCertificateRef leaf, int1, int2, root;
123 SecTrustResultType trustResult;
124
125 isnt(leaf = SecCertificateCreateWithBytes(NULL, intel2_leaf, sizeof(intel2_leaf)), NULL, "create intel 2 leaf");
126 isnt(int1 = SecCertificateCreateWithBytes(NULL, intel2_intermediate1, sizeof(intel2_intermediate1)), NULL, "create intel 2 intermediate 1");
127 isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
128 isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
129
130 const void *v_certs[] = { leaf, int1, int2 };
131 const void *v_roots[] = { root };
132 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
133 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
134
135 /* Create SSL policy with specific hostname. */
136 isnt(policy = SecPolicyCreateSSL(true, CFSTR("contact.intel.com")), NULL, "create policy");
137
138 /* Create trust reference. */
139 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
140
141 /* Set explicit verify date: Sep 3 2015. */
142 CFDateRef date = NULL;
143 isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
144 if (!date) { goto errOut; }
145 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
146
147 /* Provide root certificate. */
148 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
149
150 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
151 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
152 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
153
154 errOut:
155 CFReleaseSafe(date);
156 CFReleaseSafe(trust);
157 CFReleaseSafe(policy);
158 CFReleaseSafe(certs);
159 CFReleaseSafe(roots);
160 CFReleaseSafe(root);
161 CFReleaseSafe(int2);
162 CFReleaseSafe(int1);
163 CFReleaseSafe(leaf);
164 }
165
166 static void test_abb(void)
167 {
168 SecTrustRef trust = NULL;
169 SecPolicyRef policy = NULL;
170 SecCertificateRef leaf, int1, int2, root;
171 SecTrustResultType trustResult;
172
173 isnt(leaf = SecCertificateCreateWithBytes(NULL, _ABB_PKI_cert, sizeof(_ABB_PKI_cert)), NULL, "create ABB leaf");
174 isnt(int1 = SecCertificateCreateWithBytes(NULL, _ABBIssuingCA6, sizeof(_ABBIssuingCA6)), NULL, "create ABB intermediate 1");
175 isnt(int2 = SecCertificateCreateWithBytes(NULL, _ABBIntermediateCA3, sizeof(_ABBIntermediateCA3)), NULL, "create ABB intermediate 2");
176 isnt(root = SecCertificateCreateWithBytes(NULL, _ABBRootCA, sizeof(_ABBRootCA)), NULL, "create ABB root");
177
178 const void *v_certs[] = { leaf, int1, int2 };
179 const void *v_roots[] = { root };
180 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
181 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
182
183 /* Create SSL policy with specific hostname. */
184 isnt(policy = SecPolicyCreateSSL(true, CFSTR("pki.abb.com")), NULL, "create policy");
185
186 /* Create trust reference. */
187 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
188
189 /* Set explicit verify date: Sep 16 2015. */
190 CFDateRef date = NULL;
191 isnt(date = CFDateCreate(NULL, 464128479.0), NULL, "create verify date");
192 if (!date) { goto errOut; }
193 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
194
195 /* Provide root certificate. */
196 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
197
198 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
199 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
200 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
201
202 errOut:
203 CFReleaseSafe(date);
204 CFReleaseSafe(trust);
205 CFReleaseSafe(policy);
206 CFReleaseSafe(certs);
207 CFReleaseSafe(roots);
208 CFReleaseSafe(root);
209 CFReleaseSafe(int2);
210 CFReleaseSafe(int1);
211 CFReleaseSafe(leaf);
212 }
213
214 static void test_bechtel1(void)
215 {
216 SecTrustRef trust = NULL;
217 SecPolicyRef policy = NULL;
218 SecCertificateRef leaf, int1, int2, root;
219 SecTrustResultType trustResult;
220
221 isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_a, sizeof(_bechtel_leaf_a)), NULL, "create Bechtel leaf a");
222 isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2a, sizeof(_bechtel_int2a)), NULL, "create Bechtel intermediate 2a");
223 isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
224 isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
225
226 const void *v_certs[] = { leaf, int1, int2 };
227 const void *v_roots[] = { root };
228 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
229 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
230
231 /* Create SSL policy with specific hostname. */
232 isnt(policy = SecPolicyCreateSSL(true, CFSTR("supplier.bechtel.com")), NULL, "create policy");
233
234 /* Create trust reference. */
235 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
236
237 /* Set explicit verify date: Sep 29 2015. */
238 CFDateRef date = NULL;
239 isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
240 if (!date) { goto errOut; }
241 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
242
243 /* Provide root certificate. */
244 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
245
246 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
247 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
248 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
249
250 errOut:
251 CFReleaseSafe(date);
252 CFReleaseSafe(trust);
253 CFReleaseSafe(policy);
254 CFReleaseSafe(certs);
255 CFReleaseSafe(roots);
256 CFReleaseSafe(root);
257 CFReleaseSafe(int2);
258 CFReleaseSafe(int1);
259 CFReleaseSafe(leaf);
260 }
261
262 static void test_bechtel2(void)
263 {
264 SecTrustRef trust = NULL;
265 SecPolicyRef policy = NULL;
266 SecCertificateRef leaf, int1, int2, root;
267 SecTrustResultType trustResult;
268
269 isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_b, sizeof(_bechtel_leaf_b)), NULL, "create Bechtel leaf b");
270 isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2b, sizeof(_bechtel_int2b)), NULL, "create Bechtel intermediate 2b");
271 isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
272 isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
273
274 const void *v_certs[] = { leaf, int1, int2 };
275 const void *v_roots[] = { root };
276 CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
277 CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
278
279 /* Create SSL policy with specific hostname. */
280 isnt(policy = SecPolicyCreateSSL(true, CFSTR("login.becpsn.com")), NULL, "create policy");
281
282 /* Create trust reference. */
283 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
284
285 /* Set explicit verify date: Sep 29 2015. */
286 CFDateRef date = NULL;
287 isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
288 if (!date) { goto errOut; }
289 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
290
291 /* Provide root certificate. */
292 ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
293
294 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
295 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
296 is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
297
298 errOut:
299 CFReleaseSafe(date);
300 CFReleaseSafe(trust);
301 CFReleaseSafe(policy);
302 CFReleaseSafe(certs);
303 CFReleaseSafe(roots);
304 CFReleaseSafe(root);
305 CFReleaseSafe(int2);
306 CFReleaseSafe(int1);
307 CFReleaseSafe(leaf);
308 }
309
310 int si_87_sectrust_name_constraints(int argc, char *const *argv)
311 {
312 plan_tests(73);
313
314 test_att();
315 test_intel1();
316 test_intel2();
317 test_abb();
318 test_bechtel1();
319 test_bechtel2();
320
321 return 0;
322 }