OSX/libsecurity_keychain/regressions/kc-identity-helpers.h

   1 /*
   2  * Copyright (c) 2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include "kc-helpers.h"
  25 #include <Security/Security.h>
  26
  27 #ifndef kc_identity_helpers_h
  28 #define kc_identity_helpers_h
  29
  30 #pragma clang diagnostic push
  31 #pragma clang diagnostic ignored "-Wunused-variable"
  32 #pragma clang diagnostic ignored "-Wunused-function"
  33
  34 static SecIdentityRef
  35 copyFirstIdentity(SecKeychainRef kc)
  36 {
  37     // Returns the first SecIdentityRef we can find.
  38     // This should always succeed since we can fall back on the system identity.
  39     // Caller must release the reference.
  40
  41     CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0,
  42                                                              &kCFTypeDictionaryKeyCallBacks,
  43                                                              &kCFTypeDictionaryValueCallBacks);
  44
  45     /* set up the query */
  46     CFDictionaryAddValue( query, kSecClass, kSecClassIdentity );
  47     CFDictionaryAddValue( query, kSecMatchLimit, kSecMatchLimitAll );
  48     CFDictionaryAddValue( query, kSecReturnRef, kCFBooleanTrue );
  49
  50     CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks);
  51     CFArrayAppendValue((CFMutableArrayRef)searchList, kc);
  52     CFDictionarySetValue(query, kSecMatchSearchList, searchList);
  53
  54     CFTypeRef results = NULL;
  55     OSStatus status = SecItemCopyMatching(query, &results);
  56     ok_status(status, "%s: SecItemCopyMatching", testName);
  57     CFRelease(query);
  58
  59     if (status) {
  60         return NULL;
  61     }
  62     if (results) {
  63         CFArrayRef resultArray = (CFArrayRef)results;
  64         SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(resultArray, 0);
  65         CFRetain(identity); // since we will return it
  66         CFRelease(results);
  67         return identity;
  68     }
  69     return NULL;
  70 }
  71 #define copyFirstIdentityTests 1
  72
  73 // findIdentity
  74 // - returns a SecIdentityRef for the first identity in the given keychain
  75 // which matches the provided certificate.
  76 //
  77 static SecIdentityRef
  78 findIdentity(SecKeychainRef keychain, SecCertificateRef cert)
  79 {
  80     OSStatus status = noErr;
  81     SecIdentitySearchRef searchRef = NULL;
  82     CSSM_DATA certData = { 0, NULL };
  83
  84     SecIdentityRef outIdentity = NULL;
  85
  86     if (!keychain || !cert) {
  87         return NULL;
  88     }
  89
  90     // note: we should be using CFEqual on certificate references instead of
  91     // comparing the certificate data, but that is currently broken
  92     status = SecCertificateGetData(cert, &certData);
  93     ok_status(status, "%s: findIdentity: SecCertificateGetData", testName);
  94     if (status) {
  95         return NULL;
  96     }
  97
  98     status = SecIdentitySearchCreate(keychain, (CSSM_KEYUSE)0, &searchRef);
  99     while (!status) {
 100         SecIdentityRef identityRef = NULL;
 101         status = SecIdentitySearchCopyNext(searchRef, &identityRef);
 102         if (!status) {
 103             SecCertificateRef aCert = NULL;
 104             status = SecIdentityCopyCertificate(identityRef, &aCert);
 105             if (!status) {
 106                 CSSM_DATA aCertData = { 0, NULL };
 107                 status = SecCertificateGetData(aCert, &aCertData);
 108                 if (!status) {
 109                     if (aCertData.Length == certData.Length &&
 110                         !memcmp(aCertData.Data, certData.Data, certData.Length)) {
 111                         // we found the identity
 112                         CFRelease(aCert);
 113                         outIdentity = identityRef;
 114                         break;
 115                     }
 116                 }
 117             }
 118             if (aCert) {
 119                 CFRelease(aCert);
 120             }
 121         }
 122         if (identityRef) {
 123             CFRelease(identityRef);
 124         }
 125     }
 126
 127     ok(outIdentity, "%s: findIdentity: found an identity", testName);
 128
 129     if (searchRef) {
 130         CFRelease(searchRef);
 131     }
 132
 133     return outIdentity;
 134 }
 135 #define findIdentityTests 2
 136
 137 #pragma clang diagnostic pop
 138
 139 #endif /* kc_identity_helpers_h */