]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sysIdTool/sysIdTool.cpp
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / sysIdTool / sysIdTool.cpp
1 /*
2 * sysIdTool.cpp
3 */
4
5 #include <stdlib.h>
6 #include <strings.h>
7 #include <stdio.h>
8 #include <unistd.h>
9 #include <Security/Security.h>
10 #include <utilLib/common.h>
11 #include <clAppUtils/identPicker.h>
12 #include <clAppUtils/printCertName.h>
13 #include <security_cdsa_utils/cuPrintCert.h>
14
15 static void usage(char **argv)
16 {
17 printf("usage: %s command domain [options]\n", argv[0]);
18 printf("Commands:\n");
19 printf(" s -- select with picker, set as identity for domain\n");
20 printf(" d -- display identity for domain\n");
21 printf(" D -- delete identity for domain\n");
22 printf("Options:\n");
23 printf(" -v -- verbose display of certs\n");
24 printf(" -l -- loop for malloc debug\n");
25 printf(" <none for now>\n");
26 /* etc. */
27 exit(1);
28 }
29
30
31 static int selectId(CFStringRef domain)
32 {
33 /* open system keychain */
34 SecKeychainRef kcRef;
35 const char *sysKcPath = kSystemKeychainDir kSystemKeychainName;
36
37 OSStatus ortn = SecKeychainOpen(sysKcPath, &kcRef);
38 if(ortn) {
39 cssmPerror("SecKeychainOpen", ortn);
40 exit(1);
41 }
42
43 /* pick an identity */
44 SecIdentityRef idRef = NULL;
45 ortn = sslSimpleIdentPicker(kcRef, &idRef);
46 CFRelease(kcRef);
47 if(ortn) {
48 printf("IdentityPicker aborted\n");
49 return -1;
50 }
51
52 ortn = SecIdentitySetSystemIdentity(domain, idRef);
53 if(ortn) {
54 cssmPerror("SecIdentitySetSystemIdentity", ortn);
55 }
56 else {
57 printf("...system identity set.\n");
58 }
59 CFRelease(idRef);
60 return ortn;
61 }
62
63 static void printCFString(
64 const char *label,
65 CFStringRef cfString)
66 {
67 char cstr[300];
68 if(!CFStringGetCString(cfString, cstr, sizeof(cstr),
69 kCFStringEncodingUTF8)) {
70 printf("***Error converting %s to UTF8\n", label);
71 }
72 else {
73 printf("%s '%s'\n", label, cstr);
74 }
75 }
76
77 static int showId(CFStringRef domain, bool verbose)
78 {
79 SecIdentityRef idRef = NULL;
80 CFStringRef actualDomain = NULL;
81 OSStatus ortn;
82
83 ortn = SecIdentityCopySystemIdentity(domain, &idRef, &actualDomain);
84 if(ortn) {
85 cssmPerror("SecIdentityCopySystemIdentity", ortn);
86 return ortn;
87 }
88 SecCertificateRef certRef = NULL;
89 ortn = SecIdentityCopyCertificate(idRef, &certRef);
90 if(ortn) {
91 cssmPerror("SecIdentityCopyCertificate", ortn);
92 CFRelease(idRef);
93 return ortn;
94 }
95 CSSM_DATA certData;
96 ortn = SecCertificateGetData(certRef, &certData);
97 if(ortn) {
98 cssmPerror("SecCertificateGetData", ortn);
99 CFRelease(idRef);
100 CFRelease(certRef);
101 return ortn;
102 }
103
104 printCFString("Identity obtained for domain", domain);
105 if(verbose) {
106 printf("\n ---- System Identity Certificate ----\n");
107 printCert(certData.Data, certData.Length, CSSM_FALSE);
108 printf(" ---- End of System Identity Certificate ----\n");
109 }
110 else {
111 printCertName(certData.Data, certData.Length, NameIssuer);
112 }
113 printCFString("Actual domain :", actualDomain);
114 CFRelease(idRef);
115 CFRelease(certRef);
116 CFRelease(actualDomain);
117 return 0;
118 }
119
120 int main(int argc, char **argv)
121 {
122 char op;
123 char *domain;
124
125 if(argc < 3) {
126 usage(argv);
127 }
128 op = argv[1][0];
129 domain = argv[2];
130
131 bool verbose = false;
132 bool loop = false;
133
134 //extern char *optarg;
135 int arg;
136 optind = 3;
137 while ((arg = getopt(argc, argv, "hvl")) != -1) {
138 switch (arg) {
139 case 'v':
140 verbose = true;
141 break;
142 case 'l':
143 loop = true;
144 break;
145 case 'h':
146 usage(argv);
147 }
148 }
149 if(optind != argc) {
150 usage(argv);
151 }
152
153 CFStringRef cfDomain = CFStringCreateWithCString(NULL, domain, kCFStringEncodingASCII);
154 int ourRtn = 0;
155 do {
156 switch(op) {
157 case 's':
158 ourRtn = selectId(cfDomain);
159 break;
160 case 'd':
161 ourRtn = showId(cfDomain, verbose);
162 break;
163 case 'D':
164 ourRtn = SecIdentitySetSystemIdentity(cfDomain, NULL);
165 if(ourRtn) {
166 cssmPerror("SecIdentitySetSystemIdentity(NULL)", ourRtn);
167 }
168 else {
169 printf("...system identity assignment deleted.\n");
170 }
171 break;
172 default:
173 usage(argv);
174 }
175 if(ourRtn) {
176 break;
177 }
178 if(loop) {
179 fpurge(stdin);
180 printf("q to quit, CR to loop again: ");
181 if(getchar() == 'q') {
182 break;
183 }
184 }
185 } while(loop);
186 return ourRtn;
187 }