]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/regressions/kc-05-find-existing-items-locked.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-05-find-existing-items-locked.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the xLicense.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #import <Security/Security.h>
25 #import <Security/SecCertificatePriv.h>
26
27 #include "keychain_regressions.h"
28 #include "kc-helpers.h"
29 #include "kc-item-helpers.h"
30 #include "kc-key-helpers.h"
31
32 static void tests()
33 {
34 SecKeychainRef kc = getPopulatedTestKeychain();
35
36 CFMutableDictionaryRef query = NULL;
37 SecKeychainItemRef item = NULL;
38
39 // Perform keychain upgrade so future calls will check integrity, then lock keychain
40 query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
41 item = checkNCopyFirst(testName, query, 1);
42 CFReleaseNull(item);
43
44 ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", testName);
45
46 // Find passwords
47 query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
48 item = checkNCopyFirst(testName, query, 1);
49 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // keychain is locked; AuthFailed is what securityd throws if UI access is not allowed
50 CFReleaseNull(item);
51 checkPrompts(0, "after reading a password in locked keychain without UI"); // this should be 1, but is 0 due to how denying UI access works in Credentials
52
53 query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
54 item = checkNCopyFirst(testName, query, 1);
55 readPasswordContentsWithResult(item, errSecAuthFailed, NULL);
56 CFReleaseNull(item);
57 checkPrompts(0, "trying to read password in locked keychain without UI");
58
59 query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service"));
60 item = checkNCopyFirst(testName, query, 1);
61 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // keychain is locked
62 CFReleaseNull(item);
63 checkPrompts(0, "after reading a password in locked keychain without UI");
64
65 query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
66 item = checkNCopyFirst(testName, query, 1);
67 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
68 CFReleaseNull(item);
69 checkPrompts(0, "trying to read password in locked keychain without UI");
70
71 // Find symmetric keys
72 query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric);
73 item = checkNCopyFirst(testName, query, 2);
74 CFReleaseNull(item);
75
76 // Find asymmetric keys
77 query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic);
78 item = checkNCopyFirst(testName, query, 2);
79 CFReleaseNull(item);
80
81 query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate);
82 item = checkNCopyFirst(testName, query, 2);
83 CFReleaseNull(item);
84
85 // Find certificates
86 query = makeBaseQueryDictionary(kc, kSecClassCertificate);
87 item = checkNCopyFirst(testName, query, 3);
88 CFReleaseNull(item);
89
90 // ensure we can pull data from a certificate
91 query = makeBaseQueryDictionary(kc, kSecClassCertificate);
92 CFDictionarySetValue(query, kSecMatchSubjectWholeString, CFSTR("test_codesigning"));
93 item = checkNCopyFirst(testName, query, 1);
94 const unsigned char expectedSHA1[] = { 0x94, 0xdf, 0x22, 0x4a, 0x4d, 0x49, 0x33, 0x27, 0x9e, 0xc5, 0x7e, 0x91, 0x95, 0xcc, 0xbd, 0x51, 0x3d, 0x59, 0xae, 0x34 };
95 CFDataRef expectedSHAData = CFDataCreateWithBytesNoCopy(NULL, expectedSHA1, sizeof(expectedSHA1), kCFAllocatorNull);
96 eq_cf(SecCertificateGetSHA1Digest((SecCertificateRef) item), expectedSHAData, "%s: expected SHA1 of certificate does not match", testName);
97 CFReleaseNull(item);
98 CFReleaseNull(expectedSHAData);
99
100 checkPrompts(0, "searching keys and certificates");
101
102 ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
103 CFReleaseNull(kc);
104 }
105 #define nTests (getPopulatedTestKeychainTests + checkNTests + 1 + \
106 checkNTests + readPasswordContentsWithResultTests + checkPromptsTests + \
107 checkNTests + readPasswordContentsWithResultTests + checkPromptsTests + \
108 checkNTests + readPasswordContentsWithResultTests + checkPromptsTests + \
109 checkNTests + readPasswordContentsWithResultTests + checkPromptsTests + \
110 checkNTests + \
111 checkNTests + \
112 checkNTests + \
113 checkNTests + \
114 checkNTests + 1 + \
115 checkPromptsTests + 1)
116
117 int kc_05_find_existing_items_locked(int argc, char *const *argv)
118 {
119 plan_tests(nTests);
120 initializeKeychainTests(__FUNCTION__);
121
122 tests();
123
124 deleteTestFiles();
125
126 return 0;
127 }
mirror of Security