OSX/libsecurity_keychain/regressions/kc-05-find-existing-items.c

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the xLicense.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import <Security/Security.h>
  25 #import <Security/SecCertificatePriv.h>
  26
  27 #include "keychain_regressions.h"
  28 #include "kc-helpers.h"
  29 #include "kc-item-helpers.h"
  30 #include "kc-key-helpers.h"
  31
  32 static void tests()
  33 {
  34     SecKeychainRef kc = getPopulatedTestKeychain();
  35
  36     CFMutableDictionaryRef query = NULL;
  37     SecKeychainItemRef item = NULL;
  38
  39     // Find passwords
  40     query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
  41     item = checkNCopyFirst(testName, query, 1);
  42     readPasswordContents(item, CFSTR("test_password"));
  43     CFReleaseNull(item);
  44     checkPrompts(0, "after reading a password");
  45
  46     query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
  47     item = checkNCopyFirst(testName, query, 1);
  48     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  49     CFReleaseNull(item);
  50     checkPrompts(1, "trying to read password without access");
  51
  52     query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service"));
  53     item = checkNCopyFirst(testName, query, 1);
  54     readPasswordContents(item, CFSTR("test_password"));
  55     CFReleaseNull(item);
  56     checkPrompts(0, "after reading a password");
  57
  58     query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
  59     item = checkNCopyFirst(testName, query, 1);
  60     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  61     CFReleaseNull(item);
  62     checkPrompts(1, "trying to read password without access");
  63
  64     // Find symmetric keys
  65     query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric);
  66     item = checkNCopyFirst(testName, query, 2);
  67     CFReleaseNull(item);
  68
  69     // Find asymmetric keys
  70     query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic);
  71     item = checkNCopyFirst(testName, query, 2);
  72     CFReleaseNull(item);
  73
  74     query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate);
  75     item = checkNCopyFirst(testName, query, 2);
  76     CFReleaseNull(item);
  77
  78     // Find certificates
  79     query = makeBaseQueryDictionary(kc, kSecClassCertificate);
  80     item = checkNCopyFirst(testName, query, 3);
  81     CFReleaseNull(item);
  82
  83     // ensure we can pull data from a certificate
  84     query = makeBaseQueryDictionary(kc, kSecClassCertificate);
  85     CFDictionarySetValue(query, kSecMatchSubjectWholeString, CFSTR("test_codesigning"));
  86     item = checkNCopyFirst(testName, query, 1);
  87     const unsigned char expectedSHA1[] = { 0x94, 0xdf, 0x22, 0x4a, 0x4d, 0x49, 0x33, 0x27, 0x9e, 0xc5, 0x7e, 0x91, 0x95, 0xcc, 0xbd, 0x51, 0x3d, 0x59, 0xae, 0x34 };
  88     CFDataRef expectedSHAData = CFDataCreateWithBytesNoCopy(NULL, expectedSHA1, sizeof(expectedSHA1), kCFAllocatorNull);
  89     eq_cf(SecCertificateGetSHA1Digest((SecCertificateRef) item), expectedSHAData, "%s: expected SHA1 of certificate does not match", testName);
  90     CFReleaseNull(item);
  91     CFReleaseNull(expectedSHAData);
  92
  93     checkPrompts(0, "searching keys and certificates");
  94
  95     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
  96     CFReleaseNull(kc);
  97 }
  98 #define nTests (getPopulatedTestKeychainTests + \
  99     checkNTests + readPasswordContentsTests + checkPromptsTests + \
 100     checkNTests + readPasswordContentsTests + checkPromptsTests + \
 101     checkNTests + readPasswordContentsTests + checkPromptsTests + \
 102     checkNTests + readPasswordContentsTests + checkPromptsTests + \
 103     checkNTests + \
 104     checkNTests + \
 105     checkNTests + \
 106     checkNTests + \
 107     checkNTests + 1 + \
 108     checkPromptsTests + 1)
 109
 110 int kc_05_find_existing_items(int argc, char *const *argv)
 111 {
 112     plan_tests(nTests);
 113     initializeKeychainTests(__FUNCTION__);
 114
 115     tests();
 116
 117     deleteTestFiles();
 118
 119     return 0;
 120 }