tests/TrustTests/FrameworkTests/TrustSettingsInterfaceTests.m

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  */
  24
  25
  26 #import <XCTest/XCTest.h>
  27 #include "OSX/utilities/SecCFWrappers.h"
  28 #include <Security/SecTrustSettings.h>
  29 #include <Security/SecTrustSettingsPriv.h>
  30 #include <Security/SecTrust.h>
  31 #include <Security/SecFramework.h>
  32
  33 #include "../TestMacroConversions.h"
  34 #include "TrustFrameworkTestCase.h"
  35
  36 @interface TrustSettingsInterfaceTests : TrustFrameworkTestCase
  37 @end
  38
  39 @implementation TrustSettingsInterfaceTests
  40
  41 #if TARGET_OS_OSX
  42 - (void)testCopySystemAnchors {
  43     CFArrayRef certArray;
  44     ok_status(SecTrustCopyAnchorCertificates(&certArray), "copy anchors");
  45     CFReleaseSafe(certArray);
  46     ok_status(SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &certArray), "copy certificates");
  47     CFReleaseSafe(certArray);
  48 }
  49 #endif
  50
  51 #if !TARGET_OS_BRIDGE
  52 - (void)testSetCTExceptions {
  53     CFErrorRef error = NULL;
  54     const CFStringRef TrustTestsAppID = CFSTR("com.apple.trusttests");
  55     CFDictionaryRef copiedExceptions = NULL;
  56
  57     /* Verify no exceptions set */
  58     is(copiedExceptions = SecTrustStoreCopyCTExceptions(NULL, NULL), NULL, "no exceptions set");
  59     if (copiedExceptions) {
  60         /* If we're starting out with exceptions set, a lot of the following will also fail, so just skip them */
  61         CFReleaseNull(copiedExceptions);
  62         return;
  63     }
  64
  65     /* Set exceptions with specified AppID */
  66     NSDictionary *exceptions1 = @{
  67                                   (__bridge NSString*)kSecCTExceptionsDomainsKey: @[@"test.apple.com", @".test.apple.com"],
  68                                   };
  69     ok(SecTrustStoreSetCTExceptions(TrustTestsAppID, (__bridge CFDictionaryRef)exceptions1, &error),
  70        "failed to set exceptions for SecurityTests: %@", error);
  71
  72     /* Copy all exceptions (with only one set) */
  73     ok(copiedExceptions = SecTrustStoreCopyCTExceptions(NULL, &error),
  74        "failed to copy all exceptions: %@", error);
  75     ok([exceptions1 isEqualToDictionary:(__bridge NSDictionary*)copiedExceptions],
  76        "got the wrong exceptions back");
  77     CFReleaseNull(copiedExceptions);
  78
  79     /* Copy this app's exceptions */
  80     ok(copiedExceptions = SecTrustStoreCopyCTExceptions(TrustTestsAppID, &error),
  81        "failed to copy SecurityTests' exceptions: %@", error);
  82     ok([exceptions1 isEqualToDictionary:(__bridge NSDictionary*)copiedExceptions],
  83        "got the wrong exceptions back");
  84     CFReleaseNull(copiedExceptions);
  85
  86     /* Set different exceptions with implied AppID */
  87     NSDictionary *exceptions2 = @{
  88                                   (__bridge NSString*)kSecCTExceptionsDomainsKey: @[@".test.apple.com"],
  89                                   };
  90     ok(SecTrustStoreSetCTExceptions(NULL, (__bridge CFDictionaryRef)exceptions2, &error),
  91        "failed to set exceptions for this app: %@", error);
  92
  93     /* Ensure exceptions are replaced for SecurityTests */
  94     ok(copiedExceptions = SecTrustStoreCopyCTExceptions(TrustTestsAppID, &error),
  95        "failed to copy SecurityTests' exceptions: %@", error);
  96     ok([exceptions2 isEqualToDictionary:(__bridge NSDictionary*)copiedExceptions],
  97        "got the wrong exceptions back");
  98     CFReleaseNull(copiedExceptions);
  99
 100     /* Set exceptions with bad inputs */
 101     NSDictionary *badExceptions = @{
 102                                     (__bridge NSString*)kSecCTExceptionsDomainsKey: @[@"test.apple.com", @".test.apple.com"],
 103                                     @"not a key": @"not a value",
 104                                     };
 105     is(SecTrustStoreSetCTExceptions(NULL, (__bridge CFDictionaryRef)badExceptions, &error), false,
 106        "set exceptions with unknown key");
 107     if (error) {
 108         is(CFErrorGetCode(error), errSecParam, "bad input produced unxpected error code: %ld", (long)CFErrorGetCode(error));
 109     } else {
 110         fail("expected failure to set NULL exceptions");
 111     }
 112     CFReleaseNull(error);
 113
 114     /* Remove exceptions */
 115     ok(SecTrustStoreSetCTExceptions(NULL, NULL, &error),
 116        "failed to set empty array exceptions for this app: %@", error);
 117     is(copiedExceptions = SecTrustStoreCopyCTExceptions(NULL, NULL), NULL, "no exceptions set");
 118 }
 119 #else // TARGET_OS_BRIDGE
 120 - (void)testSkipTests
 121 {
 122     XCTAssert(true);
 123 }
 124 #endif
 125
 126 @end