]> git.saurik.com Git - apple/security.git/blob - SecurityTool/macOS/requirement.c
Security-59754.41.1.tar.gz
[apple/security.git] / SecurityTool / macOS / requirement.c
1 /*
2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <stdio.h>
25
26 #include <CoreFoundation/CoreFoundation.h>
27 #include <Security/SecRequirement.h>
28 #include <Security/SecRequirementPriv.h>
29
30 #include <utilities/SecCFRelease.h>
31 #include "security_tool.h"
32 #include "trusted_cert_utils.h"
33 #include "requirement.h"
34
35 int requirement_evaluate(int argc, char * const *argv)
36 {
37 int err = 0;
38 CFErrorRef error = NULL;
39 CFStringRef reqStr = NULL;
40 SecRequirementRef req = NULL;
41 CFMutableArrayRef certs = NULL;
42
43 if (argc < 3) {
44 return SHOW_USAGE_MESSAGE;
45 }
46
47 // Create Requirement
48
49 reqStr = CFStringCreateWithCString(NULL, argv[1], kCFStringEncodingUTF8);
50
51 OSStatus status = SecRequirementCreateWithStringAndErrors(reqStr,
52 kSecCSDefaultFlags, &error, &req);
53
54 if (status != errSecSuccess) {
55 CFStringRef errorDesc = CFErrorCopyDescription(error);
56 CFIndex errorLength = CFStringGetMaximumSizeForEncoding(CFStringGetLength(errorDesc),
57 kCFStringEncodingUTF8);
58 char *errorStr = malloc(errorLength+1);
59
60 CFStringGetCString(errorDesc, errorStr, errorLength+1, kCFStringEncodingUTF8);
61
62 fprintf(stderr, "parsing requirement failed (%d): %s\n", status, errorStr);
63
64 free(errorStr);
65 CFReleaseSafe(errorDesc);
66
67 err = 1;
68 }
69
70 // Create cert chain
71
72 const int num_certs = argc - 2;
73
74 certs = CFArrayCreateMutable(NULL, num_certs, &kCFTypeArrayCallBacks);
75
76 for (int i = 0; i < num_certs; ++i) {
77 SecCertificateRef cert = NULL;
78
79 if (readCertFile(argv[2 + i], &cert) != 0) {
80 fprintf(stderr, "Error reading certificate at '%s'\n", argv[2 + i]);
81 err = 2;
82 goto out;
83 }
84
85 CFArrayAppendValue(certs, cert);
86 CFReleaseSafe(cert);
87 }
88
89 // Evaluate!
90
91 if (req != NULL) {
92 status = SecRequirementEvaluate(req, certs, NULL, kSecCSDefaultFlags);
93 printf("%d\n", status);
94 err = status == 0 ? 0 : 3;
95 }
96
97 out:
98 CFReleaseSafe(certs);
99 CFReleaseSafe(req);
100 CFReleaseSafe(reqStr);
101 CFReleaseSafe(error);
102
103 return err;
104 }