tests/TrustTests/EvaluationTests/PathParseTests.m

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  */
  24
  25 #include <AssertMacros.h>
  26 #import <XCTest/XCTest.h>
  27 #include <Security/SecCertificatePriv.h>
  28 #include <utilities/SecCFRelease.h>
  29 #include "../TestMacroConversions.h"
  30
  31 #include "TrustEvaluationTestCase.h"
  32 #include "PathParseTests_data.h"
  33
  34 const NSString *kSecTestPathFailureResources = @"si-18-certificate-parse/PathFailureCerts";
  35
  36 @interface PathParseTests : TrustEvaluationTestCase
  37
  38 @end
  39
  40 @implementation PathParseTests
  41
  42 - (void)testPathParseFailure {
  43     NSArray <NSURL *>* certURLs = nil;
  44     SecCertificateRef root = nil;
  45
  46     NSURL *rootURL = [[NSBundle bundleForClass:[self class]]URLForResource:@"root" withExtension:@".cer" subdirectory:@"si-18-certificate-parse"];
  47     XCTAssert(root = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)[NSData dataWithContentsOfURL:rootURL]), "Unable to create root cert");
  48     certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestPathFailureResources];
  49     XCTAssertTrue([certURLs count] > 0, "Unable to find parse test failure certs in bundle.");
  50
  51     if (root && [certURLs count] > 0) {
  52         [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
  53             NSData *certData = [NSData dataWithContentsOfURL:url];
  54             SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
  55             SecTrustRef trust = NULL;
  56             SecPolicyRef policy = SecPolicyCreateBasicX509();
  57
  58             require_noerr_action(SecTrustCreateWithCertificates(cert, policy, &trust), blockOut,
  59                                  fail("Unable to create trust with certificate: %@", url));
  60             require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)[NSArray arrayWithObject:(__bridge id)root]),
  61                                  blockOut, fail("Unable to set trust in root cert: %@", url));
  62             require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)[NSDate dateWithTimeIntervalSinceReferenceDate:507200000.0]),
  63                                  blockOut, fail("Unable to set verify date: %@", url));
  64             XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "Got wrong trust result for %@", url);
  65
  66             require_action(cert, blockOut,
  67                            fail("Failed to parse cert with SPKI error: %@", url));
  68
  69         blockOut:
  70             CFReleaseNull(cert);
  71             CFReleaseNull(trust);
  72             CFReleaseNull(policy);
  73         }];
  74     }
  75 }
  76
  77 - (void)testUnparseableExtensions {
  78     SecCertificateRef leaf = SecCertificateCreateWithBytes(NULL, _bad_extension_leaf, sizeof(_bad_extension_leaf));
  79     SecCertificateRef root = SecCertificateCreateWithBytes(NULL, _bad_extension_root, sizeof(_bad_extension_root));
  80     SecTrustRef trust = NULL;
  81     SecPolicyRef policy = SecPolicyCreateBasicX509();
  82     CFErrorRef error = NULL;
  83     NSArray *anchors = @[(__bridge id)root];
  84
  85     require_noerr_action(SecTrustCreateWithCertificates(leaf, policy, &trust), errOut,
  86                          fail("Unable to create trust with certificate with unparseable extension"));
  87     require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors),
  88                          errOut, fail("Unable to set trust anchors"));
  89     require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)[NSDate dateWithTimeIntervalSinceReferenceDate:620000000.0]),
  90                          errOut, fail("Unable to set verify date"));
  91     XCTAssertFalse(SecTrustEvaluateWithError(trust, &error), "Got wrong trust result cert");
  92     XCTAssert(error != NULL);
  93     XCTAssert(CFErrorGetCode(error) == errSecUnknownCertExtension);
  94
  95 errOut:
  96     CFReleaseNull(leaf);
  97     CFReleaseNull(policy);
  98     CFReleaseNull(trust);
  99     CFReleaseNull(error);
 100 }
 101
 102 @end