]> git.saurik.com Git - apple/security.git/blob - tests/TrustTests/FrameworkTests/CertificateParseTests.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / tests / TrustTests / FrameworkTests / CertificateParseTests.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 */
24
25 #include <AssertMacros.h>
26 #import <XCTest/XCTest.h>
27 #include <Security/SecCertificate.h>
28 #include <Security/SecCertificatePriv.h>
29 #include <Security/SecCertificateInternal.h>
30 #include <Security/SecFramework.h>
31 #include <utilities/SecCFRelease.h>
32 #include "../TestMacroConversions.h"
33
34 #include "TrustFrameworkTestCase.h"
35
36 const NSString *kSecTestParseFailureResources = @"si-18-certificate-parse/ParseFailureCerts";
37 const NSString *kSecTestParseSuccessResources = @"si-18-certificate-parse/ParseSuccessCerts";
38 const NSString *kSecTestKeyFailureResources = @"si-18-certificate-parse/KeyFailureCerts";
39 const NSString *kSecTestTODOFailureResources = @"si-18-certificate-parse/TODOFailureCerts";
40 const NSString *kSecTestExtensionFailureResources = @"si-18-certificate-parse/ExtensionFailureCerts";
41 const NSString *kSecTestNameFailureResources = @"si-18-certificate-parse/NameFailureCerts";
42
43 @interface CertificateParseTests : TrustFrameworkTestCase
44
45 @end
46
47 @implementation CertificateParseTests
48
49 - (void)testParseFailure {
50 /* A bunch of certificates with different parsing errors */
51 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestParseFailureResources];
52 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test failure certs in bundle.");
53
54 if ([certURLs count] > 0) {
55 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
56 NSData *certData = [NSData dataWithContentsOfURL:url];
57 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
58 is(cert, NULL, "Successfully parsed bad cert: %@", url);
59 CFReleaseNull(cert);
60 }];
61 }
62 }
63
64 - (void)testParseSuccess {
65 /* A bunch of certificates with different parsing variations */
66 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestParseSuccessResources];
67 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test success certs in bundle.");
68
69 if ([certURLs count] > 0) {
70 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
71 NSData *certData = [NSData dataWithContentsOfURL:url];
72 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
73 isnt(cert, NULL, "Failed to parse good cert: %@", url);
74 is(SecCertificateGetUnparseableKnownExtension(cert), kCFNotFound, "Found bad extension in good certs: %@", url);
75 CFReleaseNull(cert);
76 }];
77 }
78 }
79
80 - (void)testKeyFailure {
81 /* Parse failures that require public key extraction */
82 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestKeyFailureResources];
83 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test key failure certs in bundle.");
84
85 if ([certURLs count] > 0) {
86 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
87 NSData *certData = [NSData dataWithContentsOfURL:url];
88 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
89 SecKeyRef pubkey = NULL;
90 require_action(cert, blockOut,
91 fail("Failed to parse cert with SPKI error: %@", url));
92 pubkey = SecCertificateCopyKey(cert);
93 is(pubkey, NULL, "Successfully parsed bad SPKI: %@", url);
94
95 blockOut:
96 CFReleaseNull(cert);
97 CFReleaseNull(pubkey);
98 }];
99 }
100 }
101
102 - (void)testTODOFailures {
103 /* A bunch of certificates with different parsing errors that currently succeed. */
104 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestTODOFailureResources];
105 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test TODO failure certs in bundle.");
106
107 if ([certURLs count] > 0) {
108 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
109 NSData *certData = [NSData dataWithContentsOfURL:url];
110 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
111 isnt(cert, NULL, "Successfully parsed bad TODO cert: %@", url);
112 CFReleaseNull(cert);
113 }];
114 }
115 }
116
117 - (void)testUnparseableExtensions {
118 /* A bunch of certificates with different parsing errors in known (but non-critical) extensions */
119 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestExtensionFailureResources];
120 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test extension failure certs in bundle.");
121
122 if ([certURLs count] > 0) {
123 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
124 NSData *certData = [NSData dataWithContentsOfURL:url];
125 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
126 isnt(cert, NULL, "Failed to parse bad cert with unparseable extension: %@", url);
127 isnt(SecCertificateGetUnparseableKnownExtension(cert), kCFNotFound, "Unable to find unparseable extension: %@", url);
128 CFReleaseNull(cert);
129 }];
130 }
131 }
132
133 - (void)testUnparseableSubjectName {
134 /* A bunch of certificates with different parsing errors the subject name */
135 NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestNameFailureResources];
136 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test name failure certs in bundle.");
137
138 if ([certURLs count] > 0) {
139 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
140 NSData *certData = [NSData dataWithContentsOfURL:url];
141 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
142 isnt(cert, NULL, "Failed to parse bad cert with unparseable name: %@", url);
143 is(CFBridgingRelease(SecCertificateCopyCountry(cert)), nil, "Success parsing name for failure cert: %@", url);
144 CFReleaseNull(cert);
145 }];
146 }
147 }
148
149 @end
mirror of Security