2 * si-79-smp-cert-policy.c
5 * Copyright (c) 2014 Apple Inc. All Rights Reserved.
9 #include <CoreFoundation/CoreFoundation.h>
10 #include <Security/SecCertificate.h>
11 #include <Security/SecCertificatePriv.h>
12 #include <Security/SecCertificateInternal.h>
13 #include <Security/SecItem.h>
14 #include <Security/SecItemPriv.h>
15 #include <Security/SecIdentityPriv.h>
16 #include <Security/SecIdentity.h>
17 #include <Security/SecPolicy.h>
18 #include <Security/SecPolicyPriv.h>
19 #include <Security/SecPolicyInternal.h>
20 #include <Security/SecCMS.h>
21 #include <utilities/SecCFWrappers.h>
25 #include "Security_regressions.h"
29 static const UInt8 kTestAppleRootCAECCCert
[] = {
30 0x30,0x82,0x02,0x27,0x30,0x82,0x01,0xCD,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x59,
31 0xD1,0xEC,0x10,0x92,0x41,0xC7,0xC4,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
32 0x04,0x03,0x02,0x30,0x67,0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x0C,0x18,
33 0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,
34 0x43,0x41,0x20,0x2D,0x20,0x45,0x43,0x43,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,
35 0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,
36 0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,
37 0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,
38 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,
39 0x31,0x34,0x30,0x31,0x33,0x31,0x32,0x31,0x34,0x36,0x34,0x36,0x5A,0x17,0x0D,0x33,
40 0x34,0x30,0x31,0x32,0x36,0x32,0x31,0x34,0x36,0x34,0x36,0x5A,0x30,0x67,0x31,0x21,
41 0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x0C,0x18,0x54,0x65,0x73,0x74,0x20,0x41,0x70,
42 0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x2D,0x20,0x45,0x43,
43 0x43,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,
44 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,
45 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,
46 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
47 0x06,0x13,0x02,0x55,0x53,0x30,0x59,0x30,0x13,0x06,0x07,0x2A,0x86,0x48,0xCE,0x3D,
48 0x02,0x01,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,0x03,0x42,0x00,0x04,
49 0x7B,0x38,0x10,0xD0,0x0A,0xA3,0x1B,0x7C,0x1D,0x24,0xFB,0x39,0xD6,0x6B,0x1C,0x0A,
50 0x97,0x48,0x30,0xFF,0x4C,0x70,0x49,0x3D,0x21,0x66,0x4F,0xF5,0x89,0x00,0xAF,0x93,
51 0xEF,0x74,0x9A,0xE8,0x4C,0x27,0x3D,0xBE,0x95,0x50,0x52,0x3D,0x53,0x90,0xF3,0x32,
52 0xAB,0x83,0xB6,0x5E,0x73,0xC8,0xE7,0x17,0x8B,0x18,0x09,0x93,0x9F,0x97,0xD5,0x16,
53 0xA3,0x63,0x30,0x61,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xD2,
54 0x47,0xE2,0xC5,0x34,0x71,0xC6,0x10,0x8D,0x93,0xEE,0x04,0x43,0x1F,0xE1,0x1B,0x0F,
55 0xE1,0xCD,0x11,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,
56 0x03,0x01,0x01,0xFF,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
57 0x14,0xD2,0x47,0xE2,0xC5,0x34,0x71,0xC6,0x10,0x8D,0x93,0xEE,0x04,0x43,0x1F,0xE1,
58 0x1B,0x0F,0xE1,0xCD,0x11,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
59 0x04,0x03,0x02,0x01,0x06,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,
60 0x02,0x03,0x48,0x00,0x30,0x45,0x02,0x21,0x00,0xDC,0x06,0x2B,0x72,0x87,0x20,0xEC,
61 0xF7,0xDC,0xC8,0xF2,0xF8,0x89,0x0A,0x57,0x63,0x9A,0x92,0x4A,0x84,0x6E,0xDD,0x17,
62 0x50,0xEE,0x6F,0x01,0x4C,0xA1,0xA0,0x74,0xD1,0x02,0x20,0x1F,0x35,0x7A,0xB5,0x0B,
63 0x79,0x80,0xD4,0x9C,0x9F,0x31,0xDC,0x36,0x1C,0xC6,0xFD,0x65,0x72,0x40,0x67,0xBA,
64 0xFC,0x6F,0x59,0x5E,0xEF,0xEA,0x5E,0x87,0xAC,0x30,0x0D,
67 static const UInt8 kTestAppleSystemIntegrationCAECCCert
[] = {
68 0x30,0x82,0x02,0xD8,0x30,0x82,0x02,0x7F,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x63,
69 0x70,0x58,0xB8,0xE5,0xC6,0x5A,0x1E,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
70 0x04,0x03,0x02,0x30,0x67,0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x0C,0x18,
71 0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,
72 0x43,0x41,0x20,0x2D,0x20,0x45,0x43,0x43,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,
73 0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,
74 0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,
75 0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,
76 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,
77 0x31,0x34,0x30,0x32,0x30,0x36,0x31,0x36,0x32,0x36,0x34,0x37,0x5A,0x17,0x0D,0x32,
78 0x34,0x30,0x32,0x30,0x34,0x31,0x36,0x32,0x36,0x34,0x37,0x5A,0x30,0x75,0x31,0x2F,
79 0x30,0x2D,0x06,0x03,0x55,0x04,0x03,0x0C,0x26,0x54,0x65,0x73,0x74,0x20,0x41,0x70,
80 0x70,0x6C,0x65,0x20,0x53,0x79,0x73,0x74,0x65,0x6D,0x20,0x49,0x6E,0x74,0x65,0x67,
81 0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x43,0x41,0x20,0x2D,0x20,0x45,0x43,0x43,0x31,
82 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,0x17,0x43,0x65,0x72,0x74,0x69,0x66,
83 0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,
84 0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,
85 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
86 0x02,0x55,0x53,0x30,0x59,0x30,0x13,0x06,0x07,0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,
87 0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0x51,0xB4,
88 0x48,0x6D,0x6B,0xB1,0xD2,0x48,0xE0,0x04,0x32,0x5E,0xA2,0x91,0xFF,0x86,0x21,0xE2,
89 0x20,0x09,0xCE,0x46,0x7E,0xC2,0x10,0xAA,0x20,0x8A,0x47,0xF4,0x59,0x71,0xC2,0x69,
90 0xBD,0xFE,0xF4,0xB8,0xEC,0xCB,0xDF,0x45,0x06,0x9B,0x64,0x3A,0x98,0x60,0x08,0x16,
91 0xB8,0x87,0xF4,0x9E,0x6E,0xC5,0xBF,0x14,0xA9,0xB0,0x40,0x6B,0xD1,0x0B,0xA3,0x82,
92 0x01,0x05,0x30,0x82,0x01,0x01,0x30,0x54,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
93 0x01,0x01,0x04,0x48,0x30,0x46,0x30,0x44,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
94 0x30,0x01,0x86,0x38,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,
95 0x75,0x61,0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
96 0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30,0x34,0x2D,0x74,0x65,0x73,0x74,0x61,0x70,
97 0x70,0x6C,0x65,0x72,0x6F,0x6F,0x74,0x63,0x61,0x65,0x63,0x63,0x30,0x1D,0x06,0x03,
98 0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xA3,0x46,0x13,0xFE,0x94,0x7F,0xE0,0xA2,0x8F,
99 0x16,0xF0,0xF8,0x1E,0x9B,0x8B,0x14,0x84,0x70,0x59,0xF9,0x30,0x12,0x06,0x03,0x55,
100 0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,
101 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD2,0x47,0xE2,0xC5,
102 0x34,0x71,0xC6,0x10,0x8D,0x93,0xEE,0x04,0x43,0x1F,0xE1,0x1B,0x0F,0xE1,0xCD,0x11,
103 0x30,0x45,0x06,0x03,0x55,0x1D,0x1F,0x04,0x3E,0x30,0x3C,0x30,0x3A,0xA0,0x38,0xA0,
104 0x36,0x86,0x34,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x75,0x61,
105 0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
106 0x2F,0x74,0x65,0x73,0x74,0x61,0x70,0x70,0x6C,0x65,0x72,0x6F,0x6F,0x74,0x63,0x61,
107 0x65,0x63,0x63,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,
108 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
109 0x04,0x03,0x02,0x03,0x47,0x00,0x30,0x44,0x02,0x20,0x6A,0x68,0x3F,0x95,0xCA,0x35,
110 0xD2,0xB6,0x46,0xF5,0x34,0xA2,0xF4,0x1A,0x8C,0x15,0x6D,0xC6,0x7E,0x88,0x95,0x9E,
111 0x55,0x8E,0x8F,0x78,0x65,0x9D,0x5B,0x70,0x63,0x45,0x02,0x20,0x1B,0x45,0x91,0x33,
112 0xF1,0x6E,0x7B,0xC1,0x0D,0x2E,0xF0,0x33,0xB3,0xFF,0xC3,0x1F,0xAC,0x6F,0xAB,0xFC,
113 0x67,0xB6,0x1B,0x57,0xAF,0x88,0xA6,0xCF,0xA7,0x4F,0x20,0x06,
116 static const UInt8 kTestSMPCert
[] = {
117 0x30,0x82,0x02,0xC4,0x30,0x82,0x02,0x6B,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x4B,
118 0x62,0x72,0xF1,0xCD,0xCE,0xBA,0x8D,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
119 0x04,0x03,0x02,0x30,0x75,0x31,0x2F,0x30,0x2D,0x06,0x03,0x55,0x04,0x03,0x0C,0x26,
120 0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x79,0x73,0x74,0x65,
121 0x6D,0x20,0x49,0x6E,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x43,0x41,
122 0x20,0x2D,0x20,0x45,0x43,0x43,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0B,0x0C,
123 0x17,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
124 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
125 0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,
126 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x34,
127 0x30,0x32,0x30,0x36,0x31,0x36,0x34,0x35,0x35,0x35,0x5A,0x17,0x0D,0x31,0x36,0x30,
128 0x32,0x30,0x36,0x31,0x36,0x34,0x35,0x35,0x35,0x5A,0x30,0x70,0x31,0x32,0x30,0x30,
129 0x06,0x03,0x55,0x04,0x03,0x0C,0x29,0x54,0x65,0x73,0x74,0x20,0x45,0x43,0x43,0x20,
130 0x43,0x72,0x79,0x70,0x74,0x6F,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,
131 0x45,0x6E,0x63,0x69,0x70,0x68,0x65,0x72,0x6D,0x65,0x6E,0x74,0x20,0x55,0x43,0x35,
132 0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0F,0x43,0x72,0x79,0x70,0x74,
133 0x6F,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x13,0x30,0x11,0x06,0x03,
134 0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,
135 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x59,0x30,0x13,
136 0x06,0x07,0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
137 0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xAC,0xB8,0x3A,0x1B,0x4E,0x15,0x87,0xDD,0xCF,
138 0xCD,0x21,0x30,0x23,0x28,0xF2,0x86,0x10,0x28,0x7C,0xF3,0x65,0x39,0xCD,0xFD,0x30,
139 0xB5,0x61,0x71,0xE0,0x59,0x20,0xB7,0xC0,0x59,0x24,0xF9,0x7F,0x75,0xBB,0xD5,0x30,
140 0xC0,0x25,0x52,0xE2,0x13,0xF1,0x0B,0x4D,0x50,0xC4,0x46,0x57,0x6A,0x13,0x69,0xC9,
141 0x82,0x8A,0xA9,0x21,0x24,0xD5,0x92,0xA3,0x81,0xE9,0x30,0x81,0xE6,0x30,0x4E,0x06,
142 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x42,0x30,0x40,0x30,0x3E,0x06,
143 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x32,0x68,0x74,0x74,0x70,0x3A,
144 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x75,0x61,0x74,0x2E,0x63,0x6F,0x72,0x70,0x2E,
145 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30,0x34,
146 0x2D,0x74,0x65,0x73,0x74,0x61,0x73,0x69,0x63,0x61,0x65,0x63,0x63,0x30,0x1D,0x06,
147 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x73,0x0B,0x8A,0xF4,0xFA,0xA2,0xC9,0x6F,
148 0xAC,0x2E,0x9C,0xCC,0xE9,0xFE,0xBD,0xA6,0xE2,0xF0,0xC0,0xFF,0x30,0x0C,0x06,0x03,
149 0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,
150 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xA3,0x46,0x13,0xFE,0x94,0x7F,0xE0,0xA2,0x8F,
151 0x16,0xF0,0xF8,0x1E,0x9B,0x8B,0x14,0x84,0x70,0x59,0xF9,0x30,0x36,0x06,0x03,0x55,
152 0x1D,0x1F,0x04,0x2F,0x30,0x2D,0x30,0x2B,0xA0,0x29,0xA0,0x27,0x86,0x25,0x68,0x74,
153 0x74,0x70,0x3A,0x2F,0x2F,0x75,0x61,0x74,0x2D,0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,
154 0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x73,0x69,0x63,0x61,0x65,0x63,0x63,0x2E,
155 0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,
156 0x02,0x03,0x28,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,0x03,
157 0x47,0x00,0x30,0x44,0x02,0x20,0x60,0x56,0xC6,0x37,0xB9,0x8B,0x58,0x05,0xF0,0x89,
158 0x61,0x61,0xA4,0xB8,0x83,0x5F,0x9E,0xCF,0x6E,0x21,0x6E,0xEF,0xA1,0x89,0x5C,0xB5,
159 0x2E,0x6E,0xE1,0x10,0x46,0x4F,0x02,0x20,0x07,0x8D,0xA5,0xD0,0xC8,0x85,0x31,0xF0,
160 0x4B,0x2C,0xB5,0x1B,0x96,0xC4,0x5D,0x86,0x85,0xF8,0x1A,0x3A,0x37,0x6B,0xEC,0xD0,
161 0x7F,0x45,0x88,0x35,0xD0,0x75,0xDC,0xA2,
164 static const UInt8 kAppleSystemIntegrationCAG3Cert
[]={
165 0x30,0x82,0x02,0xEB,0x30,0x82,0x02,0x70,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x61,
166 0x5A,0xA1,0xA9,0x73,0x3C,0xEB,0x81,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
167 0x04,0x03,0x02,0x30,0x67,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x0C,0x12,
168 0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x2D,0x20,
169 0x47,0x33,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,
170 0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,
171 0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,
172 0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,
173 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,
174 0x31,0x34,0x30,0x35,0x30,0x36,0x32,0x33,0x34,0x35,0x31,0x30,0x5A,0x17,0x0D,0x32,
175 0x39,0x30,0x35,0x30,0x36,0x32,0x33,0x34,0x35,0x31,0x30,0x5A,0x30,0x75,0x31,0x29,
176 0x30,0x27,0x06,0x03,0x55,0x04,0x03,0x0C,0x20,0x41,0x70,0x70,0x6C,0x65,0x20,0x53,
177 0x79,0x73,0x74,0x65,0x6D,0x20,0x49,0x6E,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6F,
178 0x6E,0x20,0x43,0x41,0x20,0x2D,0x20,0x47,0x33,0x31,0x26,0x30,0x24,0x06,0x03,0x55,
179 0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,
180 0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,
181 0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,
182 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
183 0x02,0x55,0x53,0x30,0x59,0x30,0x13,0x06,0x07,0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,
184 0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xD1,0x57,
185 0x4C,0x8E,0x38,0xD5,0xF7,0x36,0x28,0x54,0x7D,0x16,0x1A,0xE4,0xF0,0x4F,0x1E,0xB2,
186 0xA8,0xC0,0x2F,0x1F,0xE2,0x26,0x69,0x76,0xDF,0x36,0xAB,0xDC,0xED,0xAF,0xA6,0x92,
187 0xF2,0x5A,0x4E,0xAF,0x29,0x84,0xAC,0xF1,0x86,0x15,0x04,0x43,0xFA,0x83,0x03,0x03,
188 0x58,0xF6,0x5E,0x8F,0xC2,0x22,0x29,0x28,0xF2,0x06,0x18,0x09,0x30,0x79,0xA3,0x81,
189 0xF7,0x30,0x81,0xF4,0x30,0x46,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
190 0x04,0x3A,0x30,0x38,0x30,0x36,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,
191 0x86,0x2A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x61,0x70,
192 0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30,0x34,0x2D,0x61,
193 0x70,0x70,0x6C,0x65,0x72,0x6F,0x6F,0x74,0x63,0x61,0x67,0x33,0x30,0x1D,0x06,0x03,
194 0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x26,0x5D,0xAF,0x92,0x3C,0x20,0x98,0x18,0x35,
195 0xBE,0x98,0x50,0xA6,0x01,0x5E,0xA7,0xE9,0x21,0x2D,0x79,0x30,0x0F,0x06,0x03,0x55,
196 0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1F,0x06,0x03,
197 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xBB,0xB0,0xDE,0xA1,0x58,0x33,0x88,
198 0x9A,0xA4,0x8A,0x99,0xDE,0xBE,0xBD,0xEB,0xAF,0xDA,0xCB,0x24,0xAB,0x30,0x37,0x06,
199 0x03,0x55,0x1D,0x1F,0x04,0x30,0x30,0x2E,0x30,0x2C,0xA0,0x2A,0xA0,0x28,0x86,0x26,
200 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,0x65,
201 0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x72,0x6F,0x6F,0x74,0x63,0x61,
202 0x67,0x33,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
203 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,
204 0x64,0x06,0x02,0x0D,0x04,0x02,0x05,0x00,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,
205 0x3D,0x04,0x03,0x02,0x03,0x69,0x00,0x30,0x66,0x02,0x31,0x00,0xD6,0xB2,0xC3,0xB3,
206 0x3D,0xE3,0x30,0xE4,0x7A,0x24,0x62,0x35,0xDA,0xF0,0xB9,0xDC,0x3B,0x66,0x94,0x40,
207 0xBA,0x8D,0x43,0xC4,0x2A,0xF5,0xE3,0xA1,0x4A,0x7C,0xD5,0x87,0x24,0xCC,0xEA,0x49,
208 0x0E,0xEE,0xAA,0xE4,0x72,0x0D,0x63,0x4F,0x03,0x07,0x6C,0x63,0x02,0x31,0x00,0xFF,
209 0xDF,0x24,0x7E,0xA8,0x28,0x02,0x55,0xBF,0xEB,0x8D,0x72,0x1D,0xC9,0x27,0x82,0xA1,
210 0x0D,0xB7,0xD5,0x0F,0xAA,0xF2,0xFF,0x49,0xFA,0x3F,0xA4,0xED,0x44,0xEE,0x53,0x76,
211 0x89,0x18,0x0A,0x64,0xC6,0x96,0x00,0x47,0x9D,0x40,0x04,0xEF,0x5A,0xAA,0x07,
214 static const UInt8 kProdSMPCert
[]={
215 0x30,0x82,0x02,0xC6,0x30,0x82,0x02,0x6D,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x52,
216 0x6F,0x62,0xEF,0x7A,0x0F,0x39,0x08,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,
217 0x04,0x03,0x02,0x30,0x75,0x31,0x29,0x30,0x27,0x06,0x03,0x55,0x04,0x03,0x0C,0x20,
218 0x41,0x70,0x70,0x6C,0x65,0x20,0x53,0x79,0x73,0x74,0x65,0x6D,0x20,0x49,0x6E,0x74,
219 0x65,0x67,0x72,0x61,0x74,0x69,0x6F,0x6E,0x20,0x43,0x41,0x20,0x2D,0x20,0x47,0x33,
220 0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x0C,0x1D,0x41,0x70,0x70,0x6C,0x65,
221 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
222 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
223 0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,
224 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x1E,0x17,0x0D,0x31,0x34,
225 0x30,0x35,0x30,0x38,0x30,0x31,0x32,0x31,0x31,0x34,0x5A,0x17,0x0D,0x31,0x36,0x30,
226 0x36,0x30,0x36,0x30,0x31,0x32,0x31,0x31,0x34,0x5A,0x30,0x6C,0x31,0x32,0x30,0x30,
227 0x06,0x03,0x55,0x04,0x03,0x0C,0x29,0x65,0x63,0x63,0x2D,0x63,0x72,0x79,0x70,0x74,
228 0x6F,0x2D,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2D,0x65,0x6E,0x63,0x69,0x70,
229 0x68,0x65,0x72,0x6D,0x65,0x6E,0x74,0x5F,0x55,0x43,0x35,0x2D,0x50,0x52,0x4F,0x44,
230 0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0B,0x0C,0x0B,0x69,0x4F,0x53,0x20,0x53,
231 0x79,0x73,0x74,0x65,0x6D,0x73,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,
232 0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,
233 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x59,0x30,0x13,0x06,0x07,0x2A,0x86,
234 0x48,0xCE,0x3D,0x02,0x01,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,0x03,
235 0x42,0x00,0x04,0xBC,0x09,0xB9,0xBA,0x02,0xDA,0x80,0x3F,0x60,0xCC,0xE0,0xEB,0xC6,
236 0x16,0x76,0xDE,0x7F,0x40,0x7A,0x52,0x34,0xB8,0x22,0x65,0xB8,0x7A,0x08,0x22,0xD1,
237 0x6F,0xF4,0x5A,0x0F,0x69,0xE2,0x31,0x7F,0x83,0x60,0x04,0x0A,0xBF,0x80,0xF7,0x8D,
238 0xEB,0x40,0x15,0x84,0xBE,0x65,0x70,0x41,0x22,0xEE,0x63,0x0B,0x04,0x5E,0xB3,0x4F,
239 0xD7,0x73,0x0E,0xA3,0x81,0xEF,0x30,0x81,0xEC,0x30,0x45,0x06,0x08,0x2B,0x06,0x01,
240 0x05,0x05,0x07,0x01,0x01,0x04,0x39,0x30,0x37,0x30,0x35,0x06,0x08,0x2B,0x06,0x01,
241 0x05,0x05,0x07,0x30,0x01,0x86,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,
242 0x73,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,
243 0x70,0x30,0x34,0x2D,0x61,0x70,0x70,0x6C,0x65,0x73,0x69,0x63,0x61,0x33,0x30,0x31,
244 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xD2,0xFD,0x1F,0xDD,0x61,
245 0xA8,0xE4,0x0E,0x78,0xBD,0xDB,0x60,0xB9,0xCC,0x7A,0x3F,0x46,0x8B,0xF5,0xA4,0x30,
246 0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,
247 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x26,0x5D,0xAF,0x92,0x3C,0x20,
248 0x98,0x18,0x35,0xBE,0x98,0x50,0xA6,0x01,0x5E,0xA7,0xE9,0x21,0x2D,0x79,0x30,0x34,
249 0x06,0x03,0x55,0x1D,0x1F,0x04,0x2D,0x30,0x2B,0x30,0x29,0xA0,0x27,0xA0,0x25,0x86,
250 0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x61,0x70,0x70,0x6C,
251 0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x73,0x69,0x63,0x61,0x33,
252 0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,
253 0x03,0x02,0x03,0x28,0x30,0x0F,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,
254 0x1E,0x04,0x02,0x05,0x00,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,
255 0x02,0x03,0x47,0x00,0x30,0x44,0x02,0x20,0x33,0x1F,0xB7,0xC0,0x93,0x22,0x9C,0x71,
256 0xD8,0x62,0xF1,0x7B,0x72,0xDC,0x97,0x63,0xDF,0xD1,0x3B,0xBF,0xD7,0x8C,0xB0,0xE7,
257 0xE0,0xC1,0x6B,0x26,0x6A,0xC4,0xF0,0x14,0x02,0x20,0x20,0xD7,0xD7,0xD1,0x7B,0xAD,
258 0x90,0x83,0x23,0xEA,0x34,0x1E,0x0C,0x8F,0x90,0xAB,0x97,0xB1,0x2D,0x06,0xE3,0x30,
259 0x56,0x29,0x20,0x94,0x74,0x36,0xFD,0x1B,0x9C,0xD5,
262 static void test_smp_cert_policy()
265 CFArrayRef policies
=NULL
;
266 SecPolicyRef policy
=NULL
;
267 SecTrustRef trust
=NULL
;
268 SecCertificateRef testCert0
=NULL
, testCert1
=NULL
, testRoot
=NULL
;
269 SecCertificateRef prodCert0
=NULL
, prodCert1
=NULL
;
270 CFMutableArrayRef testCerts
=NULL
, prodCerts
=NULL
;
271 SecTrustResultType trustResult
;
275 isnt(testCert0
= SecCertificateCreateWithBytes(NULL
, kTestSMPCert
, sizeof(kTestSMPCert
)),
276 NULL
, "create testCert0");
277 isnt(testCert1
= SecCertificateCreateWithBytes(NULL
, kTestAppleSystemIntegrationCAECCCert
, sizeof(kTestAppleSystemIntegrationCAECCCert
)),
278 NULL
, "create testCert1");
279 isnt(testRoot
= SecCertificateCreateWithBytes(NULL
, kTestAppleRootCAECCCert
, sizeof(kTestAppleRootCAECCCert
)),
280 NULL
, "create testRoot");
282 isnt(testCerts
= CFArrayCreateMutable(kCFAllocatorDefault
, 0, &kCFTypeArrayCallBacks
), NULL
, "create test cert array");
283 CFArrayAppendValue(testCerts
, testCert0
);
284 CFArrayAppendValue(testCerts
, testCert1
);
286 /* Production hierarchy */
287 isnt(prodCert0
= SecCertificateCreateWithBytes(NULL
, kProdSMPCert
, sizeof(kProdSMPCert
)),
288 NULL
, "create prodCert0");
289 isnt(prodCert1
= SecCertificateCreateWithBytes(NULL
, kAppleSystemIntegrationCAG3Cert
, sizeof(kAppleSystemIntegrationCAG3Cert
)),
290 NULL
, "create prodCert1");
292 isnt(prodCerts
= CFArrayCreateMutable(kCFAllocatorDefault
, 0, &kCFTypeArrayCallBacks
), NULL
, "create prod cert array");
293 CFArrayAppendValue(prodCerts
, prodCert0
);
294 CFArrayAppendValue(prodCerts
, prodCert1
);
297 /* Case 1: production policy with production certs (should succeed) */
298 isnt(policy
= SecPolicyCreateAppleSMPEncryption(), NULL
, "create policy");
299 policies
= CFArrayCreate(NULL
, (const void **)&policy
, 1, &kCFTypeArrayCallBacks
);
302 ok_status(SecTrustCreateWithCertificates(prodCerts
, policies
, &trust
),
306 isnt(date
= CFDateCreateForGregorianZuluMoment(NULL
, 2014, 4, 11, 12, 0, 0),
307 NULL
, "create verify date");
308 //%%% policy currently doesn't care about expiration dates
309 //ok_status(SecTrustSetVerifyDate(trust, date), "set date");
312 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
313 ok(trustResult
== kSecTrustResultUnspecified
, "trustResult 4 expected (got %d)",
315 chainLen
= SecTrustGetCertificateCount(trust
);
316 ok(chainLen
== 3, "chain length 3 expected (got %d)", (int)chainLen
);
320 /* Case 2: test policy with test certs (should succeed) */
321 isnt(policy
= SecPolicyCreateTestAppleSMPEncryption(), NULL
, "create policy");
322 policies
= CFArrayCreate(NULL
, (const void **)&policy
, 1, &kCFTypeArrayCallBacks
);
325 ok_status(SecTrustCreateWithCertificates(testCerts
, policies
, &trust
),
329 isnt(date
= CFDateCreateForGregorianZuluMoment(NULL
, 2014, 4, 11, 12, 0, 0),
330 NULL
, "create verify date");
331 //%%% policy currently doesn't care about expiration dates
332 //ok_status(SecTrustSetVerifyDate(trust, date), "set date");
336 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
337 ok(trustResult
== kSecTrustResultUnspecified
, "trustResult 4 expected (got %d)",
339 chainLen
= SecTrustGetCertificateCount(trust
);
340 ok(chainLen
== 3, "chain length 3 expected (got %d)", (int)chainLen
);
344 /* Case 3: production policy with test certs (should fail) */
345 isnt(policy
= SecPolicyCreateAppleSMPEncryption(), NULL
, "create policy");
346 policies
= CFArrayCreate(NULL
, (const void **)&policy
, 1, &kCFTypeArrayCallBacks
);
349 ok_status(SecTrustCreateWithCertificates(testCerts
, policies
, &trust
),
353 isnt(date
= CFDateCreateForGregorianZuluMoment(NULL
, 2014, 4, 11, 12, 0, 0),
354 NULL
, "create verify date");
355 //%%% policy currently doesn't care about expiration dates
356 //ok_status(SecTrustSetVerifyDate(trust, date), "set date");
359 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
360 ok(trustResult
== kSecTrustResultRecoverableTrustFailure
, "trustResult 5 expected (got %d)",
365 /* Case 4: test policy with production certs (should fail) */
366 isnt(policy
= SecPolicyCreateTestAppleSMPEncryption(), NULL
, "create policy");
367 policies
= CFArrayCreate(NULL
, (const void **)&policy
, 1, &kCFTypeArrayCallBacks
);
370 ok_status(SecTrustCreateWithCertificates(prodCerts
, policies
, &trust
),
374 isnt(date
= CFDateCreateForGregorianZuluMoment(NULL
, 2014, 4, 11, 12, 0, 0),
375 NULL
, "create verify date");
376 //%%% policy currently doesn't care about expiration dates
377 //ok_status(SecTrustSetVerifyDate(trust, date), "set date");
380 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
381 ok(trustResult
== kSecTrustResultRecoverableTrustFailure
, "trustResult 5 expected (got %d)",
386 CFReleaseSafe(testCert0
);
387 CFReleaseSafe(testCert1
);
388 CFReleaseSafe(testRoot
);
389 CFReleaseSafe(prodCert0
);
390 CFReleaseSafe(prodCert1
);
392 CFReleaseSafe(testCerts
);
393 CFReleaseSafe(prodCerts
);
396 static void tests(void)
398 test_smp_cert_policy();
401 int si_79_smp_cert_policy(int argc
, char *const *argv
)