OSX/sec/Security/Regressions/secitem/si-86-sectrust-eap-tls.c

   1 /*
   2  * Copyright (c) 2015 Apple Inc. All Rights Reserved.
   3  */
   4
   5 #include <Security/SecPolicyPriv.h>
   6 #include <Security/SecInternal.h>
   7 #include <Security/SecTrust.h>
   8 #include <Security/SecTrustPriv.h>
   9 #include <Security/SecCertificatePriv.h>
  10
  11 #include "Security_regressions.h"
  12
  13 #include "si-86-sectrust-eap-tls.h"
  14
  15
  16 static void tests(void)
  17 {
  18         SecTrustRef trust = NULL;
  19         SecPolicyRef policy = NULL;
  20         SecCertificateRef leaf, root;
  21         SecTrustResultType trustResult;
  22
  23         isnt(leaf = SecCertificateCreateWithBytes(NULL, _TestLeafCertificate, sizeof(_TestLeafCertificate)), NULL, "create leaf");
  24         isnt(root = SecCertificateCreateWithBytes(NULL, _TestRootCertificate, sizeof(_TestRootCertificate)), NULL, "create root");
  25
  26         const void *v_certs[] = { leaf };
  27         const void *v_roots[] = { root };
  28         CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
  29         CFArrayRef roots = CFArrayCreate(NULL, v_roots, sizeof(v_roots)/sizeof(*v_roots), &kCFTypeArrayCallBacks);
  30
  31         /* Create EAP policy with specific hostname. */
  32         CFStringRef host = CFSTR("test.apple.com");
  33         const void *v_names[] = { host };
  34         CFArrayRef names = CFArrayCreate(NULL, v_names, sizeof(v_names)/sizeof(*v_names), &kCFTypeArrayCallBacks);
  35         isnt(policy = SecPolicyCreateEAP(true, names), NULL, "create policy");
  36
  37         /* Create trust reference. */
  38         ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
  39
  40         /* Set explicit verify date: Sep 1 2015. */
  41         CFDateRef date = NULL;
  42         isnt(date = CFDateCreate(NULL, 462823871.0), NULL, "Create verify date");
  43         ok_status(SecTrustSetVerifyDate(trust, date), "set date");
  44
  45         /* Provide root certificate. */
  46         ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
  47
  48         ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
  49         is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");
  50         is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
  51
  52         CFReleaseSafe(date);
  53         CFReleaseSafe(trust);
  54         CFReleaseSafe(policy);
  55         CFReleaseSafe(certs);
  56         CFReleaseSafe(roots);
  57         CFReleaseSafe(names);
  58         CFReleaseSafe(root);
  59         CFReleaseSafe(leaf);
  60 }
  61
  62 int si_86_sectrust_eap_tls(int argc, char *const *argv)
  63 {
  64     plan_tests(10);
  65
  66     tests();
  67
  68     return 0;
  69 }