2 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
24 #include <CoreFoundation/CoreFoundation.h>
25 #include <Security/Security.h>
26 #include <Security/SecCertificatePriv.h>
27 #include <Security/SecPolicyPriv.h>
29 #include "utilities/SecCFRelease.h"
30 #include "utilities/SecCFWrappers.h"
32 #include "Security_regressions.h"
35 #include "si-88-sectrust-vpnprofile.h"
37 static void tests(void)
39 SecTrustRef trust
= NULL
;
40 SecPolicyRef policy
= NULL
;
41 SecCertificateRef cert0
, cert1
, cert2
, cert3
, rootcert
;
42 SecTrustResultType trustResult
;
44 //Evaluation should succeed for cert0 and cert1
46 isnt(cert0
= SecCertificateCreateWithBytes(NULL
, c0
, sizeof(c0
)), NULL
, "create cert0");
47 isnt(cert1
= SecCertificateCreateWithBytes(NULL
, c1
, sizeof(c1
)), NULL
, "create cert1");
48 isnt(rootcert
= SecCertificateCreateWithBytes(NULL
, root
, sizeof(root
)), NULL
, "create root cert");
50 const void *v_certs
[] = { cert0
, cert1
};
51 CFArrayRef certs
= CFArrayCreate(NULL
, v_certs
, sizeof(v_certs
)/sizeof(*v_certs
), &kCFTypeArrayCallBacks
);
52 CFArrayRef anchor_certs
= CFArrayCreate(NULL
, (const void**)&rootcert
, 1, &kCFTypeArrayCallBacks
);
54 /* Set explicit verify date: 15 Dec 2015 */
55 CFDateRef date
= NULL
;
56 isnt(date
= CFDateCreate(NULL
, 471907305.0), NULL
, "Create verify date");
58 /* Create AppleTV VPN profile signing policy instance. */
59 isnt(policy
= SecPolicyCreateAppleATVVPNProfileSigning(), NULL
, "create policy");
61 /* Create trust reference. */
62 ok_status(SecTrustCreateWithCertificates(certs
, policy
, &trust
), "create trust");
63 ok_status(SecTrustSetAnchorCertificates(trust
, anchor_certs
), "set anchor");
64 ok_status(SecTrustSetVerifyDate(trust
, date
), "set date");
66 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
67 is_status(trustResult
, kSecTrustResultUnspecified
, "trustResult is kSecTrustResultUnspecified");
68 is(SecTrustGetCertificateCount(trust
), 3, "cert count is 3");
72 CFReleaseSafe(policy
);
77 //Evaluation should fail for cert2 and cert3 (wrong OID, not Apple anchor)
79 isnt(cert2
= SecCertificateCreateWithBytes(NULL
, c2
, sizeof(c2
)), NULL
, "create cert2");
80 isnt(cert3
= SecCertificateCreateWithBytes(NULL
, c3
, sizeof(c3
)), NULL
, "create cert3");
82 const void *v_certs2
[] = { cert2
, cert3
};
83 certs
= CFArrayCreate(NULL
, v_certs2
, sizeof(v_certs2
)/sizeof(*v_certs2
), &kCFTypeArrayCallBacks
);
85 isnt(policy
= SecPolicyCreateAppleATVVPNProfileSigning(), NULL
, "create policy");
86 ok_status(SecTrustCreateWithCertificates(certs
, policy
, &trust
), "create trust");
87 ok_status(SecTrustSetVerifyDate(trust
, date
), "set date");
89 ok_status(SecTrustEvaluate(trust
, &trustResult
), "evaluate trust");
90 is_status(trustResult
, kSecTrustResultRecoverableTrustFailure
, "trustResult is kSecTrustResultRecoverableTrustFailure");
93 CFReleaseSafe(policy
);
97 CFReleaseSafe(anchor_certs
);
98 CFReleaseSafe(rootcert
);
104 int si_88_sectrust_vpnprofile(int argc
, char *const *argv
);
106 int si_88_sectrust_vpnprofile(int argc
, char *const *argv
)
projects / apple / security.git / blob