]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/secitem/si-91-sectrust-ast2.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.40.85.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-91-sectrust-ast2.c
1 /*
2 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #include <CoreFoundation/CoreFoundation.h>
25 #include <Security/Security.h>
26 #include <Security/SecCertificatePriv.h>
27 #include <Security/SecPolicyPriv.h>
28
29 #include "utilities/SecCFRelease.h"
30 #include "utilities/SecCFWrappers.h"
31
32 #include "Security_regressions.h"
33
34
35 #include "si-91-sectrust-ast2.h"
36
37 static void tests(void)
38 {
39 SecTrustRef trust = NULL;
40 SecPolicyRef policy = NULL;
41 SecCertificateRef cert0 = NULL, cert1 = NULL, rootcert = NULL;
42 SecTrustResultType trustResult;
43 CFDictionaryRef allowTestRoot = NULL;
44
45 isnt(cert0 = SecCertificateCreateWithBytes(NULL, _ast2TestLeaf, sizeof(_ast2TestLeaf)), NULL, "create cert0");
46 isnt(cert1 = SecCertificateCreateWithBytes(NULL, _AppleTestServerAuthCA, sizeof(_AppleTestServerAuthCA)), NULL, "create cert1");
47 isnt(rootcert = SecCertificateCreateWithBytes(NULL, _AppleTestRoot, sizeof(_AppleTestRoot)), NULL, "create root cert");
48
49 const void *v_certs[] = { cert0, cert1 };
50 CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
51 CFArrayRef anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);
52
53 /* Set explicit verify date: 15 Dec 2015 */
54 CFDateRef date = NULL;
55 isnt(date = CFDateCreate(NULL, 471907305.0), NULL, "Create verify date");
56
57 /* Evaluate test certs with production policy. Should fail. */
58 isnt(policy = SecPolicyCreateAppleAST2Service(CFSTR("ast2.test.domain.here"), NULL), NULL, "create prod policy");
59
60 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
61 ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
62 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
63
64 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
65 is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");
66
67 CFReleaseSafe(trust);
68 CFReleaseSafe(policy);
69
70 /* Evaluate test certs with test root allowed */
71 CFStringRef key = CFSTR("AppleServerAuthenticationAllowUATAST2");
72 isnt(allowTestRoot = CFDictionaryCreate(NULL, (const void **)&key, (const void **)&kCFBooleanTrue, 1,
73 &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks),
74 NULL, "create context dictionary");
75 isnt(policy = SecPolicyCreateAppleAST2Service(CFSTR("ast2.test.domain.here"), allowTestRoot), NULL, "create test policy");
76
77 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
78 ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
79 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
80
81 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
82 is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
83 is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
84
85 CFReleaseSafe(date);
86 CFReleaseSafe(trust);
87 CFReleaseSafe(policy);
88 CFReleaseSafe(certs);
89 CFReleaseSafe(cert0);
90 CFReleaseSafe(cert1);
91 CFReleaseSafe(anchor_certs);
92 CFReleaseSafe(rootcert);
93 CFReleaseSafe(key);
94
95 }
96
97
98 int si_91_sectrust_ast2(int argc, char *const *argv)
99 {
100 plan_tests(18);
101
102 tests();
103
104 return 0;
105 }
mirror of Security