OSX/sec/Security/Regressions/secitem/si-25-cms-skid.m

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include "shared_regressions.h"
  25
  26 #import <AssertMacros.h>
  27 #import <Foundation/Foundation.h>
  28
  29 #import <Security/SecCMS.h>
  30 #import <Security/SecTrust.h>
  31 #import <Security/SecTrustPriv.h>
  32 #include <utilities/SecCFRelease.h>
  33
  34 #import "si-25-cms-skid.h"
  35
  36 static void test_cms_verification(void)
  37 {
  38     NSData *content = [NSData dataWithBytes:_content length:sizeof(_content)];
  39     NSData *signedData = [NSData dataWithBytes:_signedData length:sizeof(_signedData)];
  40
  41     SecPolicyRef policy = SecPolicyCreateBasicX509();
  42     SecTrustRef trust = NULL;
  43     CFArrayRef certificates = NULL;
  44
  45     ok_status(SecCMSVerify((__bridge CFDataRef)signedData, (__bridge CFDataRef)content, policy, &trust, NULL), "verify CMS message");
  46
  47     /* verify that CMS stack found the certs in the CMS (using the SKID) and stuck them in the trust ref */
  48     ok_status(SecTrustCopyInputCertificates(trust, &certificates), "copy input certificates");
  49 #if TARGET_OS_OSX
  50     // macOS implementation of CMS puts the leaf first and then adds all certs (so the signer cert is included twice)
  51     is(CFArrayGetCount(certificates), 4, "4 certs in the cms");
  52 #else
  53     // embedded implementation of CMS just orders the certs so the signer cert is first
  54     is(CFArrayGetCount(certificates), 3, "3 certs in the cms");
  55 #endif
  56
  57     CFReleaseNull(policy);
  58     CFReleaseNull(trust);
  59     CFReleaseNull(certificates);
  60 }
  61
  62 int si_25_cms_skid(int argc, char *const *argv)
  63 {
  64     plan_tests(3);
  65
  66     test_cms_verification();
  67
  68     return 0;
  69 }