]> git.saurik.com Git - apple/security.git/blob - tests/TrustTests/EvaluationTests/PathParseTests.m
Security-59306.140.5.tar.gz
[apple/security.git] / tests / TrustTests / EvaluationTests / PathParseTests.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 */
24
25 #include <AssertMacros.h>
26 #import <XCTest/XCTest.h>
27 #include <Security/SecCertificatePriv.h>
28 #include <utilities/SecCFRelease.h>
29 #include "../TestMacroConversions.h"
30
31 #include "TrustEvaluationTestCase.h"
32 #include "PathParseTests_data.h"
33
34 const NSString *kSecTestPathFailureResources = @"si-18-certificate-parse/PathFailureCerts";
35
36 @interface PathParseTests : TrustEvaluationTestCase
37
38 @end
39
40 @implementation PathParseTests
41
42 - (void)testPathParseFailure {
43 NSArray <NSURL *>* certURLs = nil;
44 SecCertificateRef root = nil;
45
46 NSURL *rootURL = [[NSBundle bundleForClass:[self class]]URLForResource:@"root" withExtension:@".cer" subdirectory:@"si-18-certificate-parse"];
47 XCTAssert(root = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)[NSData dataWithContentsOfURL:rootURL]), "Unable to create root cert");
48 certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestPathFailureResources];
49 XCTAssertTrue([certURLs count] > 0, "Unable to find parse test failure certs in bundle.");
50
51 if (root && [certURLs count] > 0) {
52 [certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
53 NSData *certData = [NSData dataWithContentsOfURL:url];
54 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
55 SecTrustRef trust = NULL;
56 SecPolicyRef policy = SecPolicyCreateBasicX509();
57
58 require_noerr_action(SecTrustCreateWithCertificates(cert, policy, &trust), blockOut,
59 fail("Unable to create trust with certificate: %@", url));
60 require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)[NSArray arrayWithObject:(__bridge id)root]),
61 blockOut, fail("Unable to set trust in root cert: %@", url));
62 require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)[NSDate dateWithTimeIntervalSinceReferenceDate:507200000.0]),
63 blockOut, fail("Unable to set verify date: %@", url));
64 XCTAssertFalse(SecTrustEvaluateWithError(trust, NULL), "Got wrong trust result for %@", url);
65
66 require_action(cert, blockOut,
67 fail("Failed to parse cert with SPKI error: %@", url));
68
69 blockOut:
70 CFReleaseNull(cert);
71 CFReleaseNull(trust);
72 CFReleaseNull(policy);
73 }];
74 }
75 }
76
77 - (void)testUnparseableExtensions {
78 SecCertificateRef leaf = SecCertificateCreateWithBytes(NULL, _bad_extension_leaf, sizeof(_bad_extension_leaf));
79 SecCertificateRef root = NULL;
80 SecTrustRef trust = NULL;
81 SecPolicyRef policy = SecPolicyCreateBasicX509();
82 CFErrorRef error = NULL;
83
84 NSURL *rootURL = [[NSBundle bundleForClass:[self class]]URLForResource:@"root" withExtension:@".cer" subdirectory:@"si-18-certificate-parse"];
85 XCTAssert(root = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)[NSData dataWithContentsOfURL:rootURL]), "Unable to create root cert");
86 NSArray *anchors = @[(__bridge id)root];
87
88 require_noerr_action(SecTrustCreateWithCertificates(leaf, policy, &trust), errOut,
89 fail("Unable to create trust with certificate with unparseable extension"));
90 require_noerr_action(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors),
91 errOut, fail("Unable to set trust anchors"));
92 require_noerr_action(SecTrustSetVerifyDate(trust, (__bridge CFDateRef)[NSDate dateWithTimeIntervalSinceReferenceDate:507200000.0]),
93 errOut, fail("Unable to set verify date"));
94 XCTAssertFalse(SecTrustEvaluateWithError(trust, &error), "Got wrong trust result cert");
95 XCTAssert(error != NULL);
96 XCTAssert(CFErrorGetCode(error) == errSecUnknownCertExtension);
97
98 errOut:
99 CFReleaseNull(leaf);
100 CFReleaseNull(policy);
101 CFReleaseNull(trust);
102 CFReleaseNull(error);
103 }
104
105 @end