Security-59306.101.1.tar.gz

[apple/security.git] / sslViewer / sslAppUtils.cpp
diff --git a/sslViewer/sslAppUtils.cpp b/sslViewer/sslAppUtils.cpp

index bab015c0683c242ebb8bbf05519dd52ba21c181a..fae362bafdff028d1ec2346d44f69ac4387fd7ee 100644 (file)
--- a/sslViewer/sslAppUtils.cpp
+++ b/sslViewer/sslAppUtils.cpp
@@ -171,7 +171,9 @@ const char *sslGetCipherSuiteString(SSLCipherSuite cs)
  const char *sslGetProtocolVersionString(SSLProtocol prot)
  {
         static char noProt[20];
  const char *sslGetProtocolVersionString(SSLProtocol prot)
  {
         static char noProt[20];
-       
+    
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
         switch(prot) {
                 case kSSLProtocolUnknown:
                         return "kSSLProtocolUnknown";
         switch(prot) {
                 case kSSLProtocolUnknown:
                         return "kSSLProtocolUnknown";
@@ -193,6 +195,7 @@ const char *sslGetProtocolVersionString(SSLProtocol prot)
                         sprintf(noProt, "Unknown (%d)", (unsigned)prot);
                         return noProt;  
         }
                         sprintf(noProt, "Unknown (%d)", (unsigned)prot);
                         return noProt;  
         }
+#pragma clang diagnostic pop
  }
  
  /* 
  }
  
  /* 
@@ -295,7 +298,7 @@ const char *sslGetSSLErrString(OSStatus err)
                 case errSSLPeerInternalError:
                         return "errSSLPeerInternalError";
                 case errSSLPeerUserCancelled:
                 case errSSLPeerInternalError:
                         return "errSSLPeerInternalError";
                 case errSSLPeerUserCancelled:
-                       return "errSSLPeerUserCancelled";
+                       return "errSSLPeerUserCanceled";
                 case errSSLPeerNoRenegotiation:
                         return "errSSLPeerNoRenegotiation";
                 case errSSLHostNameMismatch:
                 case errSSLPeerNoRenegotiation:
                         return "errSSLPeerNoRenegotiation";
                 case errSSLHostNameMismatch:
@@ -351,6 +354,8 @@ const char *sslGetClientCertStateString(SSLClientCertificateState state)
  {
         static char noState[20];
         
  {
         static char noState[20];
         
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
         switch(state) {
                 case kSSLClientCertNone:
                         return "ClientCertNone";
         switch(state) {
                 case kSSLClientCertNone:
                         return "ClientCertNone";
@@ -364,7 +369,7 @@ const char *sslGetClientCertStateString(SSLClientCertificateState state)
                         sprintf(noState, "Unknown (%d)", (unsigned)state);
                         return noState; 
         }
                         sprintf(noState, "Unknown (%d)", (unsigned)state);
                         return noState; 
         }
-
+#pragma clang diagnostic pop
  }
  
  /*
  }
  
  /*
@@ -447,11 +452,11 @@ CFArrayRef getSslCerts(
         CFArrayAppendValue(certificates, cert);
         require_noerr(SecTrustCreateWithCertificates(certificates, NULL, &trust),
                 errOut);
         CFArrayAppendValue(certificates, cert);
         require_noerr(SecTrustCreateWithCertificates(certificates, NULL, &trust),
                 errOut);
-       SecTrustResultType tresult;
-       require_noerr(SecTrustEvaluate(trust, &tresult), errOut);
  
         CFIndex certCount, ix;
         // We need at least 1 certificate
  
         CFIndex certCount, ix;
         // We need at least 1 certificate
+    // SecTrustGetCertificateCount implicitly does a trust evaluation to determine
+    // the number of certs in the chain.
         require(certCount = SecTrustGetCertificateCount(trust), errOut);
  
         // Build a result where element 0 is the identity and the other elements
         require(certCount = SecTrustGetCertificateCount(trust), errOut);
  
         // Build a result where element 0 is the identity and the other elements
@@ -795,6 +800,9 @@ CFArrayRef sslKcRefToCertArray(
  }
  #endif
  
  }
  #endif
  
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
  OSStatus addTrustedSecCert(
         SSLContextRef           ctx,
         SecCertificateRef       secCert, 
  OSStatus addTrustedSecCert(
         SSLContextRef           ctx,
         SecCertificateRef       secCert, 
@@ -821,6 +829,8 @@ OSStatus addTrustedSecCert(
         return ortn;
  }
  
         return ortn;
  }
  
+#pragma clang diagnostic pop
+
  OSStatus sslAddTrustedRoot(
         SSLContextRef   ctx,
         const char              *anchorFile, 
  OSStatus sslAddTrustedRoot(
         SSLContextRef   ctx,
         const char              *anchorFile, 
@@ -1048,6 +1058,8 @@ OSStatus sslSetEnabledCiphers(
         unsigned inDex = 0;                     // index into ciphers
         
         /* first get all the supported ciphers */
         unsigned inDex = 0;                     // index into ciphers
         
         /* first get all the supported ciphers */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
         ortn = SSLGetNumberSupportedCiphers(ctx, &numSupported);
         if(ortn) {
                 printSslErrStr("SSLGetNumberSupportedCiphers", ortn);
         ortn = SSLGetNumberSupportedCiphers(ctx, &numSupported);
         if(ortn) {
                 printSslErrStr("SSLGetNumberSupportedCiphers", ortn);
@@ -1085,6 +1097,7 @@ OSStatus sslSetEnabledCiphers(
         if(ortn) {
                 printSslErrStr("SSLSetEnabledCiphers", ortn);
         }
         if(ortn) {
                 printSslErrStr("SSLSetEnabledCiphers", ortn);
         }
+#pragma clang diagnostic pop
         free(enabled);
         free(supported);
         return ortn;
         free(enabled);
         free(supported);
         return ortn;
@@ -1561,3 +1574,44 @@ extern const char *sslCurveString(
                         return unk;
         }
  }
                         return unk;
         }
  }
+
+
+
+
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecKey.h>
+
+SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len)
+{
+    SecKeyRef privKey;
+    CFErrorRef error = NULL;
+    CFDataRef keyData = CFDataCreate(kCFAllocatorDefault, pkey_der, pkey_der_len);
+    CFMutableDictionaryRef parameters = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
+    CFDictionarySetValue(parameters, kSecAttrKeyType, ecdsa?kSecAttrKeyTypeECSECPrimeRandom:kSecAttrKeyTypeRSA);
+    CFDictionarySetValue(parameters, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
+    privKey = SecKeyCreateWithData(keyData, parameters, &error);
+    CFReleaseNull(keyData);
+    CFReleaseNull(parameters);
+    CFReleaseNull(error);
+    return privKey;
+}
+
+CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
+{
+    SecKeyRef pkey = NULL;
+    SecCertificateRef cert = NULL;
+    SecIdentityRef ident = NULL;
+    CFArrayRef items = NULL;
+
+    require(pkey = create_private_key_from_der(ecdsa, pkey_der, pkey_der_len), errOut);
+    require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
+    require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
+    require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
+
+errOut:
+    CFReleaseSafe(pkey);
+    CFReleaseSafe(cert);
+    CFReleaseSafe(ident);
+    return items;
+}
+