]> git.saurik.com Git - apple/security.git/blobdiff - SecurityTests/clxutils/threadTest/secTrustEval.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / threadTest / secTrustEval.cpp
diff --git a/SecurityTests/clxutils/threadTest/secTrustEval.cpp b/SecurityTests/clxutils/threadTest/secTrustEval.cpp
new file mode 100644 (file)
index 0000000..80939f7
--- /dev/null
+++ b/SecurityTests/clxutils/threadTest/secTrustEval.cpp
@@ -0,0 +1,135 @@
+/*
+ * secTrustEval.cpp
+ *
+ * doSet up SecTrust object, do a SecTrustEvaluate, release.
+ */
+#include "testParams.h"
+#include <Security/cssm.h>
+#include <utilLib/common.h>    
+#include <utilLib/cspwrap.h>
+#include <clAppUtils/clutils.h>
+#include <clAppUtils/tpUtils.h>
+#include <security_cdsa_utils/cuFileIo.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <Security/Security.h>
+
+#define HOLD_SEARCH_LIST       0
+
+/* for malloc debug */
+#define DO_PAUSE                       0
+
+//static const char *CERT_FILE = "amazon_v3.100.cer";
+static const char *CERT_FILE = "cduniverse_v3.100.cer";
+
+/* common data, our known good cert, shared by all threads */
+static unsigned char *certData = NULL;
+static unsigned certLength = 0;
+
+/* read in our known good cert file, just once */
+int secTrustEvalInit(TestParams *testParams)
+{
+       if(certData != NULL) {
+               return 0;
+       }
+       if(testParams->verbose) {
+               printf("secTrusEval thread %d: reading cert file %s...\n", 
+                       testParams->threadNum, CERT_FILE);
+       }
+       if(readFile(CERT_FILE, &certData, &certLength)) {
+               printf("Error reading %s; aborting\n", CERT_FILE);
+               printf("***This test must be run from the clxutils/threadTest directory.\n");
+               return 1;
+       }
+       return 0;
+}
+
+
+int secTrustEval(TestParams *testParams)
+{
+       unsigned                        loopNum;
+       SecCertificateRef       certRef;
+       const CSSM_DATA         cdata = {certLength, (uint8 *)certData};
+       
+       OSStatus ortn = SecCertificateCreateFromData(&cdata,
+               CSSM_CERT_X_509v3,
+               CSSM_CERT_ENCODING_DER, 
+               &certRef);
+       if(ortn) {
+               cssmPerror("SecCertificateCreateFromData", ortn);
+               return (int)ortn;
+       }
+       
+       #if HOLD_SEARCH_LIST
+       CFArrayRef sl;
+       ortn = SecKeychainCopySearchList(&sl);
+       if(ortn) {
+               cssmPerror("SecPolicySearchCreate", ortn);
+               return (int)ortn;
+       }
+       #endif
+       
+       for(loopNum=0; loopNum<testParams->numLoops; loopNum++) {
+               if(testParams->verbose) {
+                       printf("secTrustEval loop %d\n", loopNum);
+               }
+               else if(!testParams->quiet) {
+                       printChar(testParams->progressChar);
+               }
+               
+               /* from here on emulate exactly what SecureTransport does */
+               CFMutableArrayRef certs;
+               certs = CFArrayCreateMutable(NULL, 1, &kCFTypeArrayCallBacks);
+               CFArrayInsertValueAtIndex(certs, 0, certRef);
+       
+               SecPolicyRef            policy = NULL;
+               SecPolicySearchRef      policySearch = NULL;
+       
+               OSStatus ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3,
+                       &CSSMOID_APPLE_TP_SSL,
+                       NULL,                           // policy opts
+                       &policySearch);
+               if(ortn) {
+                       cssmPerror("SecPolicySearchCreate", ortn);
+                       return (int)ortn;
+               }
+               
+               ortn = SecPolicySearchCopyNext(policySearch, &policy);
+               if(ortn) {
+                       cssmPerror("SecPolicySearchCopyNext", ortn);
+                       return (int)ortn;
+               }
+               CFRelease(policySearch);
+               
+               SecTrustRef secTrust;
+               ortn = SecTrustCreateWithCertificates(certs, policy, &secTrust);
+               if(ortn) {
+                       cssmPerror("SecTrustCreateWithCertificates", ortn);
+                       return (int)ortn;
+               }
+               /* no action data for now */
+       
+               SecTrustResultType secTrustResult;
+               ortn = SecTrustEvaluate(secTrust, &secTrustResult);
+               if(ortn) {
+                       cssmPerror("SecTrustEvaluate", ortn);
+                       return (int)ortn;
+               }
+               
+               CFRelease(certs);
+               CFRelease(secTrust);
+               CFRelease(policy);
+
+               #if     DO_PAUSE
+               fpurge(stdin);
+               printf("Hit CR to continue: ");
+               getchar();
+               #endif
+       }       /* outer loop */
+       #if HOLD_SEARCH_LIST
+       CFRelease(sl);
+       #endif
+       return 0;
+}
mirror of Security