+++ /dev/null
-/*
- * clTool.cpp - menu-driven CL exerciser
- */
-
-#include <security_cdsa_utils/cuPrintCert.h>
-#include <security_cdsa_utils/cuOidParser.h>
-#include <security_cdsa_utils/cuFileIo.h>
-#include <clAppUtils/clutils.h>
-#include <utilLib/common.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <Security/cssmtype.h>
-#include <Security/cssmapi.h>
-#include <Security/oidscert.h>
-
-/*
- * A list of OIDs we inquire about.
- */
-static const CSSM_OID *knownOids[] =
-{
- &CSSMOID_X509V1Version, // not always present
- &CSSMOID_X509V1SerialNumber,
- &CSSMOID_X509V1IssuerNameCStruct,
- &CSSMOID_X509V1SubjectNameCStruct,
- &CSSMOID_CSSMKeyStruct,
- &CSSMOID_X509V1SubjectPublicKeyCStruct,
- &CSSMOID_X509V1ValidityNotBefore,
- &CSSMOID_X509V1ValidityNotAfter,
- &CSSMOID_X509V1SignatureAlgorithmTBS,
- &CSSMOID_X509V1SignatureAlgorithm,
- &CSSMOID_X509V1Signature,
- &CSSMOID_X509V3CertificateExtensionCStruct,
- &CSSMOID_KeyUsage,
- &CSSMOID_BasicConstraints,
- &CSSMOID_ExtendedKeyUsage,
- &CSSMOID_CertificatePolicies,
- &CSSMOID_NetscapeCertType
-};
-
-#define NUM_KNOWN_OIDS (sizeof(knownOids) / sizeof(CSSM_OID *))
-
-static const char *oidNames[] =
-{
- "CSSMOID_X509V1Version",
- "CSSMOID_X509V1SerialNumber",
- "CSSMOID_X509V1IssuerNameCStruct",
- "CSSMOID_X509V1SubjectNameCStruct",
- "CSSMOID_CSSMKeyStruct",
- "CSSMOID_X509V1SubjectPublicKeyCStruct",
- "CSSMOID_X509V1ValidityNotBefore",
- "CSSMOID_X509V1ValidityNotAfter",
- "CSSMOID_X509V1SignatureAlgorithmTBS",
- "CSSMOID_X509V1SignatureAlgorithm",
- "CSSMOID_X509V1Signature",
- "CSSMOID_X509V3CertificateExtensionCStruct",
- "CSSMOID_KeyUsage",
- "CSSMOID_BasicConstraints",
- "CSSMOID_ExtendedKeyUsage",
- "CSSMOID_CertificatePolicies",
- "CSSMOID_NetscapeCertType"
-};
-
-static void usage(char **argv)
-{
- printf("Usage: %s certFile\n", argv[0]);
- exit(1);
-}
-
-int main(int argc, char **argv)
-{
- CSSM_DATA certData = {0, NULL};
- CSSM_CL_HANDLE clHand = CSSM_INVALID_HANDLE;
- CSSM_HANDLE cacheHand = CSSM_INVALID_HANDLE;
- CSSM_HANDLE searchHand = CSSM_INVALID_HANDLE;
- char resp;
- CSSM_RETURN crtn;
- unsigned fieldDex;
- CSSM_DATA_PTR fieldValue;
- uint32 numFields;
- CSSM_FIELD field;
- CSSM_FIELD_PTR fieldPtr;
- OidParser parser;
- unsigned len;
-
- if(argc != 2) {
- usage(argv);
- }
- if(readFile(argv[1], &certData.Data, &len)) {
- printf("Can't read file %s' aborting.\n", argv[1]);
- exit(1);
- }
- certData.Length = len;
-
- while(1) {
- fpurge(stdin);
- printf("a load/attach\n");
- printf("d detach/unload\n");
- printf("c cache the cert\n");
- printf("u uncache the cert\n");
- printf("g get field (uncached)\n");
- printf("G get field (cached)\n");
- printf("f get all fields, then free\n");
- printf("q quit\n");
- printf("Enter command: ");
- resp = getchar();
- switch(resp) {
- case 'a':
- if(clHand != CSSM_INVALID_HANDLE) {
- printf("***Multiple attaches; expect leaks\n");
- }
- clHand = clStartup();
- if(clHand == CSSM_INVALID_HANDLE) {
- printf("***Error attaching to CL.\n");
- }
- else {
- printf("...ok\n");
- }
- break;
-
- case 'd':
- /*
- * Notes:
- * -- this should cause the CL to free up all cached certs
- * no matter what - even if we've done multiple certCache
- * ops. However the plugin framework doesn't delete the
- * session object on detach (yet) so expect leaks in
- * that case.
- * -- we don't clear out cacheHand or searchHand here; this
- * allows verification of proper handling of bogus handles.
- */
- clShutdown(clHand);
- clHand = CSSM_INVALID_HANDLE;
- printf("...ok\n");
- break;
-
- case 'c':
- /* cache the cert */
- if(cacheHand != CSSM_INVALID_HANDLE) {
- printf("***NOTE: a cert is already cached. Expect leaks.\n"); }
- crtn = CSSM_CL_CertCache(clHand, &certData, &cacheHand);
- if(crtn) {
- printError("CSSM_CL_CertCache", crtn);
- }
- else {
- printf("...ok\n");
- }
- break;
-
- case 'u':
- /* abort cache */
- crtn = CSSM_CL_CertAbortCache(clHand, cacheHand);
- if(crtn) {
- printError("CSSM_CL_CertAbortCache", crtn);
- }
- else {
- cacheHand = CSSM_INVALID_HANDLE;
- printf("...ok\n");
- }
- break;
-
- case 'g':
- /* get one field (uncached) */
- fieldDex = genRand(0, NUM_KNOWN_OIDS - 1);
- crtn = CSSM_CL_CertGetFirstFieldValue(clHand,
- &certData,
- knownOids[fieldDex],
- &searchHand,
- &numFields,
- &fieldValue);
- if(crtn) {
- printf("***Error fetching field %s\n", oidNames[fieldDex]);
- printError("CSSM_CL_CertGetFirstFieldValue", crtn);
- break;
- }
- printf("%s: %u fields found\n", oidNames[fieldDex], (unsigned)numFields);
- field.FieldValue = *fieldValue;
- field.FieldOid = *(knownOids[fieldDex]);
- printCertField(field, parser, CSSM_TRUE);
- crtn = CSSM_CL_FreeFieldValue(clHand, knownOids[fieldDex], fieldValue);
- if(crtn) {
- printError("CSSM_CL_FreeFieldValue", crtn);
- /* keep going */
- }
- for(unsigned i=1; i<numFields; i++) {
- crtn = CSSM_CL_CertGetNextFieldValue(clHand,
- searchHand,
- &fieldValue);
- if(crtn) {
- printError("CSSM_CL_CertGetNextFieldValue", crtn);
- break;
- }
- field.FieldValue = *fieldValue;
- printCertField(field, parser, CSSM_TRUE);
- crtn = CSSM_CL_FreeFieldValue(clHand,
- knownOids[fieldDex], fieldValue);
- if(crtn) {
- printError("CSSM_CL_FreeFieldValue", crtn);
- /* keep going */
- }
- } /* for additional fields */
-
- /* verify one more getField results in error */
- crtn = CSSM_CL_CertGetNextFieldValue(clHand,
- searchHand,
- &fieldValue);
- if(crtn != CSSMERR_CL_NO_FIELD_VALUES) {
- if(crtn == CSSM_OK) {
- printf("***unexpected success on final GetNextFieldValue\n");
- }
- else {
- printError("Wrong error on final GetNextFieldValue", crtn);
- }
- }
- crtn = CSSM_CL_CertAbortQuery(clHand, searchHand);
- if(crtn) {
- printError("CSSM_CL_CertAbortQuery", crtn);
- }
- break;
-
- case 'G':
- /* get one field (uncached) */
- fieldDex = genRand(0, NUM_KNOWN_OIDS - 1);
- crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand,
- cacheHand,
- knownOids[fieldDex],
- &searchHand,
- &numFields,
- &fieldValue);
- if(crtn) {
- printf("***Error fetching field %s\n", oidNames[fieldDex]);
- printError("CSSM_CL_CertGetFirstCachedFieldValue", crtn);
- break;
- }
- printf("%s: %u fields found\n", oidNames[fieldDex], (unsigned)numFields);
- field.FieldValue = *fieldValue;
- field.FieldOid = *(knownOids[fieldDex]);
- printCertField(field, parser, CSSM_TRUE);
- crtn = CSSM_CL_FreeFieldValue(clHand, knownOids[fieldDex], fieldValue);
- if(crtn) {
- printError("CSSM_CL_FreeFieldValue", crtn);
- /* keep going */
- }
- for(unsigned i=1; i<numFields; i++) {
- crtn = CSSM_CL_CertGetNextCachedFieldValue(clHand,
- searchHand,
- &fieldValue);
- if(crtn) {
- printError("CSSM_CL_CertGetNextCachedFieldValue", crtn);
- break;
- }
- field.FieldValue = *fieldValue;
- printCertField(field, parser, CSSM_TRUE);
- crtn = CSSM_CL_FreeFieldValue(clHand,
- knownOids[fieldDex], fieldValue);
- if(crtn) {
- printError("CSSM_CL_FreeFieldValue", crtn);
- /* keep going */
- }
- } /* for additional cached fields */
-
- /* verify one more getField results in error */
- crtn = CSSM_CL_CertGetNextCachedFieldValue(clHand,
- searchHand,
- &fieldValue);
- if(crtn != CSSMERR_CL_NO_FIELD_VALUES) {
- if(crtn == CSSM_OK) {
- printf("***unexpected success on final GetNextCachedFieldValue\n");
- }
- else {
- printError("Wrong error on final GetNextCachedFieldValue", crtn);
- }
- }
- crtn = CSSM_CL_CertAbortQuery(clHand, searchHand);
- if(crtn) {
- printError("CSSM_CL_CertAbortQuery", crtn);
- }
- break;
-
- case 'f':
- /* get all fields (for leak testing) */
- crtn = CSSM_CL_CertGetAllFields(clHand,
- &certData,
- &numFields,
- &fieldPtr);
- if(crtn) {
- printError("CSSM_CL_CertGetAllFields", crtn);
- break;
- }
- printf("...numFields %u\n", (unsigned)numFields);
- crtn = CSSM_CL_FreeFields(clHand, numFields, &fieldPtr);
- if(crtn) {
- printError("CSSM_CL_FreeFields", crtn);
- }
- break;
-
- case 'q':
- goto quit;
-
- default:
- printf("Huh?\n");
- break;
- } /* switch resp */
- }
-quit:
- free(certData.Data);
- if(clHand != CSSM_INVALID_HANDLE) {
- clShutdown(clHand);
- }
- return 0;
-}
projects / apple / security.git / blobdiff