-/*
- * Find all certs in keychain search list matching specified email address.
- */
-#include <Security/Security.h>
-#include <Security/SecKeychainItemPriv.h>
-#include <unistd.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-#include "asnUtils.h"
-
-static void usage(char **argv)
-{
- printf("Usage: %s [emailaddrs] [option...]\n", argv[0]);
- printf("Options:\n");
- printf(" -p -- print cert contents\n");
- printf(" -a -- show all certs, no email match\n");
- printf(" -A -- add to default keychain\n");
- exit(1);
-}
-
-int main(int argc, char **argv)
-{
- if(argc < 2) {
- usage(argv);
- }
-
- bool print_cert = false;
- bool allCerts = false;
- const char *emailAddress = NULL;
- bool addToKC = false;
-
- extern int optind;
- optind = 1;
-
- if(argv[1][0] != '-') {
- /* normal case, email address specified */
- emailAddress = argv[1];
- optind++;
- }
-
- extern char *optarg;
- int arg;
- while ((arg = getopt(argc, argv, "aphA")) != -1) {
- switch (arg) {
- case 'p':
- print_cert = true;
- break;
- case 'a':
- allCerts = true;
- break;
- case 'A':
- addToKC = true;
- break;
- case 'h':
- default:
- usage(argv);
- }
- }
- if(optind != argc) {
- usage(argv);
- }
- if(!allCerts && (emailAddress == NULL)) {
- printf("***You must specify either an email address or the -a option.\n");
- exit(1);
- }
-
- OSStatus ortn;
- SecKeychainSearchRef srch;
- SecKeychainAttributeList attrList;
- SecKeychainAttribute attr;
- unsigned numCerts = 0;
-
- if(emailAddress) {
- attr.tag = kSecAlias; // i.e., email address
- attr.length = strlen(emailAddress);
- attr.data = (void *)emailAddress;
- attrList.count = 1;
- attrList.attr = &attr;
- }
- else {
- attrList.count = 0;
- attrList.attr = NULL;
- }
- ortn = SecKeychainSearchCreateFromAttributes(NULL, // default search list
- kSecCertificateItemClass,
- &attrList,
- &srch);
- if(ortn) {
- cssmPerror("SecKeychainSearchCreateFromAttributes", ortn);
- exit(1);
- }
-
- do {
- SecCertificateRef certRef = NULL;
- CSSM_DATA certData;
-
- ortn = SecKeychainSearchCopyNext(srch, (SecKeychainItemRef *)&certRef);
- if(ortn) {
- break;
- }
- ortn = SecCertificateGetData(certRef, &certData);
- if(ortn) {
- cssmPerror("SecCertificateGetData", ortn);
- continue;
- }
-
- printf("=== Cert %u ===\n", numCerts);
- printCertName(certData.Data, certData.Length, NameBoth);
- if(print_cert) {
- printCert(certData.Data, certData.Length, CSSM_FALSE);
- }
- if(addToKC) {
- /*
- * Can't call SecCertificateAddToKeychain directly since this
- * cert already has a keychain.
- */
- SecCertificateRef newCertRef = NULL;
- ortn = SecCertificateCreateFromData(&certData,
- CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER,
- &newCertRef);
- if(ortn) {
- cssmPerror("SecCertificateCreateFromData", ortn);
- printf("***Error adding this cert to default keychain.\n");
- }
- else {
- ortn = SecCertificateAddToKeychain(newCertRef, NULL);
- if(ortn) {
- cssmPerror("SecCertificateAddToKeychain", ortn);
- printf("***Error adding this cert to default keychain.\n");
- }
- else {
- printf("...cert added to default keychain.\n");
- }
- CFRelease(newCertRef);
- }
- }
- CFRelease(certRef);
- numCerts++;
- } while(ortn == noErr);
- printf("...%u certs found matching email address \'%s\'\n", numCerts,
- emailAddress ? emailAddress : "<any>");
- CFRelease(srch);
- return 0;
-}
-
projects / apple / security.git / blobdiff