#include <Security/SecCertificate.h>
#include <Security/SecTrust.h>
#include <Security/SecPolicy.h>
+#include <utilities/fileIo.h>
#include <sys/stat.h>
#include <stdio.h>
#include <time.h>
-int readFile(const char *fileName, unsigned char **bytes, unsigned *numBytes);
CFStringRef policyToConstant(const char *policy);
int verify_cert(int argc, char * const *argv);
-/* Read an entire file. Copied from cuFileIo.c */
-int readFile(
- const char *fileName,
- unsigned char **bytes, /* malloc'd and returned */
- unsigned *numBytes) /* returned */
-{
- int rtn;
- int fd;
- unsigned char *buf;
- struct stat sb;
- unsigned size;
-
- *numBytes = 0;
- *bytes = NULL;
- fd = open(fileName, O_RDONLY, 0);
- if (fd < 0) {
- return errno;
- }
-
- rtn = fstat(fd, &sb);
- if (rtn) {
- goto errOut;
- }
- size = (unsigned)sb.st_size;
- buf = malloc(size);
- if (buf == NULL) {
- rtn = ENOMEM;
- goto errOut;
- }
-
- rtn = (int)lseek(fd, 0, SEEK_SET);
- if (rtn < 0) {
- free(buf);
- goto errOut;
- }
-
- rtn = (int)read(fd, buf, (size_t)size);
- if (rtn != (int)size) {
- if (rtn >= 0) {
- printf("readFile: short read\n");
- }
- free(buf);
- rtn = EIO;
- }
- else {
- rtn = 0;
- *bytes = buf;
- *numBytes = size;
- }
-errOut:
- close(fd);
- return rtn;
-}
-
static int addCertFile(const char *fileName, CFMutableArrayRef *array) {
SecCertificateRef certRef = NULL;
CFDataRef dataRef = NULL;
unsigned char *buf = NULL;
- unsigned int numBytes;
+ size_t numBytes;
int rtn = 0;
- if (readFile(fileName, &buf, &numBytes)) {
+ if (readFileSizet(fileName, &buf, &numBytes)) {
rtn = -1;
goto errOut;
}
CFMutableArrayRef roots = NULL;
CFMutableDictionaryRef dict = NULL;
- const char *name = NULL;
- bool client = false;
+ CFStringRef name = NULL;
+ CFBooleanRef client = kCFBooleanFalse;
OSStatus ortn;
int ourRtn = 0;
fetch = false;
break;
case 'n':
- if (name != NULL) {
- name = optarg;
+ if (name == NULL) {
+ name = CFStringCreateWithCString(NULL, optarg, kCFStringEncodingUTF8);
}
break;
case 'q':
break;
case 'C':
/* Set to client */
- client = true;
+ client = kCFBooleanTrue;
break;
case 'd':
memset(&time, 0, sizeof(struct tm));
dict = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (name == NULL) {
+ fprintf(stderr, "Name not specified for IPsec or SSL policy. '-n' is a required option for these policies.");
ourRtn = 2;
goto errOut;
}
CFDictionaryAddValue(dict, kSecPolicyName, name);
- CFDictionaryAddValue(dict, kSecPolicyClient, &client);
+ CFDictionaryAddValue(dict, kSecPolicyClient, client);
}
else if (!CFStringCompare(policy, kSecPolicyAppleEAP, 0)) {
dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- CFDictionaryAddValue(dict, kSecPolicyClient, &client);
+ CFDictionaryAddValue(dict, kSecPolicyClient, client);
}
else if (!CFStringCompare(policy, kSecPolicyAppleSMIME, 0)) {
dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if (name == NULL) {
+ fprintf(stderr, "Name not specified for SMIME policy. '-n' is a required option for this policy.");
ourRtn = 2;
goto errOut;
}
CFRELEASE(dict);
CFRELEASE(policyRef);
CFRELEASE(trustRef);
+ CFRELEASE(name);
return ourRtn;
}
projects / apple / security.git / blobdiff