secnotice("integrity", "************************************* %s", name);
SecKeychainRef kc = newKeychain(name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
makeItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
- SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
CFReleaseNull(item);
CFReleaseNull(kc);
modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
kc = openKeychain(name);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
secnotice("integrity", "************************************* %s", name);
SecKeychainRef kc = newKeychain(name);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
makeKeyWithIntegrity(name, kc, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
- SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
checkKeyUse((SecKeyRef) item, errSecSuccess);
modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "Label", modification, strlen(modification));
kc = openKeychain(name);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
checkKeyUse((SecKeyRef) item, errSecInvalidItemRef);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
secnotice("integrity", "************************************* %s", name);
SecKeychainRef kc = newKeychain(name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("test_label"), CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
- SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
- CFReleaseNull(item);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeDuplicateItem(name, kc, kSecClassGenericPassword);
CFReleaseNull(kc);
modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification));
kc = openKeychain(name);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
deleteItem(item);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("evil_application"), CFSTR("d2aa97b30a1f96f9e61fcade2b00d9f4284976a83a5b68392251ee5ec827f8cc"));
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("evil_application"));
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
secnotice("integrity", "************************************* %s", name);
SecKeychainRef kc = newKeychain(name);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
// Make a symmetric key
makeCustomKeyWithIntegrity(name, kc, CFSTR("test_key"), CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
- SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
makeCustomDuplicateKey(name, kc, CFSTR("test_key"));
CFReleaseNull(item);
SecKeyRef pub;
SecKeyRef priv;
makeCustomKeyPair(name, kc, CFSTR("test_key_pair"), &pub, &priv);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
CFReleaseNull(pub);
CFReleaseNull(priv);
kc = openKeychain(name);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
deleteItem(item);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
deleteItem(item);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
deleteItem(item);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
makeCustomKeyWithIntegrity(name, kc, CFSTR("evil_application"), CFSTR("ca6d90a0b053113e43bbb67f64030230c96537f77601f66bdf821d8684431dfc"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
makeCustomDuplicateKey(name, kc, CFSTR("evil_application"));
makeCustomKeyPair(name, kc, CFSTR("evil_application"), &pub, &priv);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
// We cannot create a duplicate key pair, so don't try.
UInt32 len = 400;
// To test multi-threading, we want the upgrade to take a while. Add a bunch of passwords...
- char oldkcFile[100];
- sprintf(oldkcFile, "%s/Library/test.keychain", getenv("HOME"));
+ char oldkcFile[MAXPATHLEN];
+ snprintf(oldkcFile, sizeof(oldkcFile), "%s/Library/test.keychain", getenv("HOME"));
unlink(oldkcFile);
writeOldKeychain(name, oldkcFile);
for(int i = 0; i < 200; i++) {
CFTypeRef result = NULL;
CFStringRef cflabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("item%d"), i);
- CFMutableDictionaryRef query = makeAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service"));
+ CFMutableDictionaryRef query = createAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service"));
SecItemAdd(query, &result); // don't particuluarly care if this fails...
CFReleaseNull(query);
CFReleaseNull(cflabel);
secerror("beginning 1\n");
SecKeychainRef blockKc;
SecKeychainOpen(keychainName, &blockKc);
- SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionary(blockKc, kSecClassGenericPassword), 1);
+ SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionary(blockKc, kSecClassGenericPassword), 1);
checkIntegrityHash(blockName, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
checkPartitionIDs(blockName, item, 0);
CFReleaseSafe(blockKc);
secerror("beginning 2\n");
SecKeychainRef blockKc;
SecKeychainOpen(keychainName, &blockKc);
- SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1);
+ SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1);
checkIntegrityHash(blockName, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
checkPartitionIDs(blockName, item, 0);
CFReleaseSafe(blockKc);
secerror("beginning 3\n");
SecKeychainRef blockKc;
SecKeychainOpen(keychainName, &blockKc);
- SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1);
+ SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1);
checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
CFReleaseSafe(blockKc);
secerror("beginning 4\n");
SecKeychainRef blockKc;
SecKeychainOpen(keychainName, &blockKc);
- SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1);
+ SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1);
checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
CFReleaseSafe(blockKc);
secerror("beginning 5\n");
SecKeychainRef blockKc;
SecKeychainOpen(keychainName, &blockKc);
- SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1);
+ SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1);
checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0);
CFReleaseSafe(blockKc);
CFReleaseNull(kc);
kc = openCustomKeychain(name, keychainName, "password");
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
checkPartitionIDs(name, item, 0);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
checkIntegrityHash(name, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03"));
checkPartitionIDs(name, item, 0);
makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578"));
checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d"));
checkPartitionIDs(name, (SecKeychainItemRef) item, 0);
// Check that we upgrade on SecKeychainOpen
SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5"));
+ CFReleaseNull(item);
ok_status(SecKeychainDelete(kc));
CFReleaseNull(kc);
ok_status(SecKeychainCreate(keychainFile, (UInt32) strlen("password"), "password", false, NULL, &kc), "%s: SecKeychainCreate", name);
// Directly after creating a keychain, there shouldn't be any items (even though an old keychain exists underneath)
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0);
// Check the keychain's version and path
ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
SecKeychainItemRef item;
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
checkIntegrityHash(name, item, CFSTR("6ba8d9f77ddba54d9373b11ae5c8f7b55a5e81da27e05e86723eeceb0a9a8e0c"));
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
checkIntegrityHash(name, item, CFSTR("630a9fe4f0191db8a99d6e8455e7114f628ce8f0f9eb3559efa572a98877a2b2"));
makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("d27ee2be4920d5b6f47f6b19696d09c9a6c1a5d80c6f148f778db27b4ba99d9a"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("4b3f7bd7f9e48dc71006ce670990aed9dba6d5089b84d4113121bab41d0a3228"));
ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name);
is(version, version_MacOS_10_0, "%s: version of downgraded keychain is incorrect", name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
- checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
SecKeychainItemRef item;
// Iterate over the keychain to trigger upgrade
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
// We should have created keychainFile, check for it
ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
SecKeychainItemRef item;
// Iterate over the keychain to trigger upgrade
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
// We should have move the keychain to keychainDbFile, check for it
ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name);
eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
SecAccessRef access = makeUidAccess(getuid());
SecKeychainRef kc = newKeychain(name);
- CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+ CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
CFDictionarySetValue(query, kSecAttrAccess, access);
CFTypeRef result = NULL;
ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+ CFReleaseNull(query);
ok(result != NULL, "%s: SecItemAdd returned a result", name);
- SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
// Check to make sure the ACL stays
access = NULL;
SecAccessRef access = makeMultipleUidAccess(uids, 5);
SecKeychainRef kc = newKeychain(name);
- CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+ CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
CFDictionarySetValue(query, kSecAttrAccess, access);
CFTypeRef result = NULL;
ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+ CFReleaseNull(query);
ok(result != NULL, "%s: SecItemAdd returned a result", name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
sprintf(name, "testRootUidAccess");
secnotice("integrity", "************************************* %s", name);
- SecAccessRef access = SecAccessCreateWithOwnerAndACL(getuid(), 0, (kSecUseOnlyUID | kSecHonorRoot), NULL, NULL);
+ CFErrorRef error = NULL;
+
+ SecAccessRef access = SecAccessCreateWithOwnerAndACL(getuid(), 0, (kSecUseOnlyUID | kSecHonorRoot), NULL, &error);
+ ok(access, "%s: SecAccessCreateWithOwnerAndACL returned an access", name);
+ CFStringRef errorDesc = error ? CFErrorCopyDescription(error) : NULL;
+ is(error, NULL, "%s: SecAccessCreateWithOwnerAndACL did not return an error: %@", name, errorDesc ? errorDesc : CFSTR("no error"));
+ CFReleaseNull(errorDesc);
SecKeychainRef kc = newKeychain(name);
- CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
+ CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label"));
CFDictionarySetValue(query, kSecAttrAccess, access);
CFTypeRef result = NULL;
ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name);
+ CFReleaseNull(query);
ok(result != NULL, "%s: SecItemAdd returned a result", name);
- query = makeQueryItemDictionary(kc, kSecClassGenericPassword);
+ query = createQueryItemDictionary(kc, kSecClassGenericPassword);
- SecKeychainItemRef item = checkN(name, query, 1);
+ SecKeychainItemRef item = checkNCopyFirst(name, query, 1);
ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ CFReleaseNull(access);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
}
-#define testRootUidAccessTests (newKeychainTests + checkNTests + 4 + checkNTests)
+#define testRootUidAccessTests (newKeychainTests + 2 + checkNTests + 4 + checkNTests)
static void testBadACL() {
char name[100];
SecKeychainRef kc = openCustomKeychain(name, keychainName, "password");
// Check that these exist in this keychain...
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
- checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFRelease(kc);
kc = openCustomKeychain(name, keychainName, "password");
// These items exist in this keychain, but their ACL is corrupted. We should be able to find them, but not fetch data.
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
deleteItem(item);
- checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this
deleteItem(item);
- checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0);
+ checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0);
// These should work
makeItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic"));
makeItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet"));
// And now the items should exist
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
readPasswordContents(item, CFSTR("data"));
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
readPasswordContents(item, CFSTR("data"));
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", name);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1);
- item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1);
+ item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
- item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1);
+ item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1);
ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name);
CFReleaseNull(kc);
{
initializeKeychainTests("kc-30-xara");
+ testKeychainUpgrade();
+ testKeychainCreateOver();
+ testKeychainDowngrade();
+ testKeychainWrongFile256();
+ testKeychainWrongFile512();
+ testUidAccess();
+ testMultipleUidAccess();
+ testRootUidAccess();
+ testBadACL();
+ testIterateLockedKeychain();
+
testAddItem(kSecClassGenericPassword, CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4"));
testAddItem(kSecClassInternetPassword, CFSTR("be34c4562153063ce9cdefc2c34451d5e6e98a447f293d68a67349c1b5d1164f"));
testAddAfterCorruptKey(dldbHandle);
unloadDL(&dldbHandle);
- testKeychainUpgrade();
- testKeychainCreateOver();
- testKeychainDowngrade();
- testKeychainWrongFile256();
- testKeychainWrongFile512();
- testUidAccess();
- testMultipleUidAccess();
- testRootUidAccess();
- testBadACL();
- testIterateLockedKeychain();
-
//makeOldKeychainBlob();
}
-#pragma clang pop
+#pragma clang diagnostic pop
#else
#define kTestCount (0)
projects / apple / security.git / blobdiff