X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..bf028f67fd3bb2266df81b80fb6f25a77112e308:/sslViewer/sslAppUtils.cpp?ds=sidebyside

diff --git a/sslViewer/sslAppUtils.cpp b/sslViewer/sslAppUtils.cpp
index bab015c0..fae362ba 100644
--- a/sslViewer/sslAppUtils.cpp
+++ b/sslViewer/sslAppUtils.cpp
@@ -171,7 +171,9 @@ const char *sslGetCipherSuiteString(SSLCipherSuite cs)
 const char *sslGetProtocolVersionString(SSLProtocol prot)
 {
 	static char noProt[20];
-	
+    
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
 	switch(prot) {
 		case kSSLProtocolUnknown:
 			return "kSSLProtocolUnknown";
@@ -193,6 +195,7 @@ const char *sslGetProtocolVersionString(SSLProtocol prot)
 			sprintf(noProt, "Unknown (%d)", (unsigned)prot);
 			return noProt;	
 	}
+#pragma clang diagnostic pop
 }
 
 /* 
@@ -295,7 +298,7 @@ const char *sslGetSSLErrString(OSStatus err)
 		case errSSLPeerInternalError:
 			return "errSSLPeerInternalError";
 		case errSSLPeerUserCancelled:
-			return "errSSLPeerUserCancelled";
+			return "errSSLPeerUserCanceled";
 		case errSSLPeerNoRenegotiation:
 			return "errSSLPeerNoRenegotiation";
 		case errSSLHostNameMismatch:
@@ -351,6 +354,8 @@ const char *sslGetClientCertStateString(SSLClientCertificateState state)
 {
 	static char noState[20];
 	
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
 	switch(state) {
 		case kSSLClientCertNone:
 			return "ClientCertNone";
@@ -364,7 +369,7 @@ const char *sslGetClientCertStateString(SSLClientCertificateState state)
 			sprintf(noState, "Unknown (%d)", (unsigned)state);
 			return noState;	
 	}
-
+#pragma clang diagnostic pop
 }
 
 /*
@@ -447,11 +452,11 @@ CFArrayRef getSslCerts(
 	CFArrayAppendValue(certificates, cert);
 	require_noerr(SecTrustCreateWithCertificates(certificates, NULL, &trust),
 		errOut);
-	SecTrustResultType tresult;
-	require_noerr(SecTrustEvaluate(trust, &tresult), errOut);
 
 	CFIndex certCount, ix;
 	// We need at least 1 certificate
+    // SecTrustGetCertificateCount implicitly does a trust evaluation to determine
+    // the number of certs in the chain.
 	require(certCount = SecTrustGetCertificateCount(trust), errOut);
 
 	// Build a result where element 0 is the identity and the other elements
@@ -795,6 +800,9 @@ CFArrayRef sslKcRefToCertArray(
 }
 #endif
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
 OSStatus addTrustedSecCert(
 	SSLContextRef 		ctx,
 	SecCertificateRef 	secCert, 
@@ -821,6 +829,8 @@ OSStatus addTrustedSecCert(
 	return ortn;
 }
 
+#pragma clang diagnostic pop
+
 OSStatus sslAddTrustedRoot(
 	SSLContextRef 	ctx,
 	const char 		*anchorFile, 
@@ -1048,6 +1058,8 @@ OSStatus sslSetEnabledCiphers(
 	unsigned inDex = 0;			// index into ciphers
 	
 	/* first get all the supported ciphers */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
 	ortn = SSLGetNumberSupportedCiphers(ctx, &numSupported);
 	if(ortn) {
 		printSslErrStr("SSLGetNumberSupportedCiphers", ortn);
@@ -1085,6 +1097,7 @@ OSStatus sslSetEnabledCiphers(
 	if(ortn) {
 		printSslErrStr("SSLSetEnabledCiphers", ortn);
 	}
+#pragma clang diagnostic pop
 	free(enabled);
 	free(supported);
 	return ortn;
@@ -1561,3 +1574,44 @@ extern const char *sslCurveString(
 			return unk;
 	}
 }
+
+
+
+
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecKey.h>
+
+SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len)
+{
+    SecKeyRef privKey;
+    CFErrorRef error = NULL;
+    CFDataRef keyData = CFDataCreate(kCFAllocatorDefault, pkey_der, pkey_der_len);
+    CFMutableDictionaryRef parameters = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
+    CFDictionarySetValue(parameters, kSecAttrKeyType, ecdsa?kSecAttrKeyTypeECSECPrimeRandom:kSecAttrKeyTypeRSA);
+    CFDictionarySetValue(parameters, kSecAttrKeyClass, kSecAttrKeyClassPrivate);
+    privKey = SecKeyCreateWithData(keyData, parameters, &error);
+    CFReleaseNull(keyData);
+    CFReleaseNull(parameters);
+    CFReleaseNull(error);
+    return privKey;
+}
+
+CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len)
+{
+    SecKeyRef pkey = NULL;
+    SecCertificateRef cert = NULL;
+    SecIdentityRef ident = NULL;
+    CFArrayRef items = NULL;
+
+    require(pkey = create_private_key_from_der(ecdsa, pkey_der, pkey_der_len), errOut);
+    require(cert = SecCertificateCreateWithBytes(kCFAllocatorDefault, cert_der, cert_der_len), errOut);
+    require(ident = SecIdentityCreate(kCFAllocatorDefault, cert, pkey), errOut);
+    require(items = CFArrayCreate(kCFAllocatorDefault, (const void **)&ident, 1, &kCFTypeArrayCallBacks), errOut);
+
+errOut:
+    CFReleaseSafe(pkey);
+    CFReleaseSafe(cert);
+    CFReleaseSafe(ident);
+    return items;
+}
+