X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp

diff --git a/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp b/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp
new file mode 100644
index 00000000..e4851e59
--- /dev/null
+++ b/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp
@@ -0,0 +1,297 @@
+/*
+ * parseTrustedRootList.cpp - parse the contents of a TrustedRootList record.
+ *
+ * Created May 26 2005 by dmitch. 
+ */
+ 
+#include <stdlib.h>
+#include <strings.h>
+#include <stdio.h>
+#include <unistd.h>
+#include "parseTrustedRootList.h"
+#include "rootUtils.h"
+
+#include <Security/TrustSettingsSchema.h>		/* private header */
+#include <Security/SecTrustSettings.h>			
+#include <CoreFoundation/CoreFoundation.h>
+#include <security_utilities/cfutilities.h>
+
+/*
+ * Data is obtained from a SecKeychainItemRef; it's expected to be the XML encoding
+ * of a CFPropertyList (specifically of a CFDictionaryRef).
+ */
+int parseTrustedRootList(
+	CFDataRef plistData)
+{
+	/* First decode the XML */
+	CFStringRef errStr = NULL;
+	CFRef<CFPropertyListRef> rawPropList;
+	int ourRtn = 0;
+	OidParser parser;
+	
+	rawPropList.take(CFPropertyListCreateFromXMLData(
+		NULL,
+		plistData,
+		kCFPropertyListImmutable,
+		&errStr));
+	CFPropertyListRef cfRawPropList = rawPropList;
+	if(cfRawPropList == NULL) {
+		printf("***parseTrustedRootList: Error decoding TrustedRootList XML data\n");
+		if(errStr != NULL) {
+			printf("Error string: "); CFShow(errStr);
+			CFRelease(errStr);
+		}
+		return -1;
+	}
+	if(errStr != NULL) {
+		CFRelease(errStr);
+	}
+	
+	CFDictionaryRef topDict = (CFDictionaryRef)cfRawPropList;
+	if(CFGetTypeID(topDict) != CFDictionaryGetTypeID()) {
+		printf("***parseTrustedRootList: malformed propList");
+		return -1;
+	}
+
+	printf("=== Parsed User Trust Record ===\n");
+	
+	/* that dictionary has two entries */
+	CFNumberRef cfVers = (CFNumberRef)CFDictionaryGetValue(topDict, kTrustRecordVersion);
+	if((cfVers == NULL) || (CFGetTypeID(cfVers) != CFNumberGetTypeID())) {
+		printf("***parseTrustedRootList: malformed version");
+	}
+	else {
+		SInt32 vers;
+		if(!CFNumberGetValue(cfVers, kCFNumberSInt32Type, &vers)) {
+			printf("***parseTrustedRootList: malformed version");
+		}
+		else {
+			printf("Version = %ld\n", vers);
+		}
+	}
+	
+	CFDictionaryRef certsDict = (CFDictionaryRef)CFDictionaryGetValue(topDict, 
+		kTrustRecordTrustList);
+	if((certsDict == NULL) || (CFGetTypeID(certsDict) != CFDictionaryGetTypeID())) {
+		printf("***parseTrustedRootList: malformed mTrustArray");
+		return -1;
+	}
+	
+	CFIndex numCerts = CFDictionaryGetCount(certsDict);
+	const void *dictKeys[numCerts];
+	const void *dictValues[numCerts];
+	CFDictionaryGetKeysAndValues(certsDict, dictKeys, dictValues);
+
+	CFDataRef certApp;
+	CFDataRef certPolicy;
+	CFDictionaryRef ucDict;
+	CFArrayRef usageConstraints;
+	CFDataRef cfd;
+	CFIndex numUsageConstraints;
+	CFStringRef policyStr;
+	CFNumberRef cfNum;
+	CFDateRef modDate;
+	
+	printf("Number of cert entries: %ld\n", numCerts);
+	
+	for(CFIndex dex=0; dex<numCerts; dex++) {
+		printf("Cert %ld:\n", dex);
+		indentIncr();
+		
+		/* per-cert key is ASCII representation of SHA1(cert) */
+		CFStringRef certHashStr = (CFStringRef)dictKeys[dex];
+		if(CFGetTypeID(certHashStr) != CFStringGetTypeID()) {
+			printf("***parseTrustedRootList: malformed certsDict key");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		indent(); printf("Cert Hash              : ");
+		printCfStr(certHashStr);
+		printf("\n");
+	
+		/* get per-cert dictionary */
+		CFDictionaryRef certDict = (CFDictionaryRef)dictValues[dex];
+		if(CFGetTypeID(certDict) != CFDictionaryGetTypeID()) {
+			printf("***parseTrustedRootList: malformed certDict");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		
+		/* 
+		 * That dictionary has exactly four entries...but the first
+ 		 * 
+		 * First, the issuer. This is in non-normalized form.
+		 */
+		cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordIssuer);
+		if(cfd == NULL) {
+			printf("***parseTrustedRootList: missing issuer");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
+			printf("***parseTrustedRootList: malformed issuer");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		indent(); 
+		if(CFDataGetLength(cfd) == 0) {
+			/* that's for a default setting */
+			printf("Issuer                 : <none>\n");
+		}
+		else {
+			printf("Issuer                 : \n");
+			indentIncr(); printCfName(cfd, parser);
+			indentDecr();
+		}
+
+		/* Serial number */
+		cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordSerialNumber);
+		if(cfd == NULL) {
+			printf("***parseTrustedRootList: missing serial number");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
+			printf("***parseTrustedRootList: malformed serial number");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		indent(); printData("Serial Number          ", cfd, PD_Hex, parser);
+
+		/* modification date */
+		modDate = (CFDateRef)CFDictionaryGetValue(certDict, kTrustRecordModDate);
+		if(modDate == NULL) {
+			printf("***parseTrustedRootList: missing modification date");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		if(CFGetTypeID(modDate) != CFDateGetTypeID()) {
+			printf("***parseTrustedRootList: malformed modification date");
+			ourRtn = -1;
+			goto nextCert;
+		}
+		indent(); 
+		printf("Modification Date      : ");
+		printCFDate(modDate);
+		printf("\n");
+		
+		/* 
+		 * Array of usageConstraint dictionaries - the array itself must be there,
+		 * though it might be empty. 
+		 */
+		usageConstraints = (CFArrayRef)CFDictionaryGetValue(certDict,
+				kTrustRecordTrustSettings);
+		numUsageConstraints = 0;
+		if(usageConstraints != NULL) {
+			if(CFGetTypeID(usageConstraints) != CFArrayGetTypeID()) {
+				printf("***parseTrustedRootList: malformed Usage Constraints array");
+				ourRtn = -1;
+				goto nextCert;
+			}
+		
+			numUsageConstraints = CFArrayGetCount(usageConstraints);
+		}
+		indent(); printf("Num usage constraints  : ");
+		if(usageConstraints) {
+			printf("%ld\n", numUsageConstraints);
+		}
+		else {
+			printf("<not present>\n");
+		}		
+
+		/* grind thru the usageConstraint dictionaries */
+		for(CFIndex apDex=0; apDex<numUsageConstraints; apDex++) {
+			indent(); printf("Usage constraint %ld:\n", apDex);
+			indentIncr();
+			
+			ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(usageConstraints, apDex);
+			if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
+				printf("***parseTrustedRootList: malformed usageConstraint dictionary");
+				ourRtn = -1;
+				goto nextAp;
+			}
+			
+			/* policy - optional - an OID */
+			certPolicy = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
+			if(certPolicy != NULL) {
+				if(CFGetTypeID(certPolicy) != CFDataGetTypeID()) {
+					printf("***parseTrustedRootList: malformed certPolicy");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printData("Policy OID          ", certPolicy, PD_OID, parser);
+			}
+			
+			/* app - optional - data - opaque */
+			certApp = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsApplication);
+			if(certApp != NULL) {
+				if(CFGetTypeID(certApp) != CFDataGetTypeID()) {
+					printf("***parseTrustedRootList: malformed certApp");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printData("Application         ", certApp, PD_Hex, parser);
+			}
+			
+			/* policy string */
+			policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
+			if(policyStr != NULL) {
+				if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
+					printf("***parseTrustedRootList: malformed policyStr");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printf("Policy String       : ");
+				printCfStr(policyStr); printf("\n");
+			}
+
+			/* Allowed error */
+			cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
+			if(cfNum != NULL) {
+				if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
+					printf("***parseTrustedRootList: malformed allowedError");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printf("Allowed Error       : ");
+				printCssmErr(cfNum); printf("\n");
+			}
+
+			/* ResultType */
+			cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
+			if(cfNum != NULL) {
+				if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
+					printf("***parseTrustedRootList: malformed Result");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printf("Result Type         : ");
+				printResult(cfNum); printf("\n");
+			}
+
+			/* key usage */
+			cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
+			if(cfNum != NULL) {
+				if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
+					printf("***parseTrustedRootList: malformed keyUsage");
+					ourRtn = -1;
+					goto nextAp;
+				}
+				indent(); printf("Key Usage           : ");
+				printKeyUsage(cfNum); printf("\n");
+			}
+
+		nextAp:
+			indentDecr();
+		}
+		
+	nextCert:
+		indentDecr();
+	} /* for each cert dictionary  in top-level array */
+	
+	printf("=== End of Parsed User Trust Record ===\n");
+	return ourRtn;
+
+}
+
+