X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/clxutils/threadTest/secTrustEval.cpp

diff --git a/SecurityTests/clxutils/threadTest/secTrustEval.cpp b/SecurityTests/clxutils/threadTest/secTrustEval.cpp
new file mode 100644
index 00000000..80939f74
--- /dev/null
+++ b/SecurityTests/clxutils/threadTest/secTrustEval.cpp
@@ -0,0 +1,135 @@
+/*
+ * secTrustEval.cpp
+ *
+ * doSet up SecTrust object, do a SecTrustEvaluate, release.
+ */
+#include "testParams.h"
+#include <Security/cssm.h>
+#include <utilLib/common.h>	
+#include <utilLib/cspwrap.h>
+#include <clAppUtils/clutils.h>
+#include <clAppUtils/tpUtils.h>
+#include <security_cdsa_utils/cuFileIo.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <Security/Security.h>
+
+#define HOLD_SEARCH_LIST	0
+
+/* for malloc debug */
+#define DO_PAUSE			0
+
+//static const char *CERT_FILE = "amazon_v3.100.cer";
+static const char *CERT_FILE = "cduniverse_v3.100.cer";
+
+/* common data, our known good cert, shared by all threads */
+static unsigned char *certData = NULL;
+static unsigned certLength = 0;
+
+/* read in our known good cert file, just once */
+int secTrustEvalInit(TestParams *testParams)
+{
+	if(certData != NULL) {
+		return 0;
+	}
+	if(testParams->verbose) {
+		printf("secTrusEval thread %d: reading cert file %s...\n", 
+			testParams->threadNum, CERT_FILE);
+	}
+	if(readFile(CERT_FILE, &certData, &certLength)) {
+		printf("Error reading %s; aborting\n", CERT_FILE);
+		printf("***This test must be run from the clxutils/threadTest directory.\n");
+		return 1;
+	}
+	return 0;
+}
+
+
+int secTrustEval(TestParams *testParams)
+{
+	unsigned			loopNum;
+	SecCertificateRef 	certRef;
+	const CSSM_DATA		cdata = {certLength, (uint8 *)certData};
+	
+	OSStatus ortn = SecCertificateCreateFromData(&cdata,
+		CSSM_CERT_X_509v3,
+		CSSM_CERT_ENCODING_DER, 
+		&certRef);
+	if(ortn) {
+		cssmPerror("SecCertificateCreateFromData", ortn);
+		return (int)ortn;
+	}
+	
+	#if HOLD_SEARCH_LIST
+	CFArrayRef sl;
+	ortn = SecKeychainCopySearchList(&sl);
+	if(ortn) {
+		cssmPerror("SecPolicySearchCreate", ortn);
+		return (int)ortn;
+	}
+	#endif
+	
+	for(loopNum=0; loopNum<testParams->numLoops; loopNum++) {
+		if(testParams->verbose) {
+			printf("secTrustEval loop %d\n", loopNum);
+		}
+		else if(!testParams->quiet) {
+			printChar(testParams->progressChar);
+		}
+		
+		/* from here on emulate exactly what SecureTransport does */
+		CFMutableArrayRef certs;
+		certs = CFArrayCreateMutable(NULL, 1, &kCFTypeArrayCallBacks);
+		CFArrayInsertValueAtIndex(certs, 0, certRef);
+	
+		SecPolicyRef		policy = NULL;
+		SecPolicySearchRef	policySearch = NULL;
+	
+		OSStatus ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3,
+			&CSSMOID_APPLE_TP_SSL,
+			NULL,				// policy opts
+			&policySearch);
+		if(ortn) {
+			cssmPerror("SecPolicySearchCreate", ortn);
+			return (int)ortn;
+		}
+		
+		ortn = SecPolicySearchCopyNext(policySearch, &policy);
+		if(ortn) {
+			cssmPerror("SecPolicySearchCopyNext", ortn);
+			return (int)ortn;
+		}
+		CFRelease(policySearch);
+		
+		SecTrustRef secTrust;
+		ortn = SecTrustCreateWithCertificates(certs, policy, &secTrust);
+		if(ortn) {
+			cssmPerror("SecTrustCreateWithCertificates", ortn);
+			return (int)ortn;
+		}
+		/* no action data for now */
+	
+		SecTrustResultType secTrustResult;
+		ortn = SecTrustEvaluate(secTrust, &secTrustResult);
+		if(ortn) {
+			cssmPerror("SecTrustEvaluate", ortn);
+			return (int)ortn;
+		}
+		
+		CFRelease(certs);
+		CFRelease(secTrust);
+		CFRelease(policy);
+
+		#if	DO_PAUSE
+		fpurge(stdin);
+		printf("Hit CR to continue: ");
+		getchar();
+		#endif
+	}	/* outer loop */
+	#if HOLD_SEARCH_LIST
+	CFRelease(sl);
+	#endif
+	return 0;
+}