X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp?ds=inline

diff --git a/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp b/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp
deleted file mode 100644
index ee4fc2dd..00000000
--- a/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp
+++ /dev/null
@@ -1,526 +0,0 @@
-/*
- * extendAttrTest.cpp
- */
- 
-#include <stdlib.h>
-#include <strings.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <Security/SecKeychainItemExtendedAttributes.h>
-#include <Security/Security.h>
-#include <security_cdsa_utils/cuFileIo.h>
-#include <utilLib/common.h>
-
-#define DEFAULT_KC_NAME	"extendAttr.keychain"
-
-static void usage(char **argv)
-{
-	printf("usage: %s [options]\n", argv[0]);
-	printf("Options:\n");
-	printf("  -k keychain     -- default is %s\n", DEFAULT_KC_NAME);
-	printf("  -n              -- don't delete attributes or keychain\n");
-	printf("  -q              -- quiet\n");
-	exit(1);
-}
-
-/* RSA keys, both in OpenSSL format */
-#define PUB_KEY			"rsakey_pub.der"
-#define PRIV_KEY		"rsakey_priv.der"
-#define CERT_FILE		"amazon_v3.100.cer"
-#define PWD_SERVICE		"some service"
-#define PWD_ACCOUNT		"some account"
-#define PWD_PWD			"some password"
-
-/* set up unique extended attributes for each tested item */
-typedef struct {
-	CFStringRef		attr1Name;
-	const char		*attr1Value;
-	CFStringRef		attr2Name;
-	const char		*attr2Value;
-} ItemAttrs;
-
-static const ItemAttrs pubKeyAttrs = {
-	CFSTR("one pub key Attribute"),
-	"some pub key value",
-	CFSTR("another pub key Attribute"),
-	"another pub key value"
-};
-
-static const ItemAttrs privKeyAttrs = {
-	CFSTR("one priv key Attribute"),
-	"some priv key value",
-	CFSTR("another priv key Attribute"),
-	"another priv key value"
-};
-
-static const ItemAttrs certAttrs = {
-	CFSTR("one cert Attribute"),
-	"some cert value",
-	CFSTR("another cert Attribute"),
-	"another cert value"
-};
-
-static const ItemAttrs pwdAttrs = {
-	CFSTR("one pwd Attribute"),
-	"some pwd value",
-	CFSTR("another pwd Attribute"),
-	"another pwd value"
-};
-
-#define CFRELEASE(cf)	if(cf) { CFRelease(cf); }
-
-/* import file as key into specified keychain */
-static int doImportKey(
-	const char *fileName,
-	SecExternalFormat format,
-	SecExternalItemType itemType,
-	SecKeychainRef kcRef,
-	SecKeyRef *keyRef)			// RETURNED 
-{
-	unsigned char *item = NULL;
-	unsigned itemLen = 0;
-	
-	if(readFile(fileName, &item, &itemLen)) {
-		printf("***Error reading %s. \n", fileName);
-	}
-	CFDataRef cfd = CFDataCreate(NULL, (const UInt8 *)item, itemLen);
-	free(item);
-	SecKeyImportExportParameters params;
-	memset(&params, 0, sizeof(params));
-	params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
-	params.keyUsage = CSSM_KEYUSE_ANY;
-	params.keyAttributes = CSSM_KEYATTR_PERMANENT;
-	if(itemType == kSecItemTypePrivateKey) {
-		params.keyAttributes |= CSSM_KEYATTR_SENSITIVE;
-	}
-	CFArrayRef outArray = NULL;
-	OSStatus ortn;
-	ortn = SecKeychainItemImport(cfd, NULL, &format, &itemType, 0, &params, kcRef, &outArray);
-	if(ortn) {
-		cssmPerror("SecKeychainItemImport", ortn);
-	}
-	CFRelease(cfd);
-	if(ortn) {
-		return -1;
-	}
-	if((outArray == NULL) || (CFArrayGetCount(outArray) == 0)) {
-		printf("SecKeychainItemImport succeeded, but no returned items\n");
-		return -1;
-	}
-	*keyRef = (SecKeyRef)CFArrayGetValueAtIndex(outArray, 0);
-	if(CFGetTypeID(*keyRef) != SecKeyGetTypeID()) {
-		printf("***Unknown type returned after import\n");
-		return -1;
-	}
-	CFRetain(*keyRef);
-	CFRelease(outArray);
-	return 0;
-}
-
-/* import file as cert into specified keychain */
-static int doImportCert(
-	const char *fileName,
-	SecKeychainRef kcRef,
-	SecCertificateRef *certRef)			// RETURNED 
-{
-	unsigned char *item = NULL;
-	unsigned itemLen = 0;
-	
-	if(readFile(fileName, &item, &itemLen)) {
-		printf("***Error reading %s. \n", fileName);
-		return -1;
-	}
-	CSSM_DATA certData = {itemLen, (uint8 *)item};
-	OSStatus ortn = SecCertificateCreateFromData(&certData, 
-			CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, certRef);
-	if(ortn) {
-		cssmPerror("SecCertificateCreateFromData", ortn);
-		return -1;
-	}
-	ortn = SecCertificateAddToKeychain(*certRef, kcRef);
-	if(ortn) {
-		cssmPerror("SecCertificateAddToKeychain", ortn);
-		return -1;
-	}
-	return 0;
-}
-
-/* 
- * Verify specified attr does not exist
- * set it 
- * make sure we get it back 
- */
-int testOneAttr(
-	SecKeychainItemRef itemRef,
-	CFStringRef attrName,
-	CFDataRef attrVal,
-	bool quiet)
-{
-	OSStatus ortn;
-	CFDataRef fetchedVal = NULL;
-	int ourRtn = 0;
-	
-	if(!quiet) {
-		printf("   ...verifying attribute doesn't exist\n");
-	}
-	ortn = SecKeychainItemCopyExtendedAttribute(itemRef, attrName, &fetchedVal);
-	if(ortn != errSecNoSuchAttr) {
-		printf("***First SecKeychainItemCopyExtendedAttribute returned %d, expected %d\n",
-			(int)ortn, (int)errSecNoSuchAttr);
-		ourRtn = -1;
-		goto errOut;
-	}
-	if(!quiet) {
-		printf("   ...setting attribute\n");
-	}
-	ortn = SecKeychainItemSetExtendedAttribute(itemRef, attrName, attrVal);
-	if(ortn) {
-		cssmPerror("SecKeychainItemSetExtendedAttribute", ortn);
-		ourRtn = -1;
-		goto errOut;
-	}
-	if(!quiet) {
-		printf("   ...verify attribute\n");
-	}
-	ortn = SecKeychainItemCopyExtendedAttribute(itemRef, attrName, &fetchedVal);
-	if(ortn) {
-		cssmPerror("SecKeychainItemCopyExtendedAttribute", ortn);
-		ourRtn = -1;
-		goto errOut;
-	}
-	if(!CFEqual(fetchedVal, attrVal)) {
-		printf("***Mismatch in set and fetched attribute\n");
-		ourRtn = -1;
-	}
-errOut:
-	CFRELEASE(fetchedVal);
-	return ourRtn;
-}
-
-/*
- * Set two distinct extended attributes;
- * Ensure that each comes back via SecKeychainItemCopyExtendedAttribute();
- * Ensure that both come back via SecKeychainItemCopyAllExtendedAttributes();
- */
-int doTest(SecKeychainItemRef itemRef,
-	const ItemAttrs &itemAttrs,
-	bool quiet)
-{
-	CFDataRef attrVal1 = CFDataCreate(NULL, 
-		(const UInt8 *)itemAttrs.attr1Value, strlen(itemAttrs.attr1Value));
-	if(testOneAttr(itemRef, itemAttrs.attr1Name, attrVal1, quiet)) {
-		return -1;
-	}
-	CFDataRef attrVal2 = CFDataCreate(NULL, 
-		(const UInt8 *)itemAttrs.attr2Value, strlen(itemAttrs.attr2Value));
-	if(testOneAttr(itemRef, itemAttrs.attr2Name, attrVal2, quiet)) {
-		return -1;
-	}
-	
-	if(!quiet) {
-		printf("   ...verify both attributes via CopyAllExtendedAttributes()\n");
-	}
-	/* make sure they both come back in SecKeychainItemCopyAllExtendedAttributes */
-	CFArrayRef attrNames = NULL;
-	CFArrayRef attrValues = NULL;
-	OSStatus ortn = SecKeychainItemCopyAllExtendedAttributes(itemRef, &attrNames, &attrValues);
-	if(ortn) {
-		cssmPerror("SecKeychainItemCopyAllExtendedAttributes", ortn);
-		return -1;
-	}
-	CFIndex numNames = CFArrayGetCount(attrNames);
-	CFIndex numValues = CFArrayGetCount(attrValues);
-	if((numNames != 2) || (numValues != 2)) {
-		printf("***Bad array count after SecKeychainItemCopyAllExtendedAttributes\n");
-		printf("   numNames %ld   numValues %ld; expected 2 for both\n",
-			(long)numNames, (long)numValues);
-		return -1;
-	}
-	bool found1 = false;
-	bool found2 = false;
-	for(CFIndex dex=0; dex<numNames; dex++) {
-		CFStringRef attrName = (CFStringRef)CFArrayGetValueAtIndex(attrNames, dex);
-		CFDataRef valToCompare = NULL;
-		if(CFEqual(attrName, itemAttrs.attr1Name)) {
-			found1 = true;
-			valToCompare = attrVal1;
-		}
-		else if(CFEqual(attrName, itemAttrs.attr2Name)) {
-			found2 = true;
-			valToCompare = attrVal2;
-		}
-		else {
-			printf("***Found unknown attribute name\n");
-			return -1;
-		}
-		CFDataRef foundVal = (CFDataRef)CFArrayGetValueAtIndex(attrValues, dex);
-		if(!CFEqual(foundVal, valToCompare)) {
-			printf("***Attribute Value miscompare\n");
-			return -1;
-		}
-	}
-	CFRelease(attrNames);
-	CFRelease(attrValues);
-	CFRelease(attrVal1);
-	CFRelease(attrVal2);
-	
-	if(!found1 || !found2) {
-		printf("***wrote two attribute; found1 %s, found2 %s\n",
-			found1 ? "true" : "false", found2 ? "true" : "false");
-		return 1;
-	}
-	
-	return 0;
-}
-
-/* delete two attrs, verify that none are left */
-static int doDeleteTest(
-	SecKeychainItemRef itemRef,
-	const ItemAttrs &itemAttrs,
-	bool quiet)
-{
-	if(!quiet) {
-		printf("   ...deleting both attributes, verifying none are left\n");
-	}
-	
-	OSStatus ortn = SecKeychainItemSetExtendedAttribute(itemRef, itemAttrs.attr1Name, NULL);
-	if(ortn) {
-		cssmPerror("SecKeychainItemSetExtendedAttribute (NULL)", ortn);
-		return -1;
-	}
-	ortn = SecKeychainItemSetExtendedAttribute(itemRef, itemAttrs.attr2Name, NULL);
-	if(ortn) {
-		cssmPerror("SecKeychainItemSetExtendedAttribute (NULL)", ortn);
-		return -1;
-	}
-	CFArrayRef attrNames = NULL;
-	CFArrayRef attrValues = NULL;
-	ortn = SecKeychainItemCopyAllExtendedAttributes(itemRef, &attrNames, &attrValues);
-	if(ortn != errSecNoSuchAttr) {
-		printf("***Last SecKeychainItemCopyExtendedAttribute returned %d, expected %d\n",
-			(int)ortn, (int)errSecNoSuchAttr);
-		return -1;
-	}
-	return 0;
-}
-
-/*
- * Verify that SecKeychainItemDelete() also deletes extended attributes.
- *
- * Assuming empty keychain:
- * Import a cert;
- * Set two extended attributes, make sure they're there;
- * Delete the cert;
- * Import the cert again;
- * Verify that the new item has *no* extended attributes;
- */
-static int doDeleteItemTest(
-	SecKeychainRef kcRef,
-	bool quiet)
-{
-	SecCertificateRef certRef = NULL;
-	
-	if(doImportCert(CERT_FILE, kcRef, &certRef)) {
-		return 1;
-	}
-	if(!quiet) {
-		printf("...testing cert\n");
-	}
-	if(doTest((SecKeychainItemRef)certRef, certAttrs, quiet)) {
-		return -1;
-	}
-	
-	/* doTest() verified that there are two extended attrs */
-	if(!quiet) {
-		printf("...deleting cert\n");
-	}
-	OSStatus ortn = SecKeychainItemDelete((SecKeychainItemRef)certRef);
-	if(ortn) {
-		cssmPerror("SecKeychainItemDelete", ortn);
-		return -1;
-	}
-	CFRelease(certRef);
-
-	if(!quiet) {
-		printf("...reimporting cert, verifying it has no extended attributes\n");
-	}
-	if(doImportCert(CERT_FILE, kcRef, &certRef)) {
-		return 1;
-	}
-	CFArrayRef attrNames = NULL;
-	ortn = SecKeychainItemCopyAllExtendedAttributes((SecKeychainItemRef)certRef, &attrNames, 
-		NULL);
-	if(ortn != errSecNoSuchAttr) {
-		printf("***Deleted cert, re-imported it, and the new cert has extended attributes!\n");
-		return -1;
-	}
-	CFRelease(certRef);
-	return 0;
-}
-
-int main(int argc, char **argv)
-{
-	const char *kcName = DEFAULT_KC_NAME;
-	extern char *optarg;
-	int arg;
-	bool quiet = false;
-	bool noDelete = false;
-	
-	while ((arg = getopt(argc, argv, "k:qnh")) != -1) {
-		switch (arg) {
-			case 'k':
-				kcName = optarg;
-				break;
-			case 'n':
-				noDelete = true;
-				break;
-			case 'q':
-				quiet = true;
-				break;
-			case 'h':
-				usage(argv);
-		}
-	}
-	if(optind != argc) {
-		usage(argv);
-	}
-	
-	testStartBanner("extendAttrTest", argc, argv);
-	
-	SecKeychainRef kcRef = NULL;
-	OSStatus ortn;
-	
-	if(!quiet) {
-		printf("Deleting possible existing keychain and creating %s...\n", kcName);
-		
-	}
-	/* delete possible existing keychain, then create it */
-	if (SecKeychainOpen(kcName, &kcRef) == noErr)
-	{
-		SecKeychainDelete(kcRef);
-		CFRelease(kcRef);
-	}
-
-	kcRef = NULL;
-	ortn = SecKeychainCreate(kcName, 
-		strlen(DEFAULT_KC_NAME), DEFAULT_KC_NAME,
-		false, NULL, &kcRef);
-	if(ortn) {
-		cssmPerror("SecKeychainCreate", ortn);
-		exit(1);
-	}
-		
-	/* import keys */
-	SecKeyRef pubKey = NULL;
-	SecKeyRef privKey = NULL;
-	if(!quiet) {
-		printf("Importing %s to keychain...\n", PUB_KEY);
-	}
-	if(doImportKey(PUB_KEY, kSecFormatOpenSSL, kSecItemTypePublicKey, kcRef, &pubKey)) {
-		exit(1);
-	}
-	if(!quiet) {
-		printf("Importing %s to keychain...\n", PRIV_KEY);
-	}
-	if(doImportKey(PRIV_KEY, kSecFormatOpenSSL, kSecItemTypePrivateKey, kcRef, &privKey)) {
-		exit(1);
-	}
-	
-	if(!quiet) {
-		printf("...testing public key\n");
-	}
-	if(doTest((SecKeychainItemRef)pubKey, pubKeyAttrs, quiet)) {
-		return -1;
-	}
-	if(!quiet) {
-		printf("...testing private key\n");
-	}
-	if(doTest((SecKeychainItemRef)privKey, privKeyAttrs, quiet)) {
-		return -1;
-	}
-	
-	/* 
-	 * Those keys and their extended attrs are still in the keychain. Test a cert. 
-	 */
-	SecCertificateRef certRef = NULL;
-	if(doImportCert(CERT_FILE, kcRef, &certRef)) {
-		exit(1);
-	}
-	if(!quiet) {
-		printf("...testing cert\n");
-	}
-	if(doTest((SecKeychainItemRef)certRef, certAttrs, quiet)) {
-		return -1;
-	}
-	
-	/* leaving everything in place, test a generic password. */
-	SecKeychainItemRef pwdRef = NULL;
-	ortn = SecKeychainAddGenericPassword(kcRef,
-		strlen(PWD_SERVICE), PWD_SERVICE,
-		strlen(PWD_ACCOUNT), PWD_ACCOUNT,
-		strlen(PWD_PWD), PWD_PWD,
-		&pwdRef);
-	if(ortn) {
-		cssmPerror("SecKeychainAddGenericPassword", ortn);
-		exit(1);
-	}
-	if(!quiet) {
-		printf("...testing generic password\n");
-	}
-	if(doTest(pwdRef, pwdAttrs, quiet)) {
-		return -1;
-	}
-
-	if(noDelete) {
-		goto done;
-	}
-	
-	/* delete extended attrs; make sure they really get deleted */
-	if(!quiet) {
-		printf("...removing extended attributes from public key\n");
-	}
-	if(doDeleteTest((SecKeychainItemRef)pubKey, pubKeyAttrs, quiet)) {
-		exit(1);
-	}
-	if(!quiet) {
-		printf("...removing extended attributes from private key\n");
-	}
-	if(doDeleteTest((SecKeychainItemRef)privKey, privKeyAttrs, quiet)) {
-		exit(1);
-	}
-	if(!quiet) {
-		printf("...removing extended attributes from certificate\n");
-	}
-	if(doDeleteTest((SecKeychainItemRef)certRef, certAttrs, quiet)) {
-		exit(1);
-	}
-	if(!quiet) {
-		printf("...removing extended attributes from generic password\n");
-	}
-	if(doDeleteTest(pwdRef, pwdAttrs, quiet)) {
-		exit(1);
-	}
-
-	CFRelease(pubKey);
-	CFRelease(privKey);
-	CFRelease(pwdRef);
-	
-	/* Verify that SecKeychainItemDelete() also deletes extended attributes */
-	ortn = SecKeychainItemDelete((SecKeychainItemRef)certRef);
-	if(ortn) {
-		cssmPerror("SecKeychainItemDelete", ortn);
-		exit(1);
-	}
-	CFRelease(certRef);
-	if(doDeleteItemTest(kcRef, quiet)) {
-		exit(1);
-	}
-	
-	SecKeychainDelete(kcRef);
-	CFRelease(kcRef);
-done:
-	if(!quiet) {
-		printf("...Success\n");
-	}
-	return 0;
-}