X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp diff --git a/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp b/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp deleted file mode 100644 index 7b87318d..00000000 --- a/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp +++ /dev/null @@ -1,244 +0,0 @@ -/* - * userTrustTest.cpp - simple test of SecTrustSetUserTrustLegacy() and - * SecTrustGetUserTrust() - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define IGNORE_EXISTING_STATE 0 - -static void usage(char **argv) -{ - printf("usage: %s [options] known_good_leaf_cert [ca_cert...]\n", argv[0]); - printf("Options:\n"); - printf(" -q -- quiet\n"); - exit(1); -} - -static char *secTrustResultStr( - SecTrustResultType result) -{ - static char unknownStr[100]; - - switch(result) { - case kSecTrustResultInvalid: return "kSecTrustResultInvalid"; - case kSecTrustResultProceed: return "kSecTrustResultProceed"; - case kSecTrustResultConfirm: return "kSecTrustResultConfirm"; - case kSecTrustResultDeny: return "kSecTrustResultDeny"; - case kSecTrustResultUnspecified: return "kSecTrustResultUnspecified"; - case kSecTrustResultRecoverableTrustFailure: - return "kSecTrustResultRecoverableTrustFailure"; - case kSecTrustResultFatalTrustFailure: return "kSecTrustResultFatalTrustFailure"; - case kSecTrustResultOtherError: return "kSecTrustResultOtherError"; - default: - sprintf(unknownStr, "UNKNOWN ResultType (%d)\n", - (int)result); - return unknownStr; - } -} - -/* do a SecTrustEvaluate, ensure resultType is as specified */ -static int doEval( - CFArrayRef certs, - SecPolicyRef policy, - SecTrustResultType expectedResult, - bool quiet) -{ - OSStatus ortn; - SecTrustRef trustRef = NULL; - SecTrustResultType result; - int ourRtn = 0; - - ortn = SecTrustCreateWithCertificates(certs, policy, &trustRef); - if(ortn) { - cssmPerror("SecTrustCreateWithCertificates", ortn); - return -1; - } - ortn = SecTrustEvaluate(trustRef, &result); - if(ortn) { - /* shouldn't fail no matter what resultType we expect */ - cssmPerror("SecTrustEvaluate", ortn); - ourRtn = -1; - goto errOut; - } - if(expectedResult == result) { - if(!quiet) { - printf("...got %s as expected\n", secTrustResultStr(result)); - } - } - else { - printf("***Expected %s, got %s\n", secTrustResultStr(expectedResult), - secTrustResultStr(result)); - ourRtn = -1; - } -errOut: - CFRelease(trustRef); - return ourRtn; -} - -/* Do a SecTrustGetUserTrust(), ensure result is as specified */ -static int doGetUserTrust( - SecCertificateRef certRef, - SecPolicyRef policy, - SecTrustResultType expectedResult) -{ - SecTrustResultType foundResult; - OSStatus ortn = SecTrustGetUserTrust(certRef, policy, &foundResult); - if(ortn) { - cssmPerror("SecTrustGetUserTrust", ortn); - return -1; - } - if(foundResult != expectedResult) { - printf("***Expected current resultType %s; found %s\n", - secTrustResultStr(expectedResult), secTrustResultStr(foundResult)); - return -1; - } - return 0; -} - -/* Do SecTrustSetUserTrustLegacy() followed by SecTrustGetUserTrust() */ -static int doSetVerifyUserTrust( - SecCertificateRef certRef, - SecPolicyRef policy, - SecTrustResultType result) -{ - OSStatus ortn; - ortn = SecTrustSetUserTrustLegacy(certRef, policy, result); - if(ortn) { - cssmPerror("SecTrustSetUserTrustLegacy", ortn); - return -1; - } - return doGetUserTrust(certRef, policy, result); -} - -static int doTest( - CFArrayRef certArray, - SecPolicyRef policy, - bool quiet) -{ - int ourRtn = 0; - SecCertificateRef leafCert = (SecCertificateRef)CFArrayGetValueAtIndex( - certArray, 0); - - if(!quiet) { - printf("Verifying cert is good as is...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultUnspecified, quiet); - if(ourRtn && !IGNORE_EXISTING_STATE) { - return ourRtn; - } - - if(!quiet) { - printf("Verifying cert currently has kSecTrustResultUnspecified...\n"); - } - if(doGetUserTrust(leafCert, policy, kSecTrustResultUnspecified)) { - ourRtn = -1; - /* but keep going */ - } - - if(!quiet) { - printf("setting and verifying SecTrustResultDeny...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultDeny)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with SecTrustResultDeny...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultDeny, quiet); - if(ourRtn) { - ourRtn = -1; - } - - if(!quiet) { - printf("setting and verifying kSecTrustResultConfirm...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultConfirm)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with kSecTrustResultConfirm...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultConfirm, quiet); - if(ourRtn) { - ourRtn = -1; - } - - if(!quiet) { - printf("setting and verifying kSecTrustResultUnspecified...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultUnspecified)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with kSecTrustResultUnspecified...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultUnspecified, quiet); - - if(!quiet) { - printf("Verify SecTrustSetUserTrust(kSecTrustResultConfirm) fails...\n"); - } - /* verify Radar 4642125 - this should fail, not crash */ - OSStatus ortn = SecTrustSetUserTrust(leafCert, policy, kSecTrustResultConfirm); - if(ortn != unimpErr) { - printf("***SecTrustSetUserTrust returned %ld; expected %ld (unimpErr)\n", - (long)ortn, (long)unimpErr); - ourRtn = -1; - } - return ourRtn; -} - -int main(int argc, char **argv) -{ - bool quiet = false; - - int arg; - while ((arg = getopt(argc, argv, "qh")) != -1) { - switch (arg) { - case 'q': - quiet = true; - break; - case 'h': - usage(argv); - } - } - - unsigned numCerts = argc - optind; - if(numCerts == 0) { - usage(argv); - } - CFMutableArrayRef certArray = CFArrayCreateMutable(NULL, 0, - &kCFTypeArrayCallBacks); - for(int dex=optind; dex