parseTrustedRootList.cpp [plain text]
#include <stdlib.h>
#include <strings.h>
#include <stdio.h>
#include <unistd.h>
#include "parseTrustedRootList.h"
#include "rootUtils.h"
#include <Security/TrustSettingsSchema.h>
#include <Security/SecTrustSettings.h>
#include <CoreFoundation/CoreFoundation.h>
#include <security_utilities/cfutilities.h>
int parseTrustedRootList(
CFDataRef plistData)
{
CFStringRef errStr = NULL;
CFRef<CFPropertyListRef> rawPropList;
int ourRtn = 0;
OidParser parser;
rawPropList.take(CFPropertyListCreateFromXMLData(
NULL,
plistData,
kCFPropertyListImmutable,
&errStr));
CFPropertyListRef cfRawPropList = rawPropList;
if(cfRawPropList == NULL) {
printf("***parseTrustedRootList: Error decoding TrustedRootList XML data\n");
if(errStr != NULL) {
printf("Error string: "); CFShow(errStr);
CFRelease(errStr);
}
return -1;
}
if(errStr != NULL) {
CFRelease(errStr);
}
CFDictionaryRef topDict = (CFDictionaryRef)cfRawPropList;
if(CFGetTypeID(topDict) != CFDictionaryGetTypeID()) {
printf("***parseTrustedRootList: malformed propList");
return -1;
}
printf("=== Parsed User Trust Record ===\n");
CFNumberRef cfVers = (CFNumberRef)CFDictionaryGetValue(topDict, kTrustRecordVersion);
if((cfVers == NULL) || (CFGetTypeID(cfVers) != CFNumberGetTypeID())) {
printf("***parseTrustedRootList: malformed version");
}
else {
SInt32 vers;
if(!CFNumberGetValue(cfVers, kCFNumberSInt32Type, &vers)) {
printf("***parseTrustedRootList: malformed version");
}
else {
printf("Version = %ld\n", vers);
}
}
CFDictionaryRef certsDict = (CFDictionaryRef)CFDictionaryGetValue(topDict,
kTrustRecordTrustList);
if((certsDict == NULL) || (CFGetTypeID(certsDict) != CFDictionaryGetTypeID())) {
printf("***parseTrustedRootList: malformed mTrustArray");
return -1;
}
CFIndex numCerts = CFDictionaryGetCount(certsDict);
const void *dictKeys[numCerts];
const void *dictValues[numCerts];
CFDictionaryGetKeysAndValues(certsDict, dictKeys, dictValues);
CFDataRef certApp;
CFDataRef certPolicy;
CFDictionaryRef ucDict;
CFArrayRef usageConstraints;
CFDataRef cfd;
CFIndex numUsageConstraints;
CFStringRef policyStr;
CFNumberRef cfNum;
CFDateRef modDate;
printf("Number of cert entries: %ld\n", numCerts);
for(CFIndex dex=0; dex<numCerts; dex++) {
printf("Cert %ld:\n", dex);
indentIncr();
CFStringRef certHashStr = (CFStringRef)dictKeys[dex];
if(CFGetTypeID(certHashStr) != CFStringGetTypeID()) {
printf("***parseTrustedRootList: malformed certsDict key");
ourRtn = -1;
goto nextCert;
}
indent(); printf("Cert Hash : ");
printCfStr(certHashStr);
printf("\n");
CFDictionaryRef certDict = (CFDictionaryRef)dictValues[dex];
if(CFGetTypeID(certDict) != CFDictionaryGetTypeID()) {
printf("***parseTrustedRootList: malformed certDict");
ourRtn = -1;
goto nextCert;
}
cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordIssuer);
if(cfd == NULL) {
printf("***parseTrustedRootList: missing issuer");
ourRtn = -1;
goto nextCert;
}
if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
printf("***parseTrustedRootList: malformed issuer");
ourRtn = -1;
goto nextCert;
}
indent();
if(CFDataGetLength(cfd) == 0) {
printf("Issuer : <none>\n");
}
else {
printf("Issuer : \n");
indentIncr(); printCfName(cfd, parser);
indentDecr();
}
cfd = (CFDataRef)CFDictionaryGetValue(certDict, kTrustRecordSerialNumber);
if(cfd == NULL) {
printf("***parseTrustedRootList: missing serial number");
ourRtn = -1;
goto nextCert;
}
if(CFGetTypeID(cfd) != CFDataGetTypeID()) {
printf("***parseTrustedRootList: malformed serial number");
ourRtn = -1;
goto nextCert;
}
indent(); printData("Serial Number ", cfd, PD_Hex, parser);
modDate = (CFDateRef)CFDictionaryGetValue(certDict, kTrustRecordModDate);
if(modDate == NULL) {
printf("***parseTrustedRootList: missing modification date");
ourRtn = -1;
goto nextCert;
}
if(CFGetTypeID(modDate) != CFDateGetTypeID()) {
printf("***parseTrustedRootList: malformed modification date");
ourRtn = -1;
goto nextCert;
}
indent();
printf("Modification Date : ");
printCFDate(modDate);
printf("\n");
usageConstraints = (CFArrayRef)CFDictionaryGetValue(certDict,
kTrustRecordTrustSettings);
numUsageConstraints = 0;
if(usageConstraints != NULL) {
if(CFGetTypeID(usageConstraints) != CFArrayGetTypeID()) {
printf("***parseTrustedRootList: malformed Usage Constraints array");
ourRtn = -1;
goto nextCert;
}
numUsageConstraints = CFArrayGetCount(usageConstraints);
}
indent(); printf("Num usage constraints : ");
if(usageConstraints) {
printf("%ld\n", numUsageConstraints);
}
else {
printf("<not present>\n");
}
for(CFIndex apDex=0; apDex<numUsageConstraints; apDex++) {
indent(); printf("Usage constraint %ld:\n", apDex);
indentIncr();
ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(usageConstraints, apDex);
if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
printf("***parseTrustedRootList: malformed usageConstraint dictionary");
ourRtn = -1;
goto nextAp;
}
certPolicy = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
if(certPolicy != NULL) {
if(CFGetTypeID(certPolicy) != CFDataGetTypeID()) {
printf("***parseTrustedRootList: malformed certPolicy");
ourRtn = -1;
goto nextAp;
}
indent(); printData("Policy OID ", certPolicy, PD_OID, parser);
}
certApp = (CFDataRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsApplication);
if(certApp != NULL) {
if(CFGetTypeID(certApp) != CFDataGetTypeID()) {
printf("***parseTrustedRootList: malformed certApp");
ourRtn = -1;
goto nextAp;
}
indent(); printData("Application ", certApp, PD_Hex, parser);
}
policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
if(policyStr != NULL) {
if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
printf("***parseTrustedRootList: malformed policyStr");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Policy String : ");
printCfStr(policyStr); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
printf("***parseTrustedRootList: malformed allowedError");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Allowed Error : ");
printCssmErr(cfNum); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
printf("***parseTrustedRootList: malformed Result");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Result Type : ");
printResult(cfNum); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
printf("***parseTrustedRootList: malformed keyUsage");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Key Usage : ");
printKeyUsage(cfNum); printf("\n");
}
nextAp:
indentDecr();
}
nextCert:
indentDecr();
}
printf("=== End of Parsed User Trust Record ===\n");
return ourRtn;
}