trusted_cert_dump.c [plain text]
#include "security_tool.h"
#include "trusted_cert_dump.h"
#include "trusted_cert_utils.h"
#include <errno.h>
#include <unistd.h>
#include <Security/Security.h>
#include <Security/cssmapple.h>
#include <Security/SecTrustSettings.h>
#include <Security/oidsalg.h>
#include <security_cdsa_utils/cuFileIo.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecCertificatePriv.h>
static OSStatus printCertLabel(
SecCertificateRef certRef)
{
OSStatus ortn;
CFStringRef label;
ortn = SecCertificateInferLabel(certRef, &label);
if(ortn) {
cssmPerror("SecCertificateInferLabel", ortn);
return ortn;
}
printCfStr(label);
CFRelease(label);
return noErr;
}
static int displayTrustSettings(
CFArrayRef trustSettings)
{
if(trustSettings == NULL) {
fprintf(stderr, "***displayTrustSettings: missing trust settings array");
return -1;
}
if(CFGetTypeID(trustSettings) != CFArrayGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed trust settings array");
return -1;
}
int ourRtn = 0;
CFIndex numUseConstraints = CFArrayGetCount(trustSettings);
indentIncr();
indent(); printf("Number of trust settings : %ld\n", (long)numUseConstraints);
OSStatus ortn;
SecPolicyRef certPolicy;
SecTrustedApplicationRef certApp;
CFDictionaryRef ucDict;
CFStringRef policyStr;
CFNumberRef cfNum;
CFIndex ucDex;
for(ucDex=0; ucDex<numUseConstraints; ucDex++) {
indent(); printf("Trust Setting %ld:\n", (long)ucDex);
indentIncr();
ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, ucDex);
if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed usage constraints dictionary");
ourRtn = -1;
goto nextAp;
}
certPolicy = (SecPolicyRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
if(certPolicy != NULL) {
if(CFGetTypeID(certPolicy) != SecPolicyGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed certPolicy");
ourRtn = -1;
goto nextAp;
}
CSSM_OID policyOid;
ortn = SecPolicyGetOID(certPolicy, &policyOid);
if(ortn) {
cssmPerror("SecPolicyGetOID", ortn);
ourRtn = -1;
goto nextAp;
}
indent(); printf("Policy OID : %s\n",
oidToOidString(&policyOid));
}
certApp = (SecTrustedApplicationRef)CFDictionaryGetValue(ucDict,
kSecTrustSettingsApplication);
if(certApp != NULL) {
if(CFGetTypeID(certApp) != SecTrustedApplicationGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed certApp");
ourRtn = -1;
goto nextAp;
}
CFDataRef appPath = NULL;
ortn = SecTrustedApplicationCopyData(certApp, &appPath);
if(ortn) {
cssmPerror("SecTrustedApplicationCopyData", ortn);
ourRtn = -1;
goto nextAp;
}
indent(); printf("Application : %s", CFDataGetBytePtr(appPath));
printf("\n");
CFRelease(appPath);
}
policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
if(policyStr != NULL) {
if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed policyStr");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Policy String : ");
printCfStr(policyStr); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed allowedError");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Allowed Error : ");
printCssmErr(cfNum); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed ResultType");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Result Type : ");
printResultType(cfNum); printf("\n");
}
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed keyUsage");
ourRtn = -1;
goto nextAp;
}
indent(); printf("Key Usage : ");
printKeyUsage(cfNum); printf("\n");
}
nextAp:
indentDecr();
}
indentDecr();
return ourRtn;
}
int
trusted_cert_dump(int argc, char * const *argv)
{
CFArrayRef certArray = NULL;
OSStatus ortn = noErr;
CFIndex numCerts;
CFIndex dex;
CFArrayRef trustSettings;
int ourRtn = 0;
SecTrustSettingsDomain domain = kSecTrustSettingsDomainUser;
extern char *optarg;
extern int optind;
int arg;
optind = 1;
while ((arg = getopt(argc, argv, "sdh")) != -1) {
switch (arg) {
case 's':
domain = kSecTrustSettingsDomainSystem;
break;
case 'd':
domain = kSecTrustSettingsDomainAdmin;
break;
default:
case 'h':
return SHOW_USAGE_MESSAGE;
}
}
if(optind != argc) {
return SHOW_USAGE_MESSAGE;
}
ortn = SecTrustSettingsCopyCertificates(domain, &certArray);
if(ortn) {
cssmPerror("SecTrustSettingsCopyCertificates", ortn);
return 1;
}
numCerts = CFArrayGetCount(certArray);
printf("Number of trusted certs = %ld\n", (long)numCerts);
for(dex=0; dex<numCerts; dex++) {
SecCertificateRef certRef =
(SecCertificateRef)CFArrayGetValueAtIndex(certArray, dex);
if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
fprintf(stderr, "***Bad CFGetTypeID for cert %ld\n", (long)dex);
ourRtn = -1;
break;
}
printf("Cert %ld: ", dex);
printCertLabel(certRef);
printf("\n");
ortn = SecTrustSettingsCopyTrustSettings(certRef, domain, &trustSettings);
if(ortn) {
cssmPerror("SecTrustSettingsCopyTrustSettings", ortn);
ourRtn = -1;
continue;
}
if(displayTrustSettings(trustSettings)) {
ourRtn = -1;
}
}
CFRelease(certArray);
return ourRtn;
}