CertificateParseTests.m [plain text]
/*
* Copyright (c) 2018 Apple Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*
*/
#include <AssertMacros.h>
#import <XCTest/XCTest.h>
#include <Security/SecCertificate.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecCertificateInternal.h>
#include <Security/SecFramework.h>
#include <utilities/SecCFRelease.h>
#include "../TestMacroConversions.h"
#include "TrustFrameworkTestCase.h"
const NSString *kSecTestParseFailureResources = @"si-18-certificate-parse/ParseFailureCerts";
const NSString *kSecTestParseSuccessResources = @"si-18-certificate-parse/ParseSuccessCerts";
const NSString *kSecTestKeyFailureResources = @"si-18-certificate-parse/KeyFailureCerts";
const NSString *kSecTestTODOFailureResources = @"si-18-certificate-parse/TODOFailureCerts";
const NSString *kSecTestExtensionFailureResources = @"si-18-certificate-parse/ExtensionFailureCerts";
const NSString *kSecTestNameFailureResources = @"si-18-certificate-parse/NameFailureCerts";
@interface CertificateParseTests : TrustFrameworkTestCase
@end
@implementation CertificateParseTests
- (void)testParseFailure {
/* A bunch of certificates with different parsing errors */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestParseFailureResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test failure certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
is(cert, NULL, "Successfully parsed bad cert: CFReleaseNull(cert);
}];
}
}
- (void)testParseSuccess {
/* A bunch of certificates with different parsing variations */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestParseSuccessResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test success certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
isnt(cert, NULL, "Failed to parse good cert: is(SecCertificateGetUnparseableKnownExtension(cert), kCFNotFound, "Found bad extension in good certs: CFReleaseNull(cert);
}];
}
}
- (void)testKeyFailure {
/* Parse failures that require public key extraction */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestKeyFailureResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test key failure certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
SecKeyRef pubkey = NULL;
require_action(cert, blockOut,
fail("Failed to parse cert with SPKI error: pubkey = SecCertificateCopyKey(cert);
is(pubkey, NULL, "Successfully parsed bad SPKI:
blockOut:
CFReleaseNull(cert);
CFReleaseNull(pubkey);
}];
}
}
- (void)testTODOFailures {
/* A bunch of certificates with different parsing errors that currently succeed. */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestTODOFailureResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test TODO failure certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
isnt(cert, NULL, "Successfully parsed bad TODO cert: CFReleaseNull(cert);
}];
}
}
- (void)testUnparseableExtensions {
/* A bunch of certificates with different parsing errors in known (but non-critical) extensions */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestExtensionFailureResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test extension failure certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
isnt(cert, NULL, "Failed to parse bad cert with unparseable extension: isnt(SecCertificateGetUnparseableKnownExtension(cert), kCFNotFound, "Unable to find unparseable extension: CFReleaseNull(cert);
}];
}
}
- (void)testUnparseableSubjectName {
/* A bunch of certificates with different parsing errors the subject name */
NSArray <NSURL *>* certURLs = [[NSBundle bundleForClass:[self class]]URLsForResourcesWithExtension:@".cer" subdirectory:(NSString *)kSecTestNameFailureResources];
XCTAssertTrue([certURLs count] > 0, "Unable to find parse test name failure certs in bundle.");
if ([certURLs count] > 0) {
[certURLs enumerateObjectsUsingBlock:^(NSURL *url, __unused NSUInteger idx, __unused BOOL *stop) {
NSData *certData = [NSData dataWithContentsOfURL:url];
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
isnt(cert, NULL, "Failed to parse bad cert with unparseable name: is(CFBridgingRelease(SecCertificateCopyCountry(cert)), nil, "Success parsing name for failure cert: CFReleaseNull(cert);
}];
}
}
@end