cms-trust-settings-test.c [plain text]
#include <sys/cdefs.h>
#include <AssertMacros.h>
#include <utilities/SecCFRelease.h>
#include <Security/SecBase.h>
#include <Security/SecImportExport.h>
#include <Security/SecKeychain.h>
#include <Security/SecCertificatePriv.h>
#include <Security/SecTrustSettings.h>
#include <Security/SecItem.h>
#include <Security/SecTrust.h>
#include <Security/SecPolicy.h>
#include <Security/CMSDecoder.h>
#define kSystemLoginKeychainPath "/Library/Keychains/System.keychain"
#include "regressions/test/testmore.h"
#include "cms_regressions.h"
#include "cms-trust-settings-test.h"
static void test(void) {
SecCertificateRef cert = NULL;
SecKeychainRef kcRef = NULL;
CFMutableDictionaryRef query = NULL;
CFDictionaryRef trustSettings = NULL;
CFArrayRef persistentRef = NULL;
CMSDecoderRef decoder = NULL;
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;
CMSSignerStatus signerStatus = kCMSSignerInvalidIndex;
SecTrustResultType trustResult = kSecTrustResultInvalid;
ok(cert = SecCertificateCreateWithBytes(NULL, _cert, sizeof(_cert)), "Create cert");
ok_status(SecKeychainOpen(kSystemLoginKeychainPath, &kcRef), "Open system keychain");
if (!kcRef) {
goto out;
}
ok(query = CFDictionaryCreateMutable(NULL, 3, &kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks),
"Create SecItem dictionary");
CFDictionaryAddValue(query, kSecValueRef, cert);
CFDictionaryAddValue(query, kSecUseKeychain, kcRef);
CFDictionaryAddValue(query, kSecReturnPersistentRef, kCFBooleanTrue);
ok_status(SecItemAdd(query, (void *)&persistentRef),
"Add cert to system keychain");
CFStringRef temp = kSecTrustSettingsResult;
uint32_t otherTemp = kSecTrustSettingsResultDeny;
CFNumberRef deny = CFNumberCreate(NULL, kCFNumberSInt32Type, &otherTemp);
trustSettings = CFDictionaryCreate(NULL, (const void **)&temp, (const void **)&deny, 1,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFReleaseNull(deny);
ok_status(SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainAdmin, trustSettings),
"Set cert as denied");
sleep(1);
ok_status(CMSDecoderCreate(&decoder), "Create CMS decoder");
ok_status(CMSDecoderUpdateMessage(decoder, _signed_message, sizeof(_signed_message)),
"Update decoder with CMS message");
ok_status(CMSDecoderFinalizeMessage(decoder), "Finalize decoder");
ok(policy = SecPolicyCreateBasicX509(), "Create policy");
ok_status(CMSDecoderCopySignerStatus(decoder, 0, policy, true, &signerStatus, &trust, NULL),
"Copy Signer status");
ok_status(SecTrustGetTrustResult(trust, &trustResult), "Get trust result");
is(trustResult, kSecTrustResultDeny, "Not denied");
out:
if (persistentRef) {
CFTypeRef item = CFArrayGetValueAtIndex(persistentRef, 0);
CFDictionaryRef del = CFDictionaryCreate(NULL, (const void **)&kSecValuePersistentRef, &item, 1,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
SecItemDelete(del);
CFReleaseNull(del);
}
CFReleaseNull(cert);
CFReleaseNull(kcRef);
CFReleaseNull(query);
CFReleaseNull(persistentRef);
CFReleaseNull(trustSettings);
CFReleaseNull(decoder);
CFReleaseNull(policy);
CFReleaseNull(trust);
}
int cms_trust_settings_test(int argc, char *const *argv) {
plan_tests(12);
#if !TARGET_OS_IPHONE
if (getuid() != 0) {
printf("Test must be run as root on OS X");
return 0;
}
#endif
test();
return 0;
}