/* Test basic add delete update copy matching stuff. */
static void tests(void)
{
SecTrustRef trust;
SecCertificateRef cert0, cert1;
isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
NULL, "create cert0");
isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
NULL, "create cert1");
const void *v_certs[] = {
cert0,
cert1
};
SecPolicyRef policy = SecPolicyCreateSSL(false, CFSTR("store.apple.com"));
CFArrayRef certs = CFArrayCreate(NULL, v_certs,
array_size(v_certs), NULL);
ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
/* Jan 1st 2006. */
CFDateRef date = CFDateCreate(NULL, 157680000.0);
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
SecTrustResultType trustResult;
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultUnspecified,
"trust is kSecTrustResultUnspecified");
CFDataRef exceptions;
ok(exceptions = SecTrustCopyExceptions(trust), "create an exceptions");
ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
CFReleaseSafe(trust);
CFReleaseSafe(policy);
policy = SecPolicyCreateSSL(false, CFSTR("badstore.apple.com"));
ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust with hostname mismatch");
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
ok(SecTrustSetExceptions(trust, exceptions), "set old exceptions");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
CFReleaseSafe(exceptions);
ok(exceptions = SecTrustCopyExceptions(trust), "create a new exceptions");
ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
CFReleaseSafe(trust);
ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
CFArrayRef anchors = CFArrayCreate(kCFAllocatorDefault, NULL, 0, &kCFTypeArrayCallBacks);
ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set empty anchor list");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
ok_status(SecTrustSetAnchorCertificatesOnly(trust, false), "trust passed in anchors and system anchors");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultProceed, "trust is now kSecTrustResultProceed");
ok_status(SecTrustSetAnchorCertificatesOnly(trust, true), "only trust passed in anchors (default)");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure again");
CFReleaseSafe(exceptions);
ok(exceptions = SecTrustCopyExceptions(trust), "create a new exceptions");
ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
CFReleaseSafe(date);
date = CFDateCreate(NULL, 667680000.0);
ok_status(SecTrustSetVerifyDate(trust, date), "set date to far future so certs are expired");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
CFReleaseSafe(anchors);
CFReleaseSafe(exceptions);
CFReleaseSafe(trust);
CFReleaseSafe(policy);
CFReleaseSafe(certs);
CFReleaseSafe(cert0);
CFReleaseSafe(cert1);
CFReleaseSafe(date);
}
void t_gds_inline_dlist_get_tail(void)
{
test_list_node_t *nodes[10];
gds_inline_dlist_node_t *idn, *head, *tail;
int i;
for (i = 0; i < 10; i++) {
nodes[i] = test_list_node_new(i);
}
head = &(nodes[0]->inline_node);
for (i = 1; i < 10; i++) {
gds_inline_dlist_splice(head, i, 0, NULL,
&(nodes[i]->inline_node), NULL, &tail);
}
idn = gds_inline_dlist_get_tail(tail);
isnt(idn, NULL);
is(idn, tail);
for (i = 0; i < 10; i++) {
idn = gds_inline_dlist_get_tail(&(nodes[i]->inline_node));
isnt(idn, NULL);
is(idn, tail);
}
for (i = 0; i < 10; i++) {
test_list_node_free(nodes[i]);
}
}
int main () {
plan(7);
MSpec many = {{
.type = MANY,
.flags = 0
}};
finish_MSpec(&many);
char* teststr = "abcdef";
Match result = LTM_match_at(&many, teststr, 0);
isnt(result.type, NOMATCH, "MAny matches at beginning");
is(result.start, 0, "MAny.start is correct");
is(result.end, 1, "MAny match has width 1");
destroy_Match(result);
result = LTM_match_at(&many, teststr, 3);
isnt(result.type, NOMATCH, "MAny matches in middle");
is(result.start, 3, "MAny.start is correct");
is(result.end, 4, "MAny middle match has with 1");
destroy_Match(result);
result = LTM_match_at(&many, teststr, 6);
is(result.type, NOMATCH, "MNull doesn't match at end");
destroy_Match(result);
return 0;
}
int
test_invalid()
{
plan(2);
/* Invalid */
struct uri u;
isnt(uri_parse(&u, ""), 0 , "empty is invalid");
isnt(uri_parse(&u, "://"), 0 , ":// is invalid");
return check_plan();
}
static void tests(void)
{
CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
SecPolicyRef policy = SecPolicyCreateBasicX509();
SecTrustRef trust = NULL;
ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
CFRelease(trust);
ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
CFRelease(trust);
ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
CFRelease(trust);
ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
CFRelease(trust);
SecCertificateRef cert = NULL;
SecKeyRef privKey = NULL;
SecIdentityRef identity = NULL;
isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
isnt(privKey = SecKeyCreateRSAPrivateKey(NULL, privkey_der, privkey_der_len, kSecKeyEncodingPkcs1), NULL, "create private key");
isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
CFReleaseSafe(privKey);
CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
//write_data("/var/tmp/attached", cms_data);
CFDataSetLength(cms_data, 0);
CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
CFRelease(detached_cms_dict);
//write_data("/var/tmp/detached", cms_data);
CFDataSetLength(cms_data, 0);
ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
//write_data("/var/tmp/empty_attached", cms_data);
CFReleaseSafe(cms_data);
CFReleaseSafe(cert);
CFReleaseNull(identity);
CFRelease(attached_signed_data);
CFRelease(detached_signed_data);
CFRelease(attached_no_data_signed_data);
CFRelease(detached_data);
CFRelease(no_data);
CFRelease(policy);
}
void t_gds_inline_rbtree_fast_add(void)
{
gds_inline_rbtree_fast_node_t *root = NULL, node;
test_rbtree_fast_node_t *trfn;
int rc;
ok(0 > gds_inline_rbtree_fast_add(NULL, NULL, NULL, NULL));
ok(0 > gds_inline_rbtree_fast_add(NULL, NULL, test_rbtree_fast_node_cmp, NULL));
ok(0 > gds_inline_rbtree_fast_add(NULL, &node, NULL, NULL));
ok(0 > gds_inline_rbtree_fast_add(NULL, &node, test_rbtree_fast_node_cmp, NULL));
ok(0 > gds_inline_rbtree_fast_add(&root, NULL, NULL, NULL));
ok(0 > gds_inline_rbtree_fast_add(&root, NULL, test_rbtree_fast_node_cmp, NULL));
ok(0 > gds_inline_rbtree_fast_add(&root, &node, NULL, NULL));
trfn = test_rbtree_fast_node_new(1);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 0);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 1);
trfn = test_rbtree_fast_node_new(0);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 0);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 1);
trfn = test_rbtree_fast_node_new(2);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 0);
rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
is(rc, 1);
isnt(root, NULL);
trfn = test_rbtree_fast_node_get_container(root);
isnt(trfn, NULL);
is(trfn->data, 1);
trfn = test_rbtree_fast_node_get_container(root->left);
isnt(trfn, NULL);
is(trfn->data, 0);
trfn = test_rbtree_fast_node_get_container(root->right);
isnt(trfn, NULL);
is(trfn->data, 2);
test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
void t_gds_dlist_push(void)
{
gds_dlist_t *list;
int a[] = {1, 2, 3};
list = gds_dlist();
isnt(list, NULL);
list_is(list);
gds_dlist_push(list, &a[0]);
list_is(list, &a[0]);
gds_dlist_push(list, &a[1]);
list_is(list, &a[0], &a[1]);
gds_dlist_push(list, &a[2]);
list_is(list, &a[0], &a[1], &a[2]);
gds_dlist_push(list, &a[2], &a[1], &a[0]);
list_is(list, &a[0], &a[1], &a[2], &a[2], &a[1], &a[0]);
gds_dlist_push(list);
list_is(list, &a[0], &a[1], &a[2], &a[2], &a[1], &a[0]);
gds_dlist_free(list);
}
void t_gds_dlist_shift(void)
{
gds_dlist_t *list;
int a[] = {1, 2, 3};
int *b;
list = gds_dlist(&a[0], &a[1], &a[2]);
isnt(list, NULL);
list_is(list, &a[0], &a[1], &a[2]);
b = gds_dlist_shift(list);
list_is(list, &a[1], &a[2]);
is(b, &a[0]);
b = gds_dlist_shift(list);
list_is(list, &a[2]);
is(b, &a[1]);
b = gds_dlist_shift(list);
list_is(list);
is(b, &a[2]);
b = gds_dlist_shift(list);
list_is(list);
is(b, NULL);
gds_dlist_free(list);
}
/* Basic processing of input */
static void tests(void)
{
CFArrayRef certs = NULL;
CFDataRef message;
// Premade message containing one certificate blob
message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
certsOnlyMsg, sizeof(certsOnlyMsg), kCFAllocatorNull);
ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
"SecCMSCertificatesOnlyMessageCopyCertificates");
is(CFArrayGetCount(certs), 1, "certificate count is 1");
CFReleaseNull(message);
// Premade message containing one certificate blob
message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
gkIPACCG2DevCertClass87, sizeof(gkIPACCG2DevCertClass87), kCFAllocatorNull);
ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
"SecCMSCertificatesOnlyMessageCopyCertificates");
is(CFArrayGetCount(certs), 1, "certificate count is 1");
CFReleaseNull(message);
SecCertificateRef another_cert = NULL;
// Process a single raw certificate and make it a message
isnt(another_cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
NULL, "create certificate");
ok(message = SecCMSCreateCertificatesOnlyMessageIAP(another_cert), "create iAP specific cert only message (1cert)");
ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
"SecCMSCertificatesOnlyMessageCopyCertificates");
is(CFArrayGetCount(certs), 1, "certificate count is 1");
// Process two raw certificates (concatenated DER blobs) and make it a message
isnt(another_cert = SecCertificateCreateWithBytes(NULL, TestDoubleCerts, sizeof(TestDoubleCerts)),
NULL, "create certificate");
ok(message = SecCMSCreateCertificatesOnlyMessageIAP(another_cert), "create iAP specific cert only message (2certs)");
ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
"SecCMSCertificatesOnlyMessageCopyCertificates");
is(CFArrayGetCount(certs), 2, "certificate count is 2");
// Clean up
CFReleaseNull(another_cert);
CFReleaseNull(message);
CFReleaseNull(certs);
}
void t_gds_inline_rbtree_fast_del(void)
{
gds_inline_rbtree_fast_node_t *root = NULL, *inode;
test_rbtree_fast_node_t *trfn;
int i = 1;
trfn = test_rbtree_fast_node_new(1);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(0);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(2);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
ok(NULL == gds_inline_rbtree_fast_del(NULL, NULL, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_del(NULL, NULL, test_rbtree_fast_node_cmp_with_key, NULL));
ok(NULL == gds_inline_rbtree_fast_del(NULL, &i, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_del(NULL, &i, test_rbtree_fast_node_cmp_with_key, NULL));
ok(NULL == gds_inline_rbtree_fast_del(&root, NULL, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_del(&root, &i, NULL, NULL));
inode = gds_inline_rbtree_fast_del(&root, &i,
test_rbtree_fast_node_cmp_with_key, NULL);
isnt(inode, NULL);
trfn = test_rbtree_fast_node_get_container(inode);
is(trfn->data, 1);
test_rbtree_fast_node_free(trfn);
trfn = test_rbtree_fast_node_get_container(root);
if (trfn->data == 0) {
is(root->left, NULL);
isnt(root->right, NULL);
trfn = test_rbtree_fast_node_get_container(root->right);
is(trfn->data, 2);
} else {
is(root->right, NULL);
isnt(root->left, NULL);
trfn = test_rbtree_fast_node_get_container(root->left);
is(trfn->data, 0);
}
test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
static void tests(void)
{
SecTrustResultType trustResult = kSecTrustResultProceed;
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;
CFArrayRef certs = NULL;
CFDataRef appleid_record_signing_cert_data = NULL;
isnt(appleid_record_signing_cert_data = CFDataCreate(kCFAllocatorDefault, kLeafCert, sizeof(kLeafCert)),
NULL, "Get the AppleID Record Signing Leaf Certificate Data");
SecCertificateRef appleid_record_signing_cert = NULL;
isnt(appleid_record_signing_cert = SecCertificateCreateWithData(kCFAllocatorDefault, appleid_record_signing_cert_data),
NULL, "Get the AppleID Record Signing Leaf Certificate Data");
CFDataRef appleid_intermediate_cert_data = NULL;
isnt(appleid_intermediate_cert_data = CFDataCreate(kCFAllocatorDefault, kIntermediateCert, sizeof(kIntermediateCert)),
NULL, "Get the AppleID Intermediate Certificate Data");
SecCertificateRef appleid_intermediate_cert = NULL;
isnt(appleid_intermediate_cert = SecCertificateCreateWithData(kCFAllocatorDefault, appleid_intermediate_cert_data),
NULL, "Get the AppleID Intermediate Certificate");
SecCertificateRef certs_to_use[] = {appleid_record_signing_cert, appleid_intermediate_cert};
certs = CFArrayCreate(NULL, (const void **)certs_to_use, 2, NULL);
isnt(policy = SecPolicyCreateAppleIDValidationRecordSigningPolicy(),
NULL, "Create AppleID Record signing policy SecPolicyRef");
ok_status(SecTrustCreateWithCertificates(certs, policy, &trust),
"Create AppleID record signing leaf");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate escrow service trust for club 1");
is_status(trustResult, kSecTrustResultUnspecified,
"Trust is kSecTrustResultUnspecified AppleID record signing leaf");
CFReleaseSafe(trust);
CFReleaseSafe(policy);
CFReleaseSafe(certs);
CFReleaseSafe(appleid_record_signing_cert);
CFReleaseSafe(appleid_intermediate_cert_data);
CFReleaseSafe(appleid_record_signing_cert_data);
}
virtual void test() override // define this function to run tests
{
plan(17); // Run 17 tests.
ok([]() { return true; }, "ok() succeeds on true");
ok([]() { return false; }, "ok() fails on false");
ok([]() { throw 0; return true; }, "ok() fails on throw");
ok(true, "ok() with just boolean arguments works");
throws([]() { throw 0; }, "throws() detects int throw");
throws([]() { }, "throws() fails on no throw");
throws<int>([]() { throw 0; }, "throws<int>() detects int throw");
throws<int>([]() { throw 'a'; },
"throws<int>() fails on char throw");
throws<int>([]() { }, "throws<int>() fails on no throw");
nothrows([]() { }, "nothrows() accepts no throw");
nothrows([]() { throw 0; }, "nothrows() fails on int throw");
nothrows<int>([]() { throw 'a'; },
"nothrows<int>() accepts char throw");
nothrows<int>([]() {}, "nothrows<int>() accepts no throw");
nothrows<int>([]() { throw 0; },
"nothrows<int>() fails on int throw");
// See the file variadic.cpp for examples of the
// new_ok<>() function.
pass("Will pass automatically.");
pass("No matter what.");
fail("Always fails.");
is(5, 5, "5 == 5");
is(5, 6, "5 == 6; this should fail.");
is(std::string("cipra"), std::string("cipra"), "String equality");
isnt(5, 6, "5 != 6");
isnt(5, 5, "5 != 5; this should fail.");
isnt(std::string(";,.pyfgcrl"), std::string("qwertyuiop"),
"Programmer Dvorak is not QWERTY");
}
static void tests(void)
{
SecTrustRef trust;
SecCertificateRef leaf, wwdr_intermediate;
SecPolicyRef policy;
isnt(wwdr_intermediate = SecCertificateCreateWithBytes(kCFAllocatorDefault,
wwdr_intermediate_cert, sizeof(wwdr_intermediate_cert)), NULL, "create WWDR intermediate");
isnt(leaf = SecCertificateCreateWithBytes(kCFAllocatorDefault,
codesigning_certificate, sizeof(codesigning_certificate)), NULL, "create leaf");
const void *vcerts[] = { leaf, wwdr_intermediate };
CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, vcerts, 2, NULL);
isnt(policy = SecPolicyCreateiPhoneProfileApplicationSigning(), NULL,
"create iPhoneProfileApplicationSigning policy instance");
ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust for leaf");
CFDateRef verifyDate = CFDateCreate(kCFAllocatorDefault, 228244066);
ok_status(SecTrustSetVerifyDate(trust, verifyDate), "set verify date");
CFReleaseNull(verifyDate);
SecTrustResultType trustResult;
CFArrayRef properties = NULL;
properties = SecTrustCopyProperties(trust);
is(properties, NULL, "no properties returned before eval");
CFReleaseNull(properties);
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified");
properties = SecTrustCopyProperties(trust);
if (properties) {
print_plist(properties);
print_cert(leaf, true);
print_cert(wwdr_intermediate, false);
}
CFReleaseNull(properties);
CFReleaseNull(trust);
CFReleaseNull(wwdr_intermediate);
CFReleaseNull(leaf);
CFReleaseNull(certs);
CFReleaseNull(policy);
CFReleaseNull(trust);
}
void t_gds_inline_rbtree_fast_get_node(void)
{
gds_inline_rbtree_fast_node_t *root = NULL, *node_inline;
test_rbtree_fast_node_t *trfn;
int i = 0;
trfn = test_rbtree_fast_node_new(1);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(0);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(2);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
ok(NULL == gds_inline_rbtree_fast_get_node(NULL, NULL, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_get_node(NULL, NULL, test_rbtree_fast_node_cmp_with_key, NULL));
ok(NULL == gds_inline_rbtree_fast_get_node(NULL, &i, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_get_node(NULL, &i, test_rbtree_fast_node_cmp_with_key, NULL));
ok(NULL == gds_inline_rbtree_fast_get_node(root, NULL, NULL, NULL));
ok(NULL == gds_inline_rbtree_fast_get_node(root, &i, NULL, NULL));
node_inline = gds_inline_rbtree_fast_get_node(root, &i,
test_rbtree_fast_node_cmp_with_key, NULL);
isnt(node_inline, NULL);
trfn = test_rbtree_fast_node_get_container(node_inline);
is(trfn->data, i);
i = 1;
node_inline = gds_inline_rbtree_fast_get_node(root, &i,
test_rbtree_fast_node_cmp_with_key, NULL);
isnt(node_inline, NULL);
trfn = test_rbtree_fast_node_get_container(node_inline);
is(trfn->data, i);
i = 2;
node_inline = gds_inline_rbtree_fast_get_node(root, &i,
test_rbtree_fast_node_cmp_with_key, NULL);
isnt(node_inline, NULL);
trfn = test_rbtree_fast_node_get_container(node_inline);
is(trfn->data, i);
test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
void t_gds_inline_rbtree_fast_iterator(void)
{
gds_inline_rbtree_fast_node_t *root = NULL, *node_inline;
test_rbtree_fast_node_t *trfn;
gds_iterator_t *it;
trfn = test_rbtree_fast_node_new(1);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(0);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
trfn = test_rbtree_fast_node_new(2);
gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
test_rbtree_fast_node_cmp, NULL);
ok(NULL == gds_inline_rbtree_fast_iterator_new(NULL));
it = gds_inline_rbtree_fast_iterator_new(root);
ok(0 == gds_iterator_step(it));
node_inline = gds_iterator_get(it);
trfn = test_rbtree_fast_node_get_container(node_inline);
isnt(trfn, NULL);
is(trfn->data, 0);
ok(0 == gds_iterator_step(it));
node_inline = gds_iterator_get(it);
trfn = test_rbtree_fast_node_get_container(node_inline);
isnt(trfn, NULL);
is(trfn->data, 1);
ok(0 == gds_iterator_step(it));
node_inline = gds_iterator_get(it);
trfn = test_rbtree_fast_node_get_container(node_inline);
isnt(trfn, NULL);
is(trfn->data, 2);
ok(0 < gds_iterator_step(it));
gds_iterator_free(it);
test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
void t_hash_map_keyin_fast_new(void)
{
gds_hash_map_keyin_fast_t *hash;
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, NULL, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, test_cmpkey, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, test_cmpkey, free));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, NULL, NULL));
ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, NULL, free));
hash = gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, test_cmpkey, NULL);
isnt(hash, NULL, "hash creation succeeded");
gds_hash_map_keyin_fast_free(hash);
hash = gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, test_cmpkey, free);
isnt(hash, NULL, "hash creation succeeded");
gds_hash_map_keyin_fast_free(hash);
}
/* Create and identity and try to retrieve it. */
static void AddIdentityToKeychain(void)
{
SecCertificateRef cert = NULL;
SecKeyRef privKey = NULL;
//SecIdentityRef identity = NULL;
isnt(cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
NULL, "create certificate");
#if TARGET_OS_IPHONE
privKey = SecKeyCreateRSAPrivateKey(NULL, _k1, sizeof(_k1),
kSecKeyEncodingPkcs1);
#else
#warning TODO
privKey = NULL;
#endif
isnt(privKey, NULL, "create private key");
const void *certkeys[] = {
kSecValueRef
};
const void *certvalues[] = {
cert
};
CFDictionaryRef certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
array_size(certkeys), NULL, NULL);
ok_status(SecItemAdd(certDict, NULL), "add certificate");
CFReleaseNull(certDict);
CFReleaseNull(cert);
const void *privkeys[] = {
kSecValueRef
};
const void *privvalues[] = {
privKey
};
CFDictionaryRef privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
array_size(privkeys), NULL, NULL);
ok_status(SecItemAdd(privDict, NULL), "add private key");
CFReleaseNull(privDict);
CFReleaseNull(privKey);
}
int main(int argc, char *const *argv)
{
int rv = 1;
plan_tests(6);
TODO: {
todo("ok 0 is supposed to fail");
rv = ok(0, "ok bad");
if (!rv)
diag("ok bad not good today");
}
rv &= ok(1, "ok ok");
#if 0
SKIP: {
skip("is bad will fail", 1, 0);
if (!is(0, 4, "is bad"))
diag("is bad not good today");
}
SKIP: {
skip("is ok should not be skipped", 1, 1);
is(3, 3, "is ok");
}
#endif
isnt(0, 4, "isnt ok");
TODO: {
todo("isnt bad is supposed to fail");
isnt(3, 3, "isnt bad");
}
TODO: {
todo("cmp_ok bad is supposed to fail");
cmp_ok(3, &&, 0, "cmp_ok bad");
}
cmp_ok(3, &&, 3, "cmp_ok ok");
return 0;
}
void t_gds_inline_dlist_get(void)
{
test_list_node_t *nodes[10];
test_list_node_t *tln;
gds_inline_dlist_node_t *node_inline, *fi, *node_inline2;
int i, j;
for (i = 0; i < 10; i++) {
nodes[i] = test_list_node_new(i);
}
fi = &(nodes[0]->inline_node);
for (i = 1; i < 10; i++) {
gds_inline_dlist_splice(fi, i, 0, NULL,
&(nodes[i]->inline_node), NULL, NULL);
}
for (i = 0; i < 10; i++) {
node_inline = gds_inline_dlist_get(fi, i);
isnt(node_inline, NULL);
tln = test_list_node_get_container(node_inline);
isnt(tln, NULL);
is(tln->data, i);
for (j = -i; j < 10-i; j++) {
node_inline2 = gds_inline_dlist_get(node_inline, j);
isnt(node_inline2, NULL);
tln = test_list_node_get_container(node_inline2);
isnt(tln, NULL);
is(tln->data, i+j);
}
}
node_inline = gds_inline_dlist_get(fi, -1);
is(node_inline, NULL);
node_inline = gds_inline_dlist_get(fi, 10);
is(node_inline, NULL);
for (i = 0; i < 10; i++) {
test_list_node_free(nodes[i]);
}
}
void processCmd (t_query * query)
{
if (isnt (query->cmd,"")) // neues Kommando?
{
if (query->selectedId == 255) // entspricht "alle gelisteten Devices"
{
executeCmds (query->page, query->ids, query->cmd);
}
else
{
executeCmd (query->page, query->selectedId, query->cmd);
}
}
}
static void tests(void)
{
SecCertificateRef cert0;
isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
NULL, "create cert0");
SecTrustStoreRef user_store;
isnt(user_store = SecTrustStoreForDomain(kSecTrustStoreDomainUser),
NULL, "get user trust settings store handle");
ok(!SecTrustStoreContains(user_store, cert0),
"cert0 is not yet present");
ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
"make cert0 trusted for anything");
ok(SecTrustStoreContains(user_store, cert0),
"cert0 is present");
ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
"make cert0 trusted for anything - again, should update now");
ok(SecTrustStoreContains(user_store, cert0),
"cert0 is still present");
ok_status(SecTrustStoreRemoveCertificate(user_store, cert0),
"removing cert0");
ok(!SecTrustStoreContains(user_store, cert0),
"cert0 is no longer present");
/* Adding again...*/
ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
"make cert0 trusted for anything");
ok(SecTrustStoreContains(user_store, cert0),
"cert0 is present");
/* Remove it */
ok_status(SecTrustStoreRemoveCertificate(user_store, cert0),
"removing cert0");
ok(!SecTrustStoreContains(user_store, cert0),
"cert0 is no longer present");
CFReleaseSafe(cert0);
}
static OSStatus
_EAPSecIdentityCreateCertificateTrustChain(SecIdentityRef identity,
CFArrayRef * ret_chain)
{
SecCertificateRef cert = NULL;
CFArrayRef certs;
SecPolicyRef policy = NULL;
OSStatus status;
SecTrustRef trust = NULL;
SecTrustResultType trust_result;
*ret_chain = NULL;
ok(policy = SecPolicyCreateBasicX509(), "SecPolicyCreateBasicX509");
ok_status(status = SecIdentityCopyCertificate(identity, &cert), "SecIdentityCopyCertificate");
certs = CFArrayCreate(NULL, (const void **)&cert,
1, &kCFTypeArrayCallBacks);
CFReleaseNull(cert);
ok_status(status = SecTrustCreateWithCertificates(certs, policy, &trust),
"SecTrustCreateWithCertificates");
CFReleaseNull(certs);
ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
{
CFMutableArrayRef array;
CFIndex count = SecTrustGetCertificateCount(trust);
CFIndex i;
isnt(count, 0, "SecTrustGetCertificateCount is nonzero");
array = CFArrayCreateMutable(NULL, count, &kCFTypeArrayCallBacks);
for (i = 0; i < count; i++) {
SecCertificateRef s;
s = SecTrustGetCertificateAtIndex(trust, i);
CFArrayAppendValue(array, s);
}
*ret_chain = array;
}
CFReleaseNull(trust);
CFReleaseNull(policy);
return (status);
}
void t_gds_dlist_slice(void)
{
gds_dlist_t *list, *list2;
int *a[10];
int *b;
int i;
list = gds_dlist();
isnt(list, NULL);
for (i=0; i<10; i++) {
a[i] = malloc(sizeof(int));
*(a[i]) = i;
gds_dlist_push(list, a[i]);
}
list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
list2 = gds_dlist_slice(list, 0, 2, NULL);
list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
list_is(list2, a[0], a[1]);
gds_dlist_free(list2);
list2 = gds_dlist_slice(list, 2, 5, NULL);
list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
list_is(list2, a[2], a[3], a[4], a[5], a[6]);
gds_dlist_free(list2);
list2 = gds_dlist_slice(list, 7, 10, NULL);
list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
list_is(list2, a[7], a[8], a[9]);
gds_dlist_free(list2);
list2 = gds_dlist_slice(list, 2, 4, gds_lambda(int *, (int *i) {
int *a = malloc(sizeof(int));
*a = *i;
return a;
}));
int
main(void)
{
plan(PLAN);
char *td = mkdtemp(strdup("/tmp/fiob.XXXXXX"));
isnt(td, NULL, "tempdir is created");
if (td == 0) {
diag("Can't create temporary dir: %s", strerror(errno));
return -1;
}
static char buf[4096];
{
FILE *f = fiob_open(catfile(td, "t0"), "w+d");
isnt(f, NULL, "common open");
size_t done = fwrite("Hello, world", 1, 12, f);
is(done, 12, "Hello world is written (%zu bytes)", done);
is(ftell(f), 12, "current position");
is(fseek(f, 0L, SEEK_SET), 0, "set new position");
is(ftell(f), 0, "current position %li", ftell(f));
done = fread(buf, 1, 12, f);
is(done, 12, "Hello world is read (%zu bytes)", done);
is(memcmp(buf, "Hello, world", 12), 0, "data");
is(fseek(f, 0L, SEEK_SET), 0, "set new position");
done = fread(buf + 1, 1, 12, f);
is(done, 12, "Hello world is read (%zu bytes)", done);
is(memcmp(buf + 1, "Hello, world", 12), 0, "data");
is(fseek(f, 0L, SEEK_SET), 0, "set new position");
fwrite("ololo ololo ololo", 1, 17, f);
is(fseek(f, 1L, SEEK_SET), 0, "set new position");
done = fread(buf + 1, 1, 12, f);
is(done, 12, "data is read");
is(memcmp(buf + 1, "lolo ololo ololo", 12), 0, "data is read");
is(fclose(f), 0, "fclose");
f = fopen(catfile(td, "t0"), "r");
isnt(f, NULL, "reopened file");
is(fseek(f, 0L, SEEK_END), 0, "move pos at finish");
is(ftell(f), 17, "file size");
is(fclose(f), 0, "fclose");
f = fiob_open(catfile(td, "t0"), "w+x");
is(f, NULL, "common open: O_EXCL");
}
{
FILE *f = fiob_open(catfile(td, "t1"), "w+");
isnt(f, NULL, "common open");
size_t done = fwrite("Hello, world", 1, 12, f);
is(done, 12, "Hello world is written (%zu bytes)", done);
is(fseek(f, 1, SEEK_SET), 0, "move pos");
done = fwrite("Hello, world", 1, 12, f);
is(done, 12, "Hello world is written (%zu bytes)", done);
is(fseek(f, 2, SEEK_SET), 0, "move pos");
done = fread(buf, 1, 12, f);
is(done, 11, "read 11 bytes");
is(memcmp(buf, "ello, world", 11), 0, "content was read");
is(fclose(f), 0, "fclose");
}
{
FILE *f = fiob_open(catfile(td, "tm"), "wxd");
isnt(f, NULL, "open big file");
size_t done = fwrite("Hello, world\n", 1, 13, f);
is(done, 13, "Hello world is written (%zu bytes)", done);
size_t i;
for (i = 0; i < 1000000; i++) {
done += fwrite("Hello, world\n", 1, 13, f);
}
is(done, 13 + 13 * 1000000, "all bytes were written");
is(fclose(f), 0, "fclose");
f = fopen(catfile(td, "tm"), "r");
isnt(f, NULL, "reopen file for reading");
done = 0;
for (i = 0; i < 1000000 + 1; i++) {
buf[0] = 0;
fgets(buf, 4096, f);
if (strcmp(buf, "Hello, world\n") == 0)
done++;
}
is(done, 1000000 + 1, "all records were written properly");
is(fgets(buf, 4096, f), NULL, "eof");
isnt(feof(f), 0, "feof");
is(fclose(f), 0, "fclose");
}
{
FILE *f = fiob_open(catfile(td, "tm"), "w+d");
setvbuf(f, NULL, _IONBF, 0);
isnt(f, NULL, "open big file");
size_t done = fwrite("Hello, world\n", 1, 13, f);
is(done, 13, "Hello world is written (%zu bytes)", done);
size_t i;
for (i = 0; i < 1000000; i++) {
done += fwrite("Hello, world\n", 1, 13, f);
}
is(done, 13 + 13 * 1000000, "all bytes were written");
is(fclose(f), 0, "fclose");
f = fopen(catfile(td, "tm"), "r");
isnt(f, NULL, "reopen file for reading");
done = 0;
for (i = 0; i < 1000000 + 1; i++) {
memset(buf, 0, 4096);
fgets(buf, 4096, f);
if (strcmp(buf, "Hello, world\n") == 0)
done++;
/* else */
/* fprintf(stderr, "# wrong line %zu: %s", */
/* i, buf); */
}
is(done, 1000000 + 1, "all records were written properly");
is(fgets(buf, 4096, f), NULL, "eof");
isnt(feof(f), 0, "feof");
is(fclose(f), 0, "fclose");
}
if (fork() == 0)
execl("/bin/rm", "/bin/rm", "-fr", td, NULL);
free(td);
return check_plan();
}
/* Create and identity and try to retrieve it. */
static void tests(void)
{
SecCertificateRef cert = NULL;
SecKeyRef privKey = NULL;
SecIdentityRef identity = NULL;
isnt(cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
NULL, "create certificate");
isnt(privKey = SecKeyCreateRSAPrivateKey(NULL, _k1, sizeof(_k1),
kSecKeyEncodingPkcs1), NULL, "create private key");
const void *certkeys[] = {
kSecValueRef
};
const void *certvalues[] = {
cert
};
CFDictionaryRef certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
array_size(certkeys), NULL, NULL);
ok_status(SecItemAdd(certDict, NULL), "add certificate");
CFReleaseNull(certDict);
const void *privkeys[] = {
kSecValueRef
};
const void *privvalues[] = {
privKey
};
CFDictionaryRef privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
array_size(privkeys), NULL, NULL);
ok_status(SecItemAdd(privDict, NULL), "add private key");
CFReleaseNull(privDict);
isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
/* Lookup the key and certificate using SecItemCopyMatching(). */
CFDataRef pk_digest = CFDataCreate(NULL, _k1_digest, sizeof(_k1_digest));
const void *q_keys[] = {
kSecClass,
kSecAttrApplicationLabel,
kSecReturnRef
};
const void *q_values[] = {
kSecClassKey,
pk_digest,
kCFBooleanTrue
};
CFDictionaryRef query = CFDictionaryCreate(NULL, q_keys, q_values,
array_size(q_keys), NULL, NULL);
CFTypeRef result_key;
ok_status(SecItemCopyMatching(query, &result_key), "lookup key");
isnt(CFEqual(privKey, result_key), 0, "keys match");
CFReleaseNull(query);
q_keys[1] = kSecAttrPublicKeyHash;
q_values[0] = kSecClassCertificate;
query = CFDictionaryCreate(NULL, q_keys, q_values,
array_size(q_keys), NULL, NULL);
CFTypeRef result_cert;
ok_status(SecItemCopyMatching(query, &result_cert), "lookup certificate");
isnt(CFEqual(cert, result_cert), 0, "certificates match");
CFReleaseNull(query);
/* Cleanup. */
CFReleaseNull(result_key);
CFReleaseNull(result_cert);
/* identity lookup */
const void *idnt_keys[] = {
kSecClass,
kSecAttrApplicationLabel,
kSecReturnRef
};
const void *idnt_values[] = {
kSecClassIdentity,
pk_digest,
kCFBooleanTrue
};
CFTypeRef result_idnt;
SecCertificateRef result_cert2;
query = CFDictionaryCreate(NULL, idnt_keys, idnt_values,
array_size(idnt_keys), NULL, NULL);
ok_status(SecItemCopyMatching(query, &result_idnt), "lookup identity");
isnt(result_idnt, NULL, "found identity?");
is(CFGetRetainCount(result_idnt), 1, "result_idnt rc = 1");
isnt(CFEqual(identity, result_idnt), 0, "identities match");
CFReleaseNull(identity);
ok_status(SecIdentityCopyCertificate((SecIdentityRef)result_idnt, &result_cert2), "get cert from identity");
isnt(CFEqual(cert, result_cert2), 0, "certificates match");
CFRelease(query);
CFRelease(pk_digest);
CFReleaseNull(result_cert2);
certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
array_size(certkeys), NULL, NULL);
ok_status(SecItemDelete(certDict), "delete certificate via ref");
is_status(errSecItemNotFound, SecItemCopyMatching(certDict, NULL), "verify certificate is gone");
CFReleaseNull(certDict);
privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
array_size(privkeys), NULL, NULL);
ok_status(SecItemDelete(privDict), "delete key via ref");
is_status(errSecItemNotFound, SecItemCopyMatching(privDict, NULL), "verify key is gone");
CFReleaseNull(privDict);
/* add certificate to offset cert row id from key row id */
SecCertificateRef apple_ca_cert = NULL;
isnt(apple_ca_cert = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
NULL, "create apple ca certificate");
CFDictionaryRef appleCertDict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&apple_ca_cert, 1, NULL, NULL);
ok_status(SecItemAdd(appleCertDict, NULL), "add apple ca certificate to offset key and cert rowid");
/* add identity, get persistent ref */
const void *keys_identity[] = { kSecValueRef, kSecReturnPersistentRef };
const void *values_identity[] = { result_idnt, kCFBooleanTrue };
CFDictionaryRef identity_add = CFDictionaryCreate(NULL, keys_identity, values_identity,
array_size(keys_identity), NULL, NULL);
CFTypeRef persist = NULL;
ok_status(SecItemAdd(identity_add, &persist), "add identity ref");
ok(persist, "got back persistent ref");
/* <rdar://problem/6537195> SecItemAdd returns success when it shouldn't */
CFTypeRef persist_again = NULL;
is_status(errSecDuplicateItem, SecItemAdd(identity_add, &persist_again),
"fail to add identity ref again");
ok(!persist_again, "no persistent ref this time");
/* find by persistent ref */
const void *keys_persist[] = { kSecReturnRef, kSecValuePersistentRef };
const void *values_persist[] = { kCFBooleanTrue, persist };
CFDictionaryRef persist_find = CFDictionaryCreate(NULL, keys_persist, values_persist,
(array_size(keys_persist)), NULL, NULL);
CFTypeRef results2 = NULL;
ok_status(SecItemCopyMatching(persist_find, &results2), "find identity by persistent ref");
is(CFGetRetainCount(results2), 1, "results2 rc = 1");
// not implemented ok(CFEqual(result_idnt, results2), "same item (attributes)");
CFReleaseNull(results2);
/* find identity, key and cert by ref and return persistent ref */
const void *keys_ref_to_persist[] = { kSecReturnPersistentRef, kSecValueRef };
const void *values_ref_to_persist[] = { kCFBooleanTrue, NULL };
CFTypeRef items[] = { result_idnt, privKey, cert, NULL };
CFTypeRef *item = items;
while (*item) {
values_ref_to_persist[1] = *item;
CFDictionaryRef ref_to_persist_find = CFDictionaryCreate(NULL, keys_ref_to_persist, values_ref_to_persist,
(array_size(keys_ref_to_persist)), NULL, NULL);
results2 = NULL;
ok_status(SecItemCopyMatching(ref_to_persist_find, &results2), "find persistent ref for identity ref");
ok(NULL != results2, "good persistent ref");
is(CFGetRetainCount(results2), 1, "results2 rc = 1");
CFReleaseNull(results2);
CFReleaseNull(ref_to_persist_find);
item++;
}
/* delete identity by identity ref */
ok_status(SecItemDelete(identity_add), "delete identity by identity ref");
is(SecItemCopyMatching(persist_find, &results2), errSecItemNotFound,
"make sure identity by persistent ref is no longer there");
CFRelease(persist_find);
CFReleaseNull(persist);
ok_status(SecItemAdd(identity_add, &persist), "add identity ref back");
CFRelease(identity_add);
/* delete identity by persistent ref */
CFDictionaryRef persist_delete = CFDictionaryCreate(NULL,
&kSecValuePersistentRef, &persist, 1, NULL, NULL);
ok_status(SecItemDelete(persist_delete),
"delete identity by persistent ref");
is(SecItemCopyMatching(persist_delete, &results2), errSecItemNotFound,
"make sure identity by persistent ref is no longer there");
CFRelease(persist_delete);
CFReleaseNull(persist);
/* add identity with a label set */
CFStringRef zomg_label = CFSTR("zomg");
CFMutableDictionaryRef lbl_idnt_query =
CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionarySetValue(lbl_idnt_query, kSecValueRef, result_idnt);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
ok_status(SecItemAdd(lbl_idnt_query, NULL), "add identity ref");
/* find identity with label*/
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
ok_status(SecItemCopyMatching(lbl_idnt_query, NULL), "find identity by label");
/* find certs with label */
CFTypeRef zomg_cert;
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassCertificate);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_cert), "find cert by label");
/* find keys with label */
CFTypeRef zomg_key;
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassKey);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_key), "find key by label");
/* update label on key */
CFStringRef new_label_value = CFSTR("zzzomg");
CFDictionaryRef new_label = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecAttrLabel, (const void **)&new_label_value, 1, NULL, NULL);
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecValueRef, zomg_key);
ok_status(SecItemUpdate(lbl_idnt_query, new_label), "update label to zzzomg for key");
CFTypeRef zomg_idnt = NULL;
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "still finding zomg ident");
CFReleaseNull(zomg_idnt);
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecValueRef, zomg_cert);
ok_status(SecItemUpdate(lbl_idnt_query, new_label), "update label to zzzomg for cert");
CFReleaseNull(new_label);
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
is_status(errSecItemNotFound, SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "no longer find identity by label");
CFDictionaryRemoveAllValues(lbl_idnt_query);
CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, new_label_value);
CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "finding ident with zzzomg label");
/* Find zomg identity with canonical issuer */
{
unsigned char DN[] = {
0x30, 0x32, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
0x07, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x0c,
0x0f, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x40, 0x70, 0x6c, 0x75, 0x74, 0x6f,
0x2e, 0x63, 0x6f, 0x6d
};
unsigned int DN_len = 52;
CFMutableDictionaryRef find_by_issuer = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDataRef issuer = SecCertificateGetNormalizedIssuerContent(cert);
CFTypeRef found_by_issuer = NULL;
CFDictionarySetValue(find_by_issuer, kSecAttrIssuer, issuer);
CFDictionarySetValue(find_by_issuer, kSecClass, kSecClassIdentity);
CFDictionarySetValue(find_by_issuer, kSecReturnRef, kCFBooleanTrue);
ok_status(SecItemCopyMatching(find_by_issuer, &found_by_issuer), "find identity by cert issuer");
ok(CFEqual(found_by_issuer, zomg_idnt), "should be same as zomg_idnt");
CFReleaseNull(found_by_issuer);
issuer = CFDataCreate(kCFAllocatorDefault, DN, DN_len);
CFDictionarySetValue(find_by_issuer, kSecAttrIssuer, issuer);
ok_status(SecItemCopyMatching(find_by_issuer, &found_by_issuer), "find identity by cert issuer");
CFReleaseNull(issuer);
ok(CFEqual(found_by_issuer, zomg_idnt), "should be same as zomg_idnt");
CFReleaseNull(found_by_issuer);
CFReleaseNull(find_by_issuer);
}
ok_status(SecItemDelete(lbl_idnt_query), "delete ident with zzzomg label");
/* Delete the apple cert last */
ok_status(SecItemDelete(appleCertDict), "delete apple ca certificate");
CFReleaseNull(appleCertDict);
CFReleaseNull(apple_ca_cert);
CFRelease(zomg_key);
CFRelease(zomg_cert);
CFRelease(zomg_idnt);
CFRelease(zomg_label);
CFRelease(new_label_value);
CFRelease(lbl_idnt_query);
CFReleaseNull(result_idnt);
CFReleaseNull(privKey);
CFReleaseNull(cert);
}
static void tests(void)
{
CFErrorRef error = NULL;
CFStringRef password = NULL;
CFMutableArrayRef requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFMutableDictionaryRef passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFCharacterSetRef uppercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetUppercaseLetter);
CFCharacterSetRef lowercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetLowercaseLetter);
CFCharacterSetRef decimalDigitCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetDecimalDigit);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
//test default PIN
password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
CFReleaseNull(password);
error = NULL;
//test default icloud recovery code
password = SecPasswordGenerate(kSecPasswordTypeiCloudRecovery, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
CFReleaseNull(password);
error = NULL;
//test default wifi
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
CFReleaseNull(password);
error = NULL;
CFRelease(passwordRequirements);
//test default safari
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
//test icloud recovery code generation
password = SecPasswordGenerate(kSecPasswordTypeiCloudRecovery, &error, NULL);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
//dictionary setup
int min = 20;
int max = 32;
CFNumberRef minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
CFNumberRef maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
CFStringRef allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
//test wifi code generation
//test with min/max in range of default
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//test with max == min
min = 24;
max = 24;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
passwordRequirements = NULL;
//test disallowed characters
min = 24;
max = 56;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdefghijklmnopqrstuvwxyz0123456789");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordDisallowedCharacters, CFSTR("aidfl"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
passwordRequirements = NULL;
//test can't start with characters
min = 24;
max = 56;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("diujk");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordCantStartWithChars, CFSTR("d"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
passwordRequirements = NULL;
//test can't end with characters
min = 24;
max = 56;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("diujk89");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordCantEndWithChars, CFSTR("d"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
passwordRequirements = NULL;
//test 4 digit pin generation
for(int i =0 ; i< 100; i++){
password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
}
//test 6 digit pin
min = 4;
max = 6;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(passwordRequirements);
//test 5 digit pin
min = 4;
max = 5;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(passwordRequirements);
//test safari password
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(requiredCharacterSets);
//test flexible group size and number of groups in the password
//test safari password
min = 12;
max = 19;
int groupSize = 5;
int numberOfGroups = 23;
CFTypeRef groupSizeRef = CFNumberCreate(NULL, kCFNumberIntType, &groupSize);
CFTypeRef numberOfGroupsRef = CFNumberCreate(NULL, kCFNumberIntType, &numberOfGroups);
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordGroupSize, groupSizeRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordNumberOfGroups, numberOfGroupsRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordSeparator, CFSTR("*"));
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(requiredCharacterSets);
//test at least N characters
//test safari password
min = 24;
max = 32;
int N = 5;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
CFNumberRef threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
CFStringRef characters = CFSTR("ab");
CFMutableDictionaryRef atLeast = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(atLeast, kSecPasswordCharacters, characters);
CFDictionaryAddValue(atLeast, kSecPasswordCharacterCount, threshold);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsAtLeastNSpecificCharacters, atLeast);
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(requiredCharacterSets);
//test no More than N characters
//test safari password
min = 24;
max = 32;
N = 5;
threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
CFMutableDictionaryRef noMoreThan = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFStringRef noMore = CFSTR("ab");
CFDictionaryAddValue(noMoreThan, kSecPasswordCharacters, noMore);
CFDictionaryAddValue(noMoreThan, kSecPasswordCharacterCount, threshold);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, noMoreThan);
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(requiredCharacterSets);
//test identical character threshold
//test safari password
min = 12;
max = 19;
N = 2;
threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters, threshold);
password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
isnt(password, NULL);
ok(error == NULL);
error = NULL;
CFReleaseNull(password);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(requiredCharacterSets);
/////////////////now test all the error cases
//test with no required characters
min = 24;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
CFRelease(error);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//test with no allowed characters
min = 24;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
CFRelease(error);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(passwordRequirements);
//test with min > max
min = 32;
max = 20;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//test by ommitting dictionary parameters
//omit max length
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//omit min length
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//omit allowed characters
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//omit required characters
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
CFRelease(passwordRequirements);
//pass in wrong type for min
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for max
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, allowedCharacters);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for allowed
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for required
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for no less than
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsAtLeastNSpecificCharacters, CFSTR("hehe"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for no more than
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, CFSTR("hehe"));
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong disallowed characters
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordDisallowedCharacters, requiredCharacterSets);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
//pass in wrong type for no more than's dictionary
min = 20;
max = 32;
minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
CFMutableDictionaryRef wrongCount = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
CFDictionaryAddValue(wrongCount, kSecPasswordCharacters, CFSTR("lkj"));
CFDictionaryAddValue(wrongCount, kSecPasswordCharacterCount, CFSTR("sdf"));
passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
allowedCharacters = CFSTR("abcdsefw2345");
CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, wrongCount);
password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
ok(password == NULL);
ok(error != NULL);
error = NULL;
CFRelease(wrongCount);
CFRelease(passwordRequirements);
CFRelease(minRef);
CFRelease(maxRef);
CFRelease(allowedCharacters);
password = CFSTR("Apple1?");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("Singhal190");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("1Hollow2");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("1Hollow/");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("baj/paj1");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("Zaxs1009?");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("6666");
isnt(false, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("123456");
isnt(false, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("654321");
isnt(false, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("A");
isnt(false, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("password");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("password1");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("P@ssw0rd");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("facebook!{}");
isnt(true, SecPasswordIsPasswordWeak(password));
CFRelease(password);
password = CFSTR("12345678");
isnt(false, SecPasswordIsPasswordWeak(password));
CFRelease(password);
bool isSimple = false;
password = CFSTR("Apple1?");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("Singhal190");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("1Hollow2");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("1Hollow/");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("baj/paj1");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("Zaxs1009?");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("6666");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("1235");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
isSimple = true;
password = CFSTR("6666");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("1235");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
isSimple = false;
password = CFSTR("123456");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("654321");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("1577326");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("A");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("password");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("password1");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("P@ssw0rd");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("facebook!{}");
is(false, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
password = CFSTR("12345678");
is(true, SecPasswordIsPasswordWeak2(isSimple, password));
CFRelease(password);
}
/* Test basic add delete update copy matching stuff. */
static void tests(void)
{
SecTrustRef trust;
SecCertificateRef iAP1CA, iAP2CA, leaf0, leaf1;
isnt(iAP1CA = SecCertificateCreateWithBytes(NULL, _iAP1CA, sizeof(_iAP1CA)),
NULL, "create iAP1CA");
isnt(iAP2CA = SecCertificateCreateWithBytes(NULL, _iAP2CA, sizeof(_iAP2CA)),
NULL, "create iAP2CA");
isnt(leaf0 = SecCertificateCreateWithBytes(NULL, _leaf0, sizeof(_leaf0)),
NULL, "create leaf0");
isnt(leaf1 = SecCertificateCreateWithBytes(NULL, _leaf1, sizeof(_leaf1)),
NULL, "create leaf1");
{
// temporarily grab some stack space and fill it with 0xFF;
// when we exit this scope, the stack pointer should shrink but leave the memory filled.
// this tests for a stack overflow bug inside SecPolicyCreateiAP (rdar://16056248)
char buf[2048];
memset(buf, 0xFF, sizeof(buf));
}
SecPolicyRef policy = SecPolicyCreateiAP();
const void *v_anchors[] = {
iAP1CA,
iAP2CA
};
CFArrayRef anchors = CFArrayCreate(NULL, v_anchors,
array_size(v_anchors), NULL);
CFArrayRef certs0 = CFArrayCreate(NULL, (const void **)&leaf0, 1, NULL);
CFArrayRef certs1 = CFArrayCreate(NULL, (const void **)&leaf1, 1, NULL);
ok_status(SecTrustCreateWithCertificates(certs0, policy, &trust), "create trust for leaf0");
ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
/* Jan 1st 2008. */
CFDateRef date = CFDateCreate(NULL, 220752000.0);
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
SecTrustResultType trustResult;
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
is_status(trustResult, kSecTrustResultUnspecified,
"trust is kSecTrustResultUnspecified");
is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
CFReleaseSafe(trust);
ok_status(SecTrustCreateWithCertificates(certs1, policy, &trust), "create trust for leaf1");
ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
TODO:
{
todo("We need the actual iAP1 intermediate");
is_status(trustResult, kSecTrustResultUnspecified,
"trust is kSecTrustResultUnspecified");
}
CFReleaseSafe(anchors);
CFReleaseSafe(certs1);
CFReleaseSafe(certs0);
CFReleaseSafe(trust);
CFReleaseSafe(policy);
CFReleaseSafe(leaf0);
CFReleaseSafe(leaf1);
CFReleaseSafe(iAP1CA);
CFReleaseSafe(iAP2CA);
CFReleaseSafe(date);
}
int main() {
test_plan(60);
ok(0);
ok(1);
ok_(3, "My third test");
int ia, ib, ic;
ia = 123, ib = 123, ic = 132;
short int sia, sib, sic;
sia = 123, sib = 123, sic = 132;
long int lia, lib, lic;
lia = 123, lib = 123, lic = 132;
double da, db, dc;
da = 1.2222222, db = 1.2222222, dc = 1.2333333;
float fa, fb, fc;
fa = 1.2222222, fb = 1.2222222, fc = 1.2333333;
is("abc", "abc");
is("abc", "ab");
is_("abc", "abc", "My char test");
is_("abc", "ab", "Failed test");
is(ia, ib);
is(ia, ic);
is_(ia, ib, "My int test");
is_(ia, ic, "Failed test");
is(sia, sib);
is(sia, sic);
is_(sia, sib, "My short int test");
is_(sia, sic, "Failed test");
is(lia, lib);
is(lia, lic);
is_(lia, lib, "My int test");
is_(lia, lic, "Failed test");
is(da, db);
is(da, dc);
is_(da, db, "My double test");
is_(da, dc, "Failed test");
is(fa, fb);
is(fa, fc);
is_(fa, fb, "My float test");
is_(fa, fc, "Failed test");
isnt("abc", "abc");
isnt("abc", "ab");
isnt_("abc", "abc", "My char test");
isnt_("abc", "ab", "Failed test");
isnt(ia, ib);
isnt(ia, ic);
isnt_(ia, ic, "My int test");
isnt_(ia, ib, "Failed test");
isnt(sia, sib);
isnt(sia, sic);
isnt_(sia, sic, "My short int test");
isnt_(sia, sib, "Failed test");
isnt(lia, lib);
isnt(lia, lic);
isnt_(lia, lic, "My int test");
isnt_(lia, lib, "Failed test");
isnt(da, db);
isnt(da, dc);
isnt_(da, dc, "My double test");
isnt_(da, db, "Failed test");
isnt(fa, fb);
isnt(fa, fc);
isnt_(fa, fc, "My float test");
isnt_(fa, fb, "Failed test");
summary();
return 0;
}
static void tests(void)
{
SecKeyRef phone_publicKey = NULL, phone_privateKey = NULL;
SecKeyRef ca_publicKey = NULL, ca_privateKey = NULL;
int keysize = 2048;
CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize);
const void *keygen_keys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits };
const void *keygen_vals[] = { kSecAttrKeyTypeRSA, key_size_num };
CFDictionaryRef parameters = CFDictionaryCreate(kCFAllocatorDefault,
keygen_keys, keygen_vals, array_size(keygen_vals),
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks );
CFReleaseNull(key_size_num);
CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl"));
int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment;
CFNumberRef key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage);
CFMutableDictionaryRef random_extensions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
const void *key[] = { kSecCSRChallengePassword, kSecSubjectAltName, kSecCertificateKeyUsage, kSecCertificateExtensions };
const void *val[] = { CFSTR("magic"), subject_alt_names, key_usage_num, random_extensions };
CFDictionaryRef csr_parameters = CFDictionaryCreate(kCFAllocatorDefault,
key, val, array_size(key), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
SecATV cn_phone[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("My iPhone") }, {} };
SecATV c[] = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
SecATV st[] = { { kSecOidStateProvinceName, SecASN1PrintableString, CFSTR("CA") }, {} };
SecATV l[] = { { kSecOidLocalityName, SecASN1PrintableString, CFSTR("Cupertino") }, {} };
SecATV o[] = { { CFSTR("2.5.4.10"), SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
SecATV ou[] = { { kSecOidOrganizationalUnit, SecASN1PrintableString, CFSTR("iPhone") }, {} };
SecRDN atvs_phone[] = { cn_phone, c, st, l, o, ou, NULL };
ok_status(SecKeyGeneratePair(parameters, &phone_publicKey, &phone_privateKey), "generate key pair");
ok_status(SecKeyGeneratePair(parameters, &ca_publicKey, &ca_privateKey), "generate key pair");
int self_key_usage = kSecKeyUsageKeyCertSign | kSecKeyUsageCRLSign;
CFNumberRef self_key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &self_key_usage);
int path_len = 0;
CFNumberRef path_len_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &path_len);
const void *self_key[] = { kSecCertificateKeyUsage, kSecCSRBasicContraintsPathLen };
const void *self_val[] = { self_key_usage_num, path_len_num };
CFDictionaryRef self_signed_parameters = CFDictionaryCreate(kCFAllocatorDefault,
self_key, self_val, array_size(self_key), NULL, NULL);
const void * ca_o[] = { kSecOidOrganization, CFSTR("Apple Inc.") };
const void * ca_cn[] = { kSecOidCommonName, CFSTR("Root CA") };
CFArrayRef ca_o_dn = CFArrayCreate(kCFAllocatorDefault, ca_o, 2, NULL);
CFArrayRef ca_cn_dn = CFArrayCreate(kCFAllocatorDefault, ca_cn, 2, NULL);
const void *ca_dn_array[2];
ca_dn_array[0] = CFArrayCreate(kCFAllocatorDefault, (const void **)&ca_o_dn, 1, NULL);
ca_dn_array[1] = CFArrayCreate(kCFAllocatorDefault, (const void **)&ca_cn_dn, 1, NULL);
CFArrayRef ca_rdns = CFArrayCreate(kCFAllocatorDefault, ca_dn_array, 2, NULL);
SecCertificateRef ca_cert = SecGenerateSelfSignedCertificate(ca_rdns,
self_signed_parameters, ca_publicKey, ca_privateKey);
SecCertificateRef ca_cert_phone_key =
SecGenerateSelfSignedCertificate(ca_rdns, self_signed_parameters, phone_publicKey, phone_privateKey);
CFReleaseSafe(self_signed_parameters);
CFReleaseSafe(self_key_usage_num);
CFReleaseSafe(path_len_num);
CFReleaseNull(ca_o_dn);
CFReleaseNull(ca_cn_dn);
CFReleaseNull(ca_dn_array[0]);
CFReleaseNull(ca_dn_array[1]);
CFReleaseNull(ca_rdns);
isnt(ca_cert, NULL, "got back a cert");
ok(SecCertificateIsSelfSignedCA(ca_cert), "cert is self-signed ca cert");
isnt(ca_cert_phone_key, NULL, "got back a cert");
ok(SecCertificateIsSelfSignedCA(ca_cert_phone_key), "cert is self-signed ca cert");
CFDataRef data = SecCertificateCopyData(ca_cert);
//write_data("/tmp/ca_cert.der", data);
CFReleaseSafe(data);
SecIdentityRef ca_identity = SecIdentityCreate(kCFAllocatorDefault, ca_cert, ca_privateKey);
SecIdentityRef ca_identity_phone_key = SecIdentityCreate(kCFAllocatorDefault, ca_cert_phone_key, phone_privateKey);
isnt(ca_identity, NULL, "got a identity");
isnt(ca_identity_phone_key, NULL, "got a identity");
CFDictionaryRef dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL);
ok_status(SecItemAdd(dict, NULL), "add ca identity");
CFReleaseSafe(dict);
#if TARGET_OS_IPHONE
TODO: {
todo("Adding a cert with the same issuer/serial but a different key should return something other than errSecDuplicateItem");
#else
{
#endif
dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity_phone_key, 1, NULL, NULL);
is_status(errSecDuplicateItem, SecItemAdd(dict, NULL), "add ca identity");
CFReleaseSafe(dict);
}
CFDataRef csr = SecGenerateCertificateRequestWithParameters(atvs_phone, NULL, phone_publicKey, phone_privateKey);
isnt(csr, NULL, "got back a csr");
CFReleaseNull(csr);
//dict[kSecSubjectAltName, dict[ntPrincipalName, "*****@*****.**"]]
CFStringRef nt_princ_name_val = CFSTR("*****@*****.**");
CFStringRef nt_princ_name_key = CFSTR("ntPrincipalName");
CFDictionaryRef nt_princ = CFDictionaryCreate(NULL, (const void **)&nt_princ_name_key, (const void **)&nt_princ_name_val, 1, NULL, NULL);
CFDictionaryRef params = CFDictionaryCreate(NULL, (const void **)&kSecSubjectAltName, (const void **)&nt_princ, 1, NULL, NULL);
csr = SecGenerateCertificateRequestWithParameters(atvs_phone, params, phone_publicKey, phone_privateKey);
isnt(csr, NULL, "got back a csr");
//write_data("/var/tmp/csr-nt-princ", csr);
CFReleaseNull(csr);
CFReleaseNull(params);
CFReleaseNull(nt_princ);
csr = SecGenerateCertificateRequestWithParameters(atvs_phone, csr_parameters, phone_publicKey, phone_privateKey);
isnt(csr, NULL, "csr w/ params");
//write_data("/tmp/csr", csr);
CFDataRef subject, extensions;
CFStringRef challenge;
ok(SecVerifyCertificateRequest(csr, NULL, &challenge, &subject, &extensions), "verify csr");
CFReleaseNull(csr);
uint8_t serialno_byte = 42;
CFDataRef serialno = CFDataCreate(kCFAllocatorDefault, &serialno_byte, sizeof(serialno_byte));
SecCertificateRef cert = SecIdentitySignCertificate(ca_identity, serialno,
phone_publicKey, subject, extensions);
data = SecCertificateCopyData(cert);
//write_data("/tmp/iphone_cert.der", data);
CFReleaseNull(data);
CFReleaseNull(subject);
CFReleaseNull(extensions);
CFReleaseNull(challenge);
const void * email[] = { CFSTR("1.2.840.113549.1.9.1"), CFSTR("*****@*****.**") };
const void * cn[] = { CFSTR("2.5.4.3"), CFSTR("S/MIME Baby") };
CFArrayRef email_dn = CFArrayCreate(kCFAllocatorDefault, email, 2, NULL);
CFArrayRef cn_dn = CFArrayCreate(kCFAllocatorDefault, cn, 2, NULL);
const void *dn_array[2];
dn_array[0] = CFArrayCreate(kCFAllocatorDefault, (const void **)&email_dn, 1, NULL);
dn_array[1] = CFArrayCreate(kCFAllocatorDefault, (const void **)&cn_dn, 1, NULL);
CFArrayRef rdns = CFArrayCreate(kCFAllocatorDefault, dn_array, 2, NULL);
CFDictionarySetValue(subject_alt_names, CFSTR("rfc822name"), CFSTR("*****@*****.**"));
uint8_t random_extension_data[] = { 0xde, 0xad, 0xbe, 0xef };
CFDataRef random_extension_value = CFDataCreate(kCFAllocatorDefault, random_extension_data, sizeof(random_extension_data));
CFDictionarySetValue(random_extensions, CFSTR("1.2.840.113635.100.6.1.2"), random_extension_value); // APPLE_FDR_ACCESS_OID
CFDictionarySetValue(random_extensions, CFSTR("1.2.840.113635.100.6.1.3"), CFSTR("that guy")); // APPLE_FDR_CLIENT_IDENTIFIER_OID
CFReleaseNull(random_extension_value);
csr = SecGenerateCertificateRequest(rdns, csr_parameters, phone_publicKey, phone_privateKey);
isnt(csr, NULL, "csr w/ params");
//write_data("/tmp/csr_neu", csr);
CFReleaseNull(csr);
CFReleaseNull(subject_alt_names);
CFDictionaryRemoveAllValues(random_extensions);
#if TARGET_OS_IPHONE
CFDataRef scep_request = SecSCEPGenerateCertificateRequest(rdns,
csr_parameters, phone_publicKey, phone_privateKey, NULL, ca_cert);
isnt(scep_request, NULL, "got scep blob");
//write_data("/tmp/scep_request.der", scep_request);
#endif
CFReleaseNull(email_dn);
CFReleaseNull(cn_dn);
CFReleaseNull(dn_array[0]);
CFReleaseNull(dn_array[1]);
CFReleaseNull(rdns);
#if TARGET_OS_IPHONE
CFDataRef scep_reply = SecSCEPCertifyRequest(scep_request, ca_identity, serialno, false);
isnt(scep_reply, NULL, "produced scep reply");
//write_data("/tmp/scep_reply.der", scep_reply);
CFArrayRef issued_certs = NULL;
ok(issued_certs = SecSCEPVerifyReply(scep_request, scep_reply, ca_cert, NULL), "verify scep reply");
// take the issued cert and CA cert and pretend it's a RA/CA couple
CFMutableArrayRef scep_certs = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, issued_certs);
CFArrayAppendValue(scep_certs, ca_cert);
SecCertificateRef ca_certificate = NULL, ra_signing_certificate = NULL, ra_encryption_certificate = NULL;
ok_status(SecSCEPValidateCACertMessage(scep_certs, NULL,
&ca_certificate, &ra_signing_certificate,
&ra_encryption_certificate), "pull apart array again");
ok(CFEqual(ca_cert, ca_certificate), "found ca");
ok(CFArrayContainsValue(issued_certs, CFRangeMake(0, CFArrayGetCount(issued_certs)), ra_signing_certificate), "found ra");
ok(!ra_encryption_certificate, "no separate encryption cert");
CFReleaseSafe(ca_certificate);
CFReleaseSafe(ra_signing_certificate);
CFReleaseSafe(scep_certs);
CFReleaseSafe(scep_request);
CFReleaseSafe(scep_reply);
CFReleaseSafe(issued_certs);
#endif
// cleanups
dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL);
ok_status(SecItemDelete(dict), "delete ca identity");
CFReleaseSafe(dict);
dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&phone_privateKey, 1, NULL, NULL);
ok_status(SecItemDelete(dict), "delete phone private key");
CFReleaseSafe(dict);
CFReleaseSafe(serialno);
CFReleaseSafe(cert);
CFReleaseSafe(ca_identity);
CFReleaseSafe(ca_cert);
CFReleaseSafe(ca_identity_phone_key);
CFReleaseSafe(ca_cert_phone_key);
CFReleaseSafe(csr_parameters);
CFReleaseSafe(random_extensions);
CFReleaseSafe(parameters);
CFReleaseSafe(ca_publicKey);
CFReleaseSafe(ca_privateKey);
CFReleaseSafe(phone_publicKey);
CFReleaseSafe(phone_privateKey);
}
static void test_ec_csr(void) {
SecKeyRef ecPublicKey = NULL, ecPrivateKey = NULL;
int keysize = 256;
CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize);
const void *keyParamsKeys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits };
const void *keyParamsValues[] = { kSecAttrKeyTypeECSECPrimeRandom, key_size_num};
CFDictionaryRef keyParameters = CFDictionaryCreate(NULL, keyParamsKeys, keyParamsValues, 2,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
ok_status(SecKeyGeneratePair(keyParameters, &ecPublicKey, &ecPrivateKey),
"unable to generate EC key");
SecATV cn_phone[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("My iPhone") }, {} };
SecATV c[] = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
SecATV st[] = { { kSecOidStateProvinceName, SecASN1PrintableString, CFSTR("CA") }, {} };
SecATV l[] = { { kSecOidLocalityName, SecASN1PrintableString, CFSTR("Cupertino") }, {} };
SecATV o[] = { { CFSTR("2.5.4.10"), SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
SecATV ou[] = { { kSecOidOrganizationalUnit, SecASN1PrintableString, CFSTR("iPhone") }, {} };
SecRDN atvs_phone[] = { cn_phone, c, st, l, o, ou, NULL };
CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl"));
int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment;
CFNumberRef key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage);
CFMutableDictionaryRef random_extensions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
const void *key[] = { kSecCSRChallengePassword, kSecSubjectAltName, kSecCertificateKeyUsage, kSecCertificateExtensions };
const void *val[] = { CFSTR("magic"), subject_alt_names, key_usage_num, random_extensions };
CFDictionaryRef csr_parameters = CFDictionaryCreate(kCFAllocatorDefault,
key, val, array_size(key), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDataRef csr = SecGenerateCertificateRequestWithParameters(atvs_phone, csr_parameters, ecPublicKey, ecPrivateKey);
isnt(csr, NULL, "csr w/ params");
//write_data("/tmp/csr", csr);
CFDataRef subject, extensions;
CFStringRef challenge;
ok(SecVerifyCertificateRequest(csr, NULL, &challenge, &subject, &extensions), "verify csr");
CFReleaseNull(csr);
CFReleaseNull(key_size_num);
CFReleaseNull(keyParameters);
CFReleaseNull(ecPublicKey);
CFReleaseNull(ecPrivateKey);
CFReleaseNull(subject_alt_names);
CFReleaseNull(key_usage_num);
CFReleaseNull(random_extensions);
CFReleaseNull(csr_parameters);
CFReleaseNull(subject);
CFReleaseNull(extensions);
CFReleaseNull(challenge);
}
static void tests(void)
{
SecTrustRef trust;
SecCertificateRef cert0, cert1;
isnt(cert0 = SecCertificateCreateWithBytes(NULL, WWDR_NoRevInfo, sizeof(WWDR_NoRevInfo)),
NULL, "create leaf");
isnt(cert1 = SecCertificateCreateWithBytes(NULL, WWDR_CA, sizeof(WWDR_CA)),
NULL, "create intermediate");
CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0,
&kCFTypeArrayCallBacks);
CFArrayAppendValue(certs, cert0);
CFArrayAppendValue(certs, cert1);
/* at this point, we should have an OCSP responder for the WWDR-issued leaf cert,
* even though the leaf itself doesn't contain any revocation info.
*/
CFArrayRef ocspResponders = SecCertificateGetOCSPResponders(cert0);
ok(ocspResponders != NULL, "synthesized OCSP responder successfully");
SecPolicyRef signingPolicy = SecPolicyCreateCodeSigning();
SecPolicyRef ocspPolicy = SecPolicyCreateRevocation();
const void *v_policies[] = { signingPolicy, ocspPolicy };
CFArrayRef policies = CFArrayCreate(NULL, v_policies,
sizeof(v_policies) / sizeof(*v_policies), &kCFTypeArrayCallBacks);
CFRelease(signingPolicy);
CFRelease(ocspPolicy);
ok_status(SecTrustCreateWithCertificates(certs, policies, &trust),
"create trust");
/* Aug 1st 2012. */
CFGregorianDate g_date = { 2012, 8, 1, 12, 0, 0 }; // Aug 1 2012 12:00 PM
CFDateRef date = CFDateCreate(kCFAllocatorDefault,
CFGregorianDateGetAbsoluteTime(g_date, NULL));
#if 0
/* will we trust the OCSP response for a verify date in the past?? */
ok_status(SecTrustSetVerifyDate(trust, date), "set date");
#else
ok_status(errSecSuccess, "using current date");
#endif
SecTrustResultType trustResult;
ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
/* The cert should either be reported as revoked (until Jan 13 2013),
* or as expired (after Jan 13 2013). That means its trust result value
* should be 5 (kSecTrustResultRecoverableTrustFailure) or greater.
*/
ok(trustResult >= kSecTrustResultRecoverableTrustFailure,
"trustResult must report a failure, cert is either expired or revoked");
#if 0
fprintf(stderr, "=== trustResult %lu\n", trustResult);
CFStringRef errStr = SecTrustCopyFailureDescription(trust);
CFShow(errStr);
#endif
CFReleaseSafe(trust);
CFReleaseSafe(policies);
CFReleaseSafe(certs);
CFReleaseSafe(cert0);
CFReleaseSafe(cert1);
CFReleaseSafe(date);
}
