/* Test basic add delete update copy matching stuff. */
static void tests(void)
{
    SecTrustRef trust;
	SecCertificateRef cert0, cert1;
	isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
		NULL, "create cert0");
	isnt(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
		NULL, "create cert1");
	const void *v_certs[] = {
		cert0,
		cert1
	};
    SecPolicyRef policy = SecPolicyCreateSSL(false, CFSTR("store.apple.com"));
    CFArrayRef certs = CFArrayCreate(NULL, v_certs,
		array_size(v_certs), NULL);
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
	/* Jan 1st 2006. */
	CFDateRef date = CFDateCreate(NULL, 157680000.0);
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");

	SecTrustResultType trustResult;
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultUnspecified,
		"trust is kSecTrustResultUnspecified");
    CFDataRef exceptions;
    ok(exceptions = SecTrustCopyExceptions(trust), "create an exceptions");
    ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");

	CFReleaseSafe(trust);
	CFReleaseSafe(policy);
    policy = SecPolicyCreateSSL(false, CFSTR("badstore.apple.com"));
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust with hostname mismatch");
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");
    ok(SecTrustSetExceptions(trust, exceptions), "set old exceptions");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");
	CFReleaseSafe(exceptions);
    ok(exceptions = SecTrustCopyExceptions(trust), "create a new exceptions");
    ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");

	CFReleaseSafe(trust);
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");
    ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
    CFArrayRef anchors = CFArrayCreate(kCFAllocatorDefault, NULL, 0, &kCFTypeArrayCallBacks);
    ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set empty anchor list");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");

	ok_status(SecTrustSetAnchorCertificatesOnly(trust, false), "trust passed in anchors and system anchors");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultProceed, "trust is now kSecTrustResultProceed");

	ok_status(SecTrustSetAnchorCertificatesOnly(trust, true), "only trust passed in anchors (default)");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure again");

	CFReleaseSafe(exceptions);
    ok(exceptions = SecTrustCopyExceptions(trust), "create a new exceptions");
    ok(SecTrustSetExceptions(trust, exceptions), "set exceptions");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultProceed, "trust is kSecTrustResultProceed");
	CFReleaseSafe(date);
	date = CFDateCreate(NULL, 667680000.0);
    ok_status(SecTrustSetVerifyDate(trust, date), "set date to far future so certs are expired");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure");

	CFReleaseSafe(anchors);
	CFReleaseSafe(exceptions);
	CFReleaseSafe(trust);
	CFReleaseSafe(policy);
	CFReleaseSafe(certs);
	CFReleaseSafe(cert0);
	CFReleaseSafe(cert1);
	CFReleaseSafe(date);
}
예제 #2
0
파일: dlist.t.c 프로젝트: jajm/libgends
void t_gds_inline_dlist_get_tail(void)
{
	test_list_node_t *nodes[10];
	gds_inline_dlist_node_t *idn, *head, *tail;
	int i;

	for (i = 0; i < 10; i++) {
		nodes[i] = test_list_node_new(i);
	}
	head = &(nodes[0]->inline_node);
	for (i = 1; i < 10; i++) {
		gds_inline_dlist_splice(head, i, 0, NULL,
			&(nodes[i]->inline_node), NULL, &tail);
	}

	idn = gds_inline_dlist_get_tail(tail);
	isnt(idn, NULL);
	is(idn, tail);

	for (i = 0; i < 10; i++) {
		idn = gds_inline_dlist_get_tail(&(nodes[i]->inline_node));
		isnt(idn, NULL);
		is(idn, tail);
	}

	for (i = 0; i < 10; i++) {
		test_list_node_free(nodes[i]);
	}
}
예제 #3
0
파일: MAny.c 프로젝트: quietfanatic/ltm
int main () {
	plan(7);

	MSpec many = {{
		.type = MANY,
		.flags = 0
	}};
	finish_MSpec(&many);
	
	char* teststr = "abcdef";
	Match result = LTM_match_at(&many, teststr, 0);
	isnt(result.type, NOMATCH, "MAny matches at beginning");
	is(result.start, 0, "MAny.start is correct");
	is(result.end, 1, "MAny match has width 1");
	destroy_Match(result);

	result = LTM_match_at(&many, teststr, 3);
	isnt(result.type, NOMATCH, "MAny matches in middle");
	is(result.start, 3, "MAny.start is correct");
	is(result.end, 4, "MAny middle match has with 1");
	destroy_Match(result);

	result = LTM_match_at(&many, teststr, 6);
	is(result.type, NOMATCH, "MNull doesn't match at end");
	destroy_Match(result);


	return 0;
}
예제 #4
0
파일: uri.c 프로젝트: DarkDare/tarantool
int
test_invalid()
{
	plan(2);

	/* Invalid */
	struct uri u;
	isnt(uri_parse(&u, ""), 0 , "empty is invalid");
	isnt(uri_parse(&u, "://"), 0 , ":// is invalid");

	return check_plan();
}
예제 #5
0
static void tests(void)
{
	CFDataRef attached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_signed_data_der, attached_signed_data_der_len, kCFAllocatorNull);
	CFDataRef detached_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_signed_data_der, detached_signed_data_der_len, kCFAllocatorNull);
	CFDataRef attached_no_data_signed_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, attached_no_data_signed_data_der, attached_no_data_signed_data_der_len, kCFAllocatorNull);
	CFDataRef detached_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, detached_content, detached_content_len, kCFAllocatorNull);
	CFDataRef no_data = CFDataCreate(kCFAllocatorDefault, NULL, 0);
	SecPolicyRef policy = SecPolicyCreateBasicX509();
	SecTrustRef trust = NULL;

	ok_status(SecCMSVerifyCopyDataAndAttributes(attached_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached data");
	CFRelease(trust);
	ok_status(SecCMSVerifyCopyDataAndAttributes(detached_signed_data, detached_data, policy, &trust, NULL, NULL), "verify detached data");
	CFRelease(trust);
	ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, NULL, policy, &trust, NULL, NULL), "verify attached no data");
	CFRelease(trust);
	ok_status(SecCMSVerifyCopyDataAndAttributes(attached_no_data_signed_data, no_data, policy, &trust, NULL, NULL), "verify attached no data");
	CFRelease(trust);


    SecCertificateRef cert = NULL;
    SecKeyRef privKey = NULL;
    SecIdentityRef identity = NULL;

    isnt(cert = SecCertificateCreateWithBytes(NULL, signer_der, signer_der_len), NULL, "create certificate");
    isnt(privKey = SecKeyCreateRSAPrivateKey(NULL, privkey_der, privkey_der_len, kSecKeyEncodingPkcs1), NULL, "create private key");
    isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");
    CFReleaseSafe(privKey);

	CFMutableDataRef cms_data = CFDataCreateMutable(kCFAllocatorDefault, 0);
	ok_status(SecCMSCreateSignedData(identity, detached_data, NULL, NULL, cms_data), "create attached data");
	//write_data("/var/tmp/attached", cms_data);
	CFDataSetLength(cms_data, 0);
	CFDictionaryRef detached_cms_dict = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecCMSSignDetached, (const void **)&kCFBooleanTrue, 1, NULL, NULL);
	ok_status(SecCMSCreateSignedData(identity, detached_data, detached_cms_dict, NULL, cms_data), "create attached data");
	CFRelease(detached_cms_dict);
	//write_data("/var/tmp/detached", cms_data);
	CFDataSetLength(cms_data, 0);
	ok_status(SecCMSCreateSignedData(identity, NULL, NULL, NULL, cms_data), "create attached data");
	//write_data("/var/tmp/empty_attached", cms_data);

	CFReleaseSafe(cms_data);
	CFReleaseSafe(cert);
	CFReleaseNull(identity);
	CFRelease(attached_signed_data);
	CFRelease(detached_signed_data);
	CFRelease(attached_no_data_signed_data);
	CFRelease(detached_data);
	CFRelease(no_data);
	CFRelease(policy);
}
예제 #6
0
void t_gds_inline_rbtree_fast_add(void)
{
	gds_inline_rbtree_fast_node_t *root = NULL, node;
	test_rbtree_fast_node_t *trfn;
	int rc;

	ok(0 > gds_inline_rbtree_fast_add(NULL, NULL, NULL, NULL));
	ok(0 > gds_inline_rbtree_fast_add(NULL, NULL, test_rbtree_fast_node_cmp, NULL));
	ok(0 > gds_inline_rbtree_fast_add(NULL, &node, NULL, NULL));
	ok(0 > gds_inline_rbtree_fast_add(NULL, &node, test_rbtree_fast_node_cmp, NULL));
	ok(0 > gds_inline_rbtree_fast_add(&root, NULL, NULL, NULL));
	ok(0 > gds_inline_rbtree_fast_add(&root, NULL, test_rbtree_fast_node_cmp, NULL));
	ok(0 > gds_inline_rbtree_fast_add(&root, &node, NULL, NULL));

	trfn = test_rbtree_fast_node_new(1);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 0);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 1);
	trfn = test_rbtree_fast_node_new(0);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 0);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 1);
	trfn = test_rbtree_fast_node_new(2);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 0);
	rc = gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	is(rc, 1);

	isnt(root, NULL);
	trfn = test_rbtree_fast_node_get_container(root);
	isnt(trfn, NULL);
	is(trfn->data, 1);
	trfn = test_rbtree_fast_node_get_container(root->left);
	isnt(trfn, NULL);
	is(trfn->data, 0);
	trfn = test_rbtree_fast_node_get_container(root->right);
	isnt(trfn, NULL);
	is(trfn->data, 2);

	test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
예제 #7
0
파일: dlist.t.c 프로젝트: jajm/libgends
void t_gds_dlist_push(void)
{
	gds_dlist_t *list;
	int a[] = {1, 2, 3};

	list = gds_dlist();
	isnt(list, NULL);

	list_is(list);

	gds_dlist_push(list, &a[0]);
	list_is(list, &a[0]);

	gds_dlist_push(list, &a[1]);
	list_is(list, &a[0], &a[1]);

	gds_dlist_push(list, &a[2]);
	list_is(list, &a[0], &a[1], &a[2]);

	gds_dlist_push(list, &a[2], &a[1], &a[0]);
	list_is(list, &a[0], &a[1], &a[2], &a[2], &a[1], &a[0]);

	gds_dlist_push(list);
	list_is(list, &a[0], &a[1], &a[2], &a[2], &a[1], &a[0]);

	gds_dlist_free(list);
}
예제 #8
0
파일: dlist.t.c 프로젝트: jajm/libgends
void t_gds_dlist_shift(void)
{
	gds_dlist_t *list;
	int a[] = {1, 2, 3};
	int *b;

	list = gds_dlist(&a[0], &a[1], &a[2]);
	isnt(list, NULL);
	list_is(list, &a[0], &a[1], &a[2]);

	b = gds_dlist_shift(list);
	list_is(list, &a[1], &a[2]);
	is(b, &a[0]);

	b = gds_dlist_shift(list);
	list_is(list, &a[2]);
	is(b, &a[1]);

	b = gds_dlist_shift(list);
	list_is(list);
	is(b, &a[2]);

	b = gds_dlist_shift(list);
	list_is(list);
	is(b, NULL);

	gds_dlist_free(list);
}
/* Basic processing of input */
static void tests(void)
{
    CFArrayRef certs = NULL;
    CFDataRef message;

    // Premade message containing one certificate blob
    message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
                                          certsOnlyMsg, sizeof(certsOnlyMsg), kCFAllocatorNull);
    ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
       "SecCMSCertificatesOnlyMessageCopyCertificates");
    is(CFArrayGetCount(certs), 1, "certificate count is 1");
    CFReleaseNull(message);

    // Premade message containing one certificate blob
    message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
                                          gkIPACCG2DevCertClass87, sizeof(gkIPACCG2DevCertClass87), kCFAllocatorNull);
    ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
       "SecCMSCertificatesOnlyMessageCopyCertificates");
    is(CFArrayGetCount(certs), 1, "certificate count is 1");
    CFReleaseNull(message);


    SecCertificateRef another_cert = NULL;

    // Process a single raw certificate and make it a message
    isnt(another_cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
         NULL, "create certificate");
    ok(message = SecCMSCreateCertificatesOnlyMessageIAP(another_cert), "create iAP specific cert only message (1cert)");
    ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
       "SecCMSCertificatesOnlyMessageCopyCertificates");
    is(CFArrayGetCount(certs), 1, "certificate count is 1");

    // Process two raw certificates (concatenated DER blobs) and make it a message
    isnt(another_cert = SecCertificateCreateWithBytes(NULL, TestDoubleCerts, sizeof(TestDoubleCerts)),
         NULL, "create certificate");
    ok(message = SecCMSCreateCertificatesOnlyMessageIAP(another_cert), "create iAP specific cert only message (2certs)");
    ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message),
       "SecCMSCertificatesOnlyMessageCopyCertificates");
    is(CFArrayGetCount(certs), 2, "certificate count is 2");

    // Clean up
    CFReleaseNull(another_cert);
    CFReleaseNull(message);

    CFReleaseNull(certs);
}
예제 #10
0
void t_gds_inline_rbtree_fast_del(void)
{
	gds_inline_rbtree_fast_node_t *root = NULL, *inode;
	test_rbtree_fast_node_t *trfn;
	int i = 1;

	trfn = test_rbtree_fast_node_new(1);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(0);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(2);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);

	ok(NULL == gds_inline_rbtree_fast_del(NULL, NULL, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_del(NULL, NULL, test_rbtree_fast_node_cmp_with_key, NULL));
	ok(NULL == gds_inline_rbtree_fast_del(NULL, &i, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_del(NULL, &i, test_rbtree_fast_node_cmp_with_key, NULL));
	ok(NULL == gds_inline_rbtree_fast_del(&root, NULL, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_del(&root, &i, NULL, NULL));

	inode = gds_inline_rbtree_fast_del(&root, &i,
		test_rbtree_fast_node_cmp_with_key, NULL);
	isnt(inode, NULL);
	trfn = test_rbtree_fast_node_get_container(inode);
	is(trfn->data, 1);
	test_rbtree_fast_node_free(trfn);
	
	trfn = test_rbtree_fast_node_get_container(root);
	if (trfn->data == 0) {
		is(root->left, NULL);
		isnt(root->right, NULL);
		trfn = test_rbtree_fast_node_get_container(root->right);
		is(trfn->data, 2);
	} else {
		is(root->right, NULL);
		isnt(root->left, NULL);
		trfn = test_rbtree_fast_node_get_container(root->left);
		is(trfn->data, 0);
	}

	test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
static void tests(void)
{
    SecTrustResultType trustResult = kSecTrustResultProceed;
	SecPolicyRef policy = NULL;
	SecTrustRef trust = NULL;
	CFArrayRef certs = NULL;
	
	CFDataRef appleid_record_signing_cert_data = NULL;
	isnt(appleid_record_signing_cert_data = CFDataCreate(kCFAllocatorDefault, kLeafCert, sizeof(kLeafCert)), 
		NULL, "Get the AppleID Record Signing Leaf Certificate Data");
		
	SecCertificateRef appleid_record_signing_cert = NULL;
	isnt(appleid_record_signing_cert = SecCertificateCreateWithData(kCFAllocatorDefault, appleid_record_signing_cert_data),
		NULL, "Get the AppleID Record Signing Leaf Certificate Data");
		
	CFDataRef appleid_intermediate_cert_data = NULL;
	isnt(appleid_intermediate_cert_data = CFDataCreate(kCFAllocatorDefault, kIntermediateCert, sizeof(kIntermediateCert)), 
		NULL, "Get the AppleID Intermediate Certificate Data");
		
	SecCertificateRef appleid_intermediate_cert = NULL;
	isnt(appleid_intermediate_cert = SecCertificateCreateWithData(kCFAllocatorDefault, appleid_intermediate_cert_data),
		NULL, "Get the AppleID Intermediate Certificate");
		
	SecCertificateRef certs_to_use[] = {appleid_record_signing_cert, appleid_intermediate_cert};
		
	certs = CFArrayCreate(NULL, (const void **)certs_to_use, 2, NULL);
		
	isnt(policy = SecPolicyCreateAppleIDValidationRecordSigningPolicy(),
		NULL, "Create AppleID Record signing policy SecPolicyRef");
				
	ok_status(SecTrustCreateWithCertificates(certs, policy, &trust),
        "Create AppleID record signing leaf");

	ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate escrow service trust for club 1");
		
	is_status(trustResult, kSecTrustResultUnspecified,
		"Trust is kSecTrustResultUnspecified AppleID record signing leaf");
		
	CFReleaseSafe(trust);
	CFReleaseSafe(policy);
	CFReleaseSafe(certs);
	CFReleaseSafe(appleid_record_signing_cert);
    CFReleaseSafe(appleid_intermediate_cert_data);
    CFReleaseSafe(appleid_record_signing_cert_data);
}
예제 #12
0
        virtual void test() override // define this function to run tests
        {
            plan(17); // Run 17 tests.

            ok([]() { return true; }, "ok() succeeds on true");
            ok([]() { return false; }, "ok() fails on false");
            ok([]() { throw 0; return true; }, "ok() fails on throw");

            ok(true, "ok() with just boolean arguments works");

            throws([]() { throw 0; }, "throws() detects int throw");
            throws([]() { }, "throws() fails on no throw");

            throws<int>([]() { throw 0; }, "throws<int>() detects int throw");
            throws<int>([]() { throw 'a'; },
                       "throws<int>() fails on char throw");
            throws<int>([]() { }, "throws<int>() fails on no throw");

            nothrows([]() { }, "nothrows() accepts no throw");
            nothrows([]() { throw 0; }, "nothrows() fails on int throw");

            nothrows<int>([]() { throw 'a'; },
                         "nothrows<int>() accepts char throw");
            nothrows<int>([]() {}, "nothrows<int>() accepts no throw");
            nothrows<int>([]() { throw 0; },
                         "nothrows<int>() fails on int throw");

            // See the file variadic.cpp for examples of the
            // new_ok<>() function.

            pass("Will pass automatically.");
            pass("No matter what.");
            fail("Always fails.");

            is(5, 5, "5 == 5");
            is(5, 6, "5 == 6; this should fail.");
            is(std::string("cipra"), std::string("cipra"), "String equality");

            isnt(5, 6, "5 != 6");
            isnt(5, 5, "5 != 5; this should fail.");
            isnt(std::string(";,.pyfgcrl"), std::string("qwertyuiop"),
                 "Programmer Dvorak is not QWERTY");
        }
static void tests(void)
{
    SecTrustRef trust;
    SecCertificateRef leaf, wwdr_intermediate;
    SecPolicyRef policy;

    isnt(wwdr_intermediate = SecCertificateCreateWithBytes(kCFAllocatorDefault,
        wwdr_intermediate_cert, sizeof(wwdr_intermediate_cert)), NULL, "create WWDR intermediate");
    isnt(leaf = SecCertificateCreateWithBytes(kCFAllocatorDefault,
        codesigning_certificate, sizeof(codesigning_certificate)), NULL, "create leaf");

    const void *vcerts[] = { leaf, wwdr_intermediate };
    CFArrayRef certs = CFArrayCreate(kCFAllocatorDefault, vcerts, 2, NULL);

    isnt(policy = SecPolicyCreateiPhoneProfileApplicationSigning(), NULL,
        "create iPhoneProfileApplicationSigning policy instance");
    ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust for leaf");
    CFDateRef verifyDate = CFDateCreate(kCFAllocatorDefault, 228244066);
    ok_status(SecTrustSetVerifyDate(trust, verifyDate), "set verify date");
    CFReleaseNull(verifyDate);
    SecTrustResultType trustResult;
    CFArrayRef properties = NULL;
    properties = SecTrustCopyProperties(trust);
    is(properties, NULL, "no properties returned before eval");
    CFReleaseNull(properties);
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified");
    properties = SecTrustCopyProperties(trust);

    if (properties) {
        print_plist(properties);
        print_cert(leaf, true);
        print_cert(wwdr_intermediate, false);
    }

    CFReleaseNull(properties);
    CFReleaseNull(trust);
    CFReleaseNull(wwdr_intermediate);
    CFReleaseNull(leaf);
    CFReleaseNull(certs);
    CFReleaseNull(policy);
	CFReleaseNull(trust);
}
예제 #14
0
void t_gds_inline_rbtree_fast_get_node(void)
{
	gds_inline_rbtree_fast_node_t *root = NULL, *node_inline;
	test_rbtree_fast_node_t *trfn;
	int i = 0;

	trfn = test_rbtree_fast_node_new(1);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(0);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(2);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);

	ok(NULL == gds_inline_rbtree_fast_get_node(NULL, NULL, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_get_node(NULL, NULL, test_rbtree_fast_node_cmp_with_key, NULL));
	ok(NULL == gds_inline_rbtree_fast_get_node(NULL, &i, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_get_node(NULL, &i, test_rbtree_fast_node_cmp_with_key, NULL));
	ok(NULL == gds_inline_rbtree_fast_get_node(root, NULL, NULL, NULL));
	ok(NULL == gds_inline_rbtree_fast_get_node(root, &i, NULL, NULL));

	node_inline = gds_inline_rbtree_fast_get_node(root, &i,
		test_rbtree_fast_node_cmp_with_key, NULL);
	isnt(node_inline, NULL);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	is(trfn->data, i);
	i = 1;
	node_inline = gds_inline_rbtree_fast_get_node(root, &i,
		test_rbtree_fast_node_cmp_with_key, NULL);
	isnt(node_inline, NULL);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	is(trfn->data, i);
	i = 2;
	node_inline = gds_inline_rbtree_fast_get_node(root, &i,
		test_rbtree_fast_node_cmp_with_key, NULL);
	isnt(node_inline, NULL);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	is(trfn->data, i);

	test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
예제 #15
0
void t_gds_inline_rbtree_fast_iterator(void)
{
	gds_inline_rbtree_fast_node_t *root = NULL, *node_inline;
	test_rbtree_fast_node_t *trfn;
	gds_iterator_t *it;

	trfn = test_rbtree_fast_node_new(1);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(0);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);
	trfn = test_rbtree_fast_node_new(2);
	gds_inline_rbtree_fast_add(&root, &(trfn->inline_node),
		test_rbtree_fast_node_cmp, NULL);

	ok(NULL == gds_inline_rbtree_fast_iterator_new(NULL));

	it = gds_inline_rbtree_fast_iterator_new(root);

	ok(0 == gds_iterator_step(it));
	node_inline = gds_iterator_get(it);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	isnt(trfn, NULL);
	is(trfn->data, 0);

	ok(0 == gds_iterator_step(it));
	node_inline = gds_iterator_get(it);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	isnt(trfn, NULL);
	is(trfn->data, 1);

	ok(0 == gds_iterator_step(it));
	node_inline = gds_iterator_get(it);
	trfn = test_rbtree_fast_node_get_container(node_inline);
	isnt(trfn, NULL);
	is(trfn->data, 2);

	ok(0 < gds_iterator_step(it));

	gds_iterator_free(it);
	test_rbtree_fast_free(test_rbtree_fast_node_get_container(root));
}
예제 #16
0
void t_hash_map_keyin_fast_new(void)
{
	gds_hash_map_keyin_fast_t *hash;

	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, NULL, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, NULL, test_getkey, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, NULL, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(0, gds_hash_sdbm, test_getkey, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, NULL, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, NULL, test_getkey, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, NULL, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, test_cmpkey, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, NULL, test_cmpkey, free));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, NULL, NULL));
	ok(NULL == gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, NULL, free));

	hash = gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, test_cmpkey, NULL);
	isnt(hash, NULL, "hash creation succeeded");
	gds_hash_map_keyin_fast_free(hash);

	hash = gds_hash_map_keyin_fast_new(32, gds_hash_sdbm, test_getkey, test_cmpkey, free);
	isnt(hash, NULL, "hash creation succeeded");
	gds_hash_map_keyin_fast_free(hash);
}
예제 #17
0
/* Create and identity and try to retrieve it. */
static void AddIdentityToKeychain(void)
{
    SecCertificateRef cert = NULL;
    SecKeyRef privKey = NULL;
    //SecIdentityRef identity = NULL;

    isnt(cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
            NULL, "create certificate");

#if TARGET_OS_IPHONE
    privKey = SecKeyCreateRSAPrivateKey(NULL, _k1, sizeof(_k1),
                                        kSecKeyEncodingPkcs1);
#else
#warning TODO
    privKey = NULL;
#endif

    isnt(privKey, NULL, "create private key");

    const void *certkeys[] = {
        kSecValueRef
    };
    const void *certvalues[] = {
        cert
    };
    CFDictionaryRef certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
            array_size(certkeys), NULL, NULL);
    ok_status(SecItemAdd(certDict, NULL), "add certificate");
    CFReleaseNull(certDict);
    CFReleaseNull(cert);

    const void *privkeys[] = {
        kSecValueRef
    };
    const void *privvalues[] = {
        privKey
    };
    CFDictionaryRef privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
            array_size(privkeys), NULL, NULL);
    ok_status(SecItemAdd(privDict, NULL), "add private key");
    CFReleaseNull(privDict);
    CFReleaseNull(privKey);
}
예제 #18
0
int main(int argc, char *const *argv)
{
    int rv = 1;
    plan_tests(6);

TODO: {
        todo("ok 0 is supposed to fail");

        rv = ok(0, "ok bad");
        if (!rv)
            diag("ok bad not good today");
    }
    rv &= ok(1, "ok ok");
#if 0
SKIP: {
        skip("is bad will fail", 1, 0);

        if (!is(0, 4, "is bad"))
            diag("is bad not good today");
    }
SKIP: {
        skip("is ok should not be skipped", 1, 1);

        is(3, 3, "is ok");
    }
#endif
    isnt(0, 4, "isnt ok");
TODO: {
        todo("isnt bad is supposed to fail");

        isnt(3, 3, "isnt bad");
    }
TODO: {
        todo("cmp_ok bad is supposed to fail");

        cmp_ok(3, &&, 0, "cmp_ok bad");
    }
    cmp_ok(3, &&, 3, "cmp_ok ok");

    return 0;
}
예제 #19
0
파일: dlist.t.c 프로젝트: jajm/libgends
void t_gds_inline_dlist_get(void)
{
	test_list_node_t *nodes[10];
	test_list_node_t *tln;
	gds_inline_dlist_node_t *node_inline, *fi, *node_inline2;
	int i, j;

	for (i = 0; i < 10; i++) {
		nodes[i] = test_list_node_new(i);
	}
	fi = &(nodes[0]->inline_node);
	for (i = 1; i < 10; i++) {
		gds_inline_dlist_splice(fi, i, 0, NULL,
			&(nodes[i]->inline_node), NULL, NULL);
	}

	for (i = 0; i < 10; i++) {
		node_inline = gds_inline_dlist_get(fi, i);
		isnt(node_inline, NULL);
		tln = test_list_node_get_container(node_inline);
		isnt(tln, NULL);
		is(tln->data, i);
		for (j = -i; j < 10-i; j++) {
			node_inline2 = gds_inline_dlist_get(node_inline, j);
			isnt(node_inline2, NULL);
			tln = test_list_node_get_container(node_inline2);
			isnt(tln, NULL);
			is(tln->data, i+j);
		}
	}

	node_inline = gds_inline_dlist_get(fi, -1);
	is(node_inline, NULL);
	node_inline = gds_inline_dlist_get(fi, 10);
	is(node_inline, NULL);

	for (i = 0; i < 10; i++) {
		test_list_node_free(nodes[i]);
	}
}
예제 #20
0
void processCmd (t_query * query)
{
	if (isnt (query->cmd,"")) // neues Kommando?
	{
		if (query->selectedId == 255) // entspricht "alle gelisteten Devices"
		{
			executeCmds (query->page, query->ids, query->cmd);
		}
		else
		{
			executeCmd (query->page, query->selectedId, query->cmd);
		}
	}
}
static void tests(void)
{
	SecCertificateRef cert0;
	isnt(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
		NULL, "create cert0");
    SecTrustStoreRef user_store;
    isnt(user_store = SecTrustStoreForDomain(kSecTrustStoreDomainUser),
        NULL, "get user trust settings store handle");
    ok(!SecTrustStoreContains(user_store, cert0),
        "cert0 is not yet present");
    ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
        "make cert0 trusted for anything");
    ok(SecTrustStoreContains(user_store, cert0),
        "cert0 is present");
    ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
        "make cert0 trusted for anything - again, should update now");
    ok(SecTrustStoreContains(user_store, cert0),
        "cert0 is still present");
    ok_status(SecTrustStoreRemoveCertificate(user_store, cert0),
        "removing cert0");
    ok(!SecTrustStoreContains(user_store, cert0),
        "cert0 is no longer present");

    /* Adding again...*/
    ok_status(SecTrustStoreSetTrustSettings(user_store, cert0, NULL),
        "make cert0 trusted for anything");
    ok(SecTrustStoreContains(user_store, cert0),
       "cert0 is present");

    /* Remove it */
    ok_status(SecTrustStoreRemoveCertificate(user_store, cert0),
              "removing cert0");
    ok(!SecTrustStoreContains(user_store, cert0),
       "cert0 is no longer present");

	CFReleaseSafe(cert0);
}
예제 #22
0
static OSStatus
_EAPSecIdentityCreateCertificateTrustChain(SecIdentityRef identity,
					   CFArrayRef * ret_chain)
{
    SecCertificateRef		cert = NULL;
    CFArrayRef 			certs;
    SecPolicyRef		policy = NULL;
    OSStatus			status;
    SecTrustRef 		trust = NULL;
    SecTrustResultType 		trust_result;

    *ret_chain = NULL;
    ok(policy = SecPolicyCreateBasicX509(), "SecPolicyCreateBasicX509");
    ok_status(status = SecIdentityCopyCertificate(identity, &cert), "SecIdentityCopyCertificate");
    certs = CFArrayCreate(NULL, (const void **)&cert,
			  1, &kCFTypeArrayCallBacks);
    CFReleaseNull(cert);
    ok_status(status = SecTrustCreateWithCertificates(certs, policy, &trust),
        "SecTrustCreateWithCertificates");
    CFReleaseNull(certs);
    ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate");
    {
	CFMutableArrayRef	array;
	CFIndex			count = SecTrustGetCertificateCount(trust);
	CFIndex			i;

	isnt(count, 0, "SecTrustGetCertificateCount is nonzero");
	array = CFArrayCreateMutable(NULL, count, &kCFTypeArrayCallBacks);
	for (i = 0; i < count; i++) {
	    SecCertificateRef	s;

	    s = SecTrustGetCertificateAtIndex(trust, i);
	    CFArrayAppendValue(array, s);
	}
	*ret_chain = array;
    }

    CFReleaseNull(trust);
    CFReleaseNull(policy);
    return (status);
}
예제 #23
0
파일: dlist.t.c 프로젝트: jajm/libgends
void t_gds_dlist_slice(void)
{
	gds_dlist_t *list, *list2;
	int *a[10];
	int *b;
	int i;

	list = gds_dlist();
	isnt(list, NULL);
	for (i=0; i<10; i++) {
		a[i] = malloc(sizeof(int));
		*(a[i]) = i;
		gds_dlist_push(list, a[i]);
	}
	list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);

	list2 = gds_dlist_slice(list, 0, 2, NULL);
	list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
	list_is(list2, a[0], a[1]);
	gds_dlist_free(list2);

	list2 = gds_dlist_slice(list, 2, 5, NULL);
	list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
	list_is(list2, a[2], a[3], a[4], a[5], a[6]);
	gds_dlist_free(list2);

	list2 = gds_dlist_slice(list, 7, 10, NULL);
	list_is(list, a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9]);
	list_is(list2, a[7], a[8], a[9]);
	gds_dlist_free(list2);

	list2 = gds_dlist_slice(list, 2, 4, gds_lambda(int *, (int *i) {
		int *a = malloc(sizeof(int));
		*a = *i;
		return a;
	}));
예제 #24
0
int
main(void)
{
	plan(PLAN);

	char *td = mkdtemp(strdup("/tmp/fiob.XXXXXX"));
	isnt(td, NULL, "tempdir is created");
	if (td == 0) {
		diag("Can't create temporary dir: %s", strerror(errno));
		return -1;
	}

	static char buf[4096];

	{

		FILE *f = fiob_open(catfile(td, "t0"), "w+d");
		isnt(f, NULL, "common open");
		size_t done = fwrite("Hello, world", 1, 12, f);
		is(done, 12, "Hello world is written (%zu bytes)", done);

		is(ftell(f), 12, "current position");
		is(fseek(f, 0L, SEEK_SET), 0, "set new position");
		is(ftell(f), 0, "current position %li", ftell(f));


		done = fread(buf, 1, 12, f);
		is(done, 12, "Hello world is read (%zu bytes)", done);
		is(memcmp(buf, "Hello, world", 12), 0, "data");

		is(fseek(f, 0L, SEEK_SET), 0, "set new position");
		done = fread(buf + 1, 1, 12, f);
		is(done, 12, "Hello world is read (%zu bytes)", done);
		is(memcmp(buf + 1, "Hello, world", 12), 0, "data");


		is(fseek(f, 0L, SEEK_SET), 0, "set new position");
		fwrite("ololo ololo ololo", 1, 17, f);
		is(fseek(f, 1L, SEEK_SET), 0, "set new position");

		done = fread(buf + 1, 1, 12, f);
		is(done, 12, "data is read");
		is(memcmp(buf + 1, "lolo ololo ololo", 12), 0, "data is read");

		is(fclose(f), 0, "fclose");

		f = fopen(catfile(td, "t0"), "r");
		isnt(f, NULL, "reopened file");
		is(fseek(f, 0L, SEEK_END), 0, "move pos at finish");
		is(ftell(f), 17, "file size");
		is(fclose(f), 0, "fclose");

		f = fiob_open(catfile(td, "t0"), "w+x");
		is(f, NULL, "common open: O_EXCL");
	}

	{
		FILE *f = fiob_open(catfile(td, "t1"), "w+");
		isnt(f, NULL, "common open");
		size_t done = fwrite("Hello, world", 1, 12, f);
		is(done, 12, "Hello world is written (%zu bytes)", done);

		is(fseek(f, 1, SEEK_SET), 0, "move pos");
		done = fwrite("Hello, world", 1, 12, f);
		is(done, 12, "Hello world is written (%zu bytes)", done);

		is(fseek(f, 2, SEEK_SET), 0, "move pos");
		done = fread(buf, 1, 12, f);
		is(done, 11, "read 11 bytes");
		is(memcmp(buf, "ello, world", 11), 0, "content was read");

		is(fclose(f), 0, "fclose");
	}

	{
		FILE *f = fiob_open(catfile(td, "tm"), "wxd");
		isnt(f, NULL, "open big file");
		size_t done = fwrite("Hello, world\n", 1, 13, f);
		is(done, 13, "Hello world is written (%zu bytes)", done);

		size_t i;

		for (i = 0; i < 1000000; i++) {
			done += fwrite("Hello, world\n", 1, 13, f);
		}
		is(done, 13 + 13 * 1000000, "all bytes were written");
		is(fclose(f), 0, "fclose");

		f = fopen(catfile(td, "tm"), "r");
		isnt(f, NULL, "reopen file for reading");
		done = 0;
		for (i = 0; i < 1000000 + 1; i++) {
			buf[0] = 0;
			fgets(buf, 4096, f);
			if (strcmp(buf, "Hello, world\n") == 0)
				done++;
		}
		is(done, 1000000 + 1, "all records were written properly");

		is(fgets(buf, 4096, f), NULL, "eof");
		isnt(feof(f), 0, "feof");
		is(fclose(f), 0, "fclose");
	}
	{
		FILE *f = fiob_open(catfile(td, "tm"), "w+d");
		setvbuf(f, NULL, _IONBF, 0);
		isnt(f, NULL, "open big file");
		size_t done = fwrite("Hello, world\n", 1, 13, f);
		is(done, 13, "Hello world is written (%zu bytes)", done);

		size_t i;

		for (i = 0; i < 1000000; i++) {
			done += fwrite("Hello, world\n", 1, 13, f);
		}
		is(done, 13 + 13 * 1000000, "all bytes were written");
		is(fclose(f), 0, "fclose");

		f = fopen(catfile(td, "tm"), "r");
		isnt(f, NULL, "reopen file for reading");
		done = 0;
		for (i = 0; i < 1000000 + 1; i++) {
			memset(buf, 0, 4096);
			fgets(buf, 4096, f);
			if (strcmp(buf, "Hello, world\n") == 0)
				done++;
/*                         else */
/*                                 fprintf(stderr, "#   wrong line %zu: %s", */
/*                                         i, buf); */
		}
		is(done, 1000000 + 1, "all records were written properly");

		is(fgets(buf, 4096, f), NULL, "eof");
		isnt(feof(f), 0, "feof");
		is(fclose(f), 0, "fclose");
	}



	if (fork() == 0)
		execl("/bin/rm", "/bin/rm", "-fr", td, NULL);

	free(td);
	return check_plan();
}
/* Create and identity and try to retrieve it. */
static void tests(void)
{
    SecCertificateRef cert = NULL;
    SecKeyRef privKey = NULL;
    SecIdentityRef identity = NULL;

    isnt(cert = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)),
            NULL, "create certificate");
    isnt(privKey = SecKeyCreateRSAPrivateKey(NULL, _k1, sizeof(_k1),
                kSecKeyEncodingPkcs1), NULL, "create private key");

    const void *certkeys[] = {
        kSecValueRef
    };
    const void *certvalues[] = {
        cert
    };
    CFDictionaryRef certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
            array_size(certkeys), NULL, NULL);
    ok_status(SecItemAdd(certDict, NULL), "add certificate");
    CFReleaseNull(certDict);

    const void *privkeys[] = {
        kSecValueRef
    };
    const void *privvalues[] = {
        privKey
    };
    CFDictionaryRef privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
            array_size(privkeys), NULL, NULL);
    ok_status(SecItemAdd(privDict, NULL), "add private key");
    CFReleaseNull(privDict);

    isnt(identity = SecIdentityCreate(NULL, cert, privKey), NULL, "create identity");

    /* Lookup the key and certificate using SecItemCopyMatching(). */
    CFDataRef pk_digest = CFDataCreate(NULL, _k1_digest, sizeof(_k1_digest));
    const void *q_keys[] = {
        kSecClass,
        kSecAttrApplicationLabel,
        kSecReturnRef
    };
    const void *q_values[] = {
        kSecClassKey,
        pk_digest,
        kCFBooleanTrue
    };
    CFDictionaryRef query = CFDictionaryCreate(NULL, q_keys, q_values,
            array_size(q_keys), NULL, NULL);
    CFTypeRef result_key;
    ok_status(SecItemCopyMatching(query, &result_key), "lookup key");

    isnt(CFEqual(privKey, result_key), 0, "keys match");
    CFReleaseNull(query);

    q_keys[1] = kSecAttrPublicKeyHash;
    q_values[0] = kSecClassCertificate;
    query = CFDictionaryCreate(NULL, q_keys, q_values,
            array_size(q_keys), NULL, NULL);
    CFTypeRef result_cert;
    ok_status(SecItemCopyMatching(query, &result_cert), "lookup certificate");
    isnt(CFEqual(cert, result_cert), 0, "certificates match");
    CFReleaseNull(query);

    /* Cleanup. */
    CFReleaseNull(result_key);
    CFReleaseNull(result_cert);

    /* identity lookup */
    const void *idnt_keys[] = {
        kSecClass,
        kSecAttrApplicationLabel,
        kSecReturnRef
    };
    const void *idnt_values[] = {
        kSecClassIdentity,
        pk_digest,
        kCFBooleanTrue
    };
    CFTypeRef result_idnt;
    SecCertificateRef result_cert2;
    query = CFDictionaryCreate(NULL, idnt_keys, idnt_values,
            array_size(idnt_keys), NULL, NULL);
    ok_status(SecItemCopyMatching(query, &result_idnt), "lookup identity");
    isnt(result_idnt, NULL, "found identity?");
    is(CFGetRetainCount(result_idnt), 1, "result_idnt rc = 1");
    isnt(CFEqual(identity, result_idnt), 0, "identities match");
    CFReleaseNull(identity);

    ok_status(SecIdentityCopyCertificate((SecIdentityRef)result_idnt, &result_cert2), "get cert from identity");
    isnt(CFEqual(cert, result_cert2), 0, "certificates match");
    CFRelease(query);
    CFRelease(pk_digest);
    CFReleaseNull(result_cert2);

    certDict = CFDictionaryCreate(NULL, certkeys, certvalues,
            array_size(certkeys), NULL, NULL);
    ok_status(SecItemDelete(certDict), "delete certificate via ref");
    is_status(errSecItemNotFound, SecItemCopyMatching(certDict, NULL), "verify certificate is gone");

    CFReleaseNull(certDict);

    privDict = CFDictionaryCreate(NULL, privkeys, privvalues,
            array_size(privkeys), NULL, NULL);
    ok_status(SecItemDelete(privDict), "delete key via ref");
    is_status(errSecItemNotFound, SecItemCopyMatching(privDict, NULL), "verify key is gone");
    CFReleaseNull(privDict);

    /* add certificate to offset cert row id from key row id */
    SecCertificateRef apple_ca_cert = NULL;
    isnt(apple_ca_cert = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)),
            NULL, "create apple ca certificate");
    CFDictionaryRef appleCertDict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&apple_ca_cert, 1, NULL, NULL);
    ok_status(SecItemAdd(appleCertDict, NULL), "add apple ca certificate to offset key and cert rowid");

    /* add identity, get persistent ref */
    const void *keys_identity[] = {     kSecValueRef,   kSecReturnPersistentRef };
    const void *values_identity[] = {   result_idnt,    kCFBooleanTrue };
    CFDictionaryRef identity_add = CFDictionaryCreate(NULL, keys_identity, values_identity,
        array_size(keys_identity), NULL, NULL);
    CFTypeRef persist = NULL;
    ok_status(SecItemAdd(identity_add, &persist), "add identity ref");
    ok(persist, "got back persistent ref");
    /* <rdar://problem/6537195> SecItemAdd returns success when it shouldn't */
    CFTypeRef persist_again = NULL;
    is_status(errSecDuplicateItem, SecItemAdd(identity_add, &persist_again),
        "fail to add identity ref again");
    ok(!persist_again, "no persistent ref this time");

    /* find by persistent ref */
    const void *keys_persist[] = { kSecReturnRef, kSecValuePersistentRef };
    const void *values_persist[] = { kCFBooleanTrue, persist };
    CFDictionaryRef persist_find = CFDictionaryCreate(NULL, keys_persist, values_persist,
	(array_size(keys_persist)), NULL, NULL);
    CFTypeRef results2 = NULL;
    ok_status(SecItemCopyMatching(persist_find, &results2), "find identity by persistent ref");
    is(CFGetRetainCount(results2), 1, "results2 rc = 1");
    // not implemented ok(CFEqual(result_idnt, results2), "same item (attributes)");
    CFReleaseNull(results2);

    /* find identity, key and cert by ref and return persistent ref */
    const void *keys_ref_to_persist[] = { kSecReturnPersistentRef, kSecValueRef };
    const void *values_ref_to_persist[] = { kCFBooleanTrue, NULL };
    CFTypeRef items[] = { result_idnt, privKey, cert, NULL };
    CFTypeRef *item = items;
    while (*item) {
        values_ref_to_persist[1] = *item;
        CFDictionaryRef ref_to_persist_find = CFDictionaryCreate(NULL, keys_ref_to_persist, values_ref_to_persist,
            (array_size(keys_ref_to_persist)), NULL, NULL);
        results2 = NULL;
        ok_status(SecItemCopyMatching(ref_to_persist_find, &results2), "find persistent ref for identity ref");
        ok(NULL != results2, "good persistent ref");
        is(CFGetRetainCount(results2), 1, "results2 rc = 1");
        CFReleaseNull(results2);
        CFReleaseNull(ref_to_persist_find);
        item++;
    }

    /* delete identity by identity ref */
    ok_status(SecItemDelete(identity_add), "delete identity by identity ref");
    is(SecItemCopyMatching(persist_find, &results2), errSecItemNotFound,
        "make sure identity by persistent ref is no longer there");
    CFRelease(persist_find);
    CFReleaseNull(persist);
    ok_status(SecItemAdd(identity_add, &persist), "add identity ref back");
    CFRelease(identity_add);

    /* delete identity by persistent ref */
    CFDictionaryRef persist_delete = CFDictionaryCreate(NULL,
        &kSecValuePersistentRef, &persist, 1, NULL, NULL);
    ok_status(SecItemDelete(persist_delete),
        "delete identity by persistent ref");
    is(SecItemCopyMatching(persist_delete, &results2), errSecItemNotFound,
        "make sure identity by persistent ref is no longer there");
    CFRelease(persist_delete);
    CFReleaseNull(persist);

	/* add identity with a label set */
	CFStringRef zomg_label = CFSTR("zomg");
	CFMutableDictionaryRef lbl_idnt_query =
		CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
		&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
	CFDictionarySetValue(lbl_idnt_query, kSecValueRef, result_idnt);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
    ok_status(SecItemAdd(lbl_idnt_query, NULL), "add identity ref");

	/* find identity with label*/
	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
	ok_status(SecItemCopyMatching(lbl_idnt_query, NULL), "find identity by label");

	/* find certs with label */
	CFTypeRef zomg_cert;
	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassCertificate);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
	CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
	ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_cert), "find cert by label");

	/* find keys with label */
	CFTypeRef zomg_key;
	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassKey);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
	CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
	ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_key), "find key by label");

	/* update label on key */
	CFStringRef new_label_value = CFSTR("zzzomg");
	CFDictionaryRef new_label = CFDictionaryCreate(kCFAllocatorDefault, (const void **)&kSecAttrLabel, (const void **)&new_label_value, 1, NULL, NULL);
	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecValueRef, zomg_key);
	ok_status(SecItemUpdate(lbl_idnt_query, new_label), "update label to zzzomg for key");

	CFTypeRef zomg_idnt = NULL;
	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
	ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "still finding zomg ident");
	CFReleaseNull(zomg_idnt);


	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecValueRef, zomg_cert);
	ok_status(SecItemUpdate(lbl_idnt_query, new_label), "update label to zzzomg for cert");
	CFReleaseNull(new_label);

	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, zomg_label);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
	is_status(errSecItemNotFound, SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "no longer find identity by label");

	CFDictionaryRemoveAllValues(lbl_idnt_query);
	CFDictionarySetValue(lbl_idnt_query, kSecReturnRef, kCFBooleanTrue);
	CFDictionarySetValue(lbl_idnt_query, kSecAttrLabel, new_label_value);
	CFDictionarySetValue(lbl_idnt_query, kSecClass, kSecClassIdentity);
	ok_status(SecItemCopyMatching(lbl_idnt_query, &zomg_idnt), "finding ident with zzzomg label");

    /* Find zomg identity with canonical issuer */
    {
        unsigned char DN[] = {
            0x30, 0x32, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
            0x07, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c,
            0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x0c,
            0x0f, 0x70, 0x6c, 0x75, 0x74, 0x6f, 0x40, 0x70, 0x6c, 0x75, 0x74, 0x6f,
            0x2e, 0x63, 0x6f, 0x6d
        };
        unsigned int DN_len = 52;
        CFMutableDictionaryRef find_by_issuer = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
        CFDataRef issuer = SecCertificateGetNormalizedIssuerContent(cert);
        CFTypeRef found_by_issuer = NULL;
        CFDictionarySetValue(find_by_issuer, kSecAttrIssuer, issuer);
        CFDictionarySetValue(find_by_issuer, kSecClass, kSecClassIdentity);
        CFDictionarySetValue(find_by_issuer, kSecReturnRef, kCFBooleanTrue);
        ok_status(SecItemCopyMatching(find_by_issuer, &found_by_issuer), "find identity by cert issuer");
        ok(CFEqual(found_by_issuer, zomg_idnt), "should be same as zomg_idnt");
        CFReleaseNull(found_by_issuer);
        issuer = CFDataCreate(kCFAllocatorDefault, DN, DN_len);
        CFDictionarySetValue(find_by_issuer, kSecAttrIssuer, issuer);
        ok_status(SecItemCopyMatching(find_by_issuer, &found_by_issuer), "find identity by cert issuer");
        CFReleaseNull(issuer);
        ok(CFEqual(found_by_issuer, zomg_idnt), "should be same as zomg_idnt");
        CFReleaseNull(found_by_issuer);
        CFReleaseNull(find_by_issuer);
    }

    ok_status(SecItemDelete(lbl_idnt_query), "delete ident with zzzomg label");

    /* Delete the apple cert last */
    ok_status(SecItemDelete(appleCertDict), "delete apple ca certificate");
    CFReleaseNull(appleCertDict);
    CFReleaseNull(apple_ca_cert);

	CFRelease(zomg_key);
	CFRelease(zomg_cert);
	CFRelease(zomg_idnt);
	CFRelease(zomg_label);
	CFRelease(new_label_value);
	CFRelease(lbl_idnt_query);

    CFReleaseNull(result_idnt);
    CFReleaseNull(privKey);
    CFReleaseNull(cert);
}
static void tests(void)
{
    CFErrorRef error = NULL;
    CFStringRef password = NULL;
    CFMutableArrayRef requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFMutableDictionaryRef passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);

    CFCharacterSetRef uppercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetUppercaseLetter);
    CFCharacterSetRef lowercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetLowercaseLetter);
    CFCharacterSetRef decimalDigitCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetDecimalDigit);
    
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
    
    //test default PIN
    password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);
    CFReleaseNull(password);
    error = NULL;
    
    //test default icloud recovery code
    password = SecPasswordGenerate(kSecPasswordTypeiCloudRecovery, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);
    CFReleaseNull(password);
    error = NULL;
    
    //test default wifi
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);
    CFReleaseNull(password);
    error = NULL;
    CFRelease(passwordRequirements);
    
    //test default safari
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordDefaultForType, CFSTR("true"));
    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);

    //test icloud recovery code generation
    password = SecPasswordGenerate(kSecPasswordTypeiCloudRecovery, &error, NULL);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    
    //dictionary setup
    int min = 20;
    int max = 32;
    
    CFNumberRef minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    CFNumberRef maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    CFStringRef allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    
    //test wifi code generation
    //test with min/max in range of default
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    

    //test with max == min
    min = 24;
    max = 24;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    passwordRequirements = NULL;
    
    //test disallowed characters
    min = 24;
    max = 56;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdefghijklmnopqrstuvwxyz0123456789");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordDisallowedCharacters, CFSTR("aidfl"));

    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    passwordRequirements = NULL;

    //test can't start with characters
    min = 24;
    max = 56;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("diujk");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordCantStartWithChars, CFSTR("d"));
    
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    passwordRequirements = NULL;
   
    
    //test can't end with characters
    min = 24;
    max = 56;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("diujk89");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordCantEndWithChars, CFSTR("d"));
    
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    passwordRequirements = NULL;
    
    
    //test 4 digit pin generation
    for(int i =0 ; i< 100; i++){
        password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
        isnt(password, NULL);
        ok(error == NULL);

        error = NULL;
        CFReleaseNull(password);
    }
        
    //test 6 digit pin
    min = 4;
    max = 6;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(passwordRequirements);

    //test 5 digit pin
    min = 4;
    max = 5;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    password = SecPasswordGenerate(kSecPasswordTypePIN, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(passwordRequirements);
    //test safari password
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    
    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(requiredCharacterSets);
    
    //test flexible group size and number of groups in the password
    //test safari password
    min = 12;
    max = 19;
    int groupSize = 5;
    int numberOfGroups = 23;
    
    CFTypeRef groupSizeRef = CFNumberCreate(NULL, kCFNumberIntType, &groupSize);
    CFTypeRef numberOfGroupsRef = CFNumberCreate(NULL, kCFNumberIntType, &numberOfGroups);
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordGroupSize, groupSizeRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordNumberOfGroups, numberOfGroupsRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordSeparator, CFSTR("*"));

    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(requiredCharacterSets);
    
    //test at least N characters 
    //test safari password
    min = 24;
    max = 32;
    int N = 5;

    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    CFNumberRef threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
    
    CFStringRef characters = CFSTR("ab");
    CFMutableDictionaryRef atLeast = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(atLeast, kSecPasswordCharacters, characters);
    CFDictionaryAddValue(atLeast, kSecPasswordCharacterCount, threshold);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsAtLeastNSpecificCharacters, atLeast);

    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(requiredCharacterSets);

    //test no More than N characters
    //test safari password
    min = 24;
    max = 32;
    N = 5;
    

    threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    CFMutableDictionaryRef noMoreThan = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFStringRef noMore = CFSTR("ab");
    CFDictionaryAddValue(noMoreThan, kSecPasswordCharacters, noMore);
    CFDictionaryAddValue(noMoreThan, kSecPasswordCharacterCount, threshold);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, noMoreThan);
    
    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(requiredCharacterSets);

    //test identical character threshold
    //test safari password
    min = 12;
    max = 19;
    N = 2;
    
    threshold = CFNumberCreate(NULL, kCFNumberIntType, &N);
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters, threshold);
    
    password = SecPasswordGenerate(kSecPasswordTypeSafari, &error, passwordRequirements);
    isnt(password, NULL);
    ok(error == NULL);

    error = NULL;
    CFReleaseNull(password);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(requiredCharacterSets);

/////////////////now test all the error cases
    //test with no required characters
    
    min = 24;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);

    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);

    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    CFRelease(error);
    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //test with no allowed characters
    min = 24;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    CFRelease(error);
    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(passwordRequirements);

    //test with min > max
    min = 32;
    max = 20;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //test by ommitting dictionary parameters
    
    //omit max length
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //omit min length
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //omit allowed characters
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //omit required characters
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);
    
    error = NULL;
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    CFRelease(passwordRequirements);

    //pass in wrong type for min
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    //pass in wrong type for max
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, allowedCharacters);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);

    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);    
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    //pass in wrong type for allowed
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);

    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    //pass in wrong type for required
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    //pass in wrong type for no less than
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsAtLeastNSpecificCharacters, CFSTR("hehe"));
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);

    //pass in wrong type for no more than
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, CFSTR("hehe"));

    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);

    //pass in wrong disallowed characters
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordDisallowedCharacters, requiredCharacterSets);
    
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);
    
    error = NULL;
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);
    
    //pass in wrong type for no more than's dictionary
    min = 20;
    max = 32;
    
    minRef = CFNumberCreate(NULL, kCFNumberIntType, &min);
    maxRef = CFNumberCreate(NULL, kCFNumberIntType, &max);
    
    CFMutableDictionaryRef wrongCount = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    CFDictionaryAddValue(wrongCount, kSecPasswordCharacters, CFSTR("lkj"));
    CFDictionaryAddValue(wrongCount, kSecPasswordCharacterCount, CFSTR("sdf"));
    
    passwordRequirements = CFDictionaryCreateMutable(NULL, 0, NULL, NULL);
    requiredCharacterSets = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, lowercaseLetterCharacterSet);
    CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet);
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, requiredCharacterSets);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMinLengthKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordMaxLengthKey, maxRef);
    allowedCharacters = CFSTR("abcdsefw2345");
    
    CFDictionaryAddValue(passwordRequirements, kSecPasswordAllowedCharactersKey, allowedCharacters);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordRequiredCharactersKey, minRef);
    CFDictionaryAddValue(passwordRequirements, kSecPasswordContainsNoMoreThanNSpecificCharacters, wrongCount);
    
    password = SecPasswordGenerate(kSecPasswordTypeWifi, &error, passwordRequirements);
    ok(password == NULL);
    ok(error != NULL);

    error = NULL;
    CFRelease(wrongCount);
    CFRelease(passwordRequirements);
    CFRelease(minRef);
    CFRelease(maxRef);
    CFRelease(allowedCharacters);

    password = CFSTR("Apple1?");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("Singhal190");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("1Hollow2");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("1Hollow/");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("baj/paj1");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("Zaxs1009?");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("6666");
    isnt(false, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("123456");
    isnt(false, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("654321");
    isnt(false, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("A");
    isnt(false, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("password");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("password1");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("P@ssw0rd");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("facebook!{}");
    isnt(true, SecPasswordIsPasswordWeak(password));
    CFRelease(password);
    
    password = CFSTR("12345678");
    isnt(false, SecPasswordIsPasswordWeak(password));
    CFRelease(password);

    bool isSimple = false;
    
    password = CFSTR("Apple1?");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("Singhal190");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("1Hollow2");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("1Hollow/");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("baj/paj1");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("Zaxs1009?");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("6666");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

    password = CFSTR("1235");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    isSimple = true;
    password = CFSTR("6666");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("1235");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    isSimple = false;
    password = CFSTR("123456");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("654321");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("1577326");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("A");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

    password = CFSTR("password");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

    password = CFSTR("password1");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

    password = CFSTR("P@ssw0rd");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

    password = CFSTR("facebook!{}");
    is(false, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);
    
    password = CFSTR("12345678");
    is(true, SecPasswordIsPasswordWeak2(isSimple, password));
    CFRelease(password);

}
/* Test basic add delete update copy matching stuff. */
static void tests(void)
{
    SecTrustRef trust;
	SecCertificateRef iAP1CA, iAP2CA, leaf0, leaf1;
	isnt(iAP1CA = SecCertificateCreateWithBytes(NULL, _iAP1CA, sizeof(_iAP1CA)),
		NULL, "create iAP1CA");
	isnt(iAP2CA = SecCertificateCreateWithBytes(NULL, _iAP2CA, sizeof(_iAP2CA)),
		NULL, "create iAP2CA");
	isnt(leaf0 = SecCertificateCreateWithBytes(NULL, _leaf0, sizeof(_leaf0)),
		NULL, "create leaf0");
	isnt(leaf1 = SecCertificateCreateWithBytes(NULL, _leaf1, sizeof(_leaf1)),
		NULL, "create leaf1");
    {
        // temporarily grab some stack space and fill it with 0xFF;
        // when we exit this scope, the stack pointer should shrink but leave the memory filled.
        // this tests for a stack overflow bug inside SecPolicyCreateiAP (rdar://16056248)
        char buf[2048];
        memset(buf, 0xFF, sizeof(buf));
    }
    SecPolicyRef policy = SecPolicyCreateiAP();
	const void *v_anchors[] = {
		iAP1CA,
		iAP2CA
	};
    CFArrayRef anchors = CFArrayCreate(NULL, v_anchors,
		array_size(v_anchors), NULL);
    CFArrayRef certs0 = CFArrayCreate(NULL, (const void **)&leaf0, 1, NULL);
    CFArrayRef certs1 = CFArrayCreate(NULL, (const void **)&leaf1, 1, NULL);
    ok_status(SecTrustCreateWithCertificates(certs0, policy, &trust), "create trust for leaf0");
	ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");

	/* Jan 1st 2008. */
	CFDateRef date = CFDateCreate(NULL, 220752000.0);
    ok_status(SecTrustSetVerifyDate(trust, date), "set date");

	SecTrustResultType trustResult;
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
    is_status(trustResult, kSecTrustResultUnspecified,
		"trust is kSecTrustResultUnspecified");

	is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");

	CFReleaseSafe(trust);
    ok_status(SecTrustCreateWithCertificates(certs1, policy, &trust), "create trust for leaf1");
	ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
    ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
	TODO:
	{
		todo("We need the actual iAP1 intermediate");
		is_status(trustResult, kSecTrustResultUnspecified,
			"trust is kSecTrustResultUnspecified");
	}

	CFReleaseSafe(anchors);
	CFReleaseSafe(certs1);
	CFReleaseSafe(certs0);
	CFReleaseSafe(trust);
	CFReleaseSafe(policy);
	CFReleaseSafe(leaf0);
	CFReleaseSafe(leaf1);
	CFReleaseSafe(iAP1CA);
	CFReleaseSafe(iAP2CA);
	CFReleaseSafe(date);
}
예제 #28
0
int main() {
	test_plan(60);

	ok(0);
	ok(1);
	ok_(3, "My third test");
    int ia, ib, ic;
    ia = 123, ib = 123, ic = 132; 
    short int sia, sib, sic;
    sia = 123, sib = 123, sic = 132;
    long int lia, lib, lic;
    lia = 123, lib = 123, lic = 132;
    double da, db, dc;
    da = 1.2222222, db = 1.2222222, dc = 1.2333333;
    float fa, fb, fc;
    fa = 1.2222222, fb = 1.2222222, fc = 1.2333333; 

	is("abc", "abc");
    is("abc", "ab");
	is_("abc", "abc", "My char test");    
	is_("abc", "ab", "Failed test");


    is(ia, ib);
    is(ia, ic);
	is_(ia, ib, "My int test");    
	is_(ia, ic, "Failed test");


    is(sia, sib);
    is(sia, sic);
	is_(sia, sib, "My  short int test");    
	is_(sia, sic, "Failed test");


    is(lia, lib);
    is(lia, lic);
	is_(lia, lib, "My int test");    
	is_(lia, lic, "Failed test");


    is(da, db);
    is(da, dc);
	is_(da, db, "My double test");    
	is_(da, dc, "Failed test");
    

    is(fa, fb);
    is(fa, fc);
	is_(fa, fb, "My float test");    
	is_(fa, fc, "Failed test");



    isnt("abc", "abc");
    isnt("abc", "ab");
	isnt_("abc", "abc", "My char test");    
	isnt_("abc", "ab", "Failed test");

    isnt(ia, ib);
    isnt(ia, ic);
	isnt_(ia, ic, "My int test");    
	isnt_(ia, ib, "Failed test");

    isnt(sia, sib);
    isnt(sia, sic);
	isnt_(sia, sic, "My  short int test");    
	isnt_(sia, sib, "Failed test");

    isnt(lia, lib);
    isnt(lia, lic);
	isnt_(lia, lic, "My int test");    
	isnt_(lia, lib, "Failed test");


    isnt(da, db);
    isnt(da, dc);
	isnt_(da, dc, "My double test");    
	isnt_(da, db, "Failed test");

    isnt(fa, fb);
    isnt(fa, fc);
	isnt_(fa, fc, "My float test");    
	isnt_(fa, fb, "Failed test");

	summary();
	return 0;
}
예제 #29
0
static void tests(void)
{
    SecKeyRef phone_publicKey = NULL, phone_privateKey = NULL;
    SecKeyRef ca_publicKey = NULL, ca_privateKey = NULL;

    int keysize = 2048;
    CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize);
    const void *keygen_keys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits };
    const void *keygen_vals[] = { kSecAttrKeyTypeRSA, key_size_num };
    CFDictionaryRef parameters = CFDictionaryCreate(kCFAllocatorDefault,
        keygen_keys, keygen_vals, array_size(keygen_vals),
        &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks );
    CFReleaseNull(key_size_num);

    CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
    CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl"));

    int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment;
    CFNumberRef key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage);

    CFMutableDictionaryRef random_extensions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);

    const void *key[] = { kSecCSRChallengePassword, kSecSubjectAltName, kSecCertificateKeyUsage, kSecCertificateExtensions };
    const void *val[] = { CFSTR("magic"), subject_alt_names, key_usage_num, random_extensions };
    CFDictionaryRef csr_parameters = CFDictionaryCreate(kCFAllocatorDefault,
        key, val, array_size(key), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);

    SecATV cn_phone[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("My iPhone") }, {} };
    SecATV c[]  = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
    SecATV st[] = { { kSecOidStateProvinceName, SecASN1PrintableString, CFSTR("CA") }, {} };
    SecATV l[]  = { { kSecOidLocalityName, SecASN1PrintableString, CFSTR("Cupertino") }, {} };
    SecATV o[]  = { { CFSTR("2.5.4.10"), SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
    SecATV ou[] = { { kSecOidOrganizationalUnit, SecASN1PrintableString, CFSTR("iPhone") }, {} };

    SecRDN atvs_phone[] = { cn_phone, c, st, l, o, ou, NULL };

    ok_status(SecKeyGeneratePair(parameters, &phone_publicKey, &phone_privateKey), "generate key pair");
    ok_status(SecKeyGeneratePair(parameters, &ca_publicKey, &ca_privateKey), "generate key pair");

    int self_key_usage = kSecKeyUsageKeyCertSign | kSecKeyUsageCRLSign;
    CFNumberRef self_key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &self_key_usage);
    int path_len = 0;
    CFNumberRef path_len_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &path_len);
    const void *self_key[] = { kSecCertificateKeyUsage, kSecCSRBasicContraintsPathLen };
    const void *self_val[] = { self_key_usage_num, path_len_num };
    CFDictionaryRef self_signed_parameters = CFDictionaryCreate(kCFAllocatorDefault,
        self_key, self_val, array_size(self_key), NULL, NULL);

    const void * ca_o[] = { kSecOidOrganization, CFSTR("Apple Inc.") };
    const void * ca_cn[] = { kSecOidCommonName, CFSTR("Root CA") };
    CFArrayRef ca_o_dn = CFArrayCreate(kCFAllocatorDefault, ca_o, 2, NULL);
    CFArrayRef ca_cn_dn = CFArrayCreate(kCFAllocatorDefault, ca_cn, 2, NULL);
    const void *ca_dn_array[2];
    ca_dn_array[0] = CFArrayCreate(kCFAllocatorDefault, (const void **)&ca_o_dn, 1, NULL);
    ca_dn_array[1] = CFArrayCreate(kCFAllocatorDefault, (const void **)&ca_cn_dn, 1, NULL);
    CFArrayRef ca_rdns = CFArrayCreate(kCFAllocatorDefault, ca_dn_array, 2, NULL);

    SecCertificateRef ca_cert = SecGenerateSelfSignedCertificate(ca_rdns,
        self_signed_parameters, ca_publicKey, ca_privateKey);
	SecCertificateRef ca_cert_phone_key =
		SecGenerateSelfSignedCertificate(ca_rdns, self_signed_parameters, phone_publicKey, phone_privateKey);

	CFReleaseSafe(self_signed_parameters);
    CFReleaseSafe(self_key_usage_num);
    CFReleaseSafe(path_len_num);
    CFReleaseNull(ca_o_dn);
    CFReleaseNull(ca_cn_dn);
    CFReleaseNull(ca_dn_array[0]);
    CFReleaseNull(ca_dn_array[1]);
    CFReleaseNull(ca_rdns);

    isnt(ca_cert, NULL, "got back a cert");
    ok(SecCertificateIsSelfSignedCA(ca_cert), "cert is self-signed ca cert");
    isnt(ca_cert_phone_key, NULL, "got back a cert");
    ok(SecCertificateIsSelfSignedCA(ca_cert_phone_key), "cert is self-signed ca cert");
    CFDataRef data = SecCertificateCopyData(ca_cert);
    //write_data("/tmp/ca_cert.der", data);
    CFReleaseSafe(data);

    SecIdentityRef ca_identity = SecIdentityCreate(kCFAllocatorDefault, ca_cert, ca_privateKey);
	SecIdentityRef ca_identity_phone_key = SecIdentityCreate(kCFAllocatorDefault, ca_cert_phone_key, phone_privateKey);
    isnt(ca_identity, NULL, "got a identity");
    isnt(ca_identity_phone_key, NULL, "got a identity");
    CFDictionaryRef dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL);
    ok_status(SecItemAdd(dict, NULL), "add ca identity");
    CFReleaseSafe(dict);
#if TARGET_OS_IPHONE
    TODO: {
        todo("Adding a cert with the same issuer/serial but a different key should return something other than errSecDuplicateItem");
#else
    {
#endif
        dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity_phone_key, 1, NULL, NULL);
        is_status(errSecDuplicateItem, SecItemAdd(dict, NULL), "add ca identity");
        CFReleaseSafe(dict);
    }

    CFDataRef csr = SecGenerateCertificateRequestWithParameters(atvs_phone, NULL, phone_publicKey, phone_privateKey);
    isnt(csr, NULL, "got back a csr");
    CFReleaseNull(csr);

	//dict[kSecSubjectAltName, dict[ntPrincipalName, "*****@*****.**"]]
	CFStringRef nt_princ_name_val = CFSTR("*****@*****.**");
	CFStringRef nt_princ_name_key = CFSTR("ntPrincipalName");
	CFDictionaryRef nt_princ = CFDictionaryCreate(NULL, (const void **)&nt_princ_name_key, (const void **)&nt_princ_name_val, 1, NULL, NULL);
	CFDictionaryRef params = CFDictionaryCreate(NULL, (const void **)&kSecSubjectAltName, (const void **)&nt_princ, 1, NULL, NULL);

    csr = SecGenerateCertificateRequestWithParameters(atvs_phone, params, phone_publicKey, phone_privateKey);
    isnt(csr, NULL, "got back a csr");
	//write_data("/var/tmp/csr-nt-princ", csr);
    CFReleaseNull(csr);
	CFReleaseNull(params);
	CFReleaseNull(nt_princ);

    csr = SecGenerateCertificateRequestWithParameters(atvs_phone, csr_parameters, phone_publicKey, phone_privateKey);
    isnt(csr, NULL, "csr w/ params");
    //write_data("/tmp/csr", csr);
    CFDataRef subject, extensions;
    CFStringRef challenge;
    ok(SecVerifyCertificateRequest(csr, NULL, &challenge, &subject, &extensions), "verify csr");
    CFReleaseNull(csr);

    uint8_t serialno_byte = 42;
    CFDataRef serialno = CFDataCreate(kCFAllocatorDefault, &serialno_byte, sizeof(serialno_byte));
    SecCertificateRef cert = SecIdentitySignCertificate(ca_identity, serialno,
        phone_publicKey, subject, extensions);
    data = SecCertificateCopyData(cert);
    //write_data("/tmp/iphone_cert.der", data);
    CFReleaseNull(data);
    CFReleaseNull(subject);
    CFReleaseNull(extensions);
    CFReleaseNull(challenge);

    const void * email[] = { CFSTR("1.2.840.113549.1.9.1"), CFSTR("*****@*****.**") };
    const void * cn[] = { CFSTR("2.5.4.3"), CFSTR("S/MIME Baby") };
    CFArrayRef email_dn = CFArrayCreate(kCFAllocatorDefault, email, 2, NULL);
    CFArrayRef cn_dn = CFArrayCreate(kCFAllocatorDefault, cn, 2, NULL);
    const void *dn_array[2];
    dn_array[0] = CFArrayCreate(kCFAllocatorDefault, (const void **)&email_dn, 1, NULL);
    dn_array[1] = CFArrayCreate(kCFAllocatorDefault, (const void **)&cn_dn, 1, NULL);
    CFArrayRef rdns = CFArrayCreate(kCFAllocatorDefault, dn_array, 2, NULL);
    CFDictionarySetValue(subject_alt_names, CFSTR("rfc822name"), CFSTR("*****@*****.**"));

    uint8_t random_extension_data[] = { 0xde, 0xad, 0xbe, 0xef };
    CFDataRef random_extension_value = CFDataCreate(kCFAllocatorDefault, random_extension_data, sizeof(random_extension_data));
    CFDictionarySetValue(random_extensions, CFSTR("1.2.840.113635.100.6.1.2"), random_extension_value);  // APPLE_FDR_ACCESS_OID
    CFDictionarySetValue(random_extensions, CFSTR("1.2.840.113635.100.6.1.3"), CFSTR("that guy"));  // APPLE_FDR_CLIENT_IDENTIFIER_OID
    CFReleaseNull(random_extension_value);

    csr = SecGenerateCertificateRequest(rdns, csr_parameters, phone_publicKey, phone_privateKey);
    isnt(csr, NULL, "csr w/ params");
    //write_data("/tmp/csr_neu", csr);
    CFReleaseNull(csr);
    CFReleaseNull(subject_alt_names);
    CFDictionaryRemoveAllValues(random_extensions);

#if TARGET_OS_IPHONE
    CFDataRef scep_request = SecSCEPGenerateCertificateRequest(rdns,
        csr_parameters, phone_publicKey, phone_privateKey, NULL, ca_cert);
    isnt(scep_request, NULL, "got scep blob");
    //write_data("/tmp/scep_request.der", scep_request);
#endif

    CFReleaseNull(email_dn);
    CFReleaseNull(cn_dn);
    CFReleaseNull(dn_array[0]);
    CFReleaseNull(dn_array[1]);
    CFReleaseNull(rdns);

#if TARGET_OS_IPHONE
    CFDataRef scep_reply = SecSCEPCertifyRequest(scep_request, ca_identity, serialno, false);
    isnt(scep_reply, NULL, "produced scep reply");
    //write_data("/tmp/scep_reply.der", scep_reply);

    CFArrayRef issued_certs = NULL;
    ok(issued_certs = SecSCEPVerifyReply(scep_request, scep_reply, ca_cert, NULL), "verify scep reply");

    // take the issued cert and CA cert and pretend it's a RA/CA couple
    CFMutableArrayRef scep_certs = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, issued_certs);
    CFArrayAppendValue(scep_certs, ca_cert);
    SecCertificateRef ca_certificate = NULL, ra_signing_certificate = NULL, ra_encryption_certificate = NULL;

    ok_status(SecSCEPValidateCACertMessage(scep_certs, NULL,
        &ca_certificate, &ra_signing_certificate,
        &ra_encryption_certificate), "pull apart array again");
    ok(CFEqual(ca_cert, ca_certificate), "found ca");
    ok(CFArrayContainsValue(issued_certs, CFRangeMake(0, CFArrayGetCount(issued_certs)), ra_signing_certificate), "found ra");
    ok(!ra_encryption_certificate, "no separate encryption cert");

    CFReleaseSafe(ca_certificate);
    CFReleaseSafe(ra_signing_certificate);
    CFReleaseSafe(scep_certs);

    CFReleaseSafe(scep_request);
    CFReleaseSafe(scep_reply);
    CFReleaseSafe(issued_certs);
#endif

    // cleanups
    dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL);
    ok_status(SecItemDelete(dict), "delete ca identity");
	CFReleaseSafe(dict);
    dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&phone_privateKey, 1, NULL, NULL);
    ok_status(SecItemDelete(dict), "delete phone private key");
	CFReleaseSafe(dict);

    CFReleaseSafe(serialno);

    CFReleaseSafe(cert);
    CFReleaseSafe(ca_identity);
    CFReleaseSafe(ca_cert);
	CFReleaseSafe(ca_identity_phone_key);
	CFReleaseSafe(ca_cert_phone_key);
    CFReleaseSafe(csr_parameters);
    CFReleaseSafe(random_extensions);
    CFReleaseSafe(parameters);
    CFReleaseSafe(ca_publicKey);
    CFReleaseSafe(ca_privateKey);
    CFReleaseSafe(phone_publicKey);
    CFReleaseSafe(phone_privateKey);
}

static void test_ec_csr(void) {
    SecKeyRef ecPublicKey = NULL, ecPrivateKey = NULL;

    int keysize = 256;
    CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize);

    const void *keyParamsKeys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits };
    const void *keyParamsValues[] = { kSecAttrKeyTypeECSECPrimeRandom,  key_size_num};
    CFDictionaryRef keyParameters = CFDictionaryCreate(NULL, keyParamsKeys, keyParamsValues, 2,
                                                       &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
    ok_status(SecKeyGeneratePair(keyParameters, &ecPublicKey, &ecPrivateKey),
              "unable to generate EC key");

    SecATV cn_phone[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("My iPhone") }, {} };
    SecATV c[]  = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
    SecATV st[] = { { kSecOidStateProvinceName, SecASN1PrintableString, CFSTR("CA") }, {} };
    SecATV l[]  = { { kSecOidLocalityName, SecASN1PrintableString, CFSTR("Cupertino") }, {} };
    SecATV o[]  = { { CFSTR("2.5.4.10"), SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
    SecATV ou[] = { { kSecOidOrganizationalUnit, SecASN1PrintableString, CFSTR("iPhone") }, {} };

    SecRDN atvs_phone[] = { cn_phone, c, st, l, o, ou, NULL };

    CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
    CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl"));

    int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment;
    CFNumberRef key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage);

    CFMutableDictionaryRef random_extensions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);

    const void *key[] = { kSecCSRChallengePassword, kSecSubjectAltName, kSecCertificateKeyUsage, kSecCertificateExtensions };
    const void *val[] = { CFSTR("magic"), subject_alt_names, key_usage_num, random_extensions };
    CFDictionaryRef csr_parameters = CFDictionaryCreate(kCFAllocatorDefault,
                                                        key, val, array_size(key), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);


    CFDataRef csr = SecGenerateCertificateRequestWithParameters(atvs_phone, csr_parameters, ecPublicKey, ecPrivateKey);
    isnt(csr, NULL, "csr w/ params");
    //write_data("/tmp/csr", csr);
    CFDataRef subject, extensions;
    CFStringRef challenge;
    ok(SecVerifyCertificateRequest(csr, NULL, &challenge, &subject, &extensions), "verify csr");

    CFReleaseNull(csr);
    CFReleaseNull(key_size_num);
    CFReleaseNull(keyParameters);
    CFReleaseNull(ecPublicKey);
    CFReleaseNull(ecPrivateKey);
    CFReleaseNull(subject_alt_names);
    CFReleaseNull(key_usage_num);
    CFReleaseNull(random_extensions);
    CFReleaseNull(csr_parameters);
    CFReleaseNull(subject);
    CFReleaseNull(extensions);
    CFReleaseNull(challenge);
}
static void tests(void)
{
	SecTrustRef trust;
	SecCertificateRef cert0, cert1;
	isnt(cert0 = SecCertificateCreateWithBytes(NULL, WWDR_NoRevInfo, sizeof(WWDR_NoRevInfo)),
			NULL, "create leaf");
	isnt(cert1 = SecCertificateCreateWithBytes(NULL, WWDR_CA, sizeof(WWDR_CA)),
			NULL, "create intermediate");
	CFMutableArrayRef certs = CFArrayCreateMutable(kCFAllocatorDefault, 0,
			&kCFTypeArrayCallBacks);
	CFArrayAppendValue(certs, cert0);
	CFArrayAppendValue(certs, cert1);

	/* at this point, we should have an OCSP responder for the WWDR-issued leaf cert,
	 * even though the leaf itself doesn't contain any revocation info.
	 */
	CFArrayRef ocspResponders = SecCertificateGetOCSPResponders(cert0);
	ok(ocspResponders != NULL, "synthesized OCSP responder successfully");

	SecPolicyRef signingPolicy = SecPolicyCreateCodeSigning();
	SecPolicyRef ocspPolicy = SecPolicyCreateRevocation();
	const void *v_policies[] = { signingPolicy, ocspPolicy };
	CFArrayRef policies = CFArrayCreate(NULL, v_policies,
			sizeof(v_policies) / sizeof(*v_policies), &kCFTypeArrayCallBacks);
	CFRelease(signingPolicy);
	CFRelease(ocspPolicy);
	ok_status(SecTrustCreateWithCertificates(certs, policies, &trust),
			"create trust");
	/* Aug 1st 2012. */
	CFGregorianDate g_date = { 2012, 8, 1, 12, 0, 0 }; // Aug 1 2012 12:00 PM
	CFDateRef date = CFDateCreate(kCFAllocatorDefault,
			CFGregorianDateGetAbsoluteTime(g_date, NULL));
#if 0
	/* will we trust the OCSP response for a verify date in the past?? */
	ok_status(SecTrustSetVerifyDate(trust, date), "set date");
#else
	ok_status(errSecSuccess, "using current date");
#endif

	SecTrustResultType trustResult;
	ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");

	/* The cert should either be reported as revoked (until Jan 13 2013),
	 * or as expired (after Jan 13 2013). That means its trust result value
     * should be 5 (kSecTrustResultRecoverableTrustFailure) or greater.
	 */
	ok(trustResult >= kSecTrustResultRecoverableTrustFailure,
       "trustResult must report a failure, cert is either expired or revoked");
#if 0
    fprintf(stderr, "=== trustResult %lu\n", trustResult);
    CFStringRef errStr = SecTrustCopyFailureDescription(trust);
    CFShow(errStr);
#endif

	CFReleaseSafe(trust);
	CFReleaseSafe(policies);
	CFReleaseSafe(certs);
	CFReleaseSafe(cert0);
	CFReleaseSafe(cert1);
	CFReleaseSafe(date);
}