/* print cert's label (the one SecCertificate infers) */
OSStatus printCertLabel(
SecCertificateRef certRef)
{
OSStatus ortn;
CFStringRef label;
ortn = SecCertificateInferLabel(certRef, &label);
if(ortn) {
cssmPerror("SecCertificateInferLabel", ortn);
return ortn;
}
printCfStr(label);
CFRelease(label);
return noErr;
}
/*
* Display a Trust Settings array as obtained from
* SecTrustSettingsCopyTrustSettings().
*/
static int displayTrustSettings(
CFArrayRef trustSettings)
{
/* must always be there though it may be empty */
if(trustSettings == NULL) {
fprintf(stderr, "***displayTrustSettings: missing trust settings array");
return -1;
}
if(CFGetTypeID(trustSettings) != CFArrayGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed trust settings array");
return -1;
}
int ourRtn = 0;
CFIndex numUseConstraints = CFArrayGetCount(trustSettings);
indentIncr();
indent();
printf("Number of trust settings : %ld\n", (long)numUseConstraints);
OSStatus ortn;
SecPolicyRef certPolicy;
SecTrustedApplicationRef certApp;
CFDictionaryRef ucDict;
CFStringRef policyStr;
CFNumberRef cfNum;
CFIndex ucDex;
/* grind thru the trust settings dictionaries */
for(ucDex=0; ucDex<numUseConstraints; ucDex++) {
indent();
printf("Trust Setting %ld:\n", (long)ucDex);
indentIncr();
ucDict = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, ucDex);
if(CFGetTypeID(ucDict) != CFDictionaryGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed usage constraints dictionary");
ourRtn = -1;
goto nextAp;
}
/* policy - optional */
certPolicy = (SecPolicyRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicy);
if(certPolicy != NULL) {
if(CFGetTypeID(certPolicy) != SecPolicyGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed certPolicy");
ourRtn = -1;
goto nextAp;
}
CSSM_OID policyOid;
ortn = SecPolicyGetOID(certPolicy, &policyOid);
if(ortn) {
cssmPerror("SecPolicyGetOID", ortn);
ourRtn = -1;
goto nextAp;
}
indent();
printf("Policy OID : %s\n",
oidToOidString(&policyOid));
}
/* app - optional */
certApp = (SecTrustedApplicationRef)CFDictionaryGetValue(ucDict,
kSecTrustSettingsApplication);
if(certApp != NULL) {
if(CFGetTypeID(certApp) != SecTrustedApplicationGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed certApp");
ourRtn = -1;
goto nextAp;
}
CFDataRef appPath = NULL;
ortn = SecTrustedApplicationCopyData(certApp, &appPath);
if(ortn) {
cssmPerror("SecTrustedApplicationCopyData", ortn);
ourRtn = -1;
goto nextAp;
}
indent();
printf("Application : %s", CFDataGetBytePtr(appPath));
printf("\n");
CFRelease(appPath);
}
/* policy string */
policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsPolicyString);
if(policyStr != NULL) {
if(CFGetTypeID(policyStr) != CFStringGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed policyStr");
ourRtn = -1;
goto nextAp;
}
indent();
printf("Policy String : ");
printCfStr(policyStr);
printf("\n");
}
/* Allowed error */
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsAllowedError);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed allowedError");
ourRtn = -1;
goto nextAp;
}
indent();
printf("Allowed Error : ");
printCssmErr(cfNum);
printf("\n");
}
/* ResultType */
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsResult);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed ResultType");
ourRtn = -1;
goto nextAp;
}
indent();
printf("Result Type : ");
printResultType(cfNum);
printf("\n");
}
/* key usage */
cfNum = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
if(cfNum != NULL) {
if(CFGetTypeID(cfNum) != CFNumberGetTypeID()) {
fprintf(stderr, "***displayTrustSettings: malformed keyUsage");
ourRtn = -1;
goto nextAp;
}
indent();
printf("Key Usage : ");
printKeyUsage(cfNum);
printf("\n");
}
nextAp:
indentDecr();
}
indentDecr();
return ourRtn;
}
