1/* 2 * Copyright (c) 2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24#include <CoreFoundation/CoreFoundation.h> 25#include <Security/Security.h> 26#include <Security/SecCertificatePriv.h> 27//#include <Security/SecInternal.h> 28 29#include "keychain_regressions.h" 30#include "utilities/SecCFRelease.h" 31 32/* subject:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=CDN Support/CN=www.paypal.com */ 33/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA */ 34unsigned char leaf_certificate[1548]={ 35 0x30,0x82,0x06,0x08,0x30,0x82,0x04,0xF0,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x08, 36 0x34,0xE4,0x53,0xD4,0x3A,0x68,0x57,0x23,0xAF,0xFB,0xB1,0x33,0xCE,0x45,0x7C,0x30, 37 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, 38 0xBA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, 39 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, 40 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, 41 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, 42 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, 43 0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20, 44 0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76, 45 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20, 46 0x28,0x63,0x29,0x30,0x36,0x31,0x34,0x30,0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B, 47 0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33, 48 0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61, 49 0x74,0x69,0x6F,0x6E,0x20,0x53,0x53,0x4C,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31, 50 0x34,0x30,0x34,0x31,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x35, 51 0x30,0x34,0x30,0x32,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x82,0x01,0x09,0x31, 52 0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, 53 0x13,0x02,0x55,0x53,0x31,0x19,0x30,0x17,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82, 54 0x37,0x3C,0x02,0x01,0x02,0x13,0x08,0x44,0x65,0x6C,0x61,0x77,0x61,0x72,0x65,0x31, 55 0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0F,0x13,0x14,0x50,0x72,0x69,0x76,0x61,0x74, 56 0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,0x69,0x7A,0x61,0x74,0x69,0x6F,0x6E,0x31,0x10, 57 0x30,0x0E,0x06,0x03,0x55,0x04,0x05,0x13,0x07,0x33,0x30,0x31,0x34,0x32,0x36,0x37, 58 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30, 59 0x11,0x06,0x03,0x55,0x04,0x11,0x14,0x0A,0x39,0x35,0x31,0x33,0x31,0x2D,0x32,0x30, 60 0x32,0x31,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43,0x61,0x6C, 61 0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07, 62 0x14,0x08,0x53,0x61,0x6E,0x20,0x4A,0x6F,0x73,0x65,0x31,0x16,0x30,0x14,0x06,0x03, 63 0x55,0x04,0x09,0x14,0x0D,0x32,0x32,0x31,0x31,0x20,0x4E,0x20,0x31,0x73,0x74,0x20, 64 0x53,0x74,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x14,0x0C,0x50,0x61,0x79, 65 0x50,0x61,0x6C,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55, 66 0x04,0x0B,0x14,0x0B,0x43,0x44,0x4E,0x20,0x53,0x75,0x70,0x70,0x6F,0x72,0x74,0x31, 67 0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x03,0x14,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61, 68 0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09, 69 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00, 70 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBE,0xAE,0x46,0x4D,0x99,0x6E,0x6D, 71 0x6C,0x35,0x4B,0x88,0x32,0x38,0xBB,0xDC,0xD0,0x09,0x95,0xD0,0x9A,0xE4,0x36,0xE7, 72 0x9F,0x0A,0xB0,0xF2,0xD7,0xD2,0x30,0x62,0x03,0x1F,0xAD,0xC6,0xF4,0x6D,0x10,0x84, 73 0xF7,0x79,0x1B,0xBC,0x74,0xC0,0xA8,0xE3,0x82,0xFE,0xD4,0x0A,0x93,0x2E,0x3D,0x4B, 74 0x12,0x24,0xAD,0xAD,0x5F,0x5D,0xED,0x1C,0xC9,0x1C,0x6F,0x13,0x7B,0xE2,0xC1,0x25, 75 0x4E,0x46,0x5F,0x4F,0x3B,0x2E,0x5A,0xCB,0xC1,0x5A,0xB4,0x82,0xCF,0xAD,0xA3,0x65, 76 0xE8,0x86,0x33,0xB5,0xED,0x1D,0x78,0x99,0xA7,0xC7,0xD5,0xFA,0x10,0x2E,0xFB,0x11, 77 0x4E,0x23,0x58,0x06,0x96,0x87,0x71,0x75,0x51,0x73,0x8C,0x0F,0xF4,0xCA,0x7C,0x8F, 78 0x91,0x25,0x79,0x13,0xDC,0xB0,0xF0,0xDE,0x08,0x07,0x01,0x0B,0x64,0xCC,0x57,0x6A, 79 0x12,0x86,0x62,0x17,0x3E,0x5D,0xB9,0x62,0x3D,0x58,0x7B,0x2A,0x6E,0xF6,0xA6,0x30, 80 0x41,0x02,0xFC,0xEC,0x64,0x72,0x33,0xD5,0xD5,0x3F,0x6B,0x6D,0x97,0xF3,0xC1,0x61, 81 0xBF,0x38,0x3B,0xAB,0x41,0x47,0xD4,0xC2,0x03,0xD7,0x3B,0x59,0x57,0x9D,0xE1,0xA1, 82 0x2A,0xD6,0x78,0xE8,0x83,0x5D,0x3D,0xDD,0xAA,0x5D,0x17,0xFD,0x94,0xD6,0xE5,0x7A, 83 0xEF,0x02,0x63,0xC6,0xA3,0xC6,0x2D,0x5B,0x33,0x08,0x8B,0xF5,0xA5,0x03,0xB4,0xFE, 84 0xF2,0x1D,0xAB,0xBF,0x5E,0x9E,0xB8,0x78,0x39,0x20,0x2B,0x68,0x61,0x4F,0xE4,0x99, 85 0xF2,0xAA,0xC2,0x4D,0x4B,0x48,0xCB,0x68,0xC2,0x10,0x3F,0xFA,0x9A,0xBA,0xC5,0x6A, 86 0x53,0x8F,0x22,0xF3,0xD7,0xC9,0xED,0xA4,0xD5,0x02,0x03,0x01,0x00,0x01,0xA3,0x82, 87 0x01,0xB6,0x30,0x82,0x01,0xB2,0x30,0x67,0x06,0x03,0x55,0x1D,0x11,0x04,0x60,0x30, 88 0x5E,0x82,0x0E,0x77,0x77,0x77,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F, 89 0x6D,0x82,0x12,0x68,0x69,0x73,0x74,0x6F,0x72,0x79,0x2E,0x70,0x61,0x79,0x70,0x61, 90 0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0C,0x74,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E, 91 0x63,0x6F,0x6D,0x82,0x0C,0x63,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F, 92 0x6D,0x82,0x0E,0x74,0x6D,0x73,0x2E,0x70,0x61,0x79,0x70,0x61,0x6C,0x2E,0x63,0x6F, 93 0x6D,0x82,0x0C,0x74,0x6D,0x73,0x2E,0x65,0x62,0x61,0x79,0x2E,0x63,0x6F,0x6D,0x30, 94 0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D, 95 0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D, 96 0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06, 97 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x66,0x06,0x03,0x55,0x1D,0x20, 98 0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01, 99 0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02, 100 0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D, 101 0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x25,0x06,0x08,0x2B,0x06, 102 0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,0x17,0x68,0x74,0x74,0x70,0x73,0x3A, 103 0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70, 104 0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xFC,0x8A, 105 0x50,0xBA,0x9E,0xB9,0x25,0x5A,0x7B,0x55,0x85,0x4F,0x95,0x00,0x63,0x8F,0xE9,0x58, 106 0x6B,0x43,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,0x04,0x24,0x30,0x22,0x30,0x20,0xA0, 107 0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x61,0x2E,0x73, 108 0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x61,0x2E,0x63,0x72,0x6C,0x30, 109 0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x4B,0x30,0x49,0x30, 110 0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x13,0x68,0x74,0x74, 111 0x70,0x3A,0x2F,0x2F,0x73,0x61,0x2E,0x73,0x79,0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D, 112 0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x1A,0x68,0x74, 113 0x74,0x70,0x3A,0x2F,0x2F,0x73,0x61,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F, 114 0x6D,0x2F,0x73,0x61,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, 115 0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x76,0x08,0xAB,0x64, 116 0xF6,0xF4,0x0B,0xE4,0x81,0xBD,0x59,0xB2,0x3E,0xA4,0xFC,0xF5,0x03,0x75,0x04,0x59, 117 0x6A,0xB5,0xFE,0x12,0x34,0x2A,0x04,0x9C,0x89,0xCD,0xCB,0xE1,0x3C,0x6C,0x20,0x39, 118 0xD4,0xEA,0x6F,0x27,0x34,0x7F,0x62,0x1C,0x45,0x72,0x11,0x39,0xC0,0x45,0xAA,0x2A, 119 0x35,0x5C,0xB6,0x06,0xE3,0x08,0xA7,0x8F,0x08,0xAF,0x80,0xB2,0x10,0xCE,0xA5,0x28, 120 0x5B,0x1C,0x49,0x55,0x11,0xEB,0x6B,0x2A,0x80,0xC1,0x09,0xED,0x82,0x72,0x48,0xCA, 121 0x19,0x8B,0xE5,0x34,0x94,0x3C,0x50,0x26,0x77,0x6B,0x1A,0x63,0xBA,0x6F,0x63,0xD1, 122 0x58,0xED,0x2B,0x1D,0xB7,0xA7,0x6E,0x04,0x25,0x99,0xC3,0x94,0x03,0x90,0xEC,0x0F, 123 0x4C,0x93,0x83,0x35,0x86,0xE3,0x70,0x84,0x0D,0x3C,0xCE,0xAF,0x4E,0x80,0x4A,0xD3, 124 0x91,0x3F,0x55,0x33,0x2F,0x1F,0x67,0x87,0x2F,0x09,0xA2,0x41,0xC0,0x10,0x4A,0x2C, 125 0xC4,0x88,0xA0,0x6F,0x93,0x2C,0xEF,0x38,0xD2,0x61,0xC7,0xEC,0xF3,0x37,0x7D,0xC9, 126 0x32,0xA5,0x5C,0x1E,0x48,0x0E,0x85,0x6C,0x47,0x2A,0x7F,0xC6,0x30,0x5E,0xC2,0xF6, 127 0x2E,0xDD,0xE3,0x4D,0xAC,0xFF,0xEF,0x48,0x26,0xC7,0x51,0x74,0x47,0x32,0x46,0x0B, 128 0xCD,0x7A,0x0A,0x5D,0x5B,0xC5,0x8D,0xED,0x17,0xBC,0xDE,0x09,0xBC,0xE9,0x93,0xA9, 129 0x7C,0x85,0x9C,0x88,0xA6,0x83,0xBC,0xD6,0xE5,0x1F,0x05,0x10,0xDF,0xB2,0x4F,0xA2, 130 0xC5,0x97,0x00,0x8B,0x57,0xC7,0x0D,0xE7,0xC7,0x57,0x57,0x87,0x7D,0x13,0x9F,0x5C, 131 0x5C,0xF7,0xF3,0xCD,0x00,0x89,0x0D,0x85,0x9A,0xA2,0x70,0xDA, 132}; 133 134/* subject:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL CA */ 135/* issuer :/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 */ 136unsigned char CA_certificate[1512]={ 137 0x30,0x82,0x05,0xE4,0x30,0x82,0x04,0xCC,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x5B, 138 0x77,0x59,0xC6,0x17,0x84,0xE1,0x5E,0xC7,0x27,0xC0,0x32,0x95,0x29,0x28,0x6B,0x30, 139 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, 140 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, 141 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, 142 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, 143 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, 144 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04, 145 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69, 146 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72, 147 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20, 148 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56, 149 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20, 150 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43, 151 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74, 152 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x30, 153 0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x36, 154 0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xBA,0x31,0x0B, 155 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06, 156 0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x2C,0x20, 157 0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x56, 158 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65, 159 0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32, 160 0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20, 161 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69, 162 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,0x28,0x63,0x29, 163 0x30,0x36,0x31,0x34,0x30,0x32,0x06,0x03,0x55,0x04,0x03,0x13,0x2B,0x56,0x65,0x72, 164 0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x78, 165 0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F, 166 0x6E,0x20,0x53,0x53,0x4C,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09, 167 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00, 168 0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x98,0xDB,0xA0,0x55,0xEB,0x9C,0xFD, 169 0x17,0x79,0xE3,0x9A,0x6E,0x14,0x1D,0xB1,0x5B,0x98,0x23,0x87,0x16,0x6E,0x87,0x76, 170 0x9C,0xB5,0x38,0x3B,0xB5,0xA0,0x7A,0xB4,0x07,0x63,0x09,0x19,0xE6,0x2A,0x88,0x48, 171 0xA9,0xE7,0x9D,0xB6,0x30,0x5A,0x08,0x97,0x0C,0xEC,0xAA,0xE4,0x16,0x69,0x72,0x62, 172 0x23,0x9A,0xFB,0x7A,0x54,0x28,0x98,0xC5,0x0C,0x2D,0xB7,0xD7,0x22,0xB6,0xC8,0xF9, 173 0x38,0x17,0xC7,0xDD,0xDA,0x31,0x46,0x9A,0x94,0x14,0x8E,0x9E,0xEE,0x78,0xA0,0xB7, 174 0x22,0xD4,0x49,0x54,0x97,0x4D,0xE5,0x74,0x5B,0x92,0xBC,0xEC,0x6C,0x2C,0xDF,0xE7, 175 0xC1,0xB6,0x1B,0x1A,0x55,0x6B,0x66,0x08,0x03,0x7F,0x45,0xAF,0x9A,0x33,0xF1,0x10, 176 0xC0,0x6C,0x99,0x4A,0x92,0x24,0x31,0x08,0x6D,0xDD,0x02,0x3E,0x61,0x76,0x78,0x78, 177 0xB6,0xED,0x7E,0x37,0xAE,0x6C,0xF3,0x89,0xE1,0xB7,0xE1,0xDC,0x15,0xCC,0xB7,0x56, 178 0x9F,0x80,0xA0,0xB1,0x05,0x7F,0x4E,0x37,0x15,0xFF,0xB7,0x2F,0x1E,0x8F,0x06,0x38, 179 0x3F,0x50,0xB7,0x69,0x28,0xA3,0xB5,0x66,0x5F,0x36,0x1A,0x52,0x48,0x43,0x66,0x52, 180 0xDF,0xA2,0x92,0x4F,0xD3,0x18,0x60,0xBE,0xE3,0xEA,0x5E,0x19,0x71,0x05,0xBF,0x9E, 181 0x1C,0x6C,0x68,0x72,0x25,0x6F,0xB3,0x7B,0x73,0xC9,0x6D,0xBD,0x12,0xFF,0x9B,0x41, 182 0x32,0x5E,0xF4,0xE8,0x7E,0xC5,0x0B,0xA3,0x4C,0x64,0xD1,0x4E,0xBC,0x26,0x08,0x65, 183 0xFB,0x19,0x97,0x58,0x78,0xE1,0x33,0xBF,0xED,0x68,0x3E,0xB1,0x27,0x45,0x6F,0xC0, 184 0xE2,0xEC,0x97,0x69,0xF7,0x5C,0xD3,0xF7,0x51,0x02,0x03,0x01,0x00,0x01,0xA3,0x82, 185 0x01,0xD2,0x30,0x82,0x01,0xCE,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, 186 0x14,0xFC,0x8A,0x50,0xBA,0x9E,0xB9,0x25,0x5A,0x7B,0x55,0x85,0x4F,0x95,0x00,0x63, 187 0x8F,0xE9,0x58,0x6B,0x43,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04, 188 0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x3D,0x06,0x03,0x55,0x1D,0x20, 189 0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x2A,0x30,0x28, 190 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74,0x74,0x70, 191 0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E, 192 0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x3D,0x06,0x03,0x55,0x1D,0x1F,0x04, 193 0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,0x86,0x2C,0x68,0x74,0x74,0x70,0x3A, 194 0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x63,0x72,0x6C,0x2E,0x76, 195 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x70,0x63,0x61,0x33, 196 0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01, 197 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86, 198 0xF8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x6D,0x06,0x08,0x2B,0x06, 199 0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D,0xA0,0x5B,0x30,0x59, 200 0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F,0x67,0x69,0x66,0x30, 201 0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x04,0x14,0x8F,0xE5, 202 0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4,0x48,0x18,0x2C,0x7B, 203 0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6C,0x6F,0x67, 204 0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x76, 205 0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x29,0x06,0x03,0x55,0x1D,0x11, 206 0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04, 207 0x03,0x13,0x11,0x43,0x6C,0x61,0x73,0x73,0x33,0x43,0x41,0x32,0x30,0x34,0x38,0x2D, 208 0x31,0x2D,0x34,0x37,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, 209 0x04,0x31,0x30,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, 210 0x86,0x21,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72, 211 0x65,0x2D,0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E, 212 0x63,0x6F,0x6D,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14, 213 0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,0x30,0x09,0xF3,0x43,0x39,0xFA,0x02, 214 0xAF,0x33,0x31,0x33,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, 215 0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x96,0xA2,0xFA,0x7F,0xE6,0x3D,0xED,0xD4, 216 0x2B,0xCE,0xB7,0x15,0x3F,0xC0,0x72,0x03,0x5F,0x8B,0xBA,0x16,0x90,0x25,0xF7,0xC2, 217 0x83,0xD8,0xC7,0x75,0x34,0x63,0x68,0x12,0x53,0x0C,0x53,0x89,0x7B,0xC9,0x56,0x09, 218 0xA7,0xC3,0x36,0x44,0x4E,0x0E,0xD0,0x62,0x62,0xB3,0x86,0xFA,0xE8,0xA1,0x9B,0x34, 219 0x67,0x8D,0x53,0x22,0x17,0x3E,0xFD,0xAC,0xEE,0x67,0x2E,0x43,0xE2,0x5D,0x7F,0x33, 220 0x84,0xF2,0xA2,0x70,0xC0,0x6E,0x82,0x97,0xC0,0x34,0xFD,0x25,0xC6,0x23,0x7F,0xED, 221 0xE6,0xB0,0xC5,0x57,0x43,0x84,0xB2,0xDE,0x2D,0xF1,0xD0,0xF6,0x48,0x1F,0x14,0x71, 222 0x57,0xB2,0xAC,0x31,0xE1,0x97,0x24,0x23,0xC9,0x13,0x5D,0x74,0xE5,0x46,0xEF,0x09, 223 0x7C,0x9E,0xE1,0x99,0x31,0x0A,0x08,0x79,0x1B,0x8F,0x71,0x9F,0x17,0x66,0xC8,0x38, 224 0xCF,0xEE,0x8C,0x97,0xB6,0x06,0xB9,0x73,0x46,0xE4,0xD3,0x94,0xC1,0xE5,0x60,0xB5, 225 0x25,0x75,0x2D,0xD9,0x69,0x31,0xEC,0xCD,0x96,0xC3,0xA3,0x76,0xFD,0xE8,0x74,0x44, 226 0xAC,0x12,0xB9,0x4D,0xBF,0x51,0xE8,0xB9,0xD4,0x44,0x4E,0x27,0xCB,0xAE,0x20,0xD1, 227 0x7E,0x2A,0x7C,0xB6,0x63,0x47,0x9E,0x76,0xBA,0x97,0xD0,0x16,0xE7,0x0B,0x6C,0x6D, 228 0xF7,0x43,0x6F,0x33,0x0B,0x29,0x30,0x77,0xFA,0x9D,0xF9,0xF5,0x4E,0xB8,0x76,0xB3, 229 0xCD,0x18,0xB4,0xF9,0x20,0xEF,0x3D,0xDB,0xE6,0xCA,0xAD,0x9B,0xD0,0x4E,0xD2,0x87, 230 0xA9,0x0D,0xA6,0x44,0x73,0x50,0xDD,0x70,0x5B,0xED,0xAD,0x7E,0x4A,0xBC,0x22,0xD5, 231 0xA8,0x26,0xE4,0xC2,0x85,0x20,0x0D,0xD9, 232}; 233 234 235 236/* 237 * Note: this test requires Network connectivity! 238 */ 239 240static void tests(void) 241{ 242 SecCertificateRef leaf_cert; 243 SecCertificateRef CA_cert; 244 245 // Import certificates from byte array above 246 isnt(leaf_cert = SecCertificateCreateWithBytes(NULL, leaf_certificate, sizeof(leaf_certificate)), 247 NULL, "Leaf Cert"); 248 isnt(CA_cert = SecCertificateCreateWithBytes(NULL, CA_certificate, sizeof(CA_certificate)), 249 NULL, "CA Cert"); 250 251 /* 252 * 1) Test explicit revocation with no OCSP/CRL 253 * Side note: cache is stored in /var/db/crls/ocspcache.db crlcache.db etc... 254 */ 255 256 OSStatus status; 257 SecPolicyRef policy_default = SecPolicyCreateBasicX509(); 258 SecPolicyRef policy_revoc = SecPolicyCreateRevocation(kSecRevocationNetworkAccessDisabled); 259 260 // Default Policies 261 CFMutableArrayRef DefaultPolicy = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); 262 CFArrayAppendValue(DefaultPolicy, policy_default); 263 264 // Default Policies + explicit revocation 265 CFMutableArrayRef DefaultPolicyWithRevocation = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); 266 CFArrayAppendValue(DefaultPolicyWithRevocation, policy_default); 267 CFArrayAppendValue(DefaultPolicyWithRevocation, policy_revoc); 268 269 // Valid chain of Cert (leaf + CA) 270 CFMutableArrayRef CertFullChain = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); 271 CFArrayAppendValue(CertFullChain, leaf_cert); 272 CFArrayAppendValue(CertFullChain, CA_cert); 273 274 // Chain of cert minus the issuer 275 CFMutableArrayRef CertMissingIssuer = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); 276 CFArrayAppendValue(CertMissingIssuer, leaf_cert); 277 278 // Free Resources since all are in arrays 279 CFReleaseSafe(leaf_cert); 280 CFReleaseSafe(CA_cert); 281 CFReleaseSafe(policy_default); 282 CFReleaseSafe(policy_revoc); 283 284 // a) First evaluate an entire EV certificate chain with default policy 285 // OCSP/CRL performed (online/from cache) 286 287 // Array of policy to add explicit revocation policy 288 { 289 SecTrustRef trust = NULL; 290 SecTrustResultType trust_result; 291 292 // Proceed to trust evaluation in two steps 293 ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultPolicy, &trust), 294 "SecTrustCreateWithCertificates"); 295 ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate"); 296 297 // Check results 298 is_status(trust_result, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified"); 299 CFDictionaryRef TrustResultsDict = SecTrustCopyResult(trust); 300 CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(TrustResultsDict, 301 kSecTrustExtendedValidation); 302 ok(ev && CFEqual(kCFBooleanTrue, ev), "extended validation succeeded"); 303 304 CFReleaseNull(TrustResultsDict); 305 CFReleaseNull(trust); 306 } 307 308 // b) Set explicit revocation policy to disable network access 309 // and now expect EV marker to be dropped. 310 // Network packet logging can be used to confirm no OCSP/CRL message is sent. 311 { 312 SecTrustRef trust = NULL; 313 SecTrustResultType trust_result; 314 315 // Proceed to trust evaluation in two steps 316 ok_status(status = SecTrustCreateWithCertificates(CertFullChain, DefaultPolicyWithRevocation, &trust), 317 "SecTrustCreateWithCertificates"); 318 ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate"); 319 320 // Check results 321 is_status(trust_result, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified"); 322 CFDictionaryRef TrustResultsDict = SecTrustCopyResult(trust); 323 CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(TrustResultsDict, 324 kSecTrustExtendedValidation); 325 ok(!ev || (ev && CFEqual(kCFBooleanFalse, ev)), "Expect no extended validation because of lack of revocation"); 326 327 CFReleaseNull(TrustResultsDict); 328 CFReleaseNull(trust); 329 } 330 331 /* 332 * 2) Test retrieving of issuer being blocked 333 */ 334 335 // a) Evaluate leaf EV certificate and expect success (issuer retrieved online) 336 { 337 SecTrustRef trust = NULL; 338 SecTrustResultType trust_result; 339 340 // Proceed to trust evaluation in two steps 341 ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultPolicy, &trust), 342 "SecTrustCreateWithCertificates"); 343 ok_status(status = SecTrustSetNetworkFetchAllowed(trust,true), "SecTrustSetNetworkFetchAllowed"); 344 ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate"); 345 346 // Check results 347 is_status(trust_result, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified"); 348 CFDictionaryRef TrustResultsDict = SecTrustCopyResult(trust); 349 CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(TrustResultsDict, 350 kSecTrustExtendedValidation); 351 ok(ev && CFEqual(kCFBooleanTrue, ev), "extended validation succeeded"); 352 353 CFReleaseNull(TrustResultsDict); 354 CFReleaseNull(trust); 355 } 356 357 // b) Set SecTrustSetNetworkFetchAllowed to false which should prevent issuer cert to be fetched 358 // and therefore cause evaluation failure. 359 { 360 SecTrustRef trust = NULL; 361 SecTrustResultType trust_result; 362 363 // Proceed to trust evaluation in two steps, forcing no network allowed 364 ok_status(status = SecTrustCreateWithCertificates(CertMissingIssuer, DefaultPolicy, &trust), 365 "SecTrustCreateWithCertificates"); 366 ok_status(status = SecTrustSetNetworkFetchAllowed(trust,false), "SecTrustSetNetworkFetchAllowed"); 367 ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate"); 368 369 // Check results 370 is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultProceed"); 371 372 CFReleaseNull(trust); 373 } 374 375 // Free remaining resources 376 CFReleaseSafe(DefaultPolicy); 377 CFReleaseSafe(DefaultPolicyWithRevocation); 378 CFReleaseSafe(CertFullChain); 379 CFReleaseSafe(CertMissingIssuer); 380} 381 382int kc_42_trust_revocation(int argc, char *const *argv) 383{ 384 plan_tests(19); 385 tests(); 386 387 return 0; 388} 389 390 391