1/* 2 * tpUtils.h - TP and cert group test support 3 */ 4 5#ifndef _TP_UTILS_H_ 6#define _TP_UTILS_H_ 7 8#include <Security/cssmtype.h> 9#include <Security/x509defs.h> 10#include <Security/cssmapple.h> 11#include <time.h> 12#include <MacTypes.h> 13#include <CoreFoundation/CoreFoundation.h> 14#include <Security/Security.h> 15 16#ifdef __cplusplus 17extern "C" { 18#endif 19 20#define TP_DB_ENABLE 1 21 22/* 23 * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the 24 * certs into the certgroup and optionally into one of a list of DBs in 25 * random order. Optionaly the first cert in the array is placed in the 26 * first element of certgroup. Only error is memory error. It's legal to 27 * pass in an empty cert array. 28 */ 29CSSM_RETURN tpMakeRandCertGroup( 30 CSSM_CL_HANDLE clHand, 31 CSSM_DL_DB_LIST_PTR dbList, 32 const CSSM_DATA_PTR certs, 33 unsigned numCerts, 34 CSSM_CERTGROUP_PTR certGroup, 35 CSSM_BOOL firstCertIsSubject, // true: certs[0] goes to head 36 // of certGroup 37 CSSM_BOOL verbose, 38 CSSM_BOOL allInDbs, // all certs go to DBs 39 CSSM_BOOL skipFirstDb); // no certs go to db[0] 40 41CSSM_RETURN tpStoreCert( 42 CSSM_DL_DB_HANDLE dlDb, 43 const CSSM_DATA_PTR cert, 44 /* REQUIRED fields */ 45 CSSM_CERT_TYPE certType, // e.g. CSSM_CERT_X_509v3 46 uint32 serialNum, 47 const CSSM_DATA *issuer, // (shouldn't this be subject?) 48 // normalized & encoded 49 /* OPTIONAL fields */ 50 CSSM_CERT_ENCODING certEncoding, // e.g. CSSM_CERT_ENCODING_DER 51 const CSSM_DATA *printName, 52 const CSSM_DATA *subject); // normalized & encoded 53 54/* 55 * Store a cert when we don't already know the required fields. We'll 56 * extract them. 57 */ 58CSSM_RETURN tpStoreRawCert( 59 CSSM_DL_DB_HANDLE dlDb, 60 CSSM_CL_HANDLE clHand, 61 const CSSM_DATA_PTR cert); 62 63/* 64 * Generate numKeyPairs key pairs of specified algorithm and size. 65 * Key labels will be 'keyLabelBase' concatenated with a 4-digit 66 * decimal number. 67 */ 68CSSM_RETURN tpGenKeys( 69 CSSM_CSP_HANDLE cspHand, 70 CSSM_DL_DB_HANDLE dbHand, /* keys go here */ 71 unsigned numKeyPairs, 72 uint32 keyGenAlg, /* CSSM_ALGID_RSA, etc. */ 73 uint32 keySizeInBits, 74 const char *keyLabelBase, /* C string */ 75 CSSM_KEY_PTR pubKeys, /* array of keys RETURNED here */ 76 CSSM_KEY_PTR privKeys, /* array of keys RETURNED here */ 77 CSSM_DATA_PTR paramData = NULL); // optional DSA params 78 79/* 80 * Generate a cert chain using specified key pairs. The last cert in the 81 * chain (certs[numCerts-1]) is a root cert, self-signed. 82 */ 83CSSM_RETURN tpGenCerts( 84 CSSM_CSP_HANDLE cspHand, 85 CSSM_CL_HANDLE clHand, 86 unsigned numCerts, 87 uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */ 88 const char *nameBase, /* C string */ 89 CSSM_KEY_PTR pubKeys, /* array of public keys */ 90 CSSM_KEY_PTR privKeys, /* array of private keys */ 91 CSSM_DATA_PTR certs, /* array of certs RETURNED here */ 92 const char *notBeforeStr, /* from genTimeAtNowPlus() */ 93 const char *notAfterStr); /* from genTimeAtNowPlus() */ 94 95/* 96 * Generate a cert chain using specified key pairs. The last cert in the 97 * chain (certs[numCerts-1]) is a root cert, self-signed. Store 98 * the certs indicated by corresponding element on storeArray. If 99 * storeArray[n].DLHandle == 0, the cert is not stored. 100 */ 101CSSM_RETURN tpGenCertsStore( 102 CSSM_CSP_HANDLE cspHand, 103 CSSM_CL_HANDLE clHand, 104 unsigned numCerts, 105 uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */ 106 const char *nameBase, /* C string */ 107 CSSM_KEY_PTR pubKeys, /* array of public keys */ 108 CSSM_KEY_PTR privKeys, /* array of private keys */ 109 CSSM_DL_DB_HANDLE *storeArray, /* array of certs stored here */ 110 CSSM_DATA_PTR certs, /* array of certs RETURNED here */ 111 const char *notBeforeStr, /* from genTimeAtNowPlus() */ 112 const char *notAfterStr); /* from genTimeAtNowPlus() */ 113 114/* free a CSSM_CERT_GROUP */ 115void tpFreeCertGroup( 116 CSSM_CERTGROUP_PTR certGroup, 117 CSSM_BOOL freeCertData, // free individual CertList.Data 118 CSSM_BOOL freeStruct); // free the overall CSSM_CERTGROUP 119 120CSSM_BOOL tpCompareCertGroups( 121 const CSSM_CERTGROUP *grp1, 122 const CSSM_CERTGROUP *grp2); 123 124CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb); 125 126/* 127 * Wrapper for CSSM_TP_CertGroupVerify. 128 */ 129CSSM_RETURN tpCertGroupVerify( 130 CSSM_TP_HANDLE tpHand, 131 CSSM_CL_HANDLE clHand, 132 CSSM_CSP_HANDLE cspHand, 133 CSSM_DL_DB_LIST_PTR dbListPtr, 134 const CSSM_OID *policy, // optional 135 const CSSM_DATA *fieldOpts, // optional 136 const CSSM_DATA *actionData, // optional 137 void *policyOpts, 138 const CSSM_CERTGROUP *certGroup, 139 CSSM_DATA_PTR anchorCerts, 140 unsigned numAnchorCerts, 141 CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc. 142 CSSM_TIMESTRING cssmTimeStr,// optional 143 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result); // RETURNED 144 145CSSM_RETURN tpKcOpen( 146 CSSM_DL_HANDLE dlHand, 147 const char *kcName, 148 const char *pwd, // optional to avoid UI 149 CSSM_BOOL doCreate, 150 CSSM_DB_HANDLE *dbHand); // RETURNED 151 152CSSM_RETURN freeVfyResult( 153 CSSM_TP_VERIFY_CONTEXT_RESULT *ctx); 154 155void printCertInfo( 156 unsigned numCerts, // from CertGroup 157 const CSSM_TP_APPLE_EVIDENCE_INFO *info); 158 159void dumpVfyResult( 160 const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult); 161 162/* 163 * Obtain system anchors in CF and in CSSM_DATA form. 164 * Caller must CFRelease the returned rootArray and 165 * free() the returned CSSM_DATA array, but not its 166 * contents - SecCertificates themselves own that. 167 */ 168OSStatus getSystemAnchors( 169 CFArrayRef *rootArray, /* RETURNED */ 170 CSSM_DATA **anchors, /* RETURNED */ 171 unsigned *numAnchors); /* RETURNED */ 172 173/* get a SecCertificateRef from a file */ 174SecCertificateRef certFromFile( 175 const char *fileName); 176 177#ifdef __cplusplus 178} 179#endif 180#endif /* _TP_UTILS_H_ */ 181 182