summaryrefslogtreecommitdiff
path: root/contrib/keychain-mcd
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/keychain-mcd')
-rw-r--r--contrib/keychain-mcd/cert_data.c1057
-rw-r--r--contrib/keychain-mcd/cert_data.h15
-rw-r--r--contrib/keychain-mcd/common_osx.c87
-rw-r--r--contrib/keychain-mcd/common_osx.h7
-rw-r--r--contrib/keychain-mcd/crypto_osx.c57
-rw-r--r--contrib/keychain-mcd/crypto_osx.h19
-rw-r--r--contrib/keychain-mcd/main.c98
7 files changed, 775 insertions, 565 deletions
diff --git a/contrib/keychain-mcd/cert_data.c b/contrib/keychain-mcd/cert_data.c
index a04bf79..b84f3fc 100644
--- a/contrib/keychain-mcd/cert_data.c
+++ b/contrib/keychain-mcd/cert_data.c
@@ -51,684 +51,817 @@ CFStringRef kStringSpace = CFSTR(" "),
typedef struct _CertName
{
- CFArrayRef countryName, organization, organizationalUnit, commonName, description, emailAddress,
- stateName, localityName;
+ CFArrayRef countryName, organization, organizationalUnit, commonName, description, emailAddress,
+ stateName, localityName;
} CertName, *CertNameRef;
typedef struct _DescData
{
- CFStringRef name, value;
+ CFStringRef name, value;
} DescData, *DescDataRef;
void destroyDescData(DescDataRef pData);
-CertNameRef createCertName()
+CertNameRef
+createCertName()
{
- CertNameRef pCertName = (CertNameRef)malloc(sizeof(CertName));
- pCertName->countryName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->organization = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->organizationalUnit = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->commonName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->description = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->emailAddress = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->stateName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- pCertName->localityName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
- return pCertName;
+ CertNameRef pCertName = (CertNameRef)malloc(sizeof(CertName));
+ pCertName->countryName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->organization = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->organizationalUnit = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->commonName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->description = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->emailAddress = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->stateName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ pCertName->localityName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ return pCertName;
}
-void destroyCertName(CertNameRef pCertName)
+void
+destroyCertName(CertNameRef pCertName)
{
- if (!pCertName)
- return;
-
- CFRelease(pCertName->countryName);
- CFRelease(pCertName->organization);
- CFRelease(pCertName->organizationalUnit);
- CFRelease(pCertName->commonName);
- CFRelease(pCertName->description);
- CFRelease(pCertName->emailAddress);
- CFRelease(pCertName->stateName);
- CFRelease(pCertName->localityName);
- free(pCertName);
+ if (!pCertName)
+ {
+ return;
+ }
+
+ CFRelease(pCertName->countryName);
+ CFRelease(pCertName->organization);
+ CFRelease(pCertName->organizationalUnit);
+ CFRelease(pCertName->commonName);
+ CFRelease(pCertName->description);
+ CFRelease(pCertName->emailAddress);
+ CFRelease(pCertName->stateName);
+ CFRelease(pCertName->localityName);
+ free(pCertName);
}
-bool CFStringRefCmpCString(CFStringRef cfstr, const char *str)
+bool
+CFStringRefCmpCString(CFStringRef cfstr, const char *str)
{
- CFStringRef tmp = CFStringCreateWithCStringNoCopy(NULL, str, kCFStringEncodingUTF8, kCFAllocatorNull);
- CFComparisonResult cresult = CFStringCompare(cfstr, tmp, 0);
- bool result = cresult == kCFCompareEqualTo;
- CFRelease(tmp);
- return result;
+ CFStringRef tmp = CFStringCreateWithCStringNoCopy(NULL, str, kCFStringEncodingUTF8, kCFAllocatorNull);
+ CFComparisonResult cresult = CFStringCompare(cfstr, tmp, 0);
+ bool result = cresult == kCFCompareEqualTo;
+ CFRelease(tmp);
+ return result;
}
-CFDateRef GetDateFieldFromCertificate(SecCertificateRef certificate, CFTypeRef oid)
+CFDateRef
+GetDateFieldFromCertificate(SecCertificateRef certificate, CFTypeRef oid)
{
- const void *keys[] = { oid };
- CFDictionaryRef dict = NULL;
- CFErrorRef error;
- CFDateRef date = NULL;
-
- CFArrayRef keySelection = CFArrayCreate(NULL, keys , sizeof(keys)/sizeof(keys[0]), &kCFTypeArrayCallBacks);
- dict = SecCertificateCopyValues(certificate, keySelection, &error);
- if (dict == NULL)
+ const void *keys[] = { oid };
+ CFDictionaryRef dict = NULL;
+ CFErrorRef error;
+ CFDateRef date = NULL;
+
+ CFArrayRef keySelection = CFArrayCreate(NULL, keys, sizeof(keys)/sizeof(keys[0]), &kCFTypeArrayCallBacks);
+ dict = SecCertificateCopyValues(certificate, keySelection, &error);
+ if (dict == NULL)
+ {
+ printErrorMsg("GetDateFieldFromCertificate: SecCertificateCopyValues", error);
+ goto release_ks;
+ }
+ CFDictionaryRef vals = dict ? CFDictionaryGetValue(dict, oid) : NULL;
+ CFNumberRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL;
+ if (vals2 == NULL)
{
- printErrorMsg("GetDateFieldFromCertificate: SecCertificateCopyValues", error);
- goto release_ks;
+ goto release_dict;
}
- CFDictionaryRef vals = dict ? CFDictionaryGetValue(dict, oid) : NULL;
- CFNumberRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL;
- if (vals2 == NULL)
- goto release_dict;
- CFAbsoluteTime validityNotBefore;
- if (CFNumberGetValue(vals2, kCFNumberDoubleType, &validityNotBefore))
- date = CFDateCreate(kCFAllocatorDefault,validityNotBefore);
+ CFAbsoluteTime validityNotBefore;
+ if (CFNumberGetValue(vals2, kCFNumberDoubleType, &validityNotBefore))
+ {
+ date = CFDateCreate(kCFAllocatorDefault,validityNotBefore);
+ }
release_dict:
- CFRelease(dict);
+ CFRelease(dict);
release_ks:
- CFRelease(keySelection);
- return date;
+ CFRelease(keySelection);
+ return date;
}
-CFArrayRef GetFieldsFromCertificate(SecCertificateRef certificate, CFTypeRef oid)
+CFArrayRef
+GetFieldsFromCertificate(SecCertificateRef certificate, CFTypeRef oid)
{
- CFMutableArrayRef fields = CFArrayCreateMutable(NULL, 0, NULL);
- CertNameRef pCertName = createCertName();
- const void* keys[] = { oid, };
- CFDictionaryRef dict;
- CFErrorRef error;
-
- CFArrayRef keySelection = CFArrayCreate(NULL, keys , 1, NULL);
-
- dict = SecCertificateCopyValues(certificate, keySelection, &error);
- if (dict == NULL) {
- printErrorMsg("GetFieldsFromCertificate: SecCertificateCopyValues", error);
- CFRelease(keySelection);
- CFRelease(fields);
- destroyCertName(pCertName);
- return NULL;
- }
- CFDictionaryRef vals = CFDictionaryGetValue(dict, oid);
- CFArrayRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL;
- if (vals2)
- {
- for(int i = 0; i < CFArrayGetCount(vals2); i++) {
- CFDictionaryRef subDict = CFArrayGetValueAtIndex(vals2, i);
- CFStringRef label = CFDictionaryGetValue(subDict, kSecPropertyKeyLabel);
- CFStringRef value = CFDictionaryGetValue(subDict, kSecPropertyKeyValue);
-
- if (CFStringCompare(label, kSecOIDEmailAddress, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->emailAddress, value);
- else if (CFStringCompare(label, kSecOIDCountryName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->countryName, value);
- else if (CFStringCompare(label, kSecOIDOrganizationName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->organization, value);
- else if (CFStringCompare(label, kSecOIDOrganizationalUnitName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->organizationalUnit, value);
- else if (CFStringCompare(label, kSecOIDCommonName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->commonName, value);
- else if (CFStringCompare(label, kSecOIDDescription, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->description, value);
- else if (CFStringCompare(label, kSecOIDStateProvinceName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->stateName, value);
- else if (CFStringCompare(label, kSecOIDLocalityName, 0) == kCFCompareEqualTo)
- CFArrayAppendValue((CFMutableArrayRef)pCertName->localityName, value);
- }
- CFArrayAppendValue(fields, pCertName);
- }
-
- CFRelease(dict);
- CFRelease(keySelection);
- return fields;
+ CFMutableArrayRef fields = CFArrayCreateMutable(NULL, 0, NULL);
+ CertNameRef pCertName = createCertName();
+ const void *keys[] = { oid, };
+ CFDictionaryRef dict;
+ CFErrorRef error;
+
+ CFArrayRef keySelection = CFArrayCreate(NULL, keys, 1, NULL);
+
+ dict = SecCertificateCopyValues(certificate, keySelection, &error);
+ if (dict == NULL)
+ {
+ printErrorMsg("GetFieldsFromCertificate: SecCertificateCopyValues", error);
+ CFRelease(keySelection);
+ CFRelease(fields);
+ destroyCertName(pCertName);
+ return NULL;
+ }
+ CFDictionaryRef vals = CFDictionaryGetValue(dict, oid);
+ CFArrayRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL;
+ if (vals2)
+ {
+ for (int i = 0; i < CFArrayGetCount(vals2); i++) {
+ CFDictionaryRef subDict = CFArrayGetValueAtIndex(vals2, i);
+ CFStringRef label = CFDictionaryGetValue(subDict, kSecPropertyKeyLabel);
+ CFStringRef value = CFDictionaryGetValue(subDict, kSecPropertyKeyValue);
+
+ if (CFStringCompare(label, kSecOIDEmailAddress, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->emailAddress, value);
+ }
+ else if (CFStringCompare(label, kSecOIDCountryName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->countryName, value);
+ }
+ else if (CFStringCompare(label, kSecOIDOrganizationName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->organization, value);
+ }
+ else if (CFStringCompare(label, kSecOIDOrganizationalUnitName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->organizationalUnit, value);
+ }
+ else if (CFStringCompare(label, kSecOIDCommonName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->commonName, value);
+ }
+ else if (CFStringCompare(label, kSecOIDDescription, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->description, value);
+ }
+ else if (CFStringCompare(label, kSecOIDStateProvinceName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->stateName, value);
+ }
+ else if (CFStringCompare(label, kSecOIDLocalityName, 0) == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)pCertName->localityName, value);
+ }
+ }
+ CFArrayAppendValue(fields, pCertName);
+ }
+
+ CFRelease(dict);
+ CFRelease(keySelection);
+ return fields;
}
-CertDataRef createCertDataFromCertificate(SecCertificateRef certificate)
+CertDataRef
+createCertDataFromCertificate(SecCertificateRef certificate)
{
- CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData));
- pCertData->subject = GetFieldsFromCertificate(certificate, kSecOIDX509V1SubjectName);
- pCertData->issuer = GetFieldsFromCertificate(certificate, kSecOIDX509V1IssuerName);
+ CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData));
+ pCertData->subject = GetFieldsFromCertificate(certificate, kSecOIDX509V1SubjectName);
+ pCertData->issuer = GetFieldsFromCertificate(certificate, kSecOIDX509V1IssuerName);
- CFDataRef data = SecCertificateCopyData(certificate);
- if (data == NULL)
+ CFDataRef data = SecCertificateCopyData(certificate);
+ if (data == NULL)
{
- warnx("SecCertificateCopyData() returned NULL");
- destroyCertData(pCertData);
- return NULL;
+ warnx("SecCertificateCopyData() returned NULL");
+ destroyCertData(pCertData);
+ return NULL;
}
- unsigned char sha1[CC_SHA1_DIGEST_LENGTH];
- CC_SHA1(CFDataGetBytePtr(data), CFDataGetLength(data), sha1);
- pCertData->sha1 = createHexString(sha1, CC_SHA1_DIGEST_LENGTH);
+ unsigned char sha1[CC_SHA1_DIGEST_LENGTH];
+ CC_SHA1(CFDataGetBytePtr(data), CFDataGetLength(data), sha1);
+ pCertData->sha1 = createHexString(sha1, CC_SHA1_DIGEST_LENGTH);
- unsigned char md5[CC_MD5_DIGEST_LENGTH];
- CC_MD5(CFDataGetBytePtr(data), CFDataGetLength(data), md5);
- pCertData->md5 = createHexString((unsigned char*)md5, CC_MD5_DIGEST_LENGTH);
+ unsigned char md5[CC_MD5_DIGEST_LENGTH];
+ CC_MD5(CFDataGetBytePtr(data), CFDataGetLength(data), md5);
+ pCertData->md5 = createHexString((unsigned char *)md5, CC_MD5_DIGEST_LENGTH);
- CFDataRef serial = SecCertificateCopySerialNumber(certificate, NULL);
- pCertData->serial = createHexString((unsigned char *)CFDataGetBytePtr(serial), CFDataGetLength(serial));
- CFRelease(serial);
+ CFDataRef serial = SecCertificateCopySerialNumber(certificate, NULL);
+ pCertData->serial = createHexString((unsigned char *)CFDataGetBytePtr(serial), CFDataGetLength(serial));
+ CFRelease(serial);
- return pCertData;
+ return pCertData;
}
-CFStringRef stringFromRange(const char *cstring, CFRange range)
+CFStringRef
+stringFromRange(const char *cstring, CFRange range)
{
- CFStringRef str = CFStringCreateWithBytes (NULL, (uint8*)&cstring[range.location], range.length, kCFStringEncodingUTF8, false);
- CFMutableStringRef mutableStr = CFStringCreateMutableCopy(NULL, 0, str);
- CFStringTrimWhitespace(mutableStr);
- CFRelease(str);
- return mutableStr;
+ CFStringRef str = CFStringCreateWithBytes(NULL, (uint8 *)&cstring[range.location], range.length, kCFStringEncodingUTF8, false);
+ CFMutableStringRef mutableStr = CFStringCreateMutableCopy(NULL, 0, str);
+ CFStringTrimWhitespace(mutableStr);
+ CFRelease(str);
+ return mutableStr;
}
-DescDataRef createDescData(const char *description, CFRange nameRange, CFRange valueRange)
+DescDataRef
+createDescData(const char *description, CFRange nameRange, CFRange valueRange)
{
- DescDataRef pRetVal = (DescDataRef)malloc(sizeof(DescData));
+ DescDataRef pRetVal = (DescDataRef)malloc(sizeof(DescData));
- memset(pRetVal, 0, sizeof(DescData));
+ memset(pRetVal, 0, sizeof(DescData));
- if (nameRange.length > 0)
- pRetVal->name = stringFromRange(description, nameRange);
+ if (nameRange.length > 0)
+ {
+ pRetVal->name = stringFromRange(description, nameRange);
+ }
- if (valueRange.length > 0)
- pRetVal->value = stringFromRange(description, valueRange);
+ if (valueRange.length > 0)
+ {
+ pRetVal->value = stringFromRange(description, valueRange);
+ }
#if 0
- fprintf(stderr, "name = '%s', value = '%s'\n",
- CFStringGetCStringPtr(pRetVal->name, kCFStringEncodingUTF8),
- CFStringGetCStringPtr(pRetVal->value, kCFStringEncodingUTF8));
+ fprintf(stderr, "name = '%s', value = '%s'\n",
+ CFStringGetCStringPtr(pRetVal->name, kCFStringEncodingUTF8),
+ CFStringGetCStringPtr(pRetVal->value, kCFStringEncodingUTF8));
#endif
- return pRetVal;
+ return pRetVal;
}
-void destroyDescData(DescDataRef pData)
+void
+destroyDescData(DescDataRef pData)
{
- if (pData->name)
- CFRelease(pData->name);
+ if (pData->name)
+ {
+ CFRelease(pData->name);
+ }
- if (pData->value)
- CFRelease(pData->value);
+ if (pData->value)
+ {
+ CFRelease(pData->value);
+ }
- free(pData);
+ free(pData);
}
-CFArrayRef createDescDataPairs(const char *description)
+CFArrayRef
+createDescDataPairs(const char *description)
{
- int numChars = strlen(description);
- CFRange nameRange, valueRange;
- DescDataRef pData;
- CFMutableArrayRef retVal = CFArrayCreateMutable(NULL, 0, NULL);
+ int numChars = strlen(description);
+ CFRange nameRange, valueRange;
+ DescDataRef pData;
+ CFMutableArrayRef retVal = CFArrayCreateMutable(NULL, 0, NULL);
- int i = 0;
+ int i = 0;
- nameRange = CFRangeMake(0, 0);
- valueRange = CFRangeMake(0, 0);
- bool bInValue = false;
+ nameRange = CFRangeMake(0, 0);
+ valueRange = CFRangeMake(0, 0);
+ bool bInValue = false;
- while(i < numChars)
+ while (i < numChars)
{
- if (!bInValue && (description[i] != ':'))
+ if (!bInValue && (description[i] != ':'))
{
- nameRange.length++;
+ nameRange.length++;
}
- else if (bInValue && (description[i] != ':'))
+ else if (bInValue && (description[i] != ':'))
{
- valueRange.length++;
+ valueRange.length++;
}
- else if(!bInValue)
+ else if (!bInValue)
{
- bInValue = true;
- valueRange.location = i + 1;
- valueRange.length = 0;
+ bInValue = true;
+ valueRange.location = i + 1;
+ valueRange.length = 0;
}
- else //(bInValue)
+ else /*(bInValue) */
{
- bInValue = false;
- while(description[i] != ' ')
+ bInValue = false;
+ while (description[i] != ' ')
{
- valueRange.length--;
- i--;
+ valueRange.length--;
+ i--;
}
- pData = createDescData(description, nameRange, valueRange);
- CFArrayAppendValue(retVal, pData);
+ pData = createDescData(description, nameRange, valueRange);
+ CFArrayAppendValue(retVal, pData);
- nameRange.location = i + 1;
- nameRange.length = 0;
+ nameRange.location = i + 1;
+ nameRange.length = 0;
}
- i++;
+ i++;
}
- pData = createDescData(description, nameRange, valueRange);
- CFArrayAppendValue(retVal, pData);
- return retVal;
+ pData = createDescData(description, nameRange, valueRange);
+ CFArrayAppendValue(retVal, pData);
+ return retVal;
}
-void arrayDestroyDescData(const void *val, void *context)
+void
+arrayDestroyDescData(const void *val, void *context)
{
- DescDataRef pData = (DescDataRef) val;
- destroyDescData(pData);
+ DescDataRef pData = (DescDataRef) val;
+ destroyDescData(pData);
}
-int parseNameComponent(CFStringRef dn, CFStringRef *pName, CFStringRef *pValue)
+int
+parseNameComponent(CFStringRef dn, CFStringRef *pName, CFStringRef *pValue)
{
- CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, dn, kCertNameEquals);
+ CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, dn, kCertNameEquals);
- *pName = *pValue = NULL;
+ *pName = *pValue = NULL;
- if (CFArrayGetCount(nameStrings) != 2)
- return 0;
+ if (CFArrayGetCount(nameStrings) != 2)
+ {
+ return 0;
+ }
- CFMutableStringRef str;
+ CFMutableStringRef str;
- str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 0));
- CFStringTrimWhitespace(str);
- *pName = str;
+ str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 0));
+ CFStringTrimWhitespace(str);
+ *pName = str;
- str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 1));
- CFStringTrimWhitespace(str);
- *pValue = str;
+ str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 1));
+ CFStringTrimWhitespace(str);
+ *pValue = str;
- CFRelease(nameStrings);
- return 1;
+ CFRelease(nameStrings);
+ return 1;
}
-int tryAppendSingleCertField(CertNameRef pCertName, CFArrayRef where, CFStringRef key,
- CFStringRef name, CFStringRef value)
+int
+tryAppendSingleCertField(CertNameRef pCertName, CFArrayRef where, CFStringRef key,
+ CFStringRef name, CFStringRef value)
{
- if (CFStringCompareWithOptions(name, key, CFRangeMake(0, CFStringGetLength(name)), kCFCompareCaseInsensitive)
- == kCFCompareEqualTo) {
- CFArrayAppendValue((CFMutableArrayRef)where, value);
- return 1;
- }
- return 0;
+ if (CFStringCompareWithOptions(name, key, CFRangeMake(0, CFStringGetLength(name)), kCFCompareCaseInsensitive)
+ == kCFCompareEqualTo)
+ {
+ CFArrayAppendValue((CFMutableArrayRef)where, value);
+ return 1;
+ }
+ return 0;
}
-int appendCertField(CertNameRef pCert, CFStringRef name, CFStringRef value)
+int
+appendCertField(CertNameRef pCert, CFStringRef name, CFStringRef value)
{
- struct {
- CFArrayRef field;
- CFStringRef key;
- } fields[] = {
- { pCert->organization, kCertNameOrganization},
- { pCert->organizationalUnit, kCertNameOrganizationalUnit},
- { pCert->countryName, kCertNameCountry},
- { pCert->localityName, kCertNameLocality},
- { pCert->stateName, kCertNameState},
- { pCert->commonName, kCertNameCommonName},
- { pCert->emailAddress, kCertNameEmail},
- };
- int i;
- int ret = 0;
-
- for (i=0; i<sizeof(fields)/sizeof(fields[0]); i++)
- ret += tryAppendSingleCertField(pCert, fields[i].field, fields[i].key, name, value);
- return ret;
+ struct {
+ CFArrayRef field;
+ CFStringRef key;
+ } fields[] = {
+ { pCert->organization, kCertNameOrganization},
+ { pCert->organizationalUnit, kCertNameOrganizationalUnit},
+ { pCert->countryName, kCertNameCountry},
+ { pCert->localityName, kCertNameLocality},
+ { pCert->stateName, kCertNameState},
+ { pCert->commonName, kCertNameCommonName},
+ { pCert->emailAddress, kCertNameEmail},
+ };
+ int i;
+ int ret = 0;
+
+ for (i = 0; i<sizeof(fields)/sizeof(fields[0]); i++)
+ ret += tryAppendSingleCertField(pCert, fields[i].field, fields[i].key, name, value);
+ return ret;
}
-int parseCertName(CFStringRef nameDesc, CFMutableArrayRef names)
+int
+parseCertName(CFStringRef nameDesc, CFMutableArrayRef names)
{
- CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, nameDesc, kCertNameFwdSlash);
- int count = CFArrayGetCount(nameStrings);
- int i;
- int ret = 1;
+ CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, nameDesc, kCertNameFwdSlash);
+ int count = CFArrayGetCount(nameStrings);
+ int i;
+ int ret = 1;
- CertNameRef pCertName = createCertName();
+ CertNameRef pCertName = createCertName();
- for(i = 0;i < count;i++)
+ for (i = 0; i < count; i++)
{
- CFMutableStringRef dn = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, i));
- CFStringTrimWhitespace(dn);
+ CFMutableStringRef dn = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, i));
+ CFStringTrimWhitespace(dn);
- CFStringRef name, value;
+ CFStringRef name, value;
- if (!parseNameComponent(dn, &name, &value))
- ret = 0;
+ if (!parseNameComponent(dn, &name, &value))
+ {
+ ret = 0;
+ }
- if (!name || !value)
+ if (!name || !value)
{
- if (name)
- CFRelease(name);
+ if (name)
+ {
+ CFRelease(name);
+ }
- if (value)
- CFRelease(value);
- if (name && !value)
- ret = 0;
+ if (value)
+ {
+ CFRelease(value);
+ }
+ if (name && !value)
+ {
+ ret = 0;
+ }
- CFRelease(dn);
- continue;
+ CFRelease(dn);
+ continue;
}
- if (!appendCertField(pCertName, name, value))
- ret = 0;
- CFRelease(name);
- CFRelease(value);
- CFRelease(dn);
+ if (!appendCertField(pCertName, name, value))
+ {
+ ret = 0;
+ }
+ CFRelease(name);
+ CFRelease(value);
+ CFRelease(dn);
}
- CFArrayAppendValue(names, pCertName);
- CFRelease(nameStrings);
- return ret;
+ CFArrayAppendValue(names, pCertName);
+ CFRelease(nameStrings);
+ return ret;
}
-int arrayParseDescDataPair(const void *val, void *context)
+int
+arrayParseDescDataPair(const void *val, void *context)
{
- DescDataRef pDescData = (DescDataRef)val;
- CertDataRef pCertData = (CertDataRef)context;
- int ret = 1;
+ DescDataRef pDescData = (DescDataRef)val;
+ CertDataRef pCertData = (CertDataRef)context;
+ int ret = 1;
- if (!pDescData->name || !pDescData->value)
- return 0;
+ if (!pDescData->name || !pDescData->value)
+ {
+ return 0;
+ }
- if (CFStringCompareWithOptions(pDescData->name, kCertDataSubjectName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
- ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->subject);
- else if (CFStringCompareWithOptions(pDescData->name, kCertDataIssuerName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
- ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->issuer);
- else if (CFStringCompareWithOptions(pDescData->name, kCertDataSha1Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
- pCertData->sha1 = CFRetain(pDescData->value);
- else if (CFStringCompareWithOptions(pDescData->name, kCertDataMd5Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
- pCertData->md5 = CFRetain(pDescData->value);
- else if (CFStringCompareWithOptions(pDescData->name, kCertDataSerialName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
- pCertData->serial = CFRetain(pDescData->value);
- else
- return 0;
+ if (CFStringCompareWithOptions(pDescData->name, kCertDataSubjectName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
+ {
+ ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->subject);
+ }
+ else if (CFStringCompareWithOptions(pDescData->name, kCertDataIssuerName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
+ {
+ ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->issuer);
+ }
+ else if (CFStringCompareWithOptions(pDescData->name, kCertDataSha1Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
+ {
+ pCertData->sha1 = CFRetain(pDescData->value);
+ }
+ else if (CFStringCompareWithOptions(pDescData->name, kCertDataMd5Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
+ {
+ pCertData->md5 = CFRetain(pDescData->value);
+ }
+ else if (CFStringCompareWithOptions(pDescData->name, kCertDataSerialName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo)
+ {
+ pCertData->serial = CFRetain(pDescData->value);
+ }
+ else
+ {
+ return 0;
+ }
- return ret;
+ return ret;
}
-CertDataRef createCertDataFromString(const char *description)
+CertDataRef
+createCertDataFromString(const char *description)
{
- CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData));
- pCertData->subject = CFArrayCreateMutable(NULL, 0, NULL);
- pCertData->issuer = CFArrayCreateMutable(NULL, 0, NULL);
- pCertData->sha1 = NULL;
- pCertData->md5 = NULL;
- pCertData->serial = NULL;
-
- CFArrayRef pairs = createDescDataPairs(description);
- for (int i=0; i<CFArrayGetCount(pairs); i++)
- if (!arrayParseDescDataPair(CFArrayGetValueAtIndex(pairs, i), pCertData)) {
- arrayDestroyDescData(pCertData, NULL);
- CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL);
- CFRelease(pairs);
- return 0;
- }
-
- CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL);
- CFRelease(pairs);
- return pCertData;
+ CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData));
+ pCertData->subject = CFArrayCreateMutable(NULL, 0, NULL);
+ pCertData->issuer = CFArrayCreateMutable(NULL, 0, NULL);
+ pCertData->sha1 = NULL;
+ pCertData->md5 = NULL;
+ pCertData->serial = NULL;
+
+ CFArrayRef pairs = createDescDataPairs(description);
+ for (int i = 0; i<CFArrayGetCount(pairs); i++)
+ if (!arrayParseDescDataPair(CFArrayGetValueAtIndex(pairs, i), pCertData))
+ {
+ arrayDestroyDescData(pCertData, NULL);
+ CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL);
+ CFRelease(pairs);
+ return 0;
+ }
+
+ CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL);
+ CFRelease(pairs);
+ return pCertData;
}
-void arrayDestroyCertName(const void *val, void *context)
+void
+arrayDestroyCertName(const void *val, void *context)
{
- CertNameRef pCertName = (CertNameRef)val;
- destroyCertName(pCertName);
+ CertNameRef pCertName = (CertNameRef)val;
+ destroyCertName(pCertName);
}
-void destroyCertData(CertDataRef pCertData)
+void
+destroyCertData(CertDataRef pCertData)
{
- if (pCertData->subject)
+ if (pCertData->subject)
{
- CFArrayApplyFunction(pCertData->subject, CFRangeMake(0, CFArrayGetCount(pCertData->subject)), arrayDestroyCertName, NULL);
- CFRelease(pCertData->subject);
+ CFArrayApplyFunction(pCertData->subject, CFRangeMake(0, CFArrayGetCount(pCertData->subject)), arrayDestroyCertName, NULL);
+ CFRelease(pCertData->subject);
}
- if (pCertData->issuer)
+ if (pCertData->issuer)
{
- CFArrayApplyFunction(pCertData->issuer, CFRangeMake(0, CFArrayGetCount(pCertData->issuer)), arrayDestroyCertName, NULL);
- CFRelease(pCertData->issuer);
+ CFArrayApplyFunction(pCertData->issuer, CFRangeMake(0, CFArrayGetCount(pCertData->issuer)), arrayDestroyCertName, NULL);
+ CFRelease(pCertData->issuer);
}
- if (pCertData->sha1)
- CFRelease(pCertData->sha1);
+ if (pCertData->sha1)
+ {
+ CFRelease(pCertData->sha1);
+ }
- if (pCertData->md5)
- CFRelease(pCertData->md5);
+ if (pCertData->md5)
+ {
+ CFRelease(pCertData->md5);
+ }
- if (pCertData->serial)
- CFRelease(pCertData->serial);
+ if (pCertData->serial)
+ {
+ CFRelease(pCertData->serial);
+ }
- free(pCertData);
+ free(pCertData);
}
-bool stringArrayMatchesTemplate(CFArrayRef strings, CFArrayRef templateArray)
+bool
+stringArrayMatchesTemplate(CFArrayRef strings, CFArrayRef templateArray)
{
- int templateCount, stringCount, i;
+ int templateCount, stringCount, i;
- templateCount = CFArrayGetCount(templateArray);
+ templateCount = CFArrayGetCount(templateArray);
- if (templateCount > 0)
+ if (templateCount > 0)
{
- stringCount = CFArrayGetCount(strings);
- if (stringCount != templateCount)
- return false;
+ stringCount = CFArrayGetCount(strings);
+ if (stringCount != templateCount)
+ {
+ return false;
+ }
- for(i = 0;i < stringCount;i++)
+ for (i = 0; i < stringCount; i++)
{
- CFStringRef str, template;
+ CFStringRef str, template;
- template = (CFStringRef)CFArrayGetValueAtIndex(templateArray, i);
- str = (CFStringRef)CFArrayGetValueAtIndex(strings, i);
+ template = (CFStringRef)CFArrayGetValueAtIndex(templateArray, i);
+ str = (CFStringRef)CFArrayGetValueAtIndex(strings, i);
- if (CFStringCompareWithOptions(template, str, CFRangeMake(0, CFStringGetLength(template)), kCFCompareCaseInsensitive) != kCFCompareEqualTo)
- return false;
+ if (CFStringCompareWithOptions(template, str, CFRangeMake(0, CFStringGetLength(template)), kCFCompareCaseInsensitive) != kCFCompareEqualTo)
+ {
+ return false;
+ }
}
}
- return true;
+ return true;
}
-bool certNameMatchesTemplate(CertNameRef pCertName, CertNameRef pTemplate)
+bool
+certNameMatchesTemplate(CertNameRef pCertName, CertNameRef pTemplate)
{
- if (!stringArrayMatchesTemplate(pCertName->countryName, pTemplate->countryName))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->organization, pTemplate->organization))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->organizationalUnit, pTemplate->organizationalUnit))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->commonName, pTemplate->commonName))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->emailAddress, pTemplate->emailAddress))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->stateName, pTemplate->stateName))
- return false;
- else if (!stringArrayMatchesTemplate(pCertName->localityName, pTemplate->localityName))
- return false;
- else
- return true;
+ if (!stringArrayMatchesTemplate(pCertName->countryName, pTemplate->countryName))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->organization, pTemplate->organization))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->organizationalUnit, pTemplate->organizationalUnit))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->commonName, pTemplate->commonName))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->emailAddress, pTemplate->emailAddress))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->stateName, pTemplate->stateName))
+ {
+ return false;
+ }
+ else if (!stringArrayMatchesTemplate(pCertName->localityName, pTemplate->localityName))
+ {
+ return false;
+ }
+ else
+ {
+ return true;
+ }
}
-bool certNameArrayMatchesTemplate(CFArrayRef certNameArray, CFArrayRef templateArray)
+bool
+certNameArrayMatchesTemplate(CFArrayRef certNameArray, CFArrayRef templateArray)
{
- int templateCount, certCount, i;
+ int templateCount, certCount, i;
- templateCount = CFArrayGetCount(templateArray);
+ templateCount = CFArrayGetCount(templateArray);
- if (templateCount > 0)
+ if (templateCount > 0)
{
- certCount = CFArrayGetCount(certNameArray);
- if (certCount != templateCount)
- return false;
+ certCount = CFArrayGetCount(certNameArray);
+ if (certCount != templateCount)
+ {
+ return false;
+ }
- for(i = 0;i < certCount;i++)
+ for (i = 0; i < certCount; i++)
{
- CertNameRef pName, pTemplateName;
+ CertNameRef pName, pTemplateName;
- pTemplateName = (CertNameRef)CFArrayGetValueAtIndex(templateArray, i);
- pName = (CertNameRef)CFArrayGetValueAtIndex(certNameArray, i);
+ pTemplateName = (CertNameRef)CFArrayGetValueAtIndex(templateArray, i);
+ pName = (CertNameRef)CFArrayGetValueAtIndex(certNameArray, i);
- if (!certNameMatchesTemplate(pName, pTemplateName))
- return false;
+ if (!certNameMatchesTemplate(pName, pTemplateName))
+ {
+ return false;
+ }
}
}
- return true;
+ return true;
}
-bool hexStringMatchesTemplate(CFStringRef str, CFStringRef template)
+bool
+hexStringMatchesTemplate(CFStringRef str, CFStringRef template)
{
- if (template)
+ if (template)
{
- if (!str)
- return false;
+ if (!str)
+ {
+ return false;
+ }
- CFMutableStringRef strMutable, templateMutable;
+ CFMutableStringRef strMutable, templateMutable;
- strMutable = CFStringCreateMutableCopy(NULL, 0, str);
- templateMutable = CFStringCreateMutableCopy(NULL, 0, template);
+ strMutable = CFStringCreateMutableCopy(NULL, 0, str);
+ templateMutable = CFStringCreateMutableCopy(NULL, 0, template);
- CFStringFindAndReplace(strMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(strMutable)), 0);
- CFStringFindAndReplace(templateMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(templateMutable)), 0);
+ CFStringFindAndReplace(strMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(strMutable)), 0);
+ CFStringFindAndReplace(templateMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(templateMutable)), 0);
- CFComparisonResult result = CFStringCompareWithOptions(templateMutable, strMutable, CFRangeMake(0, CFStringGetLength(templateMutable)), kCFCompareCaseInsensitive);
+ CFComparisonResult result = CFStringCompareWithOptions(templateMutable, strMutable, CFRangeMake(0, CFStringGetLength(templateMutable)), kCFCompareCaseInsensitive);
- CFRelease(strMutable);
- CFRelease(templateMutable);
+ CFRelease(strMutable);
+ CFRelease(templateMutable);
- if (result != kCFCompareEqualTo)
- return false;
+ if (result != kCFCompareEqualTo)
+ {
+ return false;
+ }
}
- return true;
+ return true;
}
-bool certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate)
+bool
+certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate)
{
- if (!certNameArrayMatchesTemplate(pCertData->subject, pTemplate->subject))
- return false;
+ if (!certNameArrayMatchesTemplate(pCertData->subject, pTemplate->subject))
+ {
+ return false;
+ }
- if (!certNameArrayMatchesTemplate(pCertData->issuer, pTemplate->issuer))
- return false;
+ if (!certNameArrayMatchesTemplate(pCertData->issuer, pTemplate->issuer))
+ {
+ return false;
+ }
- if (!hexStringMatchesTemplate(pCertData->sha1, pTemplate->sha1))
- return false;
+ if (!hexStringMatchesTemplate(pCertData->sha1, pTemplate->sha1))
+ {
+ return false;
+ }
- if (!hexStringMatchesTemplate(pCertData->md5, pTemplate->md5))
- return false;
+ if (!hexStringMatchesTemplate(pCertData->md5, pTemplate->md5))
+ {
+ return false;
+ }
- if (!hexStringMatchesTemplate(pCertData->serial, pTemplate->serial))
- return false;
+ if (!hexStringMatchesTemplate(pCertData->serial, pTemplate->serial))
+ {
+ return false;
+ }
- return true;
+ return true;
}
-bool certExpired(SecCertificateRef certificate)
+bool
+certExpired(SecCertificateRef certificate)
{
- bool result;
- CFDateRef notAfter = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotAfter);
- CFDateRef notBefore = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore);
- CFDateRef now = CFDateCreate(kCFAllocatorDefault, CFAbsoluteTimeGetCurrent());
+ bool result;
+ CFDateRef notAfter = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotAfter);
+ CFDateRef notBefore = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore);
+ CFDateRef now = CFDateCreate(kCFAllocatorDefault, CFAbsoluteTimeGetCurrent());
- if (!notAfter || !notBefore || !now)
+ if (!notAfter || !notBefore || !now)
{
- warnx("GetDateFieldFromCertificate() returned NULL");
- result = true;
+ warnx("GetDateFieldFromCertificate() returned NULL");
+ result = true;
}
- else
+ else
{
- if (CFDateCompare(notBefore, now, NULL) != kCFCompareLessThan ||
- CFDateCompare(now, notAfter, NULL) != kCFCompareLessThan)
- result = true;
- else
- result = false;
+ if (CFDateCompare(notBefore, now, NULL) != kCFCompareLessThan
+ || CFDateCompare(now, notAfter, NULL) != kCFCompareLessThan)
+ {
+ result = true;
+ }
+ else
+ {
+ result = false;
+ }
}
- CFRelease(notAfter);
- CFRelease(notBefore);
- CFRelease(now);
- return result;
+ CFRelease(notAfter);
+ CFRelease(notBefore);
+ CFRelease(now);
+ return result;
}
-SecIdentityRef findIdentity(CertDataRef pCertDataTemplate)
+SecIdentityRef
+findIdentity(CertDataRef pCertDataTemplate)
{
- const void *keys[] = {
- kSecClass,
- kSecReturnRef,
- kSecMatchLimit
- };
- const void *values[] = {
- kSecClassIdentity,
- kCFBooleanTrue,
- kSecMatchLimitAll
- };
- CFArrayRef result = NULL;
-
- CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
- sizeof(keys) / sizeof(*keys),
- &kCFTypeDictionaryKeyCallBacks,
- &kCFTypeDictionaryValueCallBacks);
- OSStatus status = SecItemCopyMatching(query, (CFTypeRef*)&result);
- CFRelease(query);
- if (status != noErr)
- {
- warnx ("No identities in keychain found");
- return NULL;
- }
-
- SecIdentityRef bestIdentity = NULL;
- CFDateRef bestNotBeforeDate = NULL;
-
- for (int i=0; i<CFArrayGetCount(result); i++)
- {
- SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(result, i);
- if (identity == NULL)
+ const void *keys[] = {
+ kSecClass,
+ kSecReturnRef,
+ kSecMatchLimit
+ };
+ const void *values[] = {
+ kSecClassIdentity,
+ kCFBooleanTrue,
+ kSecMatchLimitAll
+ };
+ CFArrayRef result = NULL;
+
+ CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
+ sizeof(keys) / sizeof(*keys),
+ &kCFTypeDictionaryKeyCallBacks,
+ &kCFTypeDictionaryValueCallBacks);
+ OSStatus status = SecItemCopyMatching(query, (CFTypeRef *)&result);
+ CFRelease(query);
+ if (status != noErr)
+ {
+ warnx("No identities in keychain found");
+ return NULL;
+ }
+
+ SecIdentityRef bestIdentity = NULL;
+ CFDateRef bestNotBeforeDate = NULL;
+
+ for (int i = 0; i<CFArrayGetCount(result); i++)
+ {
+ SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(result, i);
+ if (identity == NULL)
{
- warnx ("identity == NULL");
- continue;
+ warnx("identity == NULL");
+ continue;
}
- SecCertificateRef certificate = NULL;
- SecIdentityCopyCertificate (identity, &certificate);
- if (certificate == NULL)
+ SecCertificateRef certificate = NULL;
+ SecIdentityCopyCertificate(identity, &certificate);
+ if (certificate == NULL)
{
- warnx ("SecIdentityCopyCertificate() returned NULL");
- continue;
+ warnx("SecIdentityCopyCertificate() returned NULL");
+ continue;
}
- CertDataRef pCertData2 = createCertDataFromCertificate(certificate);
- if (pCertData2 == NULL)
+ CertDataRef pCertData2 = createCertDataFromCertificate(certificate);
+ if (pCertData2 == NULL)
{
- warnx ("createCertDataFromCertificate() returned NULL");
- goto release_cert;
+ warnx("createCertDataFromCertificate() returned NULL");
+ goto release_cert;
}
- bool bMatches = certDataMatchesTemplate(pCertData2, pCertDataTemplate);
- bool bExpired = certExpired(certificate);
- destroyCertData(pCertData2);
+ bool bMatches = certDataMatchesTemplate(pCertData2, pCertDataTemplate);
+ bool bExpired = certExpired(certificate);
+ destroyCertData(pCertData2);
- if (bMatches && !bExpired)
+ if (bMatches && !bExpired)
{
- CFDateRef notBeforeDate = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore);
- if (!notBeforeDate)
+ CFDateRef notBeforeDate = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore);
+ if (!notBeforeDate)
{
- warnx ("GetDateFieldFromCertificate() returned NULL");
- goto release_cert;
+ warnx("GetDateFieldFromCertificate() returned NULL");
+ goto release_cert;
}
- if (bestIdentity == NULL)
+ if (bestIdentity == NULL)
{
- CFRetain(identity);
- bestIdentity = identity;
+ CFRetain(identity);
+ bestIdentity = identity;
- bestNotBeforeDate = notBeforeDate;
- CFRetain(notBeforeDate);
+ bestNotBeforeDate = notBeforeDate;
+ CFRetain(notBeforeDate);
}
- else if (CFDateCompare(bestNotBeforeDate, notBeforeDate, NULL) == kCFCompareLessThan)
+ else if (CFDateCompare(bestNotBeforeDate, notBeforeDate, NULL) == kCFCompareLessThan)
{
- CFRelease(bestIdentity);
- CFRetain(identity);
- bestIdentity = identity;
+ CFRelease(bestIdentity);
+ CFRetain(identity);
+ bestIdentity = identity;
- bestNotBeforeDate = notBeforeDate;
- CFRetain(notBeforeDate);
+ bestNotBeforeDate = notBeforeDate;
+ CFRetain(notBeforeDate);
}
- CFRelease(notBeforeDate);
+ CFRelease(notBeforeDate);
}
- release_cert:
- CFRelease(certificate);
+release_cert:
+ CFRelease(certificate);
}
- CFRelease(result);
+ CFRelease(result);
- return bestIdentity;
+ return bestIdentity;
}
diff --git a/contrib/keychain-mcd/cert_data.h b/contrib/keychain-mcd/cert_data.h
index 407cca1..c5f83c0 100644
--- a/contrib/keychain-mcd/cert_data.h
+++ b/contrib/keychain-mcd/cert_data.h
@@ -30,17 +30,22 @@
typedef struct _CertData
{
- CFArrayRef subject;
- CFArrayRef issuer;
- CFStringRef serial;
- CFStringRef md5, sha1;
+ CFArrayRef subject;
+ CFArrayRef issuer;
+ CFStringRef serial;
+ CFStringRef md5, sha1;
} CertData, *CertDataRef;
CertDataRef createCertDataFromCertificate(SecCertificateRef certificate);
+
CertDataRef createCertDataFromString(const char *description);
+
void destroyCertData(CertDataRef pCertData);
+
bool certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate);
+
void printCertData(CertDataRef pCertData);
+
SecIdentityRef findIdentity(CertDataRef pCertDataTemplate);
-#endif
+#endif /* ifndef __cert_data_h__ */
diff --git a/contrib/keychain-mcd/common_osx.c b/contrib/keychain-mcd/common_osx.c
index 3effa8b..0f7c4ae 100644
--- a/contrib/keychain-mcd/common_osx.c
+++ b/contrib/keychain-mcd/common_osx.c
@@ -24,71 +24,78 @@
*/
/*
-#include "config.h"
-#include "syshead.h"
-#include "common.h"
-#include "buffer.h"
-#include "error.h"
-*/
+ #include "config.h"
+ #include "syshead.h"
+ #include "common.h"
+ #include "buffer.h"
+ #include "error.h"
+ */
#include "common_osx.h"
#include <err.h>
-void printCFString(CFStringRef str)
+void
+printCFString(CFStringRef str)
{
- CFIndex bufferLength = CFStringGetLength(str) + 1;
- char *pBuffer = (char*)malloc(sizeof(char) * bufferLength);
- CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8);
- warnx("%s\n", pBuffer);
- free(pBuffer);
+ CFIndex bufferLength = CFStringGetLength(str) + 1;
+ char *pBuffer = (char *)malloc(sizeof(char) * bufferLength);
+ CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8);
+ warnx("%s\n", pBuffer);
+ free(pBuffer);
}
-char* cfstringToCstr(CFStringRef str)
+char *
+cfstringToCstr(CFStringRef str)
{
- CFIndex bufferLength = CFStringGetLength(str) + 1;
- char *pBuffer = (char*)malloc(sizeof(char) * bufferLength);
- CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8);
- return pBuffer;
+ CFIndex bufferLength = CFStringGetLength(str) + 1;
+ char *pBuffer = (char *)malloc(sizeof(char) * bufferLength);
+ CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8);
+ return pBuffer;
}
-void appendHexChar(CFMutableStringRef str, unsigned char halfByte)
+void
+appendHexChar(CFMutableStringRef str, unsigned char halfByte)
{
- if (halfByte < 10)
+ if (halfByte < 10)
{
- CFStringAppendFormat (str, NULL, CFSTR("%d"), halfByte);
+ CFStringAppendFormat(str, NULL, CFSTR("%d"), halfByte);
}
- else
+ else
{
- char tmp[2] = {'A'+halfByte-10, 0};
- CFStringAppendCString(str, tmp, kCFStringEncodingUTF8);
+ char tmp[2] = {'A'+halfByte-10, 0};
+ CFStringAppendCString(str, tmp, kCFStringEncodingUTF8);
}
}
-CFStringRef createHexString(unsigned char *pData, int length)
+CFStringRef
+createHexString(unsigned char *pData, int length)
{
- unsigned char byte, low, high;
- int i;
- CFMutableStringRef str = CFStringCreateMutable(NULL, 0);
+ unsigned char byte, low, high;
+ int i;
+ CFMutableStringRef str = CFStringCreateMutable(NULL, 0);
- for(i = 0;i < length;i++)
+ for (i = 0; i < length; i++)
{
- byte = pData[i];
- low = byte & 0x0F;
- high = (byte >> 4);
+ byte = pData[i];
+ low = byte & 0x0F;
+ high = (byte >> 4);
- appendHexChar(str, high);
- appendHexChar(str, low);
+ appendHexChar(str, high);
+ appendHexChar(str, low);
- if (i != (length - 1))
- CFStringAppendCString(str, " ", kCFStringEncodingUTF8);
+ if (i != (length - 1))
+ {
+ CFStringAppendCString(str, " ", kCFStringEncodingUTF8);
+ }
}
- return str;
+ return str;
}
-void printHex(unsigned char *pData, int length)
+void
+printHex(unsigned char *pData, int length)
{
- CFStringRef hexStr = createHexString(pData, length);
- printCFString(hexStr);
- CFRelease(hexStr);
+ CFStringRef hexStr = createHexString(pData, length);
+ printCFString(hexStr);
+ CFRelease(hexStr);
}
diff --git a/contrib/keychain-mcd/common_osx.h b/contrib/keychain-mcd/common_osx.h
index 4273548..965d4fa 100644
--- a/contrib/keychain-mcd/common_osx.h
+++ b/contrib/keychain-mcd/common_osx.h
@@ -29,8 +29,11 @@
#include <CoreFoundation/CoreFoundation.h>
void printCFString(CFStringRef str);
-char* cfstringToCstr(CFStringRef str);
+
+char *cfstringToCstr(CFStringRef str);
+
CFStringRef createHexString(unsigned char *pData, int length);
+
void printHex(unsigned char *pData, int length);
-#endif //__Common_osx_h__
+#endif /*__Common_osx_h__ */
diff --git a/contrib/keychain-mcd/crypto_osx.c b/contrib/keychain-mcd/crypto_osx.c
index 87ba09b..092e64f 100644
--- a/contrib/keychain-mcd/crypto_osx.c
+++ b/contrib/keychain-mcd/crypto_osx.c
@@ -31,45 +31,50 @@
#include "crypto_osx.h"
#include <err.h>
-void printErrorMsg(const char *func, CFErrorRef error)
+void
+printErrorMsg(const char *func, CFErrorRef error)
{
- CFStringRef desc = CFErrorCopyDescription(error);
- warnx("%s failed: %s", func, CFStringGetCStringPtr(desc, kCFStringEncodingUTF8));
- CFRelease(desc);
+ CFStringRef desc = CFErrorCopyDescription(error);
+ warnx("%s failed: %s", func, CFStringGetCStringPtr(desc, kCFStringEncodingUTF8));
+ CFRelease(desc);
}
-void printErrorStatusMsg(const char *func, OSStatus status)
+void
+printErrorStatusMsg(const char *func, OSStatus status)
{
- CFStringRef error;
- error = SecCopyErrorMessageString(status, NULL);
- if (error)
+ CFStringRef error;
+ error = SecCopyErrorMessageString(status, NULL);
+ if (error)
{
- warnx("%s failed: %s", func, CFStringGetCStringPtr(error, kCFStringEncodingUTF8));
- CFRelease(error);
+ warnx("%s failed: %s", func, CFStringGetCStringPtr(error, kCFStringEncodingUTF8));
+ CFRelease(error);
+ }
+ else
+ {
+ warnx("%s failed: %X", func, (int)status);
}
- else
- warnx("%s failed: %X", func, (int)status);
}
-void signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen)
+void
+signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen)
{
- SecKeyRef privateKey = NULL;
- OSStatus status;
+ SecKeyRef privateKey = NULL;
+ OSStatus status;
- status = SecIdentityCopyPrivateKey(identity, &privateKey);
- if (status != noErr)
+ status = SecIdentityCopyPrivateKey(identity, &privateKey);
+ if (status != noErr)
{
- printErrorStatusMsg("signData: SecIdentityCopyPrivateKey", status);
- *tlen = 0;
- return;
+ printErrorStatusMsg("signData: SecIdentityCopyPrivateKey", status);
+ *tlen = 0;
+ return;
}
- status = SecKeyRawSign(privateKey, kSecPaddingPKCS1, from, flen, to, tlen);
- CFRelease(privateKey);
- if (status != noErr)
+ status = SecKeyRawSign(privateKey, kSecPaddingPKCS1, from, flen, to, tlen);
+ CFRelease(privateKey);
+ if (status != noErr)
{
- printErrorStatusMsg("signData: SecKeyRawSign", status);
- *tlen = 0;
- return;
+ printErrorStatusMsg("signData: SecKeyRawSign", status);
+ *tlen = 0;
+ return;
}
}
diff --git a/contrib/keychain-mcd/crypto_osx.h b/contrib/keychain-mcd/crypto_osx.h
index 0da58b6..115ec18 100644
--- a/contrib/keychain-mcd/crypto_osx.h
+++ b/contrib/keychain-mcd/crypto_osx.h
@@ -29,16 +29,17 @@
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
-extern OSStatus SecKeyRawSign (
- SecKeyRef key,
- SecPadding padding,
- const uint8_t *dataToSign,
- size_t dataToSignLen,
- uint8_t *sig,
- size_t *sigLen
-);
+extern OSStatus SecKeyRawSign(
+ SecKeyRef key,
+ SecPadding padding,
+ const uint8_t *dataToSign,
+ size_t dataToSignLen,
+ uint8_t *sig,
+ size_t *sigLen
+ );
void signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen);
+
void printErrorMsg(const char *func, CFErrorRef error);
-#endif //__crypto_osx_h__
+#endif /*__crypto_osx_h__ */
diff --git a/contrib/keychain-mcd/main.c b/contrib/keychain-mcd/main.c
index 2263b7d..7d8fc83 100644
--- a/contrib/keychain-mcd/main.c
+++ b/contrib/keychain-mcd/main.c
@@ -38,36 +38,44 @@
#include "../../src/openvpn/base64.h"
-SecIdentityRef template_to_identity(const char *template)
+SecIdentityRef
+template_to_identity(const char *template)
{
SecIdentityRef identity;
CertDataRef pCertDataTemplate = createCertDataFromString(template);
if (pCertDataTemplate == NULL)
+ {
errx(1, "Bad certificate template");
+ }
identity = findIdentity(pCertDataTemplate);
if (identity == NULL)
+ {
errx(1, "No such identify");
+ }
fprintf(stderr, "Identity found\n");
destroyCertData(pCertDataTemplate);
return identity;
}
-int connect_to_management_server(const char *ip, const char *port)
+int
+connect_to_management_server(const char *ip, const char *port)
{
int fd;
struct sockaddr_un addr_un;
struct sockaddr *addr;
size_t addr_len;
- if (strcmp(port, "unix") == 0) {
- addr = (struct sockaddr*)&addr_un;
+ if (strcmp(port, "unix") == 0)
+ {
+ addr = (struct sockaddr *)&addr_un;
addr_len = sizeof(addr_un);
addr_un.sun_family = AF_UNIX;
strncpy(addr_un.sun_path, ip, sizeof(addr_un.sun_path));
fd = socket(AF_UNIX, SOCK_STREAM, 0);
}
- else {
+ else
+ {
int rv;
struct addrinfo *result;
struct addrinfo hints;
@@ -78,9 +86,13 @@ int connect_to_management_server(const char *ip, const char *port)
rv = getaddrinfo(ip, port, &hints, &result);
if (rv < 0)
+ {
errx(1, "getaddrinfo: %s", gai_strerror(rv));
+ }
if (result == NULL)
+ {
errx(1, "getaddrinfo returned 0 addressed");
+ }
/* Use the first found address */
fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
@@ -88,20 +100,26 @@ int connect_to_management_server(const char *ip, const char *port)
addr_len = result->ai_addrlen;
}
if (fd < 0)
+ {
err(1, "socket");
+ }
if (connect(fd, addr, addr_len) < 0)
+ {
err(1, "connect");
+ }
return fd;
}
-int is_prefix(const char *s, const char *prefix)
+int
+is_prefix(const char *s, const char *prefix)
{
return strncmp(s, prefix, strlen(prefix)) == 0;
}
-void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input)
+void
+handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input)
{
const char *input_b64 = strchr(input, ':') + 1;
char *input_binary;
@@ -114,13 +132,17 @@ void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input)
input_binary = malloc(input_len);
input_len = openvpn_base64_decode(input_b64, input_binary, input_len);
if (input_len < 0)
+ {
errx(1, "openvpn_base64_decode: overflow");
+ }
output_len = 1024;
output_binary = malloc(output_len);
signData(identity, (const uint8_t *)input_binary, input_len, (uint8_t *)output_binary, &output_len);
if (output_len == 0)
+ {
errx(1, "handle_rsasign: failed to sign data");
+ }
openvpn_base64_encode(output_binary, output_len, &output_b64);
fprintf(man_file, "rsa-sig\n%s\nEND\n", output_b64);
@@ -131,7 +153,8 @@ void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input)
fprintf(stderr, "Handled RSA_SIGN command\n");
}
-void handle_needcertificate(FILE *man_file, SecIdentityRef identity)
+void
+handle_needcertificate(FILE *man_file, SecIdentityRef identity)
{
OSStatus status;
SecCertificateRef certificate = NULL;
@@ -141,14 +164,17 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity)
char *result_b64, *tmp_b64;
status = SecIdentityCopyCertificate(identity, &certificate);
- if (status != noErr) {
+ if (status != noErr)
+ {
const char *msg = GetMacOSStatusErrorString(status);
err(1, "SecIdentityCopyCertificate() failed: %s", msg);
}
data = SecCertificateCopyData(certificate);
if (data == NULL)
+ {
err(1, "SecCertificateCopyData() returned NULL");
+ }
cert = CFDataGetBytePtr(data);
cert_len = CFDataGetLength(data);
@@ -162,11 +188,13 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity)
fprintf(man_file, "-----BEGIN CERTIFICATE-----\n");
tmp_b64 = result_b64;
while (strlen(tmp_b64) > 64) {
- fprintf(man_file, "%.64s\n", tmp_b64);
- tmp_b64 += 64;
+ fprintf(man_file, "%.64s\n", tmp_b64);
+ tmp_b64 += 64;
}
if (*tmp_b64)
- fprintf(man_file, "%s\n", tmp_b64);
+ {
+ fprintf(man_file, "%s\n", tmp_b64);
+ }
fprintf(man_file, "-----END CERTIFICATE-----\n");
fprintf(man_file, "END\n");
@@ -177,62 +205,87 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity)
fprintf(stderr, "Handled NEED 'cert' command\n");
}
-void management_loop(SecIdentityRef identity, int man_fd, const char *password)
+void
+management_loop(SecIdentityRef identity, int man_fd, const char *password)
{
char *buffer = NULL;
size_t buffer_len = 0;
FILE *man = fdopen(man_fd, "w+");
if (man == 0)
+ {
err(1, "fdopen");
+ }
if (password)
+ {
fprintf(man, "%s\n", password);
+ }
while (1) {
if (getline(&buffer, &buffer_len, man) < 0)
+ {
err(1, "getline");
+ }
#if 0
fprintf(stderr, "M: %s", buffer);
#endif
if (is_prefix(buffer, ">RSA_SIGN:"))
+ {
handle_rsasign(man, identity, buffer);
- if (is_prefix(buffer, ">NEED-CERTIFICATE")) {
- if (!identity) {
+ }
+ if (is_prefix(buffer, ">NEED-CERTIFICATE"))
+ {
+ if (!identity)
+ {
const char prefix[] = ">NEED-CERTIFICATE:macosx-keychain:";
if (!is_prefix(buffer, prefix))
- errx(1, "No identity template is passed via command line and " \
- "NEED-CERTIFICATE management interface command " \
- "misses 'macosx-keychain' prefix.");
+ {
+ errx(1, "No identity template is passed via command line and " \
+ "NEED-CERTIFICATE management interface command " \
+ "misses 'macosx-keychain' prefix.");
+ }
identity = template_to_identity(buffer+strlen(prefix));
}
handle_needcertificate(man, identity);
}
if (is_prefix(buffer, ">FATAL"))
+ {
fprintf(stderr, "Fatal message from OpenVPN: %s\n", buffer+7);
+ }
if (is_prefix(buffer, ">INFO"))
+ {
fprintf(stderr, "INFO message from OpenVPN: %s\n", buffer+6);
+ }
}
}
-char *read_password(const char *fname)
+char *
+read_password(const char *fname)
{
char *password = NULL;
FILE *pwf = fopen(fname, "r");
size_t n = 0;
if (pwf == NULL)
+ {
errx(1, "fopen(%s) failed", fname);
+ }
if (getline(&password, &n, pwf) < 0)
+ {
err(1, "getline");
+ }
fclose(pwf);
return password;
}
-int main(int argc, char* argv[])
+int
+main(int argc, char *argv[])
{
if (argc < 4)
+ {
err(1, "usage: %s <identity_template> <management_ip> <management_port> [<pw-file>]", argv[0]);
+ }
char *identity_template = argv[1];
char *s_ip = argv[2];
@@ -240,14 +293,17 @@ int main(int argc, char* argv[])
char *password = NULL;
int man_fd;
- if (argc > 4) {
+ if (argc > 4)
+ {
char *s_pw_file = argv[4];
password = read_password(s_pw_file);
}
SecIdentityRef identity = NULL;
if (strcmp(identity_template, "auto"))
+ {
identity = template_to_identity(identity_template);
+ }
man_fd = connect_to_management_server(s_ip, s_port);
fprintf(stderr, "Successfully connected to openvpn\n");