diff options
Diffstat (limited to 'contrib/keychain-mcd')
-rw-r--r-- | contrib/keychain-mcd/cert_data.c | 1057 | ||||
-rw-r--r-- | contrib/keychain-mcd/cert_data.h | 15 | ||||
-rw-r--r-- | contrib/keychain-mcd/common_osx.c | 87 | ||||
-rw-r--r-- | contrib/keychain-mcd/common_osx.h | 7 | ||||
-rw-r--r-- | contrib/keychain-mcd/crypto_osx.c | 57 | ||||
-rw-r--r-- | contrib/keychain-mcd/crypto_osx.h | 19 | ||||
-rw-r--r-- | contrib/keychain-mcd/main.c | 98 |
7 files changed, 775 insertions, 565 deletions
diff --git a/contrib/keychain-mcd/cert_data.c b/contrib/keychain-mcd/cert_data.c index a04bf79..b84f3fc 100644 --- a/contrib/keychain-mcd/cert_data.c +++ b/contrib/keychain-mcd/cert_data.c @@ -51,684 +51,817 @@ CFStringRef kStringSpace = CFSTR(" "), typedef struct _CertName { - CFArrayRef countryName, organization, organizationalUnit, commonName, description, emailAddress, - stateName, localityName; + CFArrayRef countryName, organization, organizationalUnit, commonName, description, emailAddress, + stateName, localityName; } CertName, *CertNameRef; typedef struct _DescData { - CFStringRef name, value; + CFStringRef name, value; } DescData, *DescDataRef; void destroyDescData(DescDataRef pData); -CertNameRef createCertName() +CertNameRef +createCertName() { - CertNameRef pCertName = (CertNameRef)malloc(sizeof(CertName)); - pCertName->countryName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->organization = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->organizationalUnit = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->commonName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->description = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->emailAddress = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->stateName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - pCertName->localityName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - return pCertName; + CertNameRef pCertName = (CertNameRef)malloc(sizeof(CertName)); + pCertName->countryName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->organization = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->organizationalUnit = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->commonName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->description = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->emailAddress = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->stateName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + pCertName->localityName = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + return pCertName; } -void destroyCertName(CertNameRef pCertName) +void +destroyCertName(CertNameRef pCertName) { - if (!pCertName) - return; - - CFRelease(pCertName->countryName); - CFRelease(pCertName->organization); - CFRelease(pCertName->organizationalUnit); - CFRelease(pCertName->commonName); - CFRelease(pCertName->description); - CFRelease(pCertName->emailAddress); - CFRelease(pCertName->stateName); - CFRelease(pCertName->localityName); - free(pCertName); + if (!pCertName) + { + return; + } + + CFRelease(pCertName->countryName); + CFRelease(pCertName->organization); + CFRelease(pCertName->organizationalUnit); + CFRelease(pCertName->commonName); + CFRelease(pCertName->description); + CFRelease(pCertName->emailAddress); + CFRelease(pCertName->stateName); + CFRelease(pCertName->localityName); + free(pCertName); } -bool CFStringRefCmpCString(CFStringRef cfstr, const char *str) +bool +CFStringRefCmpCString(CFStringRef cfstr, const char *str) { - CFStringRef tmp = CFStringCreateWithCStringNoCopy(NULL, str, kCFStringEncodingUTF8, kCFAllocatorNull); - CFComparisonResult cresult = CFStringCompare(cfstr, tmp, 0); - bool result = cresult == kCFCompareEqualTo; - CFRelease(tmp); - return result; + CFStringRef tmp = CFStringCreateWithCStringNoCopy(NULL, str, kCFStringEncodingUTF8, kCFAllocatorNull); + CFComparisonResult cresult = CFStringCompare(cfstr, tmp, 0); + bool result = cresult == kCFCompareEqualTo; + CFRelease(tmp); + return result; } -CFDateRef GetDateFieldFromCertificate(SecCertificateRef certificate, CFTypeRef oid) +CFDateRef +GetDateFieldFromCertificate(SecCertificateRef certificate, CFTypeRef oid) { - const void *keys[] = { oid }; - CFDictionaryRef dict = NULL; - CFErrorRef error; - CFDateRef date = NULL; - - CFArrayRef keySelection = CFArrayCreate(NULL, keys , sizeof(keys)/sizeof(keys[0]), &kCFTypeArrayCallBacks); - dict = SecCertificateCopyValues(certificate, keySelection, &error); - if (dict == NULL) + const void *keys[] = { oid }; + CFDictionaryRef dict = NULL; + CFErrorRef error; + CFDateRef date = NULL; + + CFArrayRef keySelection = CFArrayCreate(NULL, keys, sizeof(keys)/sizeof(keys[0]), &kCFTypeArrayCallBacks); + dict = SecCertificateCopyValues(certificate, keySelection, &error); + if (dict == NULL) + { + printErrorMsg("GetDateFieldFromCertificate: SecCertificateCopyValues", error); + goto release_ks; + } + CFDictionaryRef vals = dict ? CFDictionaryGetValue(dict, oid) : NULL; + CFNumberRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL; + if (vals2 == NULL) { - printErrorMsg("GetDateFieldFromCertificate: SecCertificateCopyValues", error); - goto release_ks; + goto release_dict; } - CFDictionaryRef vals = dict ? CFDictionaryGetValue(dict, oid) : NULL; - CFNumberRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL; - if (vals2 == NULL) - goto release_dict; - CFAbsoluteTime validityNotBefore; - if (CFNumberGetValue(vals2, kCFNumberDoubleType, &validityNotBefore)) - date = CFDateCreate(kCFAllocatorDefault,validityNotBefore); + CFAbsoluteTime validityNotBefore; + if (CFNumberGetValue(vals2, kCFNumberDoubleType, &validityNotBefore)) + { + date = CFDateCreate(kCFAllocatorDefault,validityNotBefore); + } release_dict: - CFRelease(dict); + CFRelease(dict); release_ks: - CFRelease(keySelection); - return date; + CFRelease(keySelection); + return date; } -CFArrayRef GetFieldsFromCertificate(SecCertificateRef certificate, CFTypeRef oid) +CFArrayRef +GetFieldsFromCertificate(SecCertificateRef certificate, CFTypeRef oid) { - CFMutableArrayRef fields = CFArrayCreateMutable(NULL, 0, NULL); - CertNameRef pCertName = createCertName(); - const void* keys[] = { oid, }; - CFDictionaryRef dict; - CFErrorRef error; - - CFArrayRef keySelection = CFArrayCreate(NULL, keys , 1, NULL); - - dict = SecCertificateCopyValues(certificate, keySelection, &error); - if (dict == NULL) { - printErrorMsg("GetFieldsFromCertificate: SecCertificateCopyValues", error); - CFRelease(keySelection); - CFRelease(fields); - destroyCertName(pCertName); - return NULL; - } - CFDictionaryRef vals = CFDictionaryGetValue(dict, oid); - CFArrayRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL; - if (vals2) - { - for(int i = 0; i < CFArrayGetCount(vals2); i++) { - CFDictionaryRef subDict = CFArrayGetValueAtIndex(vals2, i); - CFStringRef label = CFDictionaryGetValue(subDict, kSecPropertyKeyLabel); - CFStringRef value = CFDictionaryGetValue(subDict, kSecPropertyKeyValue); - - if (CFStringCompare(label, kSecOIDEmailAddress, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->emailAddress, value); - else if (CFStringCompare(label, kSecOIDCountryName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->countryName, value); - else if (CFStringCompare(label, kSecOIDOrganizationName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->organization, value); - else if (CFStringCompare(label, kSecOIDOrganizationalUnitName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->organizationalUnit, value); - else if (CFStringCompare(label, kSecOIDCommonName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->commonName, value); - else if (CFStringCompare(label, kSecOIDDescription, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->description, value); - else if (CFStringCompare(label, kSecOIDStateProvinceName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->stateName, value); - else if (CFStringCompare(label, kSecOIDLocalityName, 0) == kCFCompareEqualTo) - CFArrayAppendValue((CFMutableArrayRef)pCertName->localityName, value); - } - CFArrayAppendValue(fields, pCertName); - } - - CFRelease(dict); - CFRelease(keySelection); - return fields; + CFMutableArrayRef fields = CFArrayCreateMutable(NULL, 0, NULL); + CertNameRef pCertName = createCertName(); + const void *keys[] = { oid, }; + CFDictionaryRef dict; + CFErrorRef error; + + CFArrayRef keySelection = CFArrayCreate(NULL, keys, 1, NULL); + + dict = SecCertificateCopyValues(certificate, keySelection, &error); + if (dict == NULL) + { + printErrorMsg("GetFieldsFromCertificate: SecCertificateCopyValues", error); + CFRelease(keySelection); + CFRelease(fields); + destroyCertName(pCertName); + return NULL; + } + CFDictionaryRef vals = CFDictionaryGetValue(dict, oid); + CFArrayRef vals2 = vals ? CFDictionaryGetValue(vals, kSecPropertyKeyValue) : NULL; + if (vals2) + { + for (int i = 0; i < CFArrayGetCount(vals2); i++) { + CFDictionaryRef subDict = CFArrayGetValueAtIndex(vals2, i); + CFStringRef label = CFDictionaryGetValue(subDict, kSecPropertyKeyLabel); + CFStringRef value = CFDictionaryGetValue(subDict, kSecPropertyKeyValue); + + if (CFStringCompare(label, kSecOIDEmailAddress, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->emailAddress, value); + } + else if (CFStringCompare(label, kSecOIDCountryName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->countryName, value); + } + else if (CFStringCompare(label, kSecOIDOrganizationName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->organization, value); + } + else if (CFStringCompare(label, kSecOIDOrganizationalUnitName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->organizationalUnit, value); + } + else if (CFStringCompare(label, kSecOIDCommonName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->commonName, value); + } + else if (CFStringCompare(label, kSecOIDDescription, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->description, value); + } + else if (CFStringCompare(label, kSecOIDStateProvinceName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->stateName, value); + } + else if (CFStringCompare(label, kSecOIDLocalityName, 0) == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)pCertName->localityName, value); + } + } + CFArrayAppendValue(fields, pCertName); + } + + CFRelease(dict); + CFRelease(keySelection); + return fields; } -CertDataRef createCertDataFromCertificate(SecCertificateRef certificate) +CertDataRef +createCertDataFromCertificate(SecCertificateRef certificate) { - CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData)); - pCertData->subject = GetFieldsFromCertificate(certificate, kSecOIDX509V1SubjectName); - pCertData->issuer = GetFieldsFromCertificate(certificate, kSecOIDX509V1IssuerName); + CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData)); + pCertData->subject = GetFieldsFromCertificate(certificate, kSecOIDX509V1SubjectName); + pCertData->issuer = GetFieldsFromCertificate(certificate, kSecOIDX509V1IssuerName); - CFDataRef data = SecCertificateCopyData(certificate); - if (data == NULL) + CFDataRef data = SecCertificateCopyData(certificate); + if (data == NULL) { - warnx("SecCertificateCopyData() returned NULL"); - destroyCertData(pCertData); - return NULL; + warnx("SecCertificateCopyData() returned NULL"); + destroyCertData(pCertData); + return NULL; } - unsigned char sha1[CC_SHA1_DIGEST_LENGTH]; - CC_SHA1(CFDataGetBytePtr(data), CFDataGetLength(data), sha1); - pCertData->sha1 = createHexString(sha1, CC_SHA1_DIGEST_LENGTH); + unsigned char sha1[CC_SHA1_DIGEST_LENGTH]; + CC_SHA1(CFDataGetBytePtr(data), CFDataGetLength(data), sha1); + pCertData->sha1 = createHexString(sha1, CC_SHA1_DIGEST_LENGTH); - unsigned char md5[CC_MD5_DIGEST_LENGTH]; - CC_MD5(CFDataGetBytePtr(data), CFDataGetLength(data), md5); - pCertData->md5 = createHexString((unsigned char*)md5, CC_MD5_DIGEST_LENGTH); + unsigned char md5[CC_MD5_DIGEST_LENGTH]; + CC_MD5(CFDataGetBytePtr(data), CFDataGetLength(data), md5); + pCertData->md5 = createHexString((unsigned char *)md5, CC_MD5_DIGEST_LENGTH); - CFDataRef serial = SecCertificateCopySerialNumber(certificate, NULL); - pCertData->serial = createHexString((unsigned char *)CFDataGetBytePtr(serial), CFDataGetLength(serial)); - CFRelease(serial); + CFDataRef serial = SecCertificateCopySerialNumber(certificate, NULL); + pCertData->serial = createHexString((unsigned char *)CFDataGetBytePtr(serial), CFDataGetLength(serial)); + CFRelease(serial); - return pCertData; + return pCertData; } -CFStringRef stringFromRange(const char *cstring, CFRange range) +CFStringRef +stringFromRange(const char *cstring, CFRange range) { - CFStringRef str = CFStringCreateWithBytes (NULL, (uint8*)&cstring[range.location], range.length, kCFStringEncodingUTF8, false); - CFMutableStringRef mutableStr = CFStringCreateMutableCopy(NULL, 0, str); - CFStringTrimWhitespace(mutableStr); - CFRelease(str); - return mutableStr; + CFStringRef str = CFStringCreateWithBytes(NULL, (uint8 *)&cstring[range.location], range.length, kCFStringEncodingUTF8, false); + CFMutableStringRef mutableStr = CFStringCreateMutableCopy(NULL, 0, str); + CFStringTrimWhitespace(mutableStr); + CFRelease(str); + return mutableStr; } -DescDataRef createDescData(const char *description, CFRange nameRange, CFRange valueRange) +DescDataRef +createDescData(const char *description, CFRange nameRange, CFRange valueRange) { - DescDataRef pRetVal = (DescDataRef)malloc(sizeof(DescData)); + DescDataRef pRetVal = (DescDataRef)malloc(sizeof(DescData)); - memset(pRetVal, 0, sizeof(DescData)); + memset(pRetVal, 0, sizeof(DescData)); - if (nameRange.length > 0) - pRetVal->name = stringFromRange(description, nameRange); + if (nameRange.length > 0) + { + pRetVal->name = stringFromRange(description, nameRange); + } - if (valueRange.length > 0) - pRetVal->value = stringFromRange(description, valueRange); + if (valueRange.length > 0) + { + pRetVal->value = stringFromRange(description, valueRange); + } #if 0 - fprintf(stderr, "name = '%s', value = '%s'\n", - CFStringGetCStringPtr(pRetVal->name, kCFStringEncodingUTF8), - CFStringGetCStringPtr(pRetVal->value, kCFStringEncodingUTF8)); + fprintf(stderr, "name = '%s', value = '%s'\n", + CFStringGetCStringPtr(pRetVal->name, kCFStringEncodingUTF8), + CFStringGetCStringPtr(pRetVal->value, kCFStringEncodingUTF8)); #endif - return pRetVal; + return pRetVal; } -void destroyDescData(DescDataRef pData) +void +destroyDescData(DescDataRef pData) { - if (pData->name) - CFRelease(pData->name); + if (pData->name) + { + CFRelease(pData->name); + } - if (pData->value) - CFRelease(pData->value); + if (pData->value) + { + CFRelease(pData->value); + } - free(pData); + free(pData); } -CFArrayRef createDescDataPairs(const char *description) +CFArrayRef +createDescDataPairs(const char *description) { - int numChars = strlen(description); - CFRange nameRange, valueRange; - DescDataRef pData; - CFMutableArrayRef retVal = CFArrayCreateMutable(NULL, 0, NULL); + int numChars = strlen(description); + CFRange nameRange, valueRange; + DescDataRef pData; + CFMutableArrayRef retVal = CFArrayCreateMutable(NULL, 0, NULL); - int i = 0; + int i = 0; - nameRange = CFRangeMake(0, 0); - valueRange = CFRangeMake(0, 0); - bool bInValue = false; + nameRange = CFRangeMake(0, 0); + valueRange = CFRangeMake(0, 0); + bool bInValue = false; - while(i < numChars) + while (i < numChars) { - if (!bInValue && (description[i] != ':')) + if (!bInValue && (description[i] != ':')) { - nameRange.length++; + nameRange.length++; } - else if (bInValue && (description[i] != ':')) + else if (bInValue && (description[i] != ':')) { - valueRange.length++; + valueRange.length++; } - else if(!bInValue) + else if (!bInValue) { - bInValue = true; - valueRange.location = i + 1; - valueRange.length = 0; + bInValue = true; + valueRange.location = i + 1; + valueRange.length = 0; } - else //(bInValue) + else /*(bInValue) */ { - bInValue = false; - while(description[i] != ' ') + bInValue = false; + while (description[i] != ' ') { - valueRange.length--; - i--; + valueRange.length--; + i--; } - pData = createDescData(description, nameRange, valueRange); - CFArrayAppendValue(retVal, pData); + pData = createDescData(description, nameRange, valueRange); + CFArrayAppendValue(retVal, pData); - nameRange.location = i + 1; - nameRange.length = 0; + nameRange.location = i + 1; + nameRange.length = 0; } - i++; + i++; } - pData = createDescData(description, nameRange, valueRange); - CFArrayAppendValue(retVal, pData); - return retVal; + pData = createDescData(description, nameRange, valueRange); + CFArrayAppendValue(retVal, pData); + return retVal; } -void arrayDestroyDescData(const void *val, void *context) +void +arrayDestroyDescData(const void *val, void *context) { - DescDataRef pData = (DescDataRef) val; - destroyDescData(pData); + DescDataRef pData = (DescDataRef) val; + destroyDescData(pData); } -int parseNameComponent(CFStringRef dn, CFStringRef *pName, CFStringRef *pValue) +int +parseNameComponent(CFStringRef dn, CFStringRef *pName, CFStringRef *pValue) { - CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, dn, kCertNameEquals); + CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, dn, kCertNameEquals); - *pName = *pValue = NULL; + *pName = *pValue = NULL; - if (CFArrayGetCount(nameStrings) != 2) - return 0; + if (CFArrayGetCount(nameStrings) != 2) + { + return 0; + } - CFMutableStringRef str; + CFMutableStringRef str; - str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 0)); - CFStringTrimWhitespace(str); - *pName = str; + str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 0)); + CFStringTrimWhitespace(str); + *pName = str; - str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 1)); - CFStringTrimWhitespace(str); - *pValue = str; + str = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, 1)); + CFStringTrimWhitespace(str); + *pValue = str; - CFRelease(nameStrings); - return 1; + CFRelease(nameStrings); + return 1; } -int tryAppendSingleCertField(CertNameRef pCertName, CFArrayRef where, CFStringRef key, - CFStringRef name, CFStringRef value) +int +tryAppendSingleCertField(CertNameRef pCertName, CFArrayRef where, CFStringRef key, + CFStringRef name, CFStringRef value) { - if (CFStringCompareWithOptions(name, key, CFRangeMake(0, CFStringGetLength(name)), kCFCompareCaseInsensitive) - == kCFCompareEqualTo) { - CFArrayAppendValue((CFMutableArrayRef)where, value); - return 1; - } - return 0; + if (CFStringCompareWithOptions(name, key, CFRangeMake(0, CFStringGetLength(name)), kCFCompareCaseInsensitive) + == kCFCompareEqualTo) + { + CFArrayAppendValue((CFMutableArrayRef)where, value); + return 1; + } + return 0; } -int appendCertField(CertNameRef pCert, CFStringRef name, CFStringRef value) +int +appendCertField(CertNameRef pCert, CFStringRef name, CFStringRef value) { - struct { - CFArrayRef field; - CFStringRef key; - } fields[] = { - { pCert->organization, kCertNameOrganization}, - { pCert->organizationalUnit, kCertNameOrganizationalUnit}, - { pCert->countryName, kCertNameCountry}, - { pCert->localityName, kCertNameLocality}, - { pCert->stateName, kCertNameState}, - { pCert->commonName, kCertNameCommonName}, - { pCert->emailAddress, kCertNameEmail}, - }; - int i; - int ret = 0; - - for (i=0; i<sizeof(fields)/sizeof(fields[0]); i++) - ret += tryAppendSingleCertField(pCert, fields[i].field, fields[i].key, name, value); - return ret; + struct { + CFArrayRef field; + CFStringRef key; + } fields[] = { + { pCert->organization, kCertNameOrganization}, + { pCert->organizationalUnit, kCertNameOrganizationalUnit}, + { pCert->countryName, kCertNameCountry}, + { pCert->localityName, kCertNameLocality}, + { pCert->stateName, kCertNameState}, + { pCert->commonName, kCertNameCommonName}, + { pCert->emailAddress, kCertNameEmail}, + }; + int i; + int ret = 0; + + for (i = 0; i<sizeof(fields)/sizeof(fields[0]); i++) + ret += tryAppendSingleCertField(pCert, fields[i].field, fields[i].key, name, value); + return ret; } -int parseCertName(CFStringRef nameDesc, CFMutableArrayRef names) +int +parseCertName(CFStringRef nameDesc, CFMutableArrayRef names) { - CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, nameDesc, kCertNameFwdSlash); - int count = CFArrayGetCount(nameStrings); - int i; - int ret = 1; + CFArrayRef nameStrings = CFStringCreateArrayBySeparatingStrings(NULL, nameDesc, kCertNameFwdSlash); + int count = CFArrayGetCount(nameStrings); + int i; + int ret = 1; - CertNameRef pCertName = createCertName(); + CertNameRef pCertName = createCertName(); - for(i = 0;i < count;i++) + for (i = 0; i < count; i++) { - CFMutableStringRef dn = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, i)); - CFStringTrimWhitespace(dn); + CFMutableStringRef dn = CFStringCreateMutableCopy(NULL, 0, CFArrayGetValueAtIndex(nameStrings, i)); + CFStringTrimWhitespace(dn); - CFStringRef name, value; + CFStringRef name, value; - if (!parseNameComponent(dn, &name, &value)) - ret = 0; + if (!parseNameComponent(dn, &name, &value)) + { + ret = 0; + } - if (!name || !value) + if (!name || !value) { - if (name) - CFRelease(name); + if (name) + { + CFRelease(name); + } - if (value) - CFRelease(value); - if (name && !value) - ret = 0; + if (value) + { + CFRelease(value); + } + if (name && !value) + { + ret = 0; + } - CFRelease(dn); - continue; + CFRelease(dn); + continue; } - if (!appendCertField(pCertName, name, value)) - ret = 0; - CFRelease(name); - CFRelease(value); - CFRelease(dn); + if (!appendCertField(pCertName, name, value)) + { + ret = 0; + } + CFRelease(name); + CFRelease(value); + CFRelease(dn); } - CFArrayAppendValue(names, pCertName); - CFRelease(nameStrings); - return ret; + CFArrayAppendValue(names, pCertName); + CFRelease(nameStrings); + return ret; } -int arrayParseDescDataPair(const void *val, void *context) +int +arrayParseDescDataPair(const void *val, void *context) { - DescDataRef pDescData = (DescDataRef)val; - CertDataRef pCertData = (CertDataRef)context; - int ret = 1; + DescDataRef pDescData = (DescDataRef)val; + CertDataRef pCertData = (CertDataRef)context; + int ret = 1; - if (!pDescData->name || !pDescData->value) - return 0; + if (!pDescData->name || !pDescData->value) + { + return 0; + } - if (CFStringCompareWithOptions(pDescData->name, kCertDataSubjectName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) - ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->subject); - else if (CFStringCompareWithOptions(pDescData->name, kCertDataIssuerName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) - ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->issuer); - else if (CFStringCompareWithOptions(pDescData->name, kCertDataSha1Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) - pCertData->sha1 = CFRetain(pDescData->value); - else if (CFStringCompareWithOptions(pDescData->name, kCertDataMd5Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) - pCertData->md5 = CFRetain(pDescData->value); - else if (CFStringCompareWithOptions(pDescData->name, kCertDataSerialName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) - pCertData->serial = CFRetain(pDescData->value); - else - return 0; + if (CFStringCompareWithOptions(pDescData->name, kCertDataSubjectName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) + { + ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->subject); + } + else if (CFStringCompareWithOptions(pDescData->name, kCertDataIssuerName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) + { + ret = parseCertName(pDescData->value, (CFMutableArrayRef)pCertData->issuer); + } + else if (CFStringCompareWithOptions(pDescData->name, kCertDataSha1Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) + { + pCertData->sha1 = CFRetain(pDescData->value); + } + else if (CFStringCompareWithOptions(pDescData->name, kCertDataMd5Name, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) + { + pCertData->md5 = CFRetain(pDescData->value); + } + else if (CFStringCompareWithOptions(pDescData->name, kCertDataSerialName, CFRangeMake(0, CFStringGetLength(pDescData->name)), kCFCompareCaseInsensitive) == kCFCompareEqualTo) + { + pCertData->serial = CFRetain(pDescData->value); + } + else + { + return 0; + } - return ret; + return ret; } -CertDataRef createCertDataFromString(const char *description) +CertDataRef +createCertDataFromString(const char *description) { - CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData)); - pCertData->subject = CFArrayCreateMutable(NULL, 0, NULL); - pCertData->issuer = CFArrayCreateMutable(NULL, 0, NULL); - pCertData->sha1 = NULL; - pCertData->md5 = NULL; - pCertData->serial = NULL; - - CFArrayRef pairs = createDescDataPairs(description); - for (int i=0; i<CFArrayGetCount(pairs); i++) - if (!arrayParseDescDataPair(CFArrayGetValueAtIndex(pairs, i), pCertData)) { - arrayDestroyDescData(pCertData, NULL); - CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL); - CFRelease(pairs); - return 0; - } - - CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL); - CFRelease(pairs); - return pCertData; + CertDataRef pCertData = (CertDataRef)malloc(sizeof(CertData)); + pCertData->subject = CFArrayCreateMutable(NULL, 0, NULL); + pCertData->issuer = CFArrayCreateMutable(NULL, 0, NULL); + pCertData->sha1 = NULL; + pCertData->md5 = NULL; + pCertData->serial = NULL; + + CFArrayRef pairs = createDescDataPairs(description); + for (int i = 0; i<CFArrayGetCount(pairs); i++) + if (!arrayParseDescDataPair(CFArrayGetValueAtIndex(pairs, i), pCertData)) + { + arrayDestroyDescData(pCertData, NULL); + CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL); + CFRelease(pairs); + return 0; + } + + CFArrayApplyFunction(pairs, CFRangeMake(0, CFArrayGetCount(pairs)), arrayDestroyDescData, NULL); + CFRelease(pairs); + return pCertData; } -void arrayDestroyCertName(const void *val, void *context) +void +arrayDestroyCertName(const void *val, void *context) { - CertNameRef pCertName = (CertNameRef)val; - destroyCertName(pCertName); + CertNameRef pCertName = (CertNameRef)val; + destroyCertName(pCertName); } -void destroyCertData(CertDataRef pCertData) +void +destroyCertData(CertDataRef pCertData) { - if (pCertData->subject) + if (pCertData->subject) { - CFArrayApplyFunction(pCertData->subject, CFRangeMake(0, CFArrayGetCount(pCertData->subject)), arrayDestroyCertName, NULL); - CFRelease(pCertData->subject); + CFArrayApplyFunction(pCertData->subject, CFRangeMake(0, CFArrayGetCount(pCertData->subject)), arrayDestroyCertName, NULL); + CFRelease(pCertData->subject); } - if (pCertData->issuer) + if (pCertData->issuer) { - CFArrayApplyFunction(pCertData->issuer, CFRangeMake(0, CFArrayGetCount(pCertData->issuer)), arrayDestroyCertName, NULL); - CFRelease(pCertData->issuer); + CFArrayApplyFunction(pCertData->issuer, CFRangeMake(0, CFArrayGetCount(pCertData->issuer)), arrayDestroyCertName, NULL); + CFRelease(pCertData->issuer); } - if (pCertData->sha1) - CFRelease(pCertData->sha1); + if (pCertData->sha1) + { + CFRelease(pCertData->sha1); + } - if (pCertData->md5) - CFRelease(pCertData->md5); + if (pCertData->md5) + { + CFRelease(pCertData->md5); + } - if (pCertData->serial) - CFRelease(pCertData->serial); + if (pCertData->serial) + { + CFRelease(pCertData->serial); + } - free(pCertData); + free(pCertData); } -bool stringArrayMatchesTemplate(CFArrayRef strings, CFArrayRef templateArray) +bool +stringArrayMatchesTemplate(CFArrayRef strings, CFArrayRef templateArray) { - int templateCount, stringCount, i; + int templateCount, stringCount, i; - templateCount = CFArrayGetCount(templateArray); + templateCount = CFArrayGetCount(templateArray); - if (templateCount > 0) + if (templateCount > 0) { - stringCount = CFArrayGetCount(strings); - if (stringCount != templateCount) - return false; + stringCount = CFArrayGetCount(strings); + if (stringCount != templateCount) + { + return false; + } - for(i = 0;i < stringCount;i++) + for (i = 0; i < stringCount; i++) { - CFStringRef str, template; + CFStringRef str, template; - template = (CFStringRef)CFArrayGetValueAtIndex(templateArray, i); - str = (CFStringRef)CFArrayGetValueAtIndex(strings, i); + template = (CFStringRef)CFArrayGetValueAtIndex(templateArray, i); + str = (CFStringRef)CFArrayGetValueAtIndex(strings, i); - if (CFStringCompareWithOptions(template, str, CFRangeMake(0, CFStringGetLength(template)), kCFCompareCaseInsensitive) != kCFCompareEqualTo) - return false; + if (CFStringCompareWithOptions(template, str, CFRangeMake(0, CFStringGetLength(template)), kCFCompareCaseInsensitive) != kCFCompareEqualTo) + { + return false; + } } } - return true; + return true; } -bool certNameMatchesTemplate(CertNameRef pCertName, CertNameRef pTemplate) +bool +certNameMatchesTemplate(CertNameRef pCertName, CertNameRef pTemplate) { - if (!stringArrayMatchesTemplate(pCertName->countryName, pTemplate->countryName)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->organization, pTemplate->organization)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->organizationalUnit, pTemplate->organizationalUnit)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->commonName, pTemplate->commonName)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->emailAddress, pTemplate->emailAddress)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->stateName, pTemplate->stateName)) - return false; - else if (!stringArrayMatchesTemplate(pCertName->localityName, pTemplate->localityName)) - return false; - else - return true; + if (!stringArrayMatchesTemplate(pCertName->countryName, pTemplate->countryName)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->organization, pTemplate->organization)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->organizationalUnit, pTemplate->organizationalUnit)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->commonName, pTemplate->commonName)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->emailAddress, pTemplate->emailAddress)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->stateName, pTemplate->stateName)) + { + return false; + } + else if (!stringArrayMatchesTemplate(pCertName->localityName, pTemplate->localityName)) + { + return false; + } + else + { + return true; + } } -bool certNameArrayMatchesTemplate(CFArrayRef certNameArray, CFArrayRef templateArray) +bool +certNameArrayMatchesTemplate(CFArrayRef certNameArray, CFArrayRef templateArray) { - int templateCount, certCount, i; + int templateCount, certCount, i; - templateCount = CFArrayGetCount(templateArray); + templateCount = CFArrayGetCount(templateArray); - if (templateCount > 0) + if (templateCount > 0) { - certCount = CFArrayGetCount(certNameArray); - if (certCount != templateCount) - return false; + certCount = CFArrayGetCount(certNameArray); + if (certCount != templateCount) + { + return false; + } - for(i = 0;i < certCount;i++) + for (i = 0; i < certCount; i++) { - CertNameRef pName, pTemplateName; + CertNameRef pName, pTemplateName; - pTemplateName = (CertNameRef)CFArrayGetValueAtIndex(templateArray, i); - pName = (CertNameRef)CFArrayGetValueAtIndex(certNameArray, i); + pTemplateName = (CertNameRef)CFArrayGetValueAtIndex(templateArray, i); + pName = (CertNameRef)CFArrayGetValueAtIndex(certNameArray, i); - if (!certNameMatchesTemplate(pName, pTemplateName)) - return false; + if (!certNameMatchesTemplate(pName, pTemplateName)) + { + return false; + } } } - return true; + return true; } -bool hexStringMatchesTemplate(CFStringRef str, CFStringRef template) +bool +hexStringMatchesTemplate(CFStringRef str, CFStringRef template) { - if (template) + if (template) { - if (!str) - return false; + if (!str) + { + return false; + } - CFMutableStringRef strMutable, templateMutable; + CFMutableStringRef strMutable, templateMutable; - strMutable = CFStringCreateMutableCopy(NULL, 0, str); - templateMutable = CFStringCreateMutableCopy(NULL, 0, template); + strMutable = CFStringCreateMutableCopy(NULL, 0, str); + templateMutable = CFStringCreateMutableCopy(NULL, 0, template); - CFStringFindAndReplace(strMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(strMutable)), 0); - CFStringFindAndReplace(templateMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(templateMutable)), 0); + CFStringFindAndReplace(strMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(strMutable)), 0); + CFStringFindAndReplace(templateMutable, kStringSpace, kStringEmpty, CFRangeMake(0, CFStringGetLength(templateMutable)), 0); - CFComparisonResult result = CFStringCompareWithOptions(templateMutable, strMutable, CFRangeMake(0, CFStringGetLength(templateMutable)), kCFCompareCaseInsensitive); + CFComparisonResult result = CFStringCompareWithOptions(templateMutable, strMutable, CFRangeMake(0, CFStringGetLength(templateMutable)), kCFCompareCaseInsensitive); - CFRelease(strMutable); - CFRelease(templateMutable); + CFRelease(strMutable); + CFRelease(templateMutable); - if (result != kCFCompareEqualTo) - return false; + if (result != kCFCompareEqualTo) + { + return false; + } } - return true; + return true; } -bool certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate) +bool +certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate) { - if (!certNameArrayMatchesTemplate(pCertData->subject, pTemplate->subject)) - return false; + if (!certNameArrayMatchesTemplate(pCertData->subject, pTemplate->subject)) + { + return false; + } - if (!certNameArrayMatchesTemplate(pCertData->issuer, pTemplate->issuer)) - return false; + if (!certNameArrayMatchesTemplate(pCertData->issuer, pTemplate->issuer)) + { + return false; + } - if (!hexStringMatchesTemplate(pCertData->sha1, pTemplate->sha1)) - return false; + if (!hexStringMatchesTemplate(pCertData->sha1, pTemplate->sha1)) + { + return false; + } - if (!hexStringMatchesTemplate(pCertData->md5, pTemplate->md5)) - return false; + if (!hexStringMatchesTemplate(pCertData->md5, pTemplate->md5)) + { + return false; + } - if (!hexStringMatchesTemplate(pCertData->serial, pTemplate->serial)) - return false; + if (!hexStringMatchesTemplate(pCertData->serial, pTemplate->serial)) + { + return false; + } - return true; + return true; } -bool certExpired(SecCertificateRef certificate) +bool +certExpired(SecCertificateRef certificate) { - bool result; - CFDateRef notAfter = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotAfter); - CFDateRef notBefore = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore); - CFDateRef now = CFDateCreate(kCFAllocatorDefault, CFAbsoluteTimeGetCurrent()); + bool result; + CFDateRef notAfter = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotAfter); + CFDateRef notBefore = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore); + CFDateRef now = CFDateCreate(kCFAllocatorDefault, CFAbsoluteTimeGetCurrent()); - if (!notAfter || !notBefore || !now) + if (!notAfter || !notBefore || !now) { - warnx("GetDateFieldFromCertificate() returned NULL"); - result = true; + warnx("GetDateFieldFromCertificate() returned NULL"); + result = true; } - else + else { - if (CFDateCompare(notBefore, now, NULL) != kCFCompareLessThan || - CFDateCompare(now, notAfter, NULL) != kCFCompareLessThan) - result = true; - else - result = false; + if (CFDateCompare(notBefore, now, NULL) != kCFCompareLessThan + || CFDateCompare(now, notAfter, NULL) != kCFCompareLessThan) + { + result = true; + } + else + { + result = false; + } } - CFRelease(notAfter); - CFRelease(notBefore); - CFRelease(now); - return result; + CFRelease(notAfter); + CFRelease(notBefore); + CFRelease(now); + return result; } -SecIdentityRef findIdentity(CertDataRef pCertDataTemplate) +SecIdentityRef +findIdentity(CertDataRef pCertDataTemplate) { - const void *keys[] = { - kSecClass, - kSecReturnRef, - kSecMatchLimit - }; - const void *values[] = { - kSecClassIdentity, - kCFBooleanTrue, - kSecMatchLimitAll - }; - CFArrayRef result = NULL; - - CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, - sizeof(keys) / sizeof(*keys), - &kCFTypeDictionaryKeyCallBacks, - &kCFTypeDictionaryValueCallBacks); - OSStatus status = SecItemCopyMatching(query, (CFTypeRef*)&result); - CFRelease(query); - if (status != noErr) - { - warnx ("No identities in keychain found"); - return NULL; - } - - SecIdentityRef bestIdentity = NULL; - CFDateRef bestNotBeforeDate = NULL; - - for (int i=0; i<CFArrayGetCount(result); i++) - { - SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(result, i); - if (identity == NULL) + const void *keys[] = { + kSecClass, + kSecReturnRef, + kSecMatchLimit + }; + const void *values[] = { + kSecClassIdentity, + kCFBooleanTrue, + kSecMatchLimitAll + }; + CFArrayRef result = NULL; + + CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, + sizeof(keys) / sizeof(*keys), + &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + OSStatus status = SecItemCopyMatching(query, (CFTypeRef *)&result); + CFRelease(query); + if (status != noErr) + { + warnx("No identities in keychain found"); + return NULL; + } + + SecIdentityRef bestIdentity = NULL; + CFDateRef bestNotBeforeDate = NULL; + + for (int i = 0; i<CFArrayGetCount(result); i++) + { + SecIdentityRef identity = (SecIdentityRef)CFArrayGetValueAtIndex(result, i); + if (identity == NULL) { - warnx ("identity == NULL"); - continue; + warnx("identity == NULL"); + continue; } - SecCertificateRef certificate = NULL; - SecIdentityCopyCertificate (identity, &certificate); - if (certificate == NULL) + SecCertificateRef certificate = NULL; + SecIdentityCopyCertificate(identity, &certificate); + if (certificate == NULL) { - warnx ("SecIdentityCopyCertificate() returned NULL"); - continue; + warnx("SecIdentityCopyCertificate() returned NULL"); + continue; } - CertDataRef pCertData2 = createCertDataFromCertificate(certificate); - if (pCertData2 == NULL) + CertDataRef pCertData2 = createCertDataFromCertificate(certificate); + if (pCertData2 == NULL) { - warnx ("createCertDataFromCertificate() returned NULL"); - goto release_cert; + warnx("createCertDataFromCertificate() returned NULL"); + goto release_cert; } - bool bMatches = certDataMatchesTemplate(pCertData2, pCertDataTemplate); - bool bExpired = certExpired(certificate); - destroyCertData(pCertData2); + bool bMatches = certDataMatchesTemplate(pCertData2, pCertDataTemplate); + bool bExpired = certExpired(certificate); + destroyCertData(pCertData2); - if (bMatches && !bExpired) + if (bMatches && !bExpired) { - CFDateRef notBeforeDate = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore); - if (!notBeforeDate) + CFDateRef notBeforeDate = GetDateFieldFromCertificate(certificate, kSecOIDX509V1ValidityNotBefore); + if (!notBeforeDate) { - warnx ("GetDateFieldFromCertificate() returned NULL"); - goto release_cert; + warnx("GetDateFieldFromCertificate() returned NULL"); + goto release_cert; } - if (bestIdentity == NULL) + if (bestIdentity == NULL) { - CFRetain(identity); - bestIdentity = identity; + CFRetain(identity); + bestIdentity = identity; - bestNotBeforeDate = notBeforeDate; - CFRetain(notBeforeDate); + bestNotBeforeDate = notBeforeDate; + CFRetain(notBeforeDate); } - else if (CFDateCompare(bestNotBeforeDate, notBeforeDate, NULL) == kCFCompareLessThan) + else if (CFDateCompare(bestNotBeforeDate, notBeforeDate, NULL) == kCFCompareLessThan) { - CFRelease(bestIdentity); - CFRetain(identity); - bestIdentity = identity; + CFRelease(bestIdentity); + CFRetain(identity); + bestIdentity = identity; - bestNotBeforeDate = notBeforeDate; - CFRetain(notBeforeDate); + bestNotBeforeDate = notBeforeDate; + CFRetain(notBeforeDate); } - CFRelease(notBeforeDate); + CFRelease(notBeforeDate); } - release_cert: - CFRelease(certificate); +release_cert: + CFRelease(certificate); } - CFRelease(result); + CFRelease(result); - return bestIdentity; + return bestIdentity; } diff --git a/contrib/keychain-mcd/cert_data.h b/contrib/keychain-mcd/cert_data.h index 407cca1..c5f83c0 100644 --- a/contrib/keychain-mcd/cert_data.h +++ b/contrib/keychain-mcd/cert_data.h @@ -30,17 +30,22 @@ typedef struct _CertData { - CFArrayRef subject; - CFArrayRef issuer; - CFStringRef serial; - CFStringRef md5, sha1; + CFArrayRef subject; + CFArrayRef issuer; + CFStringRef serial; + CFStringRef md5, sha1; } CertData, *CertDataRef; CertDataRef createCertDataFromCertificate(SecCertificateRef certificate); + CertDataRef createCertDataFromString(const char *description); + void destroyCertData(CertDataRef pCertData); + bool certDataMatchesTemplate(CertDataRef pCertData, CertDataRef pTemplate); + void printCertData(CertDataRef pCertData); + SecIdentityRef findIdentity(CertDataRef pCertDataTemplate); -#endif +#endif /* ifndef __cert_data_h__ */ diff --git a/contrib/keychain-mcd/common_osx.c b/contrib/keychain-mcd/common_osx.c index 3effa8b..0f7c4ae 100644 --- a/contrib/keychain-mcd/common_osx.c +++ b/contrib/keychain-mcd/common_osx.c @@ -24,71 +24,78 @@ */ /* -#include "config.h" -#include "syshead.h" -#include "common.h" -#include "buffer.h" -#include "error.h" -*/ + #include "config.h" + #include "syshead.h" + #include "common.h" + #include "buffer.h" + #include "error.h" + */ #include "common_osx.h" #include <err.h> -void printCFString(CFStringRef str) +void +printCFString(CFStringRef str) { - CFIndex bufferLength = CFStringGetLength(str) + 1; - char *pBuffer = (char*)malloc(sizeof(char) * bufferLength); - CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8); - warnx("%s\n", pBuffer); - free(pBuffer); + CFIndex bufferLength = CFStringGetLength(str) + 1; + char *pBuffer = (char *)malloc(sizeof(char) * bufferLength); + CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8); + warnx("%s\n", pBuffer); + free(pBuffer); } -char* cfstringToCstr(CFStringRef str) +char * +cfstringToCstr(CFStringRef str) { - CFIndex bufferLength = CFStringGetLength(str) + 1; - char *pBuffer = (char*)malloc(sizeof(char) * bufferLength); - CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8); - return pBuffer; + CFIndex bufferLength = CFStringGetLength(str) + 1; + char *pBuffer = (char *)malloc(sizeof(char) * bufferLength); + CFStringGetCString(str, pBuffer, bufferLength, kCFStringEncodingUTF8); + return pBuffer; } -void appendHexChar(CFMutableStringRef str, unsigned char halfByte) +void +appendHexChar(CFMutableStringRef str, unsigned char halfByte) { - if (halfByte < 10) + if (halfByte < 10) { - CFStringAppendFormat (str, NULL, CFSTR("%d"), halfByte); + CFStringAppendFormat(str, NULL, CFSTR("%d"), halfByte); } - else + else { - char tmp[2] = {'A'+halfByte-10, 0}; - CFStringAppendCString(str, tmp, kCFStringEncodingUTF8); + char tmp[2] = {'A'+halfByte-10, 0}; + CFStringAppendCString(str, tmp, kCFStringEncodingUTF8); } } -CFStringRef createHexString(unsigned char *pData, int length) +CFStringRef +createHexString(unsigned char *pData, int length) { - unsigned char byte, low, high; - int i; - CFMutableStringRef str = CFStringCreateMutable(NULL, 0); + unsigned char byte, low, high; + int i; + CFMutableStringRef str = CFStringCreateMutable(NULL, 0); - for(i = 0;i < length;i++) + for (i = 0; i < length; i++) { - byte = pData[i]; - low = byte & 0x0F; - high = (byte >> 4); + byte = pData[i]; + low = byte & 0x0F; + high = (byte >> 4); - appendHexChar(str, high); - appendHexChar(str, low); + appendHexChar(str, high); + appendHexChar(str, low); - if (i != (length - 1)) - CFStringAppendCString(str, " ", kCFStringEncodingUTF8); + if (i != (length - 1)) + { + CFStringAppendCString(str, " ", kCFStringEncodingUTF8); + } } - return str; + return str; } -void printHex(unsigned char *pData, int length) +void +printHex(unsigned char *pData, int length) { - CFStringRef hexStr = createHexString(pData, length); - printCFString(hexStr); - CFRelease(hexStr); + CFStringRef hexStr = createHexString(pData, length); + printCFString(hexStr); + CFRelease(hexStr); } diff --git a/contrib/keychain-mcd/common_osx.h b/contrib/keychain-mcd/common_osx.h index 4273548..965d4fa 100644 --- a/contrib/keychain-mcd/common_osx.h +++ b/contrib/keychain-mcd/common_osx.h @@ -29,8 +29,11 @@ #include <CoreFoundation/CoreFoundation.h> void printCFString(CFStringRef str); -char* cfstringToCstr(CFStringRef str); + +char *cfstringToCstr(CFStringRef str); + CFStringRef createHexString(unsigned char *pData, int length); + void printHex(unsigned char *pData, int length); -#endif //__Common_osx_h__ +#endif /*__Common_osx_h__ */ diff --git a/contrib/keychain-mcd/crypto_osx.c b/contrib/keychain-mcd/crypto_osx.c index 87ba09b..092e64f 100644 --- a/contrib/keychain-mcd/crypto_osx.c +++ b/contrib/keychain-mcd/crypto_osx.c @@ -31,45 +31,50 @@ #include "crypto_osx.h" #include <err.h> -void printErrorMsg(const char *func, CFErrorRef error) +void +printErrorMsg(const char *func, CFErrorRef error) { - CFStringRef desc = CFErrorCopyDescription(error); - warnx("%s failed: %s", func, CFStringGetCStringPtr(desc, kCFStringEncodingUTF8)); - CFRelease(desc); + CFStringRef desc = CFErrorCopyDescription(error); + warnx("%s failed: %s", func, CFStringGetCStringPtr(desc, kCFStringEncodingUTF8)); + CFRelease(desc); } -void printErrorStatusMsg(const char *func, OSStatus status) +void +printErrorStatusMsg(const char *func, OSStatus status) { - CFStringRef error; - error = SecCopyErrorMessageString(status, NULL); - if (error) + CFStringRef error; + error = SecCopyErrorMessageString(status, NULL); + if (error) { - warnx("%s failed: %s", func, CFStringGetCStringPtr(error, kCFStringEncodingUTF8)); - CFRelease(error); + warnx("%s failed: %s", func, CFStringGetCStringPtr(error, kCFStringEncodingUTF8)); + CFRelease(error); + } + else + { + warnx("%s failed: %X", func, (int)status); } - else - warnx("%s failed: %X", func, (int)status); } -void signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen) +void +signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen) { - SecKeyRef privateKey = NULL; - OSStatus status; + SecKeyRef privateKey = NULL; + OSStatus status; - status = SecIdentityCopyPrivateKey(identity, &privateKey); - if (status != noErr) + status = SecIdentityCopyPrivateKey(identity, &privateKey); + if (status != noErr) { - printErrorStatusMsg("signData: SecIdentityCopyPrivateKey", status); - *tlen = 0; - return; + printErrorStatusMsg("signData: SecIdentityCopyPrivateKey", status); + *tlen = 0; + return; } - status = SecKeyRawSign(privateKey, kSecPaddingPKCS1, from, flen, to, tlen); - CFRelease(privateKey); - if (status != noErr) + status = SecKeyRawSign(privateKey, kSecPaddingPKCS1, from, flen, to, tlen); + CFRelease(privateKey); + if (status != noErr) { - printErrorStatusMsg("signData: SecKeyRawSign", status); - *tlen = 0; - return; + printErrorStatusMsg("signData: SecKeyRawSign", status); + *tlen = 0; + return; } } diff --git a/contrib/keychain-mcd/crypto_osx.h b/contrib/keychain-mcd/crypto_osx.h index 0da58b6..115ec18 100644 --- a/contrib/keychain-mcd/crypto_osx.h +++ b/contrib/keychain-mcd/crypto_osx.h @@ -29,16 +29,17 @@ #include <CoreFoundation/CoreFoundation.h> #include <Security/Security.h> -extern OSStatus SecKeyRawSign ( - SecKeyRef key, - SecPadding padding, - const uint8_t *dataToSign, - size_t dataToSignLen, - uint8_t *sig, - size_t *sigLen -); +extern OSStatus SecKeyRawSign( + SecKeyRef key, + SecPadding padding, + const uint8_t *dataToSign, + size_t dataToSignLen, + uint8_t *sig, + size_t *sigLen + ); void signData(SecIdentityRef identity, const uint8_t *from, int flen, uint8_t *to, size_t *tlen); + void printErrorMsg(const char *func, CFErrorRef error); -#endif //__crypto_osx_h__ +#endif /*__crypto_osx_h__ */ diff --git a/contrib/keychain-mcd/main.c b/contrib/keychain-mcd/main.c index 2263b7d..7d8fc83 100644 --- a/contrib/keychain-mcd/main.c +++ b/contrib/keychain-mcd/main.c @@ -38,36 +38,44 @@ #include "../../src/openvpn/base64.h" -SecIdentityRef template_to_identity(const char *template) +SecIdentityRef +template_to_identity(const char *template) { SecIdentityRef identity; CertDataRef pCertDataTemplate = createCertDataFromString(template); if (pCertDataTemplate == NULL) + { errx(1, "Bad certificate template"); + } identity = findIdentity(pCertDataTemplate); if (identity == NULL) + { errx(1, "No such identify"); + } fprintf(stderr, "Identity found\n"); destroyCertData(pCertDataTemplate); return identity; } -int connect_to_management_server(const char *ip, const char *port) +int +connect_to_management_server(const char *ip, const char *port) { int fd; struct sockaddr_un addr_un; struct sockaddr *addr; size_t addr_len; - if (strcmp(port, "unix") == 0) { - addr = (struct sockaddr*)&addr_un; + if (strcmp(port, "unix") == 0) + { + addr = (struct sockaddr *)&addr_un; addr_len = sizeof(addr_un); addr_un.sun_family = AF_UNIX; strncpy(addr_un.sun_path, ip, sizeof(addr_un.sun_path)); fd = socket(AF_UNIX, SOCK_STREAM, 0); } - else { + else + { int rv; struct addrinfo *result; struct addrinfo hints; @@ -78,9 +86,13 @@ int connect_to_management_server(const char *ip, const char *port) rv = getaddrinfo(ip, port, &hints, &result); if (rv < 0) + { errx(1, "getaddrinfo: %s", gai_strerror(rv)); + } if (result == NULL) + { errx(1, "getaddrinfo returned 0 addressed"); + } /* Use the first found address */ fd = socket(result->ai_family, result->ai_socktype, result->ai_protocol); @@ -88,20 +100,26 @@ int connect_to_management_server(const char *ip, const char *port) addr_len = result->ai_addrlen; } if (fd < 0) + { err(1, "socket"); + } if (connect(fd, addr, addr_len) < 0) + { err(1, "connect"); + } return fd; } -int is_prefix(const char *s, const char *prefix) +int +is_prefix(const char *s, const char *prefix) { return strncmp(s, prefix, strlen(prefix)) == 0; } -void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input) +void +handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input) { const char *input_b64 = strchr(input, ':') + 1; char *input_binary; @@ -114,13 +132,17 @@ void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input) input_binary = malloc(input_len); input_len = openvpn_base64_decode(input_b64, input_binary, input_len); if (input_len < 0) + { errx(1, "openvpn_base64_decode: overflow"); + } output_len = 1024; output_binary = malloc(output_len); signData(identity, (const uint8_t *)input_binary, input_len, (uint8_t *)output_binary, &output_len); if (output_len == 0) + { errx(1, "handle_rsasign: failed to sign data"); + } openvpn_base64_encode(output_binary, output_len, &output_b64); fprintf(man_file, "rsa-sig\n%s\nEND\n", output_b64); @@ -131,7 +153,8 @@ void handle_rsasign(FILE *man_file, SecIdentityRef identity, const char *input) fprintf(stderr, "Handled RSA_SIGN command\n"); } -void handle_needcertificate(FILE *man_file, SecIdentityRef identity) +void +handle_needcertificate(FILE *man_file, SecIdentityRef identity) { OSStatus status; SecCertificateRef certificate = NULL; @@ -141,14 +164,17 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity) char *result_b64, *tmp_b64; status = SecIdentityCopyCertificate(identity, &certificate); - if (status != noErr) { + if (status != noErr) + { const char *msg = GetMacOSStatusErrorString(status); err(1, "SecIdentityCopyCertificate() failed: %s", msg); } data = SecCertificateCopyData(certificate); if (data == NULL) + { err(1, "SecCertificateCopyData() returned NULL"); + } cert = CFDataGetBytePtr(data); cert_len = CFDataGetLength(data); @@ -162,11 +188,13 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity) fprintf(man_file, "-----BEGIN CERTIFICATE-----\n"); tmp_b64 = result_b64; while (strlen(tmp_b64) > 64) { - fprintf(man_file, "%.64s\n", tmp_b64); - tmp_b64 += 64; + fprintf(man_file, "%.64s\n", tmp_b64); + tmp_b64 += 64; } if (*tmp_b64) - fprintf(man_file, "%s\n", tmp_b64); + { + fprintf(man_file, "%s\n", tmp_b64); + } fprintf(man_file, "-----END CERTIFICATE-----\n"); fprintf(man_file, "END\n"); @@ -177,62 +205,87 @@ void handle_needcertificate(FILE *man_file, SecIdentityRef identity) fprintf(stderr, "Handled NEED 'cert' command\n"); } -void management_loop(SecIdentityRef identity, int man_fd, const char *password) +void +management_loop(SecIdentityRef identity, int man_fd, const char *password) { char *buffer = NULL; size_t buffer_len = 0; FILE *man = fdopen(man_fd, "w+"); if (man == 0) + { err(1, "fdopen"); + } if (password) + { fprintf(man, "%s\n", password); + } while (1) { if (getline(&buffer, &buffer_len, man) < 0) + { err(1, "getline"); + } #if 0 fprintf(stderr, "M: %s", buffer); #endif if (is_prefix(buffer, ">RSA_SIGN:")) + { handle_rsasign(man, identity, buffer); - if (is_prefix(buffer, ">NEED-CERTIFICATE")) { - if (!identity) { + } + if (is_prefix(buffer, ">NEED-CERTIFICATE")) + { + if (!identity) + { const char prefix[] = ">NEED-CERTIFICATE:macosx-keychain:"; if (!is_prefix(buffer, prefix)) - errx(1, "No identity template is passed via command line and " \ - "NEED-CERTIFICATE management interface command " \ - "misses 'macosx-keychain' prefix."); + { + errx(1, "No identity template is passed via command line and " \ + "NEED-CERTIFICATE management interface command " \ + "misses 'macosx-keychain' prefix."); + } identity = template_to_identity(buffer+strlen(prefix)); } handle_needcertificate(man, identity); } if (is_prefix(buffer, ">FATAL")) + { fprintf(stderr, "Fatal message from OpenVPN: %s\n", buffer+7); + } if (is_prefix(buffer, ">INFO")) + { fprintf(stderr, "INFO message from OpenVPN: %s\n", buffer+6); + } } } -char *read_password(const char *fname) +char * +read_password(const char *fname) { char *password = NULL; FILE *pwf = fopen(fname, "r"); size_t n = 0; if (pwf == NULL) + { errx(1, "fopen(%s) failed", fname); + } if (getline(&password, &n, pwf) < 0) + { err(1, "getline"); + } fclose(pwf); return password; } -int main(int argc, char* argv[]) +int +main(int argc, char *argv[]) { if (argc < 4) + { err(1, "usage: %s <identity_template> <management_ip> <management_port> [<pw-file>]", argv[0]); + } char *identity_template = argv[1]; char *s_ip = argv[2]; @@ -240,14 +293,17 @@ int main(int argc, char* argv[]) char *password = NULL; int man_fd; - if (argc > 4) { + if (argc > 4) + { char *s_pw_file = argv[4]; password = read_password(s_pw_file); } SecIdentityRef identity = NULL; if (strcmp(identity_template, "auto")) + { identity = template_to_identity(identity_template); + } man_fd = connect_to_management_server(s_ip, s_port); fprintf(stderr, "Successfully connected to openvpn\n"); |