-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathtestcert.m
59 lines (45 loc) · 1.66 KB
/
testcert.m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#import <Foundation/Foundation.h>
#import <Security/Security.h>
#import <CoreFoundation/CoreFoundation.h>
bool isCertValid(CFStringRef leafName, SecCertificateRef leafCert) {
bool ret=false;
SecTrustRef trust;
SecTrustResultType res;
// Create the policy so that the leaf cert is verified for leafName.
// If leafName is NULL the function will still work but the workaround
// doesn't work.
SecPolicyRef policy = SecPolicyCreateSSL(true, leafName);
OSStatus status = SecTrustCreateWithCertificates((void *)leafCert, policy, &trust);
if ((status == noErr) &&
(SecTrustEvaluate(trust, &res) == errSecSuccess) &&
((res == kSecTrustResultProceed) || (res == kSecTrustResultUnspecified)))
{ ret = true; }
if (trust) CFRelease(trust);
if (policy) CFRelease(policy);
return ret;
}
int main(int argc, char **argv)
{
int i;
if (argc < 3) {
fprintf(stderr, "usage: %s path/to/file.der severname\n", argv[0]);
exit(1);
}
NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
NSString *thePath=[NSString stringWithUTF8String:argv[1]];
CFStringRef serverName = CFStringCreateWithCString(NULL, argv[2], 0);
CFDataRef certData = (CFDataRef)[[NSData alloc] initWithContentsOfFile:thePath];
SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, certData);
CFStringRef desc = SecCertificateCopySubjectSummary(cert);
if (desc != NULL) {
printf("Certificate Description: %s\n", CFStringGetCStringPtr(desc, 0));
CFRelease(desc);
}
printf("Certificate is ");
if(isCertValid(serverName, cert))
printf("VALID\n");
else
printf("INVALID!!!\n");
[pool release];
return 0;
}