From 1ef660fe7de8ab0e8dfadcd53a19c08bb66cc684 Mon Sep 17 00:00:00 2001 From: Yury Date: Thu, 5 Dec 2024 23:10:03 +0300 Subject: [PATCH] Security.framework example to list valid development team names and ids --- .../am-device-mount-dev-image/main.rs | 2 +- cidre/examples/sec-dev-teams/main.rs | 90 +++++++++++++++++++ cidre/src/cf/array.rs | 7 +- cidre/src/sec/item.rs | 24 ----- 4 files changed, 96 insertions(+), 27 deletions(-) create mode 100644 cidre/examples/sec-dev-teams/main.rs diff --git a/cidre/examples/am-device-mount-dev-image/main.rs b/cidre/examples/am-device-mount-dev-image/main.rs index bc325f4e..21c85b06 100644 --- a/cidre/examples/am-device-mount-dev-image/main.rs +++ b/cidre/examples/am-device-mount-dev-image/main.rs @@ -9,7 +9,7 @@ mod macos { const DEVICE_ID: &str = "00008120-000168A20210C01E"; - extern "C" fn callback(info: &NotificationInfo, _context: *mut c_void) { + extern "C" fn _callback(info: &NotificationInfo, _context: *mut c_void) { match info.safe() { am::device::discovery::SafeInfo::Attached(device) => { let id = device.id().to_string(); diff --git a/cidre/examples/sec-dev-teams/main.rs b/cidre/examples/sec-dev-teams/main.rs new file mode 100644 index 00000000..63b8c43d --- /dev/null +++ b/cidre/examples/sec-dev-teams/main.rs @@ -0,0 +1,90 @@ +#[cfg(target_os = "macos")] +mod macos { + use std::collections::HashMap; + + use cidre::{arc, cf, sec}; + + pub(crate) fn main() { + let now = cf::Date::new(); + let query = cf::DictionaryOf::with_keys_values( + &[ + sec::class_key(), + sec::match_keys::limit(), + sec::match_keys::subject_starts_with(), + sec::match_keys::valid_on_date(), + ], + &[ + sec::class::certificate().as_type_ref(), + sec::match_limit::all(), + cf::str!(c"Apple Development:"), + &now, + ], + ); + let certs = sec::item_matching(&query).unwrap(); + + assert_eq!(certs.get_type_id(), cf::Array::type_id()); + let certs: arc::R> = unsafe { std::mem::transmute(certs) }; + + let mut map = HashMap::new(); + let subject_key = sec::cert_oids::x509_v1_subject_name(); + let org_name_label = sec::cert_oids::organization_name(); + let unit_name_label = sec::cert_oids::organizational_unit_name(); + let prop_value_key = sec::prop_keys::value(); + let prop_label_key = sec::prop_keys::label(); + let keys = cf::ArrayOf::from_slice(&[subject_key]); + for cert in certs.iter() { + let Ok(vals) = cert.values(&keys) else { + continue; + }; + let Some(value) = vals.get(subject_key) else { + continue; + }; + let Some(section) = value.get(prop_value_key) else { + continue; + }; + assert_eq!(section.get_type_id(), cf::Array::type_id()); + + let section: &cf::ArrayOf> = + unsafe { std::mem::transmute(section) }; + + let mut team_id = None; + let mut team_name = None; + for dict in section.iter() { + let Some(label) = dict.get(prop_label_key) else { + continue; + }; + let Some(value) = dict.get(prop_value_key) else { + continue; + }; + if value.get_type_id() != cf::String::type_id() { + continue; + } + + let value: &cf::String = unsafe { std::mem::transmute(value) }; + + if label.equal(org_name_label) { + team_name = Some(value); + } else if label.equal(unit_name_label) { + team_id = Some(value); + } + } + + if let (Some(id), Some(name)) = (team_id, team_name) { + let id = id.to_string(); + let name = name.to_string(); + map.insert(id, name); + } + } + for (id, name) in map { + println!("{name} ({id})"); + } + } +} + +#[cfg(target_os = "macos")] +use macos::main; + +#[cfg(not(target_os = "macos"))] +fn main() { + todo!() +} diff --git a/cidre/src/cf/array.rs b/cidre/src/cf/array.rs index c35348a2..5096b0b5 100644 --- a/cidre/src/cf/array.rs +++ b/cidre/src/cf/array.rs @@ -1,4 +1,7 @@ -use crate::{arc, cf, define_cf_type}; +use crate::{ + arc::{self, Retain}, + cf, define_cf_type, +}; use super::{Allocator, Index, String, Type, TypeId}; use std::{ffi::c_void, intrinsics::transmute, marker::PhantomData}; @@ -182,7 +185,7 @@ where #[repr(transparent)] pub struct ArrayOfMut(ArrayMut, PhantomData); -impl ArrayOfMut { +impl ArrayOfMut { #[inline] pub fn new() -> arc::R> { Self::with_capacity(0) diff --git a/cidre/src/sec/item.rs b/cidre/src/sec/item.rs index d4dabc19..d7fb231b 100644 --- a/cidre/src/sec/item.rs +++ b/cidre/src/sec/item.rs @@ -337,28 +337,4 @@ mod tests { assert!(!vals.is_empty()); } } - - // #[test] - // fn basics_identities() { - // let query = cf::DictionaryOf::with_keys_values( - // &[ - // sec::class_key(), - // sec::match_keys::limit(), - // sec::match_keys::subject_whole_string(), - // ], - // &[ - // sec::class::certificate().as_type_ref(), - // sec::match_limit::all(), - // cf::str!(c"Apple Worldwide Developer Relations Certification Authority"), - // // cf::str!(c"Apple Root CA"), - // ], - // ); - // let ids = sec::item_matching(&query).unwrap(); - // ids.show(); - // assert_eq!(ids.get_type_id(), cf::Array::type_id()); - // // let ids: arc::R> = unsafe { std::mem::transmute(ids) }; - // // for id in ids.iter() { - // // id.show(); - // // } - // } }