diff --git a/src/apple/context.c b/src/apple/context.c index 68121de..2ce9365 100644 --- a/src/apple/context.c +++ b/src/apple/context.c @@ -132,7 +132,7 @@ static int load_key(tlsuv_private_key_t *key_ref, const char *keystr, size_t len keylen = len; } - CFArrayRef items; + CFArrayRef items = NULL; SecExternalItemType type = kSecItemTypePrivateKey; CFDataRef data = CFDataCreate(kCFAllocatorDefault, key_buf, keylen); @@ -194,13 +194,44 @@ static int load_key(tlsuv_private_key_t *key_ref, const char *keystr, size_t len return rc == 0 ? 0 : -1; } +static int load_cert(tls_cert *cert, const char *certstr, size_t len) { + char *cert_buf = NULL; + size_t cert_len; + if (load_file(certstr, &cert_buf, &cert_len) != 0) { + cert_buf = (char*)certstr; + cert_len = len; + } + + SecExternalItemType type = kSecItemTypeCertificate; + CFDataRef data = CFDataCreate(kCFAllocatorDefault, cert_buf, cert_len); + + CFArrayRef items = NULL; + OSStatus rc = SecItemImport(data, NULL, NULL, &type, 0, NULL, NULL, &items); + + if (cert_buf != certstr) { + free(cert_buf); + } + *cert = items; + return rc == 0 ? 0 : -1; +} + +static int tls_set_own_cert(tls_context *ctx, tlsuv_private_key_t pk, tls_cert cert) { + struct sectransport_ctx *c = (struct sectransport_ctx *) ctx; + struct sectransport_pub_key *key = container_of(pk, struct sectransport_pub_key, api); + + c->key = key->key; + c->cert = cert; + + return 0; +} + static tls_context ctx_api = { .version = tls_lib_version, // .strerror = (const char *(*)(long)) tls_error, .new_engine = new_engine, .free_ctx = tls_free_ctx, // .free_cert = tls_free_cert, -// .set_own_cert = tls_set_own_cert, + .set_own_cert = tls_set_own_cert, // .set_cert_verify = tls_set_cert_verify, // .verify_signature = tls_verify_signature, // .parse_pkcs7_certs = parse_pkcs7_certs, @@ -209,7 +240,7 @@ static tls_context ctx_api = { .load_key = load_key, // .load_pkcs11_key = load_pkcs11_key, // .generate_pkcs11_key = gen_pkcs11_key, -// .load_cert = load_cert, + .load_cert = load_cert, // .generate_csr_to_pem = generate_csr, }; diff --git a/src/apple/context.h b/src/apple/context.h index 4e3188d..0d2c09e 100644 --- a/src/apple/context.h +++ b/src/apple/context.h @@ -12,6 +12,9 @@ struct sectransport_ctx { tls_context api; CFArrayRef ca_bundle; + + SecKeyRef key; + CFArrayRef cert; }; struct sectransport_priv_key { diff --git a/src/apple/engine.c b/src/apple/engine.c index 6a1e3a0..51dc7ad 100644 --- a/src/apple/engine.c +++ b/src/apple/engine.c @@ -76,6 +76,8 @@ tlsuv_engine_t new_engine(tls_context *ctx, const char *hostname) { e->policies = policies; SSLSetSessionOption(e->ssl, kSSLSessionOptionBreakOnServerAuth, true); + SecKeyRef key; + SecKeyCreateSignature(key,) } e->socket = -1; diff --git a/tests/http_tests.cpp b/tests/http_tests.cpp index a3b64b2..2e742d3 100644 --- a/tests/http_tests.cpp +++ b/tests/http_tests.cpp @@ -408,7 +408,7 @@ TEST_CASE("client_cert_test","[http]") { "GTH3fhaM/pZZGdIC75x/69Y=\n" "-----END PRIVATE KEY-----"; tlsuv_private_key_t pk = nullptr; - int rc = tls->load_key(&pk, key, strlen(key) + 1); + int rc = tls->load_key(&pk, key, strlen(key)); REQUIRE(rc == 0); REQUIRE(pk != nullptr); @@ -540,30 +540,6 @@ TEST_CASE("basic_test", "[http]") { tlsuv_set_global_connector(nullptr); } -TEST_CASE("basic_test2", "[http]") { - UvLoopTest test; - - tlsuv_http_t clt; - resp_capture resp(resp_body_cb); - tlsuv_http_init(test.loop, &clt, "https://fd200fd3-a2d9-457f-bc0b-f9b8ee7d2898.production.netfoundry.io"); - auto ca_file = "/Users/eugene/work/temp/nibbler-ca.pem"; - auto tls = default_tls_context(ca_file, strlen(ca_file)); - tlsuv_http_set_ssl(&clt, testServerTLS()); - tlsuv_http_req_t *req = tlsuv_http_req(&clt, "GET", "/", resp_capture_cb, &resp); - - test.run(); - - THEN("request should be fast and then idle for 5 seconds") { - CHECK(resp.code == HTTP_STATUS_OK); - CHECK_THAT(resp.http_version, Equals("1.1")); - CHECK_THAT(resp.status, Equals("OK")); - - CHECK_THAT(resp.headers["Content-Type"], Catch::Matchers::StartsWith("application/json")); - } - - tlsuv_http_close(&clt, nullptr); -} - TEST_CASE("invalid CA", "[http]") { UvLoopTest test;