-
Notifications
You must be signed in to change notification settings - Fork 0
/
registerKDCCertificate.cpp
87 lines (71 loc) · 3.38 KB
/
registerKDCCertificate.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/*
* Copyright (c) 2002-2003 Apple Computer, Inc. All Rights Reserved.
*
* The contents of this file constitute Original Code as defined in and are
* subject to the Apple Public Source License Version 1.2 (the 'License').
* You may not use this file except in compliance with the License. Please
* obtain a copy of the License at http://www.apple.com/publicsource and
* read it before using this file.
*
* This Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*/
#include <CoreFoundation/CoreFoundation.h>
#include <CoreFoundation/CFDictionary.h>
#include <Security/Security.h>
#include <Security/SecCertificate.h>
#include <Security/SecItem.h>
#define KC_DB_PATH "Library/Keychains" /* relative to home */
#define SYSTEM_KDC "com.apple.kerberos.kdc"
void printerr(const char* msg, OSStatus err)
{
char buffer[1024];
CFStringRef errmsg = SecCopyErrorMessageString(err, NULL);
CFStringGetCString(errmsg, buffer, 1024, kCFStringEncodingUTF8);
printf("%s:\n\t%s\n", msg, buffer);
}
void printcfs(const char* msg, CFStringRef body)
{
char buffer[1024];
CFStringGetCString(body, buffer, 1024, kCFStringEncodingUTF8);
printf("%s:\n\t%s\n", msg, buffer);
}
int main (int argc, char **argv)
{
OSStatus ortn;
SecKeychainRef kcRef = NULL;
CFStringRef cfDomain = CFStringCreateWithCString(NULL, SYSTEM_KDC, kCFStringEncodingASCII);
const char *sysKcPath = "/Library/Keychains/System.keychain";
ortn = SecKeychainOpen(sysKcPath, &kcRef);
if(ortn) { printerr("Error opening keychain", ortn); exit(1); }
SecCertificateRef certRef = SecCertificateCopyPreferred(cfDomain, NULL);
if (certRef == NULL) {
const void *keys[] = { kSecClass, kSecMatchSubjectContains, kSecReturnRef };
const void *values[] = { kSecClassCertificate, cfDomain, kCFBooleanTrue };
CFDictionaryRef query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, 3, NULL, NULL);
CFTypeRef result = NULL;
ortn = SecItemCopyMatching(query, &result);
CFRelease(query);
if (ortn || (result == NULL)) { printerr("Cannot find certificate!", ortn); exit(1); }
certRef = (SecCertificateRef) result;
}
CFStringRef cn = NULL;
ortn = SecCertificateCopyCommonName(certRef, &cn);
if (ortn) { printerr("Cannot read common name from certificate!", ortn); exit(1); }
printcfs("Found certicate", cn);
printcfs("Description", SecCertificateCopyLongDescription(kCFAllocatorDefault, certRef, NULL));
SecIdentityRef idRef;
ortn = SecIdentityCreateWithCertificate(kcRef, certRef, &idRef);
if (ortn) { printerr("Cannot register Identity (SecIdentityCreateWithCertificate)", ortn); exit(1); }
ortn = SecIdentitySetSystemIdentity(cfDomain, idRef);
CFRelease(idRef);
if (ortn) { printerr("Cannot register Identity (SecIdentitySetSystemIdentity)", ortn); exit(1); }
printf("..identity registered for domain %s.\n", SYSTEM_KDC);
CFRelease(cfDomain);
return 0;
}