Security Framework: SecAttrCertificateEncoding is of type CFDataRef, not CFNumberRef.

Originator:Karoly.Lorentey
Number:rdar://13540385 Date Originated:30-Mar-2013 12:43 AM
Status:Open Resolved:
Product:OS X Product Version:10.8.3 (12D78)
Classification:Other Bug Reproducible:Always
 
Summary:
    Certificates attributes with key kSecAttrCertificateEncoding are documented to have values of type CFNumberRef, but they are returned as CFDataRef instead.

Steps to Reproduce:

    Try the code below:

    #import <Foundation/Foundation.h>
    #import <Security/Security.h>

    int main(int argc, char *argv[])
    {
        // Query a random certificate's attributes.
        CFMutableDictionaryRef cfquery = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
    
        CFDictionarySetValue(cfquery, kSecClass, kSecClassCertificate);
        CFDictionarySetValue(cfquery, kSecReturnAttributes, kCFBooleanTrue);
        CFDictionarySetValue(cfquery, kSecMatchLimit, kSecMatchLimitOne);
    
        CFDictionaryRef cfattrs = NULL;
        OSStatus status = SecItemCopyMatching(cfquery, (CFTypeRef *)&cfattrs);
        CFRelease(cfquery);
        if (status) {
            NSError *error = [NSError errorWithDomain:NSOSStatusErrorDomain code:status userInfo:nil];
            NSLog(@"Error querying certificate attributes: %@ (%@)", error.localizedDescription, error);
            abort();
        }
    
        // Get certificate encoding attribute.
        CFTypeRef cfvalue = CFDictionaryGetValue(cfattrs, kSecAttrCertificateEncoding);
        if (cfvalue == NULL) {
            NSLog(@"Certificate without a kSecAttrCertificateEncoding?");
        }
        else if (CFGetTypeID(cfvalue) == CFNumberGetTypeID()) {
            NSLog(@"OK, kSecAttrCertificateEncoding is a CFNumberRef - %@", cfvalue);
        }
        else if (CFGetTypeID(cfvalue) == CFDataGetTypeID()) {
            NSLog(@"FAIL, kSecAttrCertificateEncoding should not be a CFDataRef - %@", cfvalue);
        }
        else {
            NSLog(@"FAIL, unknown type in kSecAttrCertificateEncoding - %@", cfvalue);
        }
        CFRelease(cfattrs);
    
        return 0;
    }


Expected Results:
    kSecAttrCertificateEncoding has an associated value of type CFNumberRef:

            kSecAttrCertificateEncoding
              Certificate encoding attribute key.
              The corresponding value is of type CFNumberRef and denotes the certificate encoding (see the CSSM_CERT_ENCODING enumeration in cssmtype.h). Items of class kSecClassCertificate have this attribute. Read only.
              Available in OS X v10.6 and later.
              Declared in SecItem.h.

Actual Results:
    kSecAttrCertificateEncoding has an associated value of type CFDataRef. The data encodes a 4-byte integer value.

Regression:
    Unknown

Notes:
    -

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!