From 973a05c0bfc14b5a477ab19d061776f168abbbc4 Mon Sep 17 00:00:00 2001
From: Sebastien Pouliot <sebastien.pouliot@microsoft.com>
Date: Mon, 10 Sep 2018 22:47:01 -0400
Subject: [PATCH] [security] Add new SecCertificateCopyKey and
 SecTrustEvaluateWithError API with unit tests

---
 src/Security/Certificate.cs                      | 15 +++++++++++++++
 src/Security/SecTrust.cs                         | 12 ++++++++++++
 tests/monotouch-test/Security/CertificateTest.cs |  3 +++
 tests/monotouch-test/Security/TrustTest.cs       |  8 ++++++++
 tests/xtro-sharpie/iOS-Security.todo             |  8 --------
 tests/xtro-sharpie/macOS-Security.todo           |  8 --------
 tests/xtro-sharpie/tvOS-Security.todo            |  8 --------
 tests/xtro-sharpie/watchOS-Security.todo         |  8 --------
 8 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/src/Security/Certificate.cs b/src/Security/Certificate.cs
index 6683f92d15b6..56ea0ae1101a 100644
--- a/src/Security/Certificate.cs
+++ b/src/Security/Certificate.cs
@@ -239,6 +239,7 @@ internal static bool Equals (SecCertificate first, SecCertificate second)
 		[DllImport (Constants.SecurityLibrary)]
 		extern static /* CFDictionaryRef */ IntPtr SecCertificateCopyValues (/* SecCertificateRef */ IntPtr certificate, /* CFArrayRef */ IntPtr keys, /* CFErrorRef _Nullable * */ IntPtr error);
 
+		[Deprecated (PlatformName.MacOSX, 10,14, message: "Use 'GetKey' instead.")]
 		public NSData GetPublicKey ()
 		{
 			if (handle == IntPtr.Zero)
@@ -270,12 +271,26 @@ public NSData GetPublicKey ()
 		static extern /* __nullable SecKeyRef */ IntPtr SecCertificateCopyPublicKey (IntPtr /* SecCertificateRef */ certificate);
 
 		[iOS (10,3)]
+		[Deprecated (PlatformName.iOS, 12,0, message: "Use 'GetKey' instead.")]
+		[Deprecated (PlatformName.TvOS, 12,0, message: "Use 'GetKey' instead.")]
+		[Deprecated (PlatformName.WatchOS, 5,0, message: "Use 'GetKey' instead.")]
 		public SecKey GetPublicKey ()
 		{
 			IntPtr data = SecCertificateCopyPublicKey (handle);
 			return (data == IntPtr.Zero) ? null : new SecKey (data, true);
 		}
 #endif
+		[TV (12,0)][Mac (10,14, onlyOn64: true)][iOS (12,0)][Watch (5,0)]
+		[DllImport (Constants.SecurityLibrary)]
+		static extern IntPtr /* SecKeyRef* */ SecCertificateCopyKey (IntPtr /* SecKeyRef* */ key);
+
+		[TV (12,0)][Mac (10,14, onlyOn64: true)][iOS (12,0)][Watch (5,0)]
+		public SecKey GetKey ()
+		{
+			var key = SecCertificateCopyKey (handle);
+			return key == IntPtr.Zero ? null : new SecKey (key, true);
+		}
+
 		[iOS (10,3)] // [Mac (10,5)]
 		[DllImport (Constants.SecurityLibrary)]
 		static extern /* OSStatus */ int SecCertificateCopyCommonName (IntPtr /* SecCertificateRef */ certificate, out IntPtr /* CFStringRef * __nonnull CF_RETURNS_RETAINED */ commonName);
diff --git a/src/Security/SecTrust.cs b/src/Security/SecTrust.cs
index efe65d92ff3c..fba904ca8dff 100644
--- a/src/Security/SecTrust.cs
+++ b/src/Security/SecTrust.cs
@@ -142,6 +142,18 @@ public SecTrustResult GetTrustResult ()
 			return trust_result;
 		}
 
+		[Watch (5,0)][TV (12,0)][Mac (10,14, onlyOn64: true)][iOS (12,0)]
+		[DllImport (Constants.SecurityLibrary)]
+		static extern bool SecTrustEvaluateWithError (/* SecTrustRef */ IntPtr trust, out /* CFErrorRef** */ IntPtr error);
+
+		[Watch (5,0)][TV (12,0)][Mac (10,14, onlyOn64: true)][iOS (12,0)]
+		public bool Evaluate (out NSError error)
+		{
+			var result = SecTrustEvaluateWithError (handle, out var err);
+			error = err == IntPtr.Zero ? null : new NSError (err);
+			return result;
+		}
+
 		[iOS (7,0)][Mac (10,9)]
 		[DllImport (Constants.SecurityLibrary)]
 		extern static IntPtr /* CFDictionaryRef */ SecTrustCopyResult (IntPtr /* SecTrustRef */ trust);
diff --git a/tests/monotouch-test/Security/CertificateTest.cs b/tests/monotouch-test/Security/CertificateTest.cs
index 80d3eaf70052..e426293b2393 100644
--- a/tests/monotouch-test/Security/CertificateTest.cs
+++ b/tests/monotouch-test/Security/CertificateTest.cs
@@ -530,6 +530,9 @@ void CheckMailGoogleCom (SecCertificate cert, int expectedRetainCount)
 				Assert.That (cert.GetSerialNumber (out err).Description, Is.EqualTo ("<2b9f7ee5 ca25a625 14204782 753a9bb9>"), "GetSerialNumber/NSError");
 				Assert.Null (err, "err") ;
 			}
+			if (TestRuntime.CheckXcodeVersion (10,0)) {
+				Assert.NotNull (cert.GetKey (), "GetKey");
+			}
 		}
 
 		[Test]
diff --git a/tests/monotouch-test/Security/TrustTest.cs b/tests/monotouch-test/Security/TrustTest.cs
index 36149b5f3137..120cf10029ef 100644
--- a/tests/monotouch-test/Security/TrustTest.cs
+++ b/tests/monotouch-test/Security/TrustTest.cs
@@ -282,6 +282,10 @@ void Trust_NoRoot (SecTrust trust, SecPolicy policy)
 			using (SecKey pkey = trust.GetPublicKey ()) {
 				Assert.That (CFGetRetainCount (pkey.Handle), Is.GreaterThanOrEqualTo ((nint) 1), "RetainCount(pkey)");
 			}
+			if (TestRuntime.CheckXcodeVersion (10,0)) {
+				Assert.False (trust.Evaluate (out var error), "Evaluate");
+				Assert.NotNull (error, "error");
+			}
 		}
 
 		[Test]
@@ -358,6 +362,10 @@ void Trust_FullChain (SecTrust trust, SecPolicy policy, X509CertificateCollectio
 				// since we modified the `trust` instance it's result was invalidated (marked as unspecified on iOS 11)
 				Assert.That (trust.GetTrustResult (), Is.EqualTo (trust_result), "GetTrustResult-2");
 			}
+			if (TestRuntime.CheckXcodeVersion (10,0)) {
+				Assert.True (trust.Evaluate (out var error), "Evaluate");
+				Assert.Null (error, "error");
+			}
 		}
 
 		[Test]
diff --git a/tests/xtro-sharpie/iOS-Security.todo b/tests/xtro-sharpie/iOS-Security.todo
index e159898abc74..a25ef2986660 100644
--- a/tests/xtro-sharpie/iOS-Security.todo
+++ b/tests/xtro-sharpie/iOS-Security.todo
@@ -3,11 +3,3 @@
 !missing-pinvoke! sec_protocol_metadata_create_secret_with_context is not bound
 !missing-pinvoke! sec_protocol_options_set_challenge_block is not bound
 !missing-pinvoke! sec_protocol_options_set_verify_block is not bound
-!missing-pinvoke! SecCertificateCopyKey is not bound
-!missing-pinvoke! SecTrustEvaluateWithError is not bound
-!missing-protocol! OS_sec_certificate not bound
-!missing-protocol! OS_sec_identity not bound
-!missing-protocol! OS_sec_object not bound
-!missing-protocol! OS_sec_protocol_metadata not bound
-!missing-protocol! OS_sec_protocol_options not bound
-!missing-protocol! OS_sec_trust not bound
diff --git a/tests/xtro-sharpie/macOS-Security.todo b/tests/xtro-sharpie/macOS-Security.todo
index cbeffe9024a1..e6dd35a420db 100644
--- a/tests/xtro-sharpie/macOS-Security.todo
+++ b/tests/xtro-sharpie/macOS-Security.todo
@@ -4,11 +4,3 @@
 !missing-pinvoke! sec_protocol_metadata_create_secret_with_context is not bound
 !missing-pinvoke! sec_protocol_options_set_challenge_block is not bound
 !missing-pinvoke! sec_protocol_options_set_verify_block is not bound
-!missing-pinvoke! SecCertificateCopyKey is not bound
-!missing-pinvoke! SecTrustEvaluateWithError is not bound
-!missing-protocol! OS_sec_certificate not bound
-!missing-protocol! OS_sec_identity not bound
-!missing-protocol! OS_sec_object not bound
-!missing-protocol! OS_sec_protocol_metadata not bound
-!missing-protocol! OS_sec_protocol_options not bound
-!missing-protocol! OS_sec_trust not bound
diff --git a/tests/xtro-sharpie/tvOS-Security.todo b/tests/xtro-sharpie/tvOS-Security.todo
index e159898abc74..a25ef2986660 100644
--- a/tests/xtro-sharpie/tvOS-Security.todo
+++ b/tests/xtro-sharpie/tvOS-Security.todo
@@ -3,11 +3,3 @@
 !missing-pinvoke! sec_protocol_metadata_create_secret_with_context is not bound
 !missing-pinvoke! sec_protocol_options_set_challenge_block is not bound
 !missing-pinvoke! sec_protocol_options_set_verify_block is not bound
-!missing-pinvoke! SecCertificateCopyKey is not bound
-!missing-pinvoke! SecTrustEvaluateWithError is not bound
-!missing-protocol! OS_sec_certificate not bound
-!missing-protocol! OS_sec_identity not bound
-!missing-protocol! OS_sec_object not bound
-!missing-protocol! OS_sec_protocol_metadata not bound
-!missing-protocol! OS_sec_protocol_options not bound
-!missing-protocol! OS_sec_trust not bound
diff --git a/tests/xtro-sharpie/watchOS-Security.todo b/tests/xtro-sharpie/watchOS-Security.todo
index e159898abc74..a25ef2986660 100644
--- a/tests/xtro-sharpie/watchOS-Security.todo
+++ b/tests/xtro-sharpie/watchOS-Security.todo
@@ -3,11 +3,3 @@
 !missing-pinvoke! sec_protocol_metadata_create_secret_with_context is not bound
 !missing-pinvoke! sec_protocol_options_set_challenge_block is not bound
 !missing-pinvoke! sec_protocol_options_set_verify_block is not bound
-!missing-pinvoke! SecCertificateCopyKey is not bound
-!missing-pinvoke! SecTrustEvaluateWithError is not bound
-!missing-protocol! OS_sec_certificate not bound
-!missing-protocol! OS_sec_identity not bound
-!missing-protocol! OS_sec_object not bound
-!missing-protocol! OS_sec_protocol_metadata not bound
-!missing-protocol! OS_sec_protocol_options not bound
-!missing-protocol! OS_sec_trust not bound