]> git.saurik.com Git - apple/libsecurity_codesigning.git/blame - lib/csutilities.cpp
projects / apple / libsecurity_codesigning.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libsecurity_codesigning-36924.tar.gz
[apple/libsecurity_codesigning.git] / lib / csutilities.cpp
CommitLineData
7d31e928
A		 1/*
2 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// csutilities - miscellaneous utilities for the code signing implementation
26//
27#include "csutilities.h"
516ae477 28#include <Security/SecCertificatePriv.h>
7d31e928
A		 29#include <security_codesigning/requirement.h>
30#include <security_utilities/debugging.h>
31#include <security_utilities/errors.h>
32
33namespace Security {
34namespace CodeSigning {
35
36
37//
38// Calculate the canonical hash of a certificate, given its raw (DER) data.
39//
40void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest)
41{
42 SHA1 hasher;
43 hasher(certData, certLength);
44 hasher.finish(digest);
45}
46
47
48//
49// Ditto, given a SecCertificateRef
50//
51void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest)
52{
53 assert(cert);
54 CSSM_DATA certData;
55 MacOSError::check(SecCertificateGetData(cert, &certData));
56 hashOfCertificate(certData.Data, certData.Length, digest);
57}
58
59
516ae477
A		 60//
61// Check to see if a certificate contains a particular field, by OID. This works for extensions,
62// even ones not recognized by the local CL. It does not return any value, only presence.
63//
64bool certificateHasField(SecCertificateRef cert, const CssmOid &oid)
65{
66 assert(cert);
67 CSSM_DATA *value;
68 switch (OSStatus rc = SecCertificateCopyFirstFieldValue(cert, &oid, &value)) {
69 case noErr:
70 MacOSError::check(SecCertificateReleaseFirstFieldValue(cert, &oid, value));
71 return true; // extension found by oid
72 case CSSMERR_CL_UNKNOWN_TAG:
73 break; // oid not recognized by CL - continue below
74 default:
75 MacOSError::throwMe(rc); // error: fail
76 }
77
78 // check the CL's bag of unrecognized extensions
79 CSSM_DATA **values;
80 bool found = false;
81 if (SecCertificateCopyFieldValues(cert, &CSSMOID_X509V3CertificateExtensionCStruct, &values))
82 return false; // no unrecognized extensions - no match
83 if (values)
84 for (CSSM_DATA **p = values; *p; p++) {
85 const CSSM_X509_EXTENSION *ext = (const CSSM_X509_EXTENSION *)(*p)->Data;
86 if (oid == ext->extnId) {
87 found = true;
88 break;
89 }
90 }
91 MacOSError::check(SecCertificateReleaseFieldValues(cert, &CSSMOID_X509V3CertificateExtensionCStruct, values));
92 return found;
93}
94
95
7d31e928
A		 96} // end namespace CodeSigning
97} // end namespace Security
mirror of libsecurity_codesigning