lib/csutilities.cpp

   1 /*
   2  * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // csutilities - miscellaneous utilities for the code signing implementation
  26 //
  27 #include "csutilities.h"
  28 #include <Security/SecCertificatePriv.h>
  29 #include <security_codesigning/requirement.h>
  30 #include <security_utilities/debugging.h>
  31 #include <security_utilities/errors.h>
  32
  33 namespace Security {
  34 namespace CodeSigning {
  35
  36
  37 //
  38 // Calculate the canonical hash of a certificate, given its raw (DER) data.
  39 //
  40 void hashOfCertificate(const void *certData, size_t certLength, SHA1::Digest digest)
  41 {
  42         SHA1 hasher;
  43         hasher(certData, certLength);
  44         hasher.finish(digest);
  45 }
  46
  47
  48 //
  49 // Ditto, given a SecCertificateRef
  50 //
  51 void hashOfCertificate(SecCertificateRef cert, SHA1::Digest digest)
  52 {
  53         assert(cert);
  54         CSSM_DATA certData;
  55         MacOSError::check(SecCertificateGetData(cert, &certData));
  56         hashOfCertificate(certData.Data, certData.Length, digest);
  57 }
  58
  59
  60 //
  61 // Check to see if a certificate contains a particular field, by OID. This works for extensions,
  62 // even ones not recognized by the local CL. It does not return any value, only presence.
  63 //
  64 bool certificateHasField(SecCertificateRef cert, const CssmOid &oid)
  65 {
  66         assert(cert);
  67         CSSM_DATA *value;
  68         switch (OSStatus rc = SecCertificateCopyFirstFieldValue(cert, &oid, &value)) {
  69         case noErr:
  70                 MacOSError::check(SecCertificateReleaseFirstFieldValue(cert, &oid, value));
  71                 return true;                                    // extension found by oid
  72         case CSSMERR_CL_UNKNOWN_TAG:
  73                 break;                                                  // oid not recognized by CL - continue below
  74         default:
  75                 MacOSError::throwMe(rc);                // error: fail
  76         }
  77
  78         // check the CL's bag of unrecognized extensions
  79         CSSM_DATA **values;
  80         bool found = false;
  81         if (SecCertificateCopyFieldValues(cert, &CSSMOID_X509V3CertificateExtensionCStruct, &values))
  82                 return false;   // no unrecognized extensions - no match
  83         if (values)
  84                 for (CSSM_DATA **p = values; *p; p++) {
  85                         const CSSM_X509_EXTENSION *ext = (const CSSM_X509_EXTENSION *)(*p)->Data;
  86                         if (oid == ext->extnId) {
  87                                 found = true;
  88                                 break;
  89                         }
  90                 }
  91         MacOSError::check(SecCertificateReleaseFieldValues(cert, &CSSMOID_X509V3CertificateExtensionCStruct, values));
  92         return found;
  93 }
  94
  95
  96 } // end namespace CodeSigning
  97 } // end namespace Security