]> git.saurik.com Git - apple/security.git/blob - Keychain/SecTrust.cpp
projects / apple / security.git / blob
? search:


0133ea0e929ead647b0d93750fbdc6887cc7f611
[apple/security.git] / Keychain / SecTrust.cpp
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 #include <Security/SecTrust.h>
19 #include <Security/Trust.h>
20
21 #include "SecBridge.h"
22
23
24 static inline Trust *Required(SecTrustRef trustRef)
25 {
26 return gTypes().trust.required(trustRef);
27 }
28
29
30 //
31 // CF boilerplate
32 //
33 CFTypeID SecTrustGetTypeID(void)
34 {
35 BEGIN_SECAPI
36
37 return gTypes().trust.typeId;
38
39 END_SECAPI1(_kCFRuntimeNotATypeID)
40 }
41
42
43 //
44 // Sec* API bridge functions
45 //
46 OSStatus SecTrustCreateWithCertificates(
47 CFArrayRef certificates,
48 CFTypeRef policies,
49 SecTrustRef *trustRef)
50 {
51 BEGIN_SECAPI
52 Required(trustRef); // preflight
53 RefPointer<Trust> trust(new Trust(certificates, policies));
54 *trustRef = gTypes().trust.handle(*trust);
55 END_SECAPI
56 }
57
58
59 OSStatus SecTrustSetParameters(
60 SecTrustRef trustRef,
61 CSSM_TP_ACTION action,
62 CFDataRef actionData)
63 {
64 BEGIN_SECAPI
65 Trust *trust = gTypes().trust.required(trustRef);
66 trust->action(action);
67 trust->actionData(actionData);
68 END_SECAPI
69 }
70
71
72 OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates)
73 {
74 BEGIN_SECAPI
75 Required(trust)->anchors(anchorCertificates);
76 END_SECAPI
77 }
78
79
80 OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray)
81 {
82 BEGIN_SECAPI
83 StorageManager::KeychainList keychains;
84 globals().storageManager.optionalSearchList(keychainOrArray, keychains);
85 Required(trust)->searchLibs() = keychains;
86 END_SECAPI
87 }
88
89
90 OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate)
91 {
92 BEGIN_SECAPI
93 Required(trust)->time(verifyDate);
94 END_SECAPI
95 }
96
97
98 OSStatus SecTrustEvaluate(SecTrustRef trustRef, SecTrustResultType *resultP)
99 {
100 BEGIN_SECAPI
101 Trust *trust = Required(trustRef);
102 trust->evaluate();
103 if (resultP)
104 *resultP = trust->result();
105 END_SECAPI
106 }
107
108
109 //
110 // Construct the "official" result evidence and return it
111 //
112 OSStatus SecTrustGetResult(
113 SecTrustRef trustRef,
114 SecTrustResultType *result,
115 CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain)
116 {
117 BEGIN_SECAPI
118 Trust *trust = Required(trustRef);
119 if (result)
120 *result = trust->result();
121 if (certChain && statusChain)
122 trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain));
123 END_SECAPI
124 }
125
126
127 //
128 // Retrieve CSSM-level information for those who want to dig down
129 //
130 OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result)
131 {
132 BEGIN_SECAPI
133 Required(result) = Required(trust)->cssmResult();
134 END_SECAPI
135 }
136
137 OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle)
138 {
139 BEGIN_SECAPI
140 Required(handle) = Required(trust)->getTPHandle();
141 END_SECAPI
142 }
143
144
145 //
146 // Get the user's default anchor certificate set
147 //
148 OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchorCertificates)
149 {
150 BEGIN_SECAPI
151 Required(anchorCertificates) = Trust::gStore().copyRootCertificates();
152 END_SECAPI
153 }
154
155 OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors,
156 uint32 *cssmAnchorCount)
157 {
158 BEGIN_SECAPI
159 CertGroup certs;
160 Trust::gStore().getCssmRootCertificates(certs);
161 Required(cssmAnchors) = certs.blobCerts();
162 Required(cssmAnchorCount) = certs.count();
163 END_SECAPI
164 }
165
166
167 //
168 // Get and set user trust settings
169 //
170 OSStatus SecTrustGetUserTrust(SecCertificateRef certificate,
171 SecPolicyRef policy, SecTrustUserSetting *trustSetting)
172 {
173 BEGIN_SECAPI
174 Required(trustSetting) = Trust::gStore().find(
175 gTypes().certificate.required(certificate),
176 gTypes().policy.required(policy));
177 END_SECAPI
178 }
179
180 OSStatus SecTrustSetUserTrust(SecCertificateRef certificate,
181 SecPolicyRef policy, SecTrustUserSetting trustSetting)
182 {
183 BEGIN_SECAPI
184 switch (trustSetting) {
185 case kSecTrustResultProceed:
186 case kSecTrustResultConfirm:
187 case kSecTrustResultDeny:
188 case kSecTrustResultUnspecified:
189 break;
190 default:
191 MacOSError::throwMe(errSecInvalidTrustSetting);
192 }
193 Trust::gStore().assign(
194 gTypes().certificate.required(certificate),
195 gTypes().policy.required(policy),
196 trustSetting);
197 END_SECAPI
198 }
199
mirror of Security