2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 * SecTrustStatusCodes.c - map trust result details to status codes
27 #include <Security/SecTrustPriv.h>
28 #include <Security/SecInternal.h>
29 #include <Security/SecTrustStatusCodes.h>
30 #include <CoreFoundation/CoreFoundation.h>
32 struct resultmap_entry_s
{
33 const CFStringRef checkstr
;
34 const int32_t resultcode
;
36 typedef struct resultmap_entry_s resultmap_entry_t
;
38 const resultmap_entry_t resultmap
[] = {
39 #undef POLICYCHECKMACRO
40 #define POLICYCHECKMACRO(NAME, TRUSTRESULT, SUBTYPE, LEAFCHECK, PATHCHECK, LEAFONLY, CSSMERR, OSSTATUS) \
41 { CFSTR(#NAME), CSSMERR },
42 #include "SecPolicyChecks.list"
46 // Returns a malloced array of SInt32 values, with the length in numStatusCodes,
47 // for the certificate specified by chain index in the given SecTrustRef.
49 // To match legacy behavior, the array actually allocates one element more than the
50 // value of numStatusCodes; if the certificate is revoked, the additional element
51 // at the end contains the CrlReason value.
53 // Caller must free the returned pointer.
55 SInt32
*SecTrustCopyStatusCodes(SecTrustRef trust
,
56 CFIndex index
, CFIndex
*numStatusCodes
)
58 if (!trust
|| !numStatusCodes
) {
62 CFArrayRef details
= SecTrustCopyFilteredDetails(trust
);
63 CFIndex chainLength
= (details
) ? CFArrayGetCount(details
) : 0;
64 if (!(index
< chainLength
)) {
65 CFReleaseSafe(details
);
68 CFDictionaryRef detail
= (CFDictionaryRef
)CFArrayGetValueAtIndex(details
, index
);
69 CFIndex ix
, detailCount
= CFDictionaryGetCount(detail
);
70 *numStatusCodes
= (unsigned int)detailCount
;
72 // Allocate one more entry than we need; this is used to store a CrlReason
73 // at the end of the array.
74 SInt32
*statusCodes
= (SInt32
*)malloc((detailCount
+1) * sizeof(SInt32
));
75 statusCodes
[*numStatusCodes
] = 0;
77 const unsigned int resultmaplen
= sizeof(resultmap
) / sizeof(resultmap_entry_t
);
78 const void *keys
[detailCount
];
79 CFDictionaryGetKeysAndValues(detail
, &keys
[0], NULL
);
80 for (ix
= 0; ix
< detailCount
; ix
++) {
81 CFStringRef key
= (CFStringRef
)keys
[ix
];
82 SInt32 statusCode
= 0;
83 for (unsigned int mapix
= 0; mapix
< resultmaplen
; mapix
++) {
84 CFStringRef str
= (CFStringRef
) resultmap
[mapix
].checkstr
;
85 if (CFStringCompare(str
, key
, 0) == kCFCompareEqualTo
) {
86 statusCode
= (SInt32
) resultmap
[mapix
].resultcode
;
90 if (statusCode
== (SInt32
)0x8001210C) { /* CSSMERR_TP_CERT_REVOKED */
92 CFNumberRef number
= (CFNumberRef
)CFDictionaryGetValue(detail
, key
);
93 if (number
&& CFNumberGetValue(number
, kCFNumberSInt32Type
, &reason
)) {
94 statusCodes
[*numStatusCodes
] = (SInt32
)reason
;
97 statusCodes
[ix
] = statusCode
;
100 CFReleaseSafe(details
);
projects / apple / security.git / blob