]> git.saurik.com Git - apple/security.git/blob - Keychain/SecTrust.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-176.tar.gz
[apple/security.git] / Keychain / SecTrust.cpp
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 #include <Security/SecTrust.h>
19 #include <Security/SecTrustPriv.h>
20 #include <Security/Trust.h>
21 #include "SecBridge.h"
22
23 //
24 // CF boilerplate
25 //
26 CFTypeID SecTrustGetTypeID(void)
27 {
28 BEGIN_SECAPI
29
30 return gTypes().Trust.typeID;
31
32 END_SECAPI1(_kCFRuntimeNotATypeID)
33 }
34
35
36 //
37 // Sec* API bridge functions
38 //
39 OSStatus SecTrustCreateWithCertificates(
40 CFArrayRef certificates,
41 CFTypeRef policies,
42 SecTrustRef *trustRef)
43 {
44 BEGIN_SECAPI
45 Required(trustRef);
46 *trustRef = (new Trust(certificates, policies))->handle();
47 END_SECAPI
48 }
49
50
51 OSStatus
52 SecTrustSetPolicies(SecTrustRef trustRef, CFTypeRef policies)
53 {
54 BEGIN_SECAPI
55 Trust::required(trustRef)->policies(policies);
56 END_SECAPI
57 }
58
59
60 OSStatus SecTrustSetParameters(
61 SecTrustRef trustRef,
62 CSSM_TP_ACTION action,
63 CFDataRef actionData)
64 {
65 BEGIN_SECAPI
66 Trust *trust = Trust::required(trustRef);
67 trust->action(action);
68 trust->actionData(actionData);
69 END_SECAPI
70 }
71
72
73 OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates)
74 {
75 BEGIN_SECAPI
76 Trust::required(trust)->anchors(anchorCertificates);
77 END_SECAPI
78 }
79
80
81 OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray)
82 {
83 BEGIN_SECAPI
84 StorageManager::KeychainList keychains;
85 globals().storageManager.optionalSearchList(keychainOrArray, keychains);
86 Trust::required(trust)->searchLibs() = keychains;
87 END_SECAPI
88 }
89
90
91 OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate)
92 {
93 BEGIN_SECAPI
94 Trust::required(trust)->time(verifyDate);
95 END_SECAPI
96 }
97
98
99 OSStatus SecTrustEvaluate(SecTrustRef trustRef, SecTrustResultType *resultP)
100 {
101 BEGIN_SECAPI
102 Trust *trust = Trust::required(trustRef);
103 trust->evaluate();
104 if (resultP)
105 *resultP = trust->result();
106 END_SECAPI
107 }
108
109
110 //
111 // Construct the "official" result evidence and return it
112 //
113 OSStatus SecTrustGetResult(
114 SecTrustRef trustRef,
115 SecTrustResultType *result,
116 CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain)
117 {
118 BEGIN_SECAPI
119 Trust *trust = Trust::required(trustRef);
120 if (result)
121 *result = trust->result();
122 if (certChain && statusChain)
123 trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain));
124 END_SECAPI
125 }
126
127
128 //
129 // Retrieve CSSM-level information for those who want to dig down
130 //
131 OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result)
132 {
133 BEGIN_SECAPI
134 Required(result) = Trust::required(trust)->cssmResult();
135 END_SECAPI
136 }
137
138 //
139 // Retrieve CSSM_LEVEL TP return code
140 //
141 OSStatus SecTrustGetCssmResultCode(SecTrustRef trustRef, OSStatus *result)
142 {
143 BEGIN_SECAPI
144 Trust *trust = Trust::required(trustRef);
145 if (trust->result() == kSecTrustResultInvalid)
146 return paramErr;
147 else
148 Required(result) = trust->cssmResultCode();
149 END_SECAPI
150 }
151
152 OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle)
153 {
154 BEGIN_SECAPI
155 Required(handle) = Trust::required(trust)->getTPHandle();
156 END_SECAPI
157 }
158
159
160 //
161 // Get the user's default anchor certificate set
162 //
163 OSStatus SecTrustCopyAnchorCertificates(CFArrayRef* anchorCertificates)
164 {
165 BEGIN_SECAPI
166 Required(anchorCertificates) = Trust::gStore().copyRootCertificates();
167 END_SECAPI
168 }
169
170 OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors,
171 uint32 *cssmAnchorCount)
172 {
173 BEGIN_SECAPI
174 CertGroup certs;
175 Trust::gStore().getCssmRootCertificates(certs);
176 Required(cssmAnchors) = certs.blobCerts();
177 Required(cssmAnchorCount) = certs.count();
178 END_SECAPI
179 }
180
181
182 //
183 // Get and set user trust settings
184 //
185 OSStatus SecTrustGetUserTrust(SecCertificateRef certificate,
186 SecPolicyRef policy, SecTrustUserSetting *trustSetting)
187 {
188 BEGIN_SECAPI
189 Required(trustSetting) = Trust::gStore().find(
190 Certificate::required(certificate),
191 Policy::required(policy));
192 END_SECAPI
193 }
194
195 OSStatus SecTrustSetUserTrust(SecCertificateRef certificate,
196 SecPolicyRef policy, SecTrustUserSetting trustSetting)
197 {
198 BEGIN_SECAPI
199 switch (trustSetting) {
200 case kSecTrustResultProceed:
201 case kSecTrustResultConfirm:
202 case kSecTrustResultDeny:
203 case kSecTrustResultUnspecified:
204 break;
205 default:
206 MacOSError::throwMe(errSecInvalidTrustSetting);
207 }
208 Trust::gStore().assign(
209 Certificate::required(certificate),
210 Policy::required(policy),
211 trustSetting);
212 END_SECAPI
213 }
214
mirror of Security