OSX/libsecurity_keychain/lib/SecPolicySearch.cpp

   1 /*
   2  * Copyright (c) 2002-2004,2011-2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include <Security/SecPolicySearch.h>
  25 #include <Security/SecPolicyPriv.h>
  26 #include <security_keychain/PolicyCursor.h>
  27 #include <security_keychain/Policies.h>
  28 #include "SecBridge.h"
  29
  30 //
  31 // CF Boilerplate
  32 CFTypeID
  33 SecPolicySearchGetTypeID(void)
  34 {
  35         BEGIN_SECAPI
  36
  37         return gTypes().PolicyCursor.typeID;
  38
  39         END_SECAPI1(_kCFRuntimeNotATypeID)
  40 }
  41
  42
  43 OSStatus
  44 SecPolicySearchCreate(
  45             CSSM_CERT_TYPE certType,
  46                         const CSSM_OID* oid,
  47             const CSSM_DATA* value,
  48                         SecPolicySearchRef* searchRef)
  49 {
  50     BEGIN_SECAPI
  51         Required(searchRef);    // preflight
  52     PolicyCursor* pc = new PolicyCursor(oid, value);
  53     if (pc == NULL)
  54     {
  55         return errSecPolicyNotFound;
  56     }
  57
  58         SecPointer<PolicyCursor> cursor(pc);
  59         *searchRef = cursor->handle();
  60         END_SECAPI
  61 }
  62
  63
  64 OSStatus
  65 SecPolicySearchCopyNext(
  66             SecPolicySearchRef searchRef,
  67             SecPolicyRef* policyRef)
  68 {
  69         BEGIN_SECAPI
  70
  71         RequiredParam(policyRef);
  72         SecPointer<Policy> policy;
  73
  74         /* bridge to support API functionality */
  75         CFStringRef oidStr = NULL;
  76         PolicyCursor *policyCursor = PolicyCursor::required(searchRef);
  77         do {
  78                 if (!policyCursor->next(policy))
  79                         return errSecPolicyNotFound;
  80                 CssmOid oid = policy->oid();
  81                 CFStringRef str = SecPolicyGetStringForOID(&oid);
  82                 if (str) {
  83                         oidStr = str;
  84                         if (CFEqual(str, kSecPolicyAppleiChat) ||
  85                                 CFEqual(str, kSecPolicyApplePKINITClient) ||
  86                                 CFEqual(str, kSecPolicyApplePKINITServer)) {
  87                                 oidStr = NULL; /* TBD: support for PKINIT policies in unified code */
  88                         }
  89                         else if (policyCursor->oidProvided() == false &&
  90                                 CFEqual(str, kSecPolicyAppleRevocation)) {
  91                                 oidStr = NULL; /* filter this out unless specifically requested */
  92                         }
  93                 }
  94         }
  95         while (!oidStr);
  96         /* create and vend a unified SecPolicyRef instance */
  97         CFRef<CFDictionaryRef> properties = policy->properties();
  98         if ((*policyRef = SecPolicyCreateWithProperties(oidStr, properties)) != NULL) {
  99                 __secapiresult = errSecSuccess;
 100         } else {
 101                 __secapiresult = errSecPolicyNotFound;
 102         }
 103
 104         END_SECAPI
 105 }