sec/Security/SecTrustStore.c

   1 /*
   2  * Copyright (c) 2007-2009 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * SecTrustStore.c - CertificateSource API to a system root certificate store
  26  */
  27 #include <Security/SecTrustStore.h>
  28
  29 #include <Security/SecCertificateInternal.h>
  30 #include <Security/SecInternal.h>
  31 #include <CoreFoundation/CFString.h>
  32 #include <AssertMacros.h>
  33 #include "securityd_client.h"
  34
  35 static CFStringRef kSecTrustStoreUserName = CFSTR("user");
  36
  37 SecTrustStoreRef SecTrustStoreForDomain(SecTrustStoreDomain domain) {
  38     CFStringRef domainName;
  39     if (domain == kSecTrustStoreDomainUser) {
  40         domainName = kSecTrustStoreUserName;
  41     } else {
  42         return NULL;
  43     }
  44
  45     if (gSecurityd) {
  46         return gSecurityd->sec_trust_store_for_domain(domainName);
  47     } else {
  48         return (SecTrustStoreRef)domainName;
  49     }
  50 }
  51
  52 Boolean SecTrustStoreContains(SecTrustStoreRef ts,
  53         SecCertificateRef certificate) {
  54     CFDataRef digest;
  55         bool contains = false;
  56
  57         require(ts, errOut);
  58         require(digest = SecCertificateGetSHA1Digest(certificate), errOut);
  59     if (gSecurityd) {
  60         contains = gSecurityd->sec_trust_store_contains(ts, digest);
  61     } else {
  62         const void *values[] = {
  63             (const void *)ts,
  64             (const void *)digest
  65         };
  66         CFArrayRef in = CFArrayCreate(kCFAllocatorDefault, values,
  67             2, &kCFTypeArrayCallBacks);
  68         OSStatus status;
  69         if (in) {
  70             status = ServerCommandSendReceive(sec_trust_store_contains_id,
  71                 in, NULL);
  72             CFRelease(in);
  73         } else {
  74             status = errSecAllocate;
  75         }
  76         contains = !status;
  77     }
  78
  79 errOut:
  80         return contains;
  81 }
  82
  83 OSStatus SecTrustStoreSetTrustSettings(SecTrustStoreRef ts,
  84         SecCertificateRef certificate,
  85     CFTypeRef trustSettingsDictOrArray) {
  86     CFDataRef certificateData = NULL;
  87     OSStatus status = errSecParam;
  88
  89     if (gSecurityd) {
  90         status = gSecurityd->sec_trust_store_set_trust_settings(ts, certificate, trustSettingsDictOrArray);
  91     } else {
  92         require(ts == (SecTrustStoreRef)kSecTrustStoreUserName, errOut);
  93         require(certificateData = SecCertificateCopyData(certificate), errOut);
  94         const void *values[] = {
  95             (const void *)certificateData,
  96             (const void *)trustSettingsDictOrArray
  97         };
  98         CFArrayRef in = CFArrayCreate(kCFAllocatorDefault, values,
  99             (trustSettingsDictOrArray ? 2 : 1), &kCFTypeArrayCallBacks);
 100         if (in) {
 101             status = ServerCommandSendReceive(sec_trust_store_set_trust_settings_id, in, NULL);
 102             CFRelease(in);
 103         } else {
 104             status = errSecAllocate;
 105         }
 106     }
 107
 108 errOut:
 109     CFReleaseSafe(certificateData);
 110         return status;
 111 }
 112
 113 OSStatus SecTrustStoreRemoveCertificate(SecTrustStoreRef ts,
 114     SecCertificateRef certificate)
 115 {
 116     CFDataRef digest;
 117     OSStatus status = errSecParam;
 118
 119         require(digest = SecCertificateGetSHA1Digest(certificate), errOut);
 120     if (gSecurityd) {
 121         status = gSecurityd->sec_trust_store_remove_certificate(ts, digest);
 122     } else {
 123         require(ts == (SecTrustStoreRef)kSecTrustStoreUserName, errOut);
 124         status = ServerCommandSendReceive(sec_trust_store_remove_certificate_id, digest, NULL);
 125     }
 126
 127 errOut:
 128         return status;
 129 }