6 #import "utilities/SecCFRelease.h"
7 #import "utilities/SecCFWrappers.h"
9 #define OS_OBJECT_HAVE_OBJC_SUPPORT 1
11 #define SEC_NULL_BAD_INPUT ((void *_Nonnull)NULL)
12 #define SEC_NULL_OUT_OF_MEMORY SEC_NULL_BAD_INPUT
14 #define SEC_NIL_BAD_INPUT ((void *_Nonnull)nil)
15 #define SEC_NIL_OUT_OF_MEMORY SEC_NIL_BAD_INPUT
17 #define SEC_CONCRETE_CLASS_NAME(external_type) SecConcrete_##external_type
18 #define SEC_CONCRETE_PREFIX_STR "SecConcrete_"
20 #define SEC_OBJECT_DECL_INTERNAL_OBJC(external_type) \
21 @class SEC_CONCRETE_CLASS_NAME(external_type); \
22 typedef SEC_CONCRETE_CLASS_NAME(external_type) *external_type##_t
24 #define SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_PROTOCOL_AND_VISBILITY(external_type, _protocol, visibility, ...) \
25 @protocol OS_OBJECT_CLASS(external_type) <_protocol> \
28 @interface SEC_CONCRETE_CLASS_NAME(external_type) : NSObject<OS_OBJECT_CLASS(external_type)> \
29 _Pragma("clang diagnostic push") \
30 _Pragma("clang diagnostic ignored \"-Wobjc-interface-ivars\"") \
32 _Pragma("clang diagnostic pop") \
34 typedef int _useless_typedef_oio_##external_type
36 #define SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_PROTOCOL(external_type, _protocol, ...) \
37 SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_PROTOCOL_AND_VISBILITY(external_type, _protocol, ,__VA_ARGS__)
39 #define SEC_OBJECT_IMPL_INTERNAL_OBJC(external_type, ...) \
40 SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_PROTOCOL(external_type, NSObject, ##__VA_ARGS__)
42 #define SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_VISIBILITY(external_type, visibility, ...) \
43 SEC_OBJECT_IMPL_INTERNAL_OBJC_WITH_PROTOCOL_AND_VISBILITY(external_type, NSObject, visibility, ##__VA_ARGS__)
45 #define SEC_OBJECT_IMPL 1
47 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_array);
48 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_identity);
49 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_trust);
50 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_certificate);
51 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_protocol_configuration_builder);
52 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_object);
53 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_protocol_options);
54 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_protocol_metadata);
55 SEC_OBJECT_DECL_INTERNAL_OBJC(sec_protocol_configuration);
57 #import "SecProtocolInternal.h"
58 #import <Security/SecProtocolPriv.h>
59 #import "SecProtocolTypesPriv.h"
61 #import <Foundation/Foundation.h>
62 #import <CoreFoundation/CoreFoundation.h>
63 #import <CoreFoundation/CFPriv.h>
66 #import <xpc/private.h>
70 #ifndef SEC_ANALYZER_HIDE_DEADSTORE
71 # ifdef __clang_analyzer__
72 # define SEC_ANALYZER_HIDE_DEADSTORE(var) do { if (var) {} } while (0)
73 # else // __clang_analyzer__
74 # define SEC_ANALYZER_HIDE_DEADSTORE(var) do {} while (0)
75 # endif // __clang_analyzer__
76 #endif // SEC_ANALYZER_HIDE_DEADSTORE
78 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_array,
80 xpc_object_t xpc_array;
83 @implementation SEC_CONCRETE_CLASS_NAME(sec_array)
89 return SEC_NIL_OUT_OF_MEMORY;
91 self->xpc_array = xpc_array_create(NULL, 0);
97 if (self->xpc_array != nil) {
98 xpc_array_apply(self->xpc_array, ^bool(size_t index, __unused xpc_object_t value) {
99 void *pointer = xpc_array_get_pointer(self->xpc_array, index);
100 sec_object_t object = (sec_object_t)CFBridgingRelease(pointer);
101 SEC_ANALYZER_HIDE_DEADSTORE(object);
105 self->xpc_array = nil;
110 sec_array_create(void)
112 return [[SEC_CONCRETE_CLASS_NAME(sec_array) alloc] init];
116 sec_array_append(sec_array_t array, sec_object_t object)
119 array->xpc_array != NULL && xpc_get_type(array->xpc_array) == XPC_TYPE_ARRAY &&
121 void *retained_pointer = __DECONST(void *, CFBridgingRetain(object));
122 xpc_array_set_pointer(array->xpc_array, XPC_ARRAY_APPEND, retained_pointer);
123 // 'Leak' the retain, and save the pointer into the array
128 sec_array_get_count(sec_array_t array)
131 array->xpc_array != NULL && xpc_get_type(array->xpc_array) == XPC_TYPE_ARRAY) {
132 return xpc_array_get_count(array->xpc_array);
138 sec_array_apply(sec_array_t array, sec_array_applier_t applier)
141 array->xpc_array != NULL && xpc_get_type(array->xpc_array) == XPC_TYPE_ARRAY) {
142 return xpc_array_apply(array->xpc_array, ^bool(size_t index, __unused xpc_object_t value) {
143 void *pointer = xpc_array_get_pointer(array->xpc_array, index);
144 return applier(index, (__bridge sec_object_t)(pointer));
152 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_identity,
154 SecIdentityRef identity;
156 sec_protocol_private_key_sign_t sign_block;
157 sec_protocol_private_key_decrypt_t decrypt_block;
158 dispatch_queue_t operation_queue;
161 @implementation SEC_CONCRETE_CLASS_NAME(sec_identity)
163 - (instancetype)initWithIdentity:(SecIdentityRef)_identity
165 if (_identity == NULL) {
166 return SEC_NIL_BAD_INPUT;
171 return SEC_NIL_OUT_OF_MEMORY;
173 self->identity = __DECONST(SecIdentityRef, CFRetainSafe(_identity));
177 - (instancetype)initWithIdentityAndCertificates:(SecIdentityRef)_identity certificates:(CFArrayRef)certificates
179 if (_identity == NULL) {
180 return SEC_NIL_BAD_INPUT;
185 return SEC_NIL_OUT_OF_MEMORY;
187 self->identity = __DECONST(SecIdentityRef, CFRetainSafe(_identity));
188 self->certs = __DECONST(CFArrayRef, CFRetainSafe(certificates));
193 - (instancetype)initWithCertificates:(CFArrayRef)certificates signBlock:(sec_protocol_private_key_sign_t)sign decryptBlock:(sec_protocol_private_key_decrypt_t)decrypt queue:(dispatch_queue_t)queue
195 if (certificates == NULL) {
196 return SEC_NIL_BAD_INPUT;
199 return SEC_NIL_BAD_INPUT;
201 if (decrypt == NULL) {
202 return SEC_NIL_BAD_INPUT;
207 return SEC_NIL_OUT_OF_MEMORY;
210 self->certs = __DECONST(CFArrayRef, CFRetainSafe(certificates));
211 self->sign_block = sign;
212 self->decrypt_block = decrypt;
213 self->operation_queue = queue;
220 if (self->identity != NULL) {
221 CFRelease(self->identity);
222 self->identity = NULL;
225 CFRelease(self->certs);
232 sec_identity_create(SecIdentityRef identity)
234 return [[SEC_CONCRETE_CLASS_NAME(sec_identity) alloc] initWithIdentity:identity];
238 sec_identity_create_with_certificates(SecIdentityRef identity, CFArrayRef certificates)
240 return [[SEC_CONCRETE_CLASS_NAME(sec_identity) alloc] initWithIdentityAndCertificates:identity certificates:certificates];
244 sec_identity_create_with_certificates_and_external_private_key(CFArrayRef __nonnull certificates,
245 sec_protocol_private_key_sign_t sign_block,
246 sec_protocol_private_key_decrypt_t decrypt_block,
247 dispatch_queue_t queue)
249 return [[SEC_CONCRETE_CLASS_NAME(sec_identity) alloc] initWithCertificates:certificates signBlock:sign_block decryptBlock:decrypt_block queue:queue];
253 sec_identity_copy_ref(sec_identity_t object)
255 if (object == NULL) {
256 return SEC_NULL_BAD_INPUT;
258 if (object->identity != NULL) {
259 return __DECONST(SecIdentityRef, CFRetain(object->identity));
261 return SEC_NULL_BAD_INPUT;
265 sec_identity_copy_certificates_ref(sec_identity_t object)
267 if (object == NULL) {
268 return SEC_NULL_BAD_INPUT;
270 if (object->certs != NULL) {
271 return __DECONST(CFArrayRef, CFRetain(object->certs));
273 return SEC_NULL_BAD_INPUT;
277 sec_identity_access_certificates(sec_identity_t identity,
278 void (^handler)(sec_certificate_t certificate))
280 if (identity == NULL) {
283 if (identity->certs != NULL) {
284 CFArrayForEach(identity->certs, ^(const void *value) {
285 SecCertificateRef certificate_ref = (SecCertificateRef)value;
286 if (certificate_ref != NULL) {
287 sec_certificate_t certificate = sec_certificate_create(certificate_ref);
288 handler(certificate);
297 sec_identity_has_certificates(sec_identity_t identity)
299 if (identity == NULL) {
302 return identity->certs != NULL;
305 sec_protocol_private_key_sign_t
306 sec_identity_copy_private_key_sign_block(sec_identity_t object)
308 if (object == NULL) {
309 return SEC_NULL_BAD_INPUT;
311 if (object->sign_block != NULL) {
312 return object->sign_block;
314 return SEC_NIL_BAD_INPUT;
317 sec_protocol_private_key_decrypt_t
318 sec_identity_copy_private_key_decrypt_block(sec_identity_t object)
320 if (object == NULL) {
321 return SEC_NULL_BAD_INPUT;
323 if (object->decrypt_block != NULL) {
324 return object->decrypt_block;
326 return SEC_NIL_BAD_INPUT;
330 sec_identity_copy_private_key_queue(sec_identity_t object)
332 if (object == NULL) {
333 return SEC_NULL_BAD_INPUT;
335 if (object->operation_queue != nil) {
336 return object->operation_queue;
338 return SEC_NIL_BAD_INPUT;
344 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_certificate,
346 SecCertificateRef certificate;
349 @implementation SEC_CONCRETE_CLASS_NAME(sec_certificate)
351 - (instancetype)initWithCertificate:(SecCertificateRef)_certificate
353 if (_certificate == NULL) {
354 return SEC_NIL_BAD_INPUT;
359 return SEC_NIL_OUT_OF_MEMORY;
361 self->certificate = __DECONST(SecCertificateRef, CFRetainSafe(_certificate));
367 if (self->certificate != NULL) {
368 CFRelease(self->certificate);
369 self->certificate = NULL;
374 sec_certificate_create(SecCertificateRef certificate)
376 return [[SEC_CONCRETE_CLASS_NAME(sec_certificate) alloc] initWithCertificate:certificate];
380 sec_certificate_copy_ref(sec_certificate_t object)
382 if (object == NULL) {
383 return SEC_NULL_BAD_INPUT;
385 if (object->certificate != NULL) {
386 return __DECONST(SecCertificateRef, CFRetain(object->certificate));
388 return SEC_NULL_BAD_INPUT;
393 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_trust,
398 @implementation SEC_CONCRETE_CLASS_NAME(sec_trust)
400 - (instancetype)initWithTrust:(SecTrustRef)_trust
402 if (_trust == NULL) {
403 return SEC_NIL_BAD_INPUT;
408 return SEC_NIL_OUT_OF_MEMORY;
410 self->trust = __DECONST(SecTrustRef, CFRetainSafe(_trust));
416 if (self->trust != NULL) {
417 CFRelease(self->trust);
423 sec_trust_create(SecTrustRef trust)
425 return [[SEC_CONCRETE_CLASS_NAME(sec_trust) alloc] initWithTrust:trust];
429 sec_trust_copy_ref(sec_trust_t object)
431 if (object == NULL) {
432 return SEC_NULL_BAD_INPUT;
434 if (object->trust != NULL) {
435 return __DECONST(SecTrustRef, CFRetain(object->trust));
437 return SEC_NULL_BAD_INPUT;
443 _is_apple_bundle(void)
445 static dispatch_once_t onceToken;
446 static bool result = false;
447 dispatch_once(&onceToken, ^{
448 CFBundleRef bundle = CFBundleGetMainBundle();
449 CFStringRef bundleID = CFBundleGetIdentifier(bundle);
450 result = !bundleID || CFStringHasPrefix(bundleID, CFSTR("com.apple."));
455 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_protocol_configuration_builder,
458 CFDictionaryRef dictionary;
462 @implementation SEC_CONCRETE_CLASS_NAME(sec_protocol_configuration_builder)
467 CFBundleRef bundle = CFBundleGetMainBundle();
468 if (bundle != NULL) {
469 CFTypeRef rawATS = CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR(kATSInfoKey));
470 self->dictionary = (CFDictionaryRef)rawATS;
471 CFRetainSafe(self->dictionary);
472 self->is_apple = _is_apple_bundle();
478 - (id)initWithDictionary:(CFDictionaryRef)dict andInternalFlag:(bool)flag {
481 self->dictionary = dict;
483 self->is_apple = flag;
490 sec_protocol_configuration_builder_t
491 sec_protocol_configuration_builder_copy_default()
493 return [[SEC_CONCRETE_CLASS_NAME(sec_protocol_configuration_builder) alloc] init];
496 sec_protocol_configuration_builder_t
497 sec_protocol_configuration_builder_create(CFDictionaryRef dictionary, bool is_apple)
499 return [[SEC_CONCRETE_CLASS_NAME(sec_protocol_configuration_builder) alloc] initWithDictionary:dictionary andInternalFlag:is_apple];
503 sec_protocol_configuration_builder_get_ats_dictionary(sec_protocol_configuration_builder_t builder)
505 return builder->dictionary;
509 sec_protocol_configuration_builder_get_is_apple_bundle(sec_protocol_configuration_builder_t builder)
511 return builder->is_apple;
514 SEC_OBJECT_IMPL_INTERNAL_OBJC(sec_protocol_configuration,
516 xpc_object_t dictionary;
519 @implementation SEC_CONCRETE_CLASS_NAME(sec_protocol_configuration)
524 self->dictionary = xpc_dictionary_create(NULL, NULL, 0);
529 static sec_protocol_configuration_t
530 sec_protocol_configuration_create(void)
532 return [[SEC_CONCRETE_CLASS_NAME(sec_protocol_configuration) alloc] init];
535 sec_protocol_configuration_t
536 sec_protocol_configuration_create_with_builder(sec_protocol_configuration_builder_t builder)
538 sec_protocol_configuration_t configuration = sec_protocol_configuration_create();
540 if (builder->is_apple) {
541 os_log_debug(OS_LOG_DEFAULT, "Building default configuration for first-party bundle");
542 sec_protocol_configuration_populate_insecure_defaults(configuration);
544 os_log_debug(OS_LOG_DEFAULT, "Building default configuration for third-party bundle");
545 sec_protocol_configuration_populate_secure_defaults(configuration);
548 sec_protocol_configuration_register_builtin_exceptions(configuration);
549 CFDictionaryRef dictionary = builder->dictionary;
551 os_log_debug(OS_LOG_DEFAULT, "Setting configuration overrides based on AppTransportSecurity exceptions");
552 sec_protocol_configuration_set_ats_overrides(configuration, dictionary);
554 os_log_debug(OS_LOG_DEFAULT, "Using default configuration settings");
557 os_log_error(OS_LOG_DEFAULT, "sec_protocol_configuration_create failed");
559 return configuration;
563 sec_protocol_configuration_get_map(sec_protocol_configuration_t configuration)
565 return configuration->dictionary;
projects / apple / security.git / blob