OSX/libsecurity_keychain/lib/SecPolicySearch.cpp

   1 /*
   2  * Copyright (c) 2002-2004,2011-2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #include <Security/SecPolicySearch.h>
  25 #include <Security/SecPolicyPriv.h>
  26 #include <security_keychain/PolicyCursor.h>
  27 #include <security_keychain/Policies.h>
  28 #include "SecBridge.h"
  29
  30 //
  31 // CF Boilerplate
  32 CFTypeID
  33 SecPolicySearchGetTypeID(void)
  34 {
  35         BEGIN_SECAPI
  36         return gTypes().PolicyCursor.typeID;
  37
  38         END_SECAPI1(_kCFRuntimeNotATypeID)
  39 }
  40
  41
  42 OSStatus
  43 SecPolicySearchCreate(
  44             CSSM_CERT_TYPE certType,
  45                         const CSSM_OID* oid,
  46             const CSSM_DATA* value,
  47                         SecPolicySearchRef* searchRef)
  48 {
  49     BEGIN_SECAPI
  50         Required(searchRef);    // preflight
  51     PolicyCursor* pc = new PolicyCursor(oid, value);
  52     if (pc == NULL)
  53     {
  54         return errSecPolicyNotFound;
  55     }
  56
  57         SecPointer<PolicyCursor> cursor(pc);
  58         *searchRef = cursor->handle();
  59         END_SECAPI
  60 }
  61
  62
  63 OSStatus
  64 SecPolicySearchCopyNext(
  65             SecPolicySearchRef searchRef,
  66             SecPolicyRef* policyRef)
  67 {
  68         BEGIN_SECAPI
  69         RequiredParam(policyRef);
  70         SecPointer<Policy> policy;
  71
  72         /* bridge to support API functionality */
  73         CFStringRef oidStr = NULL;
  74         PolicyCursor *policyCursor = PolicyCursor::required(searchRef);
  75         do {
  76                 if (!policyCursor->next(policy))
  77                         return errSecPolicyNotFound;
  78                 CssmOid oid = policy->oid();
  79                 CFStringRef str = SecPolicyGetStringForOID(&oid);
  80                 if (str) {
  81                         oidStr = str;
  82                         if (CFEqual(str, kSecPolicyAppleiChat) ||
  83                                 CFEqual(str, kSecPolicyApplePKINITClient) ||
  84                                 CFEqual(str, kSecPolicyApplePKINITServer)) {
  85                                 oidStr = NULL; /* TBD: support for PKINIT policies in unified code */
  86                         }
  87                         else if (policyCursor->oidProvided() == false &&
  88                                 CFEqual(str, kSecPolicyAppleRevocation)) {
  89                                 oidStr = NULL; /* filter this out unless specifically requested */
  90                         }
  91                 }
  92         }
  93         while (!oidStr);
  94         /* create and vend a unified SecPolicyRef instance */
  95         CFRef<CFDictionaryRef> properties = policy->properties();
  96         if ((*policyRef = SecPolicyCreateWithProperties(oidStr, properties)) != NULL) {
  97                 __secapiresult = errSecSuccess;
  98         } else {
  99                 __secapiresult = errSecPolicyNotFound;
 100         }
 101
 102         END_SECAPI
 103 }