2 * Copyright (c) 2002-2004,2011-2015 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
24 #include <Security/SecPolicySearch.h>
25 #include <Security/SecPolicyPriv.h>
26 #include <security_keychain/PolicyCursor.h>
27 #include <security_keychain/Policies.h>
28 #include "SecBridge.h"
33 SecPolicySearchGetTypeID(void)
37 return gTypes().PolicyCursor
.typeID
;
39 END_SECAPI1(_kCFRuntimeNotATypeID
)
44 SecPolicySearchCreate(
45 CSSM_CERT_TYPE certType
,
47 const CSSM_DATA
* value
,
48 SecPolicySearchRef
* searchRef
)
51 Required(searchRef
); // preflight
52 PolicyCursor
* pc
= new PolicyCursor(oid
, value
);
55 return errSecPolicyNotFound
;
58 SecPointer
<PolicyCursor
> cursor(pc
);
59 *searchRef
= cursor
->handle();
65 SecPolicySearchCopyNext(
66 SecPolicySearchRef searchRef
,
67 SecPolicyRef
* policyRef
)
71 RequiredParam(policyRef
);
72 SecPointer
<Policy
> policy
;
74 /* bridge to support API functionality */
75 CFStringRef oidStr
= NULL
;
76 PolicyCursor
*policyCursor
= PolicyCursor::required(searchRef
);
78 if (!policyCursor
->next(policy
))
79 return errSecPolicyNotFound
;
80 CssmOid oid
= policy
->oid();
81 CFStringRef str
= SecPolicyGetStringForOID(&oid
);
84 if (CFEqual(str
, kSecPolicyAppleiChat
) ||
85 CFEqual(str
, kSecPolicyApplePKINITClient
) ||
86 CFEqual(str
, kSecPolicyApplePKINITServer
)) {
87 oidStr
= NULL
; /* TBD: support for PKINIT policies in unified code */
89 else if (policyCursor
->oidProvided() == false &&
90 CFEqual(str
, kSecPolicyAppleRevocation
)) {
91 oidStr
= NULL
; /* filter this out unless specifically requested */
96 /* create and vend a unified SecPolicyRef instance */
97 CFRef
<CFDictionaryRef
> properties
= policy
->properties();
98 if ((*policyRef
= SecPolicyCreateWithProperties(oidStr
, properties
)) != NULL
) {
99 __secapiresult
= errSecSuccess
;
101 __secapiresult
= errSecPolicyNotFound
;