-#if !SECTRUST_OSX
-CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate)
-{
- CFAbsoluteTime result = 0;
- OSStatus __secapiresult;
- try
- {
- CFErrorRef error = NULL;
- CertificateValues cv(certificate);
- result = cv.notValidBefore(&error);
- if (error) CFRelease(error);
- __secapiresult=0;
- }
- catch (const MacOSError &err) { __secapiresult=err.osStatus(); }
- catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
- catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
- catch (...) { __secapiresult=errSecInternalComponent; }
- return result;
-}
-#endif
-
-#if !SECTRUST_OSX
-CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate)
-{
- CFAbsoluteTime result = 0;
- OSStatus __secapiresult;
- try
- {
- CFErrorRef error = NULL;
- CertificateValues cv(certificate);
- result = cv.notValidAfter(&error);
- if (error) CFRelease(error);
- __secapiresult=0;
- }
- catch (const MacOSError &err) { __secapiresult=err.osStatus(); }
- catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
- catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
- catch (...) { __secapiresult=errSecInternalComponent; }
- return result;
-}
-#endif
-
-#if !SECTRUST_OSX
-/* new in 10.8 */
-SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator,
- const UInt8 *bytes, CFIndex length)
-{
- SecCertificateRef certificate = NULL;
- OSStatus __secapiresult;
- try {
- CSSM_DATA cssmCertData = { (CSSM_SIZE)length, (uint8 *)bytes };
-
- //NOTE: there isn't yet a Certificate constructor which accepts a CFAllocatorRef
- SecPointer<Certificate> certificatePtr(new Certificate(cssmCertData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER));
- certificate = certificatePtr->handle();
-
- __secapiresult=errSecSuccess;
- }
- catch (const MacOSError &err) { __secapiresult=err.osStatus(); }
- catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
- catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
- catch (...) { __secapiresult=errSecInternalComponent; }
- return certificate;
-}
-#endif
-
-#if !SECTRUST_OSX
-/* new in 10.8 */
-CFIndex SecCertificateGetLength(SecCertificateRef certificate)
-{
- CFIndex length = 0;
- OSStatus __secapiresult;
- try {
- CssmData output = Certificate::required(certificate)->data();
- length = (CFIndex)output.length();
- __secapiresult=errSecSuccess;
- }
- catch (const MacOSError &err) { __secapiresult=err.osStatus(); }
- catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
- catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
- catch (...) { __secapiresult=errSecInternalComponent; }
- return length;
-}
-#endif
-
-#if !SECTRUST_OSX
-/* new in 10.8 */
-const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate)
-{
- const UInt8 *bytes = NULL;
- OSStatus __secapiresult;
- try {
- CssmData output = Certificate::required(certificate)->data();
- bytes = (const UInt8 *)output.data();
- __secapiresult=errSecSuccess;
- }
- catch (const MacOSError &err) { __secapiresult=err.osStatus(); }
- catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); }
- catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; }
- catch (...) { __secapiresult=errSecInternalComponent; }
- return bytes;
-}
-#endif
-
-#if !SECTRUST_OSX
-/* not exported */
-static CFArrayRef CopyEscrowCertificates(SecCertificateEscrowRootType escrowRootType, CFErrorRef *error)
-{
- // Return array of CFDataRef certificates.
- CFArrayRef result = NULL;
- int iCnt;
- int numRoots = 0;
-
- // Get the hard coded set of production roots
- // static struct RootRecord* kProductionEscrowRoots[] = {&kOldEscrowRootRecord, &kProductionEscrowRootRecord};
-
- struct RootRecord** pEscrowRoots = NULL;
- switch (escrowRootType) {
- case kSecCertificateBaselineEscrowRoot:
- numRoots = kNumberOfBaseLineEscrowRoots;
- pEscrowRoots = kBaseLineEscrowRoots;
- break;
- case kSecCertificateProductionEscrowRoot:
- numRoots = kNumberOfBaseLineEscrowRoots; //%%% currently, production == baseline on OS X
- pEscrowRoots = kBaseLineEscrowRoots;
- break;
- case kSecCertificateBaselinePCSEscrowRoot:
- numRoots = kNumberOfBaseLinePCSEscrowRoots;
- pEscrowRoots = kBaseLinePCSEscrowRoots;
- break;
- case kSecCertificateProductionPCSEscrowRoot:
- numRoots = kNumberOfBaseLinePCSEscrowRoots; //%%% currently, production == baseline on OS X
- pEscrowRoots = kBaseLinePCSEscrowRoots;
- break;
- default:
- break;
- }
-
- CFDataRef productionCerts[numRoots];
- struct RootRecord* pRootRecord = NULL;
-
- for (iCnt = 0; pEscrowRoots != NULL && iCnt < numRoots; iCnt++)
- {
- pRootRecord = pEscrowRoots[iCnt];
- if (NULL != pRootRecord && pRootRecord->_length > 0 && NULL != pRootRecord->_bytes)
- {
- productionCerts[iCnt] = CFDataCreate(kCFAllocatorDefault, pRootRecord->_bytes, pRootRecord->_length);
- }
- }
- result = CFArrayCreate(kCFAllocatorDefault, (const void **)productionCerts, numRoots, &kCFTypeArrayCallBacks);
- for (iCnt = 0; iCnt < numRoots; iCnt++)
- {
- if (NULL != productionCerts[iCnt])
- {
- CFRelease(productionCerts[iCnt]);
- }
- }
-
- return result;
-}
-#endif
-
-#if !SECTRUST_OSX
-/* new in 10.9 */
-CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType)
-{
- CFArrayRef result = NULL;
- int iCnt;
- int numRoots = 0;
- CFDataRef certData = NULL;
-
- // The request is for the base line certificates.
- // Use the hard coded data to generate the return array
- if (kSecCertificateBaselineEscrowRoot == escrowRootType)
- {
- // Get the hard coded set of roots
- numRoots = kNumberOfBaseLineEscrowRoots;
- SecCertificateRef baseLineCerts[numRoots];
- struct RootRecord* pRootRecord = NULL;
-
- for (iCnt = 0; iCnt < numRoots; iCnt++)
- {
- pRootRecord = kBaseLineEscrowRoots[iCnt];
- if (NULL != pRootRecord && pRootRecord->_length > 0 && NULL != pRootRecord->_bytes)
- {
- certData = CFDataCreate(kCFAllocatorDefault, pRootRecord->_bytes, pRootRecord->_length);
- if (NULL != certData)
- {
- baseLineCerts[iCnt] = SecCertificateCreateWithData(kCFAllocatorDefault, certData);
- CFRelease(certData);
- }
- }
- }
- result = CFArrayCreate(kCFAllocatorDefault, (const void **)baseLineCerts, numRoots, &kCFTypeArrayCallBacks);
- for (iCnt = 0; iCnt < numRoots; iCnt++)
- {
- if (NULL != baseLineCerts[iCnt])
- {
- CFRelease(baseLineCerts[iCnt]);
- }
- }
- }
- // The request is for the current certificates.
- else
- {
- CFErrorRef error = NULL;
- CFArrayRef cert_datas = CopyEscrowCertificates(escrowRootType, &error);
- if (NULL != error || NULL == cert_datas || 0 == (numRoots = (int)CFArrayGetCount(cert_datas)))
- {
- if (NULL != error)
- {
- CFRelease(error);
- }
-
- if (NULL != cert_datas)
- {
- CFRelease(cert_datas);
- }
- return result;
- }
-
- SecCertificateRef assetCerts[numRoots];
- for (iCnt = 0; iCnt < numRoots; iCnt++)
- {
- certData = (CFDataRef)CFArrayGetValueAtIndex(cert_datas, iCnt);
- if (NULL != certData)
- {
- SecCertificateRef aCertRef = SecCertificateCreateWithData(kCFAllocatorDefault, certData);
- assetCerts[iCnt] = aCertRef;
- }
- else
- {
- assetCerts[iCnt] = NULL;
- }
- }
-
- if (numRoots > 0)
- {
- result = CFArrayCreate(kCFAllocatorDefault, (const void **)assetCerts, numRoots, &kCFTypeArrayCallBacks);
- for (iCnt = 0; iCnt < numRoots; iCnt++)
- {
- if (NULL != assetCerts[iCnt])
- {
- CFRelease(assetCerts[iCnt]);
- }
- }
- }
- CFRelease(cert_datas);
- }
projects / apple / security.git / blobdiff