static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_APPLEID_SHARING),
static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_TIMESTAMPING),
*/
-const oidmap_entry_t oidmap[] = {
- { kSecPolicyAppleX509Basic, &CSSMOID_APPLE_X509_BASIC },
- { kSecPolicyAppleSSL, &CSSMOID_APPLE_TP_SSL },
- { kSecPolicyAppleSMIME, &CSSMOID_APPLE_TP_SMIME },
- { kSecPolicyAppleEAP, &CSSMOID_APPLE_TP_EAP },
- { kSecPolicyAppleSWUpdateSigning, &CSSMOID_APPLE_TP_SW_UPDATE_SIGNING },
- { kSecPolicyAppleIPsec, &CSSMOID_APPLE_TP_IP_SEC },
- { kSecPolicyAppleiChat, &CSSMOID_APPLE_TP_ICHAT },
- { kSecPolicyApplePKINITClient, &CSSMOID_APPLE_TP_PKINIT_CLIENT },
- { kSecPolicyApplePKINITServer, &CSSMOID_APPLE_TP_PKINIT_SERVER },
- { kSecPolicyAppleCodeSigning, &CSSMOID_APPLE_TP_CODE_SIGNING },
- { kSecPolicyApplePackageSigning, &CSSMOID_APPLE_TP_PACKAGE_SIGNING },
- { kSecPolicyAppleIDValidation, &CSSMOID_APPLE_TP_APPLEID_SHARING },
- { kSecPolicyMacAppStoreReceipt, &CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT },
- { kSecPolicyAppleTimeStamping, &CSSMOID_APPLE_TP_TIMESTAMPING },
- { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION },
- { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION_OCSP },
- { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION_CRL },
- { kSecPolicyApplePassbookSigning, &CSSMOID_APPLE_TP_PASSBOOK_SIGNING },
- { kSecPolicyAppleMobileStore, &CSSMOID_APPLE_TP_MOBILE_STORE },
- { kSecPolicyAppleEscrowService, &CSSMOID_APPLE_TP_ESCROW_SERVICE },
- { kSecPolicyAppleProfileSigner, &CSSMOID_APPLE_TP_PROFILE_SIGNING },
- { kSecPolicyAppleQAProfileSigner, &CSSMOID_APPLE_TP_QA_PROFILE_SIGNING },
- { kSecPolicyAppleTestMobileStore, &CSSMOID_APPLE_TP_TEST_MOBILE_STORE },
- { kSecPolicyApplePCSEscrowService, &CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE },
- { kSecPolicyAppleOSXProvisioningProfileSigning, &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING },
-};
-const oidmap_entry_t oidmap_priv[] = {
- { CFSTR("basicX509"), &CSSMOID_APPLE_X509_BASIC },
- { CFSTR("sslServer"), &CSSMOID_APPLE_TP_SSL },
- { CFSTR("sslClient"), &CSSMOID_APPLE_TP_SSL },
- { CFSTR("SMIME"), &CSSMOID_APPLE_TP_SMIME },
- { CFSTR("eapServer"), &CSSMOID_APPLE_TP_EAP },
- { CFSTR("eapClient"), &CSSMOID_APPLE_TP_EAP },
- { CFSTR("AppleSWUpdateSigning"), &CSSMOID_APPLE_TP_SW_UPDATE_SIGNING },
- { CFSTR("ipsecServer"), &CSSMOID_APPLE_TP_IP_SEC },
- { CFSTR("ipsecClient"), &CSSMOID_APPLE_TP_IP_SEC },
- { CFSTR("CodeSigning"), &CSSMOID_APPLE_TP_CODE_SIGNING },
- { CFSTR("PackageSigning"), &CSSMOID_APPLE_TP_PACKAGE_SIGNING },
- { CFSTR("AppleIDAuthority"), &CSSMOID_APPLE_TP_APPLEID_SHARING },
- { CFSTR("MacAppStoreReceipt"), &CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT },
- { CFSTR("AppleTimeStamping"), &CSSMOID_APPLE_TP_TIMESTAMPING },
- { CFSTR("revocation"), &CSSMOID_APPLE_TP_REVOCATION },
- { CFSTR("ApplePassbook"), &CSSMOID_APPLE_TP_PASSBOOK_SIGNING },
- { CFSTR("AppleMobileStore"), &CSSMOID_APPLE_TP_MOBILE_STORE },
- { CFSTR("AppleEscrowService"), &CSSMOID_APPLE_TP_ESCROW_SERVICE },
- { CFSTR("AppleProfileSigner"), &CSSMOID_APPLE_TP_PROFILE_SIGNING },
- { CFSTR("AppleQAProfileSigner"), &CSSMOID_APPLE_TP_QA_PROFILE_SIGNING },
- { CFSTR("AppleTestMobileStore"), &CSSMOID_APPLE_TP_TEST_MOBILE_STORE },
- { CFSTR("ApplePCSEscrowService"), &CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE },
- { CFSTR("AppleOSXProvisioningProfileSigning"), &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING },
+static const size_t OIDMAP_LENGTH = 25;
+static const oidmap_entry_t* oidmap_f() {
+ static const oidmap_entry_t oidmap_array[] = {
+ { kSecPolicyAppleX509Basic, &CSSMOID_APPLE_X509_BASIC },
+ { kSecPolicyAppleSSL, &CSSMOID_APPLE_TP_SSL },
+ { kSecPolicyAppleSMIME, &CSSMOID_APPLE_TP_SMIME },
+ { kSecPolicyAppleEAP, &CSSMOID_APPLE_TP_EAP },
+ { kSecPolicyAppleSWUpdateSigning, &CSSMOID_APPLE_TP_SW_UPDATE_SIGNING },
+ { kSecPolicyAppleIPsec, &CSSMOID_APPLE_TP_IP_SEC },
+ { kSecPolicyAppleiChat, &CSSMOID_APPLE_TP_ICHAT },
+ { kSecPolicyApplePKINITClient, &CSSMOID_APPLE_TP_PKINIT_CLIENT },
+ { kSecPolicyApplePKINITServer, &CSSMOID_APPLE_TP_PKINIT_SERVER },
+ { kSecPolicyAppleCodeSigning, &CSSMOID_APPLE_TP_CODE_SIGNING },
+ { kSecPolicyApplePackageSigning, &CSSMOID_APPLE_TP_PACKAGE_SIGNING },
+ { kSecPolicyAppleIDValidation, &CSSMOID_APPLE_TP_APPLEID_SHARING },
+ { kSecPolicyMacAppStoreReceipt, &CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT },
+ { kSecPolicyAppleTimeStamping, &CSSMOID_APPLE_TP_TIMESTAMPING },
+ { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION },
+ { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION_OCSP },
+ { kSecPolicyAppleRevocation, &CSSMOID_APPLE_TP_REVOCATION_CRL },
+ { kSecPolicyApplePassbookSigning, &CSSMOID_APPLE_TP_PASSBOOK_SIGNING },
+ { kSecPolicyAppleMobileStore, &CSSMOID_APPLE_TP_MOBILE_STORE },
+ { kSecPolicyAppleEscrowService, &CSSMOID_APPLE_TP_ESCROW_SERVICE },
+ { kSecPolicyAppleProfileSigner, &CSSMOID_APPLE_TP_PROFILE_SIGNING },
+ { kSecPolicyAppleQAProfileSigner, &CSSMOID_APPLE_TP_QA_PROFILE_SIGNING },
+ { kSecPolicyAppleTestMobileStore, &CSSMOID_APPLE_TP_TEST_MOBILE_STORE },
+ { kSecPolicyApplePCSEscrowService, &CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE },
+ { kSecPolicyAppleOSXProvisioningProfileSigning, &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING },
+ };
+ static_assert(OIDMAP_LENGTH == (sizeof(oidmap_array)/sizeof(oidmap_entry_t)), "OIDMAP_LENGTH is incorrect; must match oidmap_array");
+
+ return oidmap_array;
};
+static const size_t OIDMAP_PRIV_LENGTH = 23;
+static const oidmap_entry_t* oidmap_priv_f() {
+ static const oidmap_entry_t oidmap_priv_array[] = {
+ { CFSTR("basicX509"), &CSSMOID_APPLE_X509_BASIC },
+ { CFSTR("sslServer"), &CSSMOID_APPLE_TP_SSL },
+ { CFSTR("sslClient"), &CSSMOID_APPLE_TP_SSL },
+ { CFSTR("SMIME"), &CSSMOID_APPLE_TP_SMIME },
+ { CFSTR("eapServer"), &CSSMOID_APPLE_TP_EAP },
+ { CFSTR("eapClient"), &CSSMOID_APPLE_TP_EAP },
+ { CFSTR("AppleSWUpdateSigning"), &CSSMOID_APPLE_TP_SW_UPDATE_SIGNING },
+ { CFSTR("ipsecServer"), &CSSMOID_APPLE_TP_IP_SEC },
+ { CFSTR("ipsecClient"), &CSSMOID_APPLE_TP_IP_SEC },
+ { CFSTR("CodeSigning"), &CSSMOID_APPLE_TP_CODE_SIGNING },
+ { CFSTR("PackageSigning"), &CSSMOID_APPLE_TP_PACKAGE_SIGNING },
+ { CFSTR("AppleIDAuthority"), &CSSMOID_APPLE_TP_APPLEID_SHARING },
+ { CFSTR("MacAppStoreReceipt"), &CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT },
+ { CFSTR("AppleTimeStamping"), &CSSMOID_APPLE_TP_TIMESTAMPING },
+ { CFSTR("revocation"), &CSSMOID_APPLE_TP_REVOCATION },
+ { CFSTR("ApplePassbook"), &CSSMOID_APPLE_TP_PASSBOOK_SIGNING },
+ { CFSTR("AppleMobileStore"), &CSSMOID_APPLE_TP_MOBILE_STORE },
+ { CFSTR("AppleEscrowService"), &CSSMOID_APPLE_TP_ESCROW_SERVICE },
+ { CFSTR("AppleProfileSigner"), &CSSMOID_APPLE_TP_PROFILE_SIGNING },
+ { CFSTR("AppleQAProfileSigner"), &CSSMOID_APPLE_TP_QA_PROFILE_SIGNING },
+ { CFSTR("AppleTestMobileStore"), &CSSMOID_APPLE_TP_TEST_MOBILE_STORE },
+ { CFSTR("ApplePCSEscrowService"), &CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE },
+ { CFSTR("AppleOSXProvisioningProfileSigning"), &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING },
+ };
+ static_assert(OIDMAP_PRIV_LENGTH == (sizeof(oidmap_priv_array)/sizeof(oidmap_entry_t)), "OIDMAP_PRIV_LENGTH is incorrect; must match oidmap_priv_array");
+
+ return oidmap_priv_array;
+}
+
//
// Sec API bridge functions
//
return errSecParam; // bad policy ref?
}
CSSM_OID *oidptr = NULL;
- unsigned int i, oidmaplen = sizeof(oidmap) / sizeof(oidmap_entry_t);
- for (i=0; i<oidmaplen; i++) {
- CFStringRef str = (CFStringRef) oidmap[i].oidstr;
+ unsigned int i;
+ for (i=0; i<OIDMAP_LENGTH; i++) {
+ CFStringRef str = (CFStringRef) oidmap_f()[i].oidstr;
if (CFStringCompare(str, oidStr, 0) == kCFCompareEqualTo) {
- oidptr = (CSSM_OID*)oidmap[i].oidptr;
+ oidptr = (CSSM_OID*)oidmap_f()[i].oidptr;
break;
}
}
if (!oidptr) {
// Check private iOS policy names.
- oidmaplen = sizeof(oidmap_priv) / sizeof(oidmap_entry_t);
- for (i=0; i<oidmaplen; i++) {
- CFStringRef str = (CFStringRef) oidmap_priv[i].oidstr;
+
+ for (i=0; i<OIDMAP_PRIV_LENGTH; i++) {
+ CFStringRef str = (CFStringRef) oidmap_priv_f()[i].oidstr;
if (CFStringCompare(str, oidStr, 0) == kCFCompareEqualTo) {
- oidptr = (CSSM_OID*)oidmap_priv[i].oidptr;
+ oidptr = (CSSM_OID*)oidmap_priv_f()[i].oidptr;
break;
}
}
return NULL;
}
// given a CSSM_OID pointer, return corresponding string in oidmap
- unsigned int i, oidmaplen = sizeof(oidmap) / sizeof(oidmap_entry_t);
- for (i=0; i<oidmaplen; i++) {
- CSSM_OID* oidptr = (CSSM_OID*)oidmap[i].oidptr;
+ unsigned int i;
+ for (i=0; i<OIDMAP_LENGTH; i++) {
+ CSSM_OID* oidptr = (CSSM_OID*)oidmap_f()[i].oidptr;
if (compareOids(oid, oidptr)) {
- return (CFStringRef) oidmap[i].oidstr;
+ return (CFStringRef) oidmap_f()[i].oidstr;
}
}
return NULL;
// stash this in a place where it will be released when the policy is destroyed
if (policyRef) {
SecPolicySetOptionsValue(policyRef, CFSTR("policy_data"), data);
- CFRelease(data);
}
else {
syslog(LOG_ERR, "WARNING: policy dictionary not found to store returned data; will leak!");
}
}
+ CFReleaseNull(data);
return true;
}
(const void **)&name) && name) {
break;
}
- if (CFDictionaryGetValueIfPresent(options, CFSTR("email") /*kSecPolicyCheckEmail*/,
+ if (CFDictionaryGetValueIfPresent(options, CFSTR("Email") /*kSecPolicyCheckEmail*/,
(const void **)&name) && name) {
break;
}
return errSecServiceNotAvailable;
}
-/* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */
-OSStatus
-SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies)
-{
- /* bridge to support old functionality */
-#if SECTRUST_DEPRECATION_WARNINGS
- syslog(LOG_ERR, "WARNING: SecPolicyCopyAll was deprecated in 10.7. Please use SecPolicy creation functions instead.");
-#endif
- if (!policies) {
- return errSecParam;
- }
- CFMutableArrayRef curPolicies = CFArrayCreateMutable(NULL, 0, NULL);
- if (!curPolicies) {
- return errSecAllocate;
- }
- /* build the subset of policies which were supported on OS X,
- and which are also implemented on iOS */
- CFStringRef supportedPolicies[] = {
- kSecPolicyAppleX509Basic, /* CSSMOID_APPLE_X509_BASIC */
- kSecPolicyAppleSSL, /* CSSMOID_APPLE_TP_SSL */
- kSecPolicyAppleSMIME, /* CSSMOID_APPLE_TP_SMIME */
- kSecPolicyAppleEAP, /*CSSMOID_APPLE_TP_EAP */
- kSecPolicyAppleSWUpdateSigning, /* CSSMOID_APPLE_TP_SW_UPDATE_SIGNING */
- kSecPolicyAppleIPsec, /* CSSMOID_APPLE_TP_IP_SEC */
- kSecPolicyAppleCodeSigning, /* CSSMOID_APPLE_TP_CODE_SIGNING */
- kSecPolicyMacAppStoreReceipt, /* CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT */
- kSecPolicyAppleIDValidation, /* CSSMOID_APPLE_TP_APPLEID_SHARING */
- kSecPolicyAppleTimeStamping, /* CSSMOID_APPLE_TP_TIMESTAMPING */
- kSecPolicyAppleRevocation, /* CSSMOID_APPLE_TP_REVOCATION_{CRL,OCSP} */
- NULL
- };
- CFIndex ix = 0;
- while (true) {
- CFStringRef policyID = supportedPolicies[ix++];
- if (!policyID) {
- break;
- }
- SecPolicyRef curPolicy = SecPolicyCreateWithProperties(policyID, NULL);
- if (curPolicy) {
- CFArrayAppendValue(curPolicies, curPolicy);
- CFRelease(curPolicy);
- }
- }
- *policies = CFArrayCreateCopy(NULL, curPolicies);
- CFRelease(curPolicies);
- return errSecSuccess;
-}
-
/* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */
OSStatus
SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy)
if (!oidStr) {
return policy;
}
- unsigned int i, oidmaplen = sizeof(oidmap) / sizeof(oidmap_entry_t);
- for (i=0; i<oidmaplen; i++) {
- CFStringRef str = (CFStringRef) oidmap[i].oidstr;
+ unsigned int i;
+ for (i=0; i<OIDMAP_LENGTH; i++) {
+ CFStringRef str = (CFStringRef) oidmap_f()[i].oidstr;
if (CFStringCompare(str, oidStr, 0) == kCFCompareEqualTo) {
- oidPtr = (CSSM_OID*)oidmap[i].oidptr;
+ oidPtr = (CSSM_OID*)oidmap_f()[i].oidptr;
break;
}
}
CFArrayRef
SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray)
{
- /* implement with unified SecPolicyRef instances */
- SecPolicyRef policy = NULL;
CFMutableArrayRef resultPolicyArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
if (!resultPolicyArray) {
return NULL;
}
- policy = SecPolicyCreateWithProperties(kSecPolicyAppleTimeStamping, NULL);
- if (policy) {
- CFArrayAppendValue(resultPolicyArray, policy);
- CFReleaseNull(policy);
+ SecPolicyRef tsPolicy = SecPolicyCreateWithProperties(kSecPolicyAppleTimeStamping, NULL);
+ if (tsPolicy) {
+ CFArrayAppendValue(resultPolicyArray, tsPolicy);
+ CFReleaseNull(tsPolicy);
+ }
+
+ /* check the provided argument for a revocation policy */
+ CFMutableArrayRef policies = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ if (policies && policyOrArray) {
+ if (CFGetTypeID(policyOrArray) == SecPolicyGetTypeID()) {
+ CFArrayAppendValue(policies, policyOrArray);
+ } else if (CFGetTypeID(policyOrArray) == CFArrayGetTypeID()) {
+ CFIndex arrayLength = CFArrayGetCount((CFArrayRef)policyOrArray);
+ CFArrayAppendArray(policies, (CFArrayRef)policyOrArray, CFRangeMake(0, arrayLength));
+ }
}
- policy = SecPolicyCreateWithProperties(kSecPolicyAppleRevocation, NULL);
- if (policy) {
- CFArrayAppendValue(resultPolicyArray, policy);
- CFReleaseNull(policy);
+ CFIndex numPolicies = (policies) ? CFArrayGetCount(policies) : 0;
+ for (CFIndex index=0; index<numPolicies; index++) {
+ SecPolicyRef policy = (SecPolicyRef)CFArrayGetValueAtIndex(policies, index);
+ CFStringRef policyName = (policy) ? SecPolicyGetName(policy) : NULL;
+ if (policyName && CFEqual(CFSTR("revocation"), policyName)) {
+ CFArrayAppendValue(resultPolicyArray, policy);
+ }
}
+ CFReleaseNull(policies);
return resultPolicyArray;
}
projects / apple / security.git / blobdiff