Security-59306.120.7.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / csutilities.cpp

diff --git a/OSX/libsecurity_codesigning/lib/csutilities.cpp b/OSX/libsecurity_codesigning/lib/csutilities.cpp
index e25e7b581944f365a326ff8315f5732b27b017de..774b6ee2c50d96f9f3992b284665380b5106239c 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/csutilities.cpp
+++ b/OSX/libsecurity_codesigning/lib/csutilities.cpp
@@ -24,8 +24,16 @@
 //
 // csutilities - miscellaneous utilities for the code signing implementation
 //
 //
 // csutilities - miscellaneous utilities for the code signing implementation
 //

+

 #include "csutilities.h"
 #include "csutilities.h"

+#include <libDER/DER_Encode.h>
+#include <libDER/DER_Keys.h>
+#include <libDER/asn1Types.h>
+#include <libDER/oids.h>
+#include <security_asn1/SecAsn1Coder.h>
+#include <security_asn1/SecAsn1Templates.h>

 #include <Security/SecCertificatePriv.h>
 #include <Security/SecCertificatePriv.h>

+#include <Security/SecCertificate.h>

 #include <utilities/SecAppleAnchorPriv.h>
 #include <utilities/SecInternalReleasePriv.h>
 #include "requirement.h"
 #include <utilities/SecAppleAnchorPriv.h>
 #include <utilities/SecInternalReleasePriv.h>
 #include "requirement.h"


@@ -34,6 +42,16 @@
 #include <security_utilities/errors.h>
 #include <sys/utsname.h>
 
 #include <security_utilities/errors.h>
 #include <sys/utsname.h>
 

+extern "C" {
+
+/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
+ an absoluteTime if the date was valid and properly decoded.  Return
+ NULL_TIME otherwise. */
+CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+                                                                                         size_t length);
+
+}
+       

 namespace Security {
 namespace CodeSigning {
 
 namespace Security {
 namespace CodeSigning {
 


@@ -151,6 +169,65 @@ bool certificateHasPolicy(SecCertificateRef cert, const CSSM_OID &policyOid)
        SecCertificateReleaseFirstFieldValue(cert, &CSSMOID_PolicyConstraints, data);
        return matched;
 }
        SecCertificateReleaseFirstFieldValue(cert, &CSSMOID_PolicyConstraints, data);
        return matched;
 }

+
+       
+CFDateRef certificateCopyFieldDate(SecCertificateRef cert, const CSSM_OID &policyOid)
+{
+       CFDataRef oidData = NULL;
+       CFDateRef value = NULL;
+       CFDataRef data = NULL;
+       SecAsn1CoderRef coder = NULL;
+       CSSM_DATA str = { 0 };
+       CFAbsoluteTime time = 0.0;
+       OSStatus status = 0;
+       bool isCritical;
+       
+       oidData = CFDataCreateWithBytesNoCopy(NULL, policyOid.Data, policyOid.Length,
+                                                                                 kCFAllocatorNull);
+       
+       if (oidData == NULL) {
+               goto out;
+       }
+       
+       data = SecCertificateCopyExtensionValue(cert, oidData, &isCritical);
+       
+       if (data == NULL) {
+               goto out;
+       }
+       
+       status = SecAsn1CoderCreate(&coder);
+       if (status != 0) {
+               goto out;
+       }
+       
+       // We currently only support UTF8 strings.
+       status = SecAsn1Decode(coder, CFDataGetBytePtr(data), CFDataGetLength(data),
+                                                  kSecAsn1UTF8StringTemplate, &str);
+       if (status != 0) {
+               goto out;
+       }
+       
+       time = SecAbsoluteTimeFromDateContent(ASN1_GENERALIZED_TIME,
+                                                                                 str.Data, str.Length);
+                                                                                 
+       if (time == 0.0) {
+               goto out;
+       }
+
+       value = CFDateCreate(NULL, time);
+out:
+       if (coder) {
+               SecAsn1CoderRelease(coder);
+       }
+       if (data) {
+               CFRelease(data);
+       }
+       if (oidData) {
+               CFRelease(oidData);
+       }
+       
+       return value;
+}

 #endif
 
 //
 #endif
 
 //