/*
* Copyright (c) 2007-2010 Apple Inc. All Rights Reserved.
- *
+ *
* @APPLE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_LICENSE_HEADER_END@
*/
CFDataRef cert_bytes = CFDictionaryGetValue(value, CFSTR("cert"));
if (!cert_bytes)
return;
- SecCertificateRef cert =
+ SecCertificateRef cert =
SecCertificateCreateWithData(kCFAllocatorDefault, cert_bytes);
if (!cert)
return;
CFArrayRef certs;
} build_trust_chains_context;
-static void build_trust_chains(const void *key, const void *value,
+static void build_trust_chains(const void *key, const void *value,
void *context)
{
- CFMutableDictionaryRef identity_dict = CFDictionaryCreateMutable(kCFAllocatorDefault,
+ CFMutableDictionaryRef identity_dict = CFDictionaryCreateMutable(kCFAllocatorDefault,
0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
SecKeyRef private_key = NULL;
SecCertificateRef cert = NULL;
/* p12import only passes up rsa keys */
//FIXME: needs SecKeyCreateRSAPrivateKey implementation
//#if 0
-// private_key = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault,
+// private_key = SecKeyCreateRSAPrivateKey(kCFAllocatorDefault,
// CFDataGetBytePtr(key_bytes), CFDataGetLength(key_bytes),
// kSecKeyEncodingPkcs1);
//#endif
identity = SecIdentityCreate(kCFAllocatorDefault, cert, private_key);
if(!identity) goto out; //require(identity, out);
CFDictionarySetValue(identity_dict, kSecImportItemIdentity, identity);
-
+
eval_chain = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
if(!eval_chain) goto out; //require(eval_chain, out);
CFArrayAppendValue(eval_chain, cert);
if(!trust) goto out; //require(trust, out);
SecTrustEvaluate(trust, &result);
CFDictionarySetValue(identity_dict, kSecImportItemTrust, trust);
-
+
cert_chain = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
if(!cert_chain) goto out; //require(cert_chain, out);
CFIndex cert_chain_length = SecTrustGetCertificateCount(trust);
for (i = 0; i < cert_chain_length; i++)
CFArrayAppendValue(cert_chain, SecTrustGetCertificateAtIndex(trust, i));
CFDictionarySetValue(identity_dict, kSecImportItemCertChain, cert_chain);
-
+
CFArrayAppendValue(a_build_trust_chains_context->identities, identity_dict);
out:
CFReleaseSafe(identity_dict);
// SecKeychainItemImport API, which supports importing items into a
// specified keychain with initial access control settings for keys.
//
- OSStatus status = noErr;
+ OSStatus status = errSecSuccess;
SecExternalFormat inputFormat = kSecFormatPKCS12;
SecExternalItemType itemType = kSecItemTypeAggregate;
SecItemImportExportFlags flags = 0; /* don't know if it's PEM armoured */
if (importPassword)
CFRetain(importPassword);
}
-
+
if (!importKeychain) {
// SecKeychainItemImport requires a keychain, so use default
status = SecKeychainCopyDefault(&importKeychain);
}
-
+
memset(&keyParams, 0, sizeof(SecKeyImportExportParameters));
keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
keyParams.passphrase = importPassword;
NULL, /* no filename */
&inputFormat,
&itemType,
- flags,
+ flags,
&keyParams,
importKeychain,
&tmpItems);
-
+
// build an array of all non-identity certificates which were imported
if (!status) {
certs = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
}
}
}
-
+
// now build the output items (array of dictionaries)
if (!status) {
identities = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
CFTypeID itemID = CFGetTypeID(anItem);
if (itemID == SecIdentityGetTypeID()) {
CFMutableDictionaryRef itemDict;
- itemDict = CFDictionaryCreateMutable(kCFAllocatorDefault,
+ itemDict = CFDictionaryCreateMutable(kCFAllocatorDefault,
0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
SecCertificateRef itemCert = NULL;
status = SecIdentityCopyCertificate((SecIdentityRef)anItem, &itemCert);
-
+
// label
if (!status) {
CFStringRef label = SecCertificateCopySubjectSummary(itemCert);
status = SecKeyGetCSSMKey(itemKey, &cssmKey);
if (!status) {
unsigned char hash[CC_SHA1_DIGEST_LENGTH];
- CC_SHA1(cssmKey->KeyData.Data, cssmKey->KeyData.Length, &hash[0]);
+ CC_SHA1(cssmKey->KeyData.Data, (CC_LONG)cssmKey->KeyData.Length, &hash[0]);
CFDataRef digest = CFDataCreate(NULL, (const UInt8 *)hash, CC_SHA1_DIGEST_LENGTH);
if (digest) {
CFDictionaryAddValue(itemDict, kSecImportItemKeyID, digest);
CFDictionaryAddValue(itemDict, kSecImportItemCertChain, certArray);
CFRelease(certArray);
}
-
+
// identity
CFDictionaryAddValue(itemDict, kSecImportItemIdentity, anItem);
-
+
if (itemCert)
- CFRelease(itemCert);
+ CFRelease(itemCert);
CFArrayAppendValue(identities, itemDict);
CFRelease(itemDict);
}
}
}
-
+
if (items)
*items = identities;
else if (identities)
CFRelease(importAccess);
if (importPassword)
CFRelease(importPassword);
-
+
return status;
-
+
//FIXME: needs SecAsn1Coder implementation
#if 0
pkcs12_context context = {};
SecAsn1CoderCreate(&context.coder);
if (options)
context.passphrase = CFDictionaryGetValue(options, kSecImportExportPassphrase);
- context.items = CFDictionaryCreateMutable(kCFAllocatorDefault,
+ context.items = CFDictionaryCreateMutable(kCFAllocatorDefault,
0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
int status = p12decode(&context, pkcs12_data);
if (!status) {
build_trust_chains_context a_build_trust_chains_context = { identities, certs };
CFDictionaryApplyFunction(context.items, build_trust_chains, &a_build_trust_chains_context);
CFReleaseSafe(certs);
-
+
/* ignoring certs that weren't picked up as part of the certchain for found keys */
-
+
*items = identities;
}
CFReleaseSafe(context.items);
SecAsn1CoderRelease(context.coder);
-
+
switch (status) {
- case p12_noErr: return noErr;
+ case p12_noErr: return errSecSuccess;
case p12_passwordErr: return errSecAuthFailed;
case p12_decodeErr: return errSecDecode;
default: return errSecInternal;
};
- return noErr;
+ return errSecSuccess;
#endif
}
projects / apple / security.git / blobdiff