#include "TrustSettings.h"
#include "TrustSettingsSchema.h"
-#include "SecTrustSettings.h"
+#include <Security/SecTrustSettings.h>
#include "TrustSettingsUtils.h"
#include "TrustKeychains.h"
#include "Certificate.h"
#include <security_utilities/logging.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/alloc.h>
+#include <security_utilities/casts.h>
+#include <utilities/SecCFRelease.h>
#include <Security/Authorization.h>
#include <Security/cssmapplePriv.h>
#include <Security/oidscert.h>
if (certPolicyStrNoNULL == NULL) {
/* I really don't see how this can happen either */
trustSettingsEvalDbg("tsCheckPolicyStr: policyStr string conversion error 2");
+ CFReleaseNull(cfPolicyStr);
return false;
}
/* get trust settings dictionary for this cert */
CFDictionaryRef certDict = findDictionaryForCertHash(certHashStr);
- if((certDict == NULL) && isRootCert) {
- /* No? How about default root setting for this domain? */
- certDict = findDictionaryForCertHash(kSecTrustRecordDefaultRootCert);
- }
#if CERT_HASH_DEBUG
/* @@@ debug only @@@ */
/* print certificate hash and found dictionary reference */
CFRef<CFMutableSetRef> certSet(CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks));
/* search: all certs, no attributes */
- KCCursor cursor(keychains, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL);
+ KCCursor cursor(keychains, (SecItemClass) CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL);
Item certItem;
bool found;
unsigned int total=0, entries=0, qualified=0;
break;
}
++total;
- #if !SECTRUST_OSX
- CFRef<SecCertificateRef> certRef((SecCertificateRef)certItem->handle());
- #else
+
/* must convert to unified SecCertificateRef */
SecPointer<Certificate> certificate(static_cast<Certificate *>(&*certItem));
CssmData certCssmData;
}
CFRef<CFDataRef> cfDataRef(CFDataCreate(NULL, certCssmData.Data, certCssmData.Length));
CFRef<SecCertificateRef> certRef(SecCertificateCreateWithData(NULL, cfDataRef));
- #endif
/* do we have an entry for this cert? */
CFDictionaryRef certDict = findDictionaryForCert(certRef);
SecPolicyRef policyRef = NULL;
if (CFDataGetTypeID() == CFGetTypeID(certPolicy)) {
/* convert OID as CFDataRef to SecPolicyRef */
- CSSM_OID policyOid = { CFDataGetLength((CFDataRef)certPolicy),
+ CSSM_OID policyOid = { int_cast<CFIndex, CSSM_SIZE>(CFDataGetLength((CFDataRef)certPolicy)),
(uint8 *)CFDataGetBytePtr((CFDataRef)certPolicy) };
OSStatus ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &policyOid, &policyRef);
if(ortn) {
OSStatus ortn = errSecSuccess;
SecPolicyRef certPolicy;
SecTrustedApplicationRef certApp;
+ CFTypeRef oidData = NULL;
/* convert */
for(CFIndex dex=0; dex<numSpecs; dex++) {
- CFTypeRef oidData = NULL;
CFStringRef policyName = NULL;
CFDataRef appData = NULL;
CFStringRef policyStr = NULL;
ortn = errSecParam;
break;
}
- result = resultNum;
+ result = (SecTrustSettingsResult) resultNum;
/* validate result later */
keyUsage = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage);
&kCFTypeDictionaryValueCallBacks);
if(oidData) {
CFDictionaryAddValue(outDict, kSecTrustSettingsPolicy, oidData);
- CFRelease(oidData); // owned by dictionary
+ CFReleaseNull(oidData); // owned by dictionary
}
if(policyName) {
CFDictionaryAddValue(outDict, kSecTrustSettingsPolicyName, policyName);
} /* for each usage constraint dictionary */
+ CFReleaseNull(oidData);
CFRelease(tmpInArray);
if(ortn) {
CFRelease(outArray);
CFDataRef *issuer, /* optional, RETURNED */
CFDataRef *serial) /* RETURNED */
{
-#if SECTRUST_OSX
CFRef<SecCertificateRef> certificate = SecCertificateCreateItemImplInstance(certRef);
-#else
- CFRef<SecCertificateRef> certificate = (SecCertificateRef) ((certRef) ? CFRetain(certRef) : NULL);
-#endif
SecPointer<Certificate> cert = Certificate::required(certificate);
CSSM_DATA_PTR fieldVal;
projects / apple / security.git / blobdiff