Match match(*this);
return certFieldValue(key, match, cert);
}
+#if TARGET_OS_OSX
case opCertGeneric:
{
SecCertificateRef cert = mContext->cert(get<int32_t>());
Match match(*this);
return certFieldPolicy(key, match, cert);
}
+#endif
case opTrustedCert:
return trustedCert(get<int32_t>());
case opTrustedCerts:
bool Requirement::Interpreter::certFieldValue(const string &key, const Match &match, SecCertificateRef cert)
{
+// XXX: Not supported on embedded yet due to lack of supporting API
+#if TARGET_OS_OSX
// no cert, no chance
if (cert == NULL)
return false;
// unrecognized key. Fail but do not abort to promote backward compatibility down the road
secinfo("csinterp", "cert field notation \"%s\" not understood", key.c_str());
+#endif
return false;
}
-
+#if TARGET_OS_OSX
bool Requirement::Interpreter::certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert)
{
// the key is actually a (binary) OID value
{
return cert && certificateHasPolicy(cert, oid) && match(kCFBooleanTrue);
}
-
+#endif
//
// Check the Apple-signed condition
{
// get certificate bytes
if (cert) {
+ SHA1 hasher;
+#if TARGET_OS_OSX
CSSM_DATA certData;
MacOSError::check(SecCertificateGetData(cert, &certData));
// verify hash
- SHA1 hasher;
hasher(certData.Data, certData.Length);
+#else
+ hasher(SecCertificateGetBytePtr(cert), SecCertificateGetLength(cert));
+#endif
return hasher.verify(digest);
}
return false;
//
SecTrustSettingsResult Requirement::Interpreter::trustSetting(SecCertificateRef cert, bool isAnchor)
{
+ // XXX: Not supported on embedded yet due to lack of supporting API
+#if TARGET_OS_OSX
// the SPI input is the uppercase hex form of the SHA-1 of the certificate...
assert(cert);
SHA1::Digest digest;
::free(errors);
MacOSError::throwMe(rc);
}
+#else
+ return kSecTrustSettingsResultUnspecified;
+#endif
}
projects / apple / security.git / blobdiff