tpVerifyParsed.cpp [plain text]
#include <Security/Security.h>
#include "tpVerifyParsed.h"
#include <Security/SecRootCertStorePriv.h>
#include <Security/RootCertCachePriv.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <clAppUtils/CertParser.h>
#include <utilLib/common.h>
static int parseRootCert(
CSSM_CL_HANDLE clHand,
const CSSM_DATA &certData,
SecParsedRootCert &parsedRoot)
{
try {
CertParser cert(clHand, certData);
uint32 len = 0;
const void *p = cert.fieldForOid(CSSMOID_X509V1SubjectName, len);
appCopyData(p, len, &parsedRoot.subject);
appCopyCssmData(&certData, &parsedRoot.certData);
return 0;
}
catch(...) {
printf("CertParser threw!\n");
return -1;
}
}
static void freeParsedRoot(
SecParsedRootCert &parsedRoot)
{
if(parsedRoot.subject.Data) {
CSSM_FREE(parsedRoot.subject.Data);
}
if(parsedRoot.certData.Data) {
CSSM_FREE(parsedRoot.certData.Data);
}
}
static int createParsedCertArray(
CSSM_CL_HANDLE clHand,
unsigned numAnchorCerts,
CSSM_DATA_PTR anchorCerts,
SecParsedRootCertArrayRef *arrayRef) {
SecParsedRootCertArray *outArray = (SecParsedRootCertArray *)malloc(sizeof(*outArray));
memset(outArray, 0, sizeof(*outArray));
unsigned len = sizeof(SecParsedRootCert) * numAnchorCerts;
outArray->roots = (SecParsedRootCert *)malloc(len);
memset(outArray->roots, 0, len);
for(unsigned dex=0; dex<numAnchorCerts; dex++) {
if(parseRootCert(clHand, anchorCerts[dex], outArray->roots[dex])) {
return -1;
}
}
outArray->numRoots = numAnchorCerts;
*arrayRef = outArray;
return 0;
}
static void freeParsedCertArray(
SecParsedRootCertArrayRef arrayRef)
{
for(unsigned dex=0; dex<arrayRef->numRoots; dex++) {
freeParsedRoot(arrayRef->roots[dex]);
}
free(arrayRef->roots);
free((void *)arrayRef);
}
CSSM_RETURN tpCertGroupVerifyParsed(
CSSM_TP_HANDLE tpHand,
CSSM_CL_HANDLE clHand,
CSSM_CSP_HANDLE cspHand,
CSSM_DL_DB_LIST_PTR dbListPtr,
const CSSM_OID *policy, const CSSM_DATA *fieldOpts, const CSSM_DATA *actionData, void *policyOpts,
const CSSM_CERTGROUP *certGroup,
CSSM_DATA_PTR anchorCerts,
unsigned numAnchorCerts,
CSSM_TP_STOP_ON stopOn, CSSM_TIMESTRING cssmTimeStr, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result) {
CSSM_TP_VERIFY_CONTEXT vfyCtx;
CSSM_TP_CALLERAUTH_CONTEXT authCtx;
memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT));
vfyCtx.Action = CSSM_TP_ACTION_DEFAULT;
if(actionData) {
vfyCtx.ActionData = *actionData;
}
else {
vfyCtx.ActionData.Data = NULL;
vfyCtx.ActionData.Length = 0;
}
vfyCtx.Cred = &authCtx;
CSSM_FIELD policyId;
if(policy != NULL) {
policyId.FieldOid = (CSSM_OID)*policy;
authCtx.Policy.NumberOfPolicyIds = 1;
authCtx.Policy.PolicyIds = &policyId;
if(fieldOpts != NULL) {
policyId.FieldValue = *fieldOpts;
}
else {
policyId.FieldValue.Data = NULL;
policyId.FieldValue.Length = 0;
}
}
else {
authCtx.Policy.NumberOfPolicyIds = 0;
authCtx.Policy.PolicyIds = NULL;
}
authCtx.Policy.PolicyControl = policyOpts;
authCtx.VerifyTime = cssmTimeStr; authCtx.VerificationAbortOn = stopOn;
authCtx.CallbackWithVerifiedCert = NULL;
SecParsedRootCertArrayRef arrayRef = NULL;
if(numAnchorCerts) {
if(createParsedCertArray(clHand, numAnchorCerts, anchorCerts, &arrayRef)) {
return -1;
}
authCtx.NumberOfAnchorCerts = APPLE_TP_PARSED_ANCHOR_INDICATOR;
authCtx.AnchorCerts = (CSSM_DATA_PTR)arrayRef;
}
else {
authCtx.NumberOfAnchorCerts = 0;
authCtx.AnchorCerts = NULL;
}
authCtx.DBList = dbListPtr;
authCtx.CallerCredentials = NULL;
CSSM_RETURN crtn = CSSM_TP_CertGroupVerify(tpHand,
clHand,
cspHand,
certGroup,
&vfyCtx,
result);
if(arrayRef) {
freeParsedCertArray(arrayRef);
}
return crtn;
}