 * CMSDecoder.cpp - Interface for decoding CMS messages.

#include "CMSDecoder.h"
#include "CMSPrivate.h"
#include "CMSUtils.h"
#include <../libsecurity_codesigning/lib/csutilities.h>

#include <Security/SecCmsDecoder.h>
#include <Security/SecCmsEnvelopedData.h>
#include <Security/SecCmsMessage.h>
#include <Security/SecCmsSignedData.h>
#include <Security/SecCmsSignerInfo.h>
#include <Security/SecCmsContentInfo.h>
#include <Security/SecCmsDigestContext.h>
#include <Security/SecCertificate.h>
#include <Security/SecSMIME.h>
#include <Security/oidsattr.h>
#include <Security/SecTrustPriv.h>
#include <CoreFoundation/CFRuntime.h>
#include <pthread.h>
#include <syslog.h>
#include <AssertMacros.h>

#pragma mark --- Private types and definitions ---

 * Decoder state.
typedef enum {
	DS_Init,		/* between CMSDecoderCreate and CMSDecoderUpdateMessage */
	DS_Updating,	/* between first CMSDecoderUpdateMessage and CMSDecoderFinalizeMessage */
	DS_Final		/* CMSDecoderFinalizeMessage has been called */
} CMSDecoderState;

 * Caller's CMSDecoderRef points to one of these.
struct _CMSDecoder {
	CFRuntimeBase		base;
	CMSDecoderState		decState;
	SecArenaPoolRef		arena;				/* the decoder's arena */
	SecCmsDecoderRef	decoder;
	CFDataRef			detachedContent;
	CFTypeRef			keychainOrArray;	/* from CMSDecoderSetSearchKeychain() */
	 * The following are valid (and quiescent) after CMSDecoderFinalizeMessage().
	SecCmsMessageRef	cmsMsg;
	Boolean				wasEncrypted;	/* valid after CMSDecoderFinalizeMessage() */
	SecCmsSignedDataRef	signedData;		/* if there is one... */
	/* only non-NULL if we found a signedData */
	size_t				numSigners;
	CSSM_OID			*eContentType;
	/* etc. */

static void cmsDecoderInit(CFTypeRef dec);
static void cmsDecoderFinalize(CFTypeRef dec);

static CFRuntimeClass cmsDecoderRuntimeClass =
	0,			/* version */
	NULL,		/* copy */
	NULL,		/* equal - just use pointer equality */
	NULL,		/* hash, ditto */
	NULL,		/* copyFormattingDesc */
	NULL		/* copyDebugDesc */

#pragma mark --- Private Routines ---

static CFTypeID cmsDecoderTypeID = _kCFRuntimeNotATypeID;

/* one time only class init, called via pthread_once() in CMSDecoderGetTypeID() */
static void cmsDecoderClassInitialize(void)
	cmsDecoderTypeID =
    _CFRuntimeRegisterClass((const CFRuntimeClass * const)&cmsDecoderRuntimeClass);

/* init called out from _CFRuntimeCreateInstance() */
static void cmsDecoderInit(CFTypeRef dec)
	char *start = ((char *)dec) + sizeof(CFRuntimeBase);
	memset(start, 0, sizeof(struct _CMSDecoder) - sizeof(CFRuntimeBase));

 * Dispose of a CMSDecoder. Called out from CFRelease().
static void cmsDecoderFinalize(
                               CFTypeRef		dec)
	CMSDecoderRef cmsDecoder = (CMSDecoderRef)dec;
	if(cmsDecoder == NULL) {
	if(cmsDecoder->decoder != NULL) {
		 * Normally this gets freed in SecCmsDecoderFinish - this is
		 * an error case.
		 * FIXME: SecCmsDecoderDestroy() appears to destroy the
		 * cmsMsg too! Plus there's a comment there re: a leak...
	if(cmsDecoder->cmsMsg != NULL) {
	if(cmsDecoder->arena != NULL) {
		SecArenaPoolFree(cmsDecoder->arena, false);

 * Given detached content and a valid (decoded) SignedData, digest the detached
 * content. This occurs at the later of {CMSDecoderFinalizeMessage() finding a
 * SignedData when already have detachedContent, or CMSDecoderSetDetachedContent()
 * when we already have a SignedData).
static OSStatus cmsDigestDetachedContent(
                                         CMSDecoderRef cmsDecoder)
	ASSERT((cmsDecoder->signedData != NULL) && (cmsDecoder->detachedContent != NULL));
	SECAlgorithmID **digestAlgorithms = SecCmsSignedDataGetDigestAlgs(cmsDecoder->signedData);
	if(digestAlgorithms == NULL) {
		return errSecUnknownFormat;
	SecCmsDigestContextRef digcx = SecCmsDigestContextStartMultiple(digestAlgorithms);
	if(digcx == NULL) {
		return errSecAllocate;
	CSSM_DATA **digests = NULL;
	SecCmsDigestContextUpdate(digcx, CFDataGetBytePtr(cmsDecoder->detachedContent),
	/* note this frees the digest content regardless */
	OSStatus ortn = SecCmsDigestContextFinishMultiple(digcx, cmsDecoder->arena, &digests);
	if(ortn) {
		ortn = cmsRtnToOSStatus(ortn);
		CSSM_PERROR("SecCmsDigestContextFinishMultiple", ortn);
		return ortn;
	ortn = SecCmsSignedDataSetDigests(cmsDecoder->signedData, digestAlgorithms, digests);
	if(ortn) {
		ortn = cmsRtnToOSStatus(ortn);
		CSSM_PERROR("SecCmsSignedDataSetDigests", ortn);
	return ortn;

#pragma mark --- Start of Public API ---

CFTypeID CMSDecoderGetTypeID(void)
	static pthread_once_t once = PTHREAD_ONCE_INIT;
	if(cmsDecoderTypeID == _kCFRuntimeNotATypeID) {
		pthread_once(&once, &cmsDecoderClassInitialize);
	return cmsDecoderTypeID;

 * Create a CMSDecoder. Result must eventually be freed via CFRelease().
OSStatus CMSDecoderCreate(
                          CMSDecoderRef		*cmsDecoderOut)	/* RETURNED */
	CMSDecoderRef cmsDecoder = NULL;
	uint32_t extra = sizeof(*cmsDecoder) - sizeof(cmsDecoder->base);
	cmsDecoder = (CMSDecoderRef)_CFRuntimeCreateInstance(NULL, CMSDecoderGetTypeID(),
                                                         extra, NULL);
	if(cmsDecoder == NULL) {
		return errSecAllocate;
	cmsDecoder->decState = DS_Init;
	*cmsDecoderOut = cmsDecoder;
	return errSecSuccess;

 * Feed raw bytes of the message to be decoded into the decoder. Can be called
 * multiple times.
OSStatus CMSDecoderUpdateMessage(
                                 CMSDecoderRef		cmsDecoder,
                                 const void			*msgBytes,
                                 size_t				msgBytesLen)
	if(cmsDecoder == NULL) {
		return errSecParam;
	OSStatus ortn;
	switch(cmsDecoder->decState) {
		case DS_Init:
			/* First time through; set up */
			ASSERT(cmsDecoder->decoder == NULL);
			ASSERT(cmsDecoder->arena == NULL);
			ortn = SecArenaPoolCreate(1024, &cmsDecoder->arena);
			if(ortn) {
				return cmsRtnToOSStatus(ortn);
			ortn = SecCmsDecoderCreate(cmsDecoder->arena,
                                       NULL, NULL, NULL, NULL, NULL, NULL, &cmsDecoder->decoder);
			if(ortn) {
				ortn = cmsRtnToOSStatus(ortn);
				CSSM_PERROR("SecCmsDecoderCreate", ortn);
				return ortn;
			cmsDecoder->decState = DS_Updating;
		case DS_Updating:
			ASSERT(cmsDecoder->decoder != NULL);
		case DS_Final:
			/* Too late for another update */
			return errSecParam;
			dprintf("CMSDecoderUpdateMessage: bad decState\n");
			return errSecInternalComponent;
	/* FIXME - CFIndex same size as size_t on 64bit? */
	ortn = SecCmsDecoderUpdate(cmsDecoder->decoder, msgBytes, (CFIndex)msgBytesLen);
	if(ortn) {
		ortn = cmsRtnToOSStatus(ortn, errSecUnknownFormat);
		CSSM_PERROR("SecCmsDecoderUpdate", ortn);
	return ortn;

 * Indicate that no more CMSDecoderUpdateMessage() calls are forthcoming;
 * finish decoding the message. We parse the message as best we can, up to
 * but not including verifying individual signerInfos.
OSStatus CMSDecoderFinalizeMessage(
                                   CMSDecoderRef		cmsDecoder)
	if(cmsDecoder == NULL) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Updating) {
		return errSecParam;
	ASSERT(cmsDecoder->decoder != NULL);
	OSStatus ortn = SecCmsDecoderFinish(cmsDecoder->decoder, &cmsDecoder->cmsMsg);
	cmsDecoder->decState = DS_Final;
	/* SecCmsDecoderFinish destroyed the decoder even on failure */
	cmsDecoder->decoder = NULL;
	if(ortn) {
		ortn = cmsRtnToOSStatus(ortn, errSecUnknownFormat);
		CSSM_PERROR("SecCmsDecoderFinish", ortn);
		return ortn;
	ASSERT(cmsDecoder->cmsMsg != NULL);
	cmsDecoder->wasEncrypted = SecCmsMessageIsEncrypted(cmsDecoder->cmsMsg);
	/* Look for a SignedData */
	int numContentInfos = SecCmsMessageContentLevelCount(cmsDecoder->cmsMsg);
	int dex;
	for(dex=0; dex<numContentInfos; dex++) {
		SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsDecoder->cmsMsg, dex);
		SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
		switch(tag) {
				cmsDecoder->signedData =
				/* dig down one more layer for eContentType */
				ci = SecCmsSignedDataGetContentInfo(cmsDecoder->signedData);
				cmsDecoder->eContentType = SecCmsContentInfoGetContentTypeOID(ci);
		if(cmsDecoder->signedData != NULL) {
	/* minimal processing of optional signedData... */
	if(cmsDecoder->signedData != NULL) {
		cmsDecoder->numSigners = (size_t)
		if(cmsDecoder->detachedContent != NULL) {
			/* time to calculate digests from detached content */
			ortn = cmsDigestDetachedContent(cmsDecoder);
	return ortn;

 * A signed CMS message optionally includes the data which was signed. If the
 * message does not include the signed data, caller specifies the signed data
 * (the "detached content") here.
 * This can be called either before or after the actual decoding of the message
 * (via CMSDecoderUpdateMessage() and CMSDecoderFinalizeMessage()); the only
 * restriction is that, if detached content is required, this function must
 * be called befoere successfully ascertaining the signature status via
 * CMSDecoderCopySignerStatus().
OSStatus CMSDecoderSetDetachedContent(
                                      CMSDecoderRef		cmsDecoder,
                                      CFDataRef			detachedContent)
	if((cmsDecoder == NULL) || (detachedContent == NULL)) {
		return errSecParam;
	cmsDecoder->detachedContent = detachedContent;
	if(cmsDecoder->signedData != NULL) {
		/* time to calculate digests from detached content */
		ASSERT(cmsDecoder->decState == DS_Final);
		return cmsDigestDetachedContent(cmsDecoder);
	return errSecSuccess;

 * Obtain the detached content specified in CMSDecoderSetDetachedContent().
 * Returns a NULL detachedContent if no detached content has been specified.
 * Caller must CFRelease() the result.
OSStatus CMSDecoderCopyDetachedContent(
                                       CMSDecoderRef		cmsDecoder,
                                       CFDataRef			*detachedContent)		/* RETURNED */
	if((cmsDecoder == NULL) || (detachedContent == NULL)) {
		return errSecParam;
	if(cmsDecoder->detachedContent != NULL) {
	*detachedContent = cmsDecoder->detachedContent;
	return errSecSuccess;

 * Optionally specify a SecKeychainRef, or an array of them, containing
 * intermediate certs to be used in verifying a signed message's signer
 * certs. By default, the default keychain search list is used for this.
 * Specify an empty CFArrayRef to search *no* keychains for intermediate
 * certs.
 * IF this is called, it must be called before CMSDecoderCopySignerStatus().
OSStatus CMSDecoderSetSearchKeychain(
                                     CMSDecoderRef		cmsDecoder,
                                     CFTypeRef			keychainOrArray)
	if(cmsDecoder == NULL) {
		return errSecParam;
	cmsDecoder->keychainOrArray = keychainOrArray;
	if(keychainOrArray) {
	return errSecSuccess;

 * Obtain the number of signers of a message. A result of zero indicates that
 * the message was not signed.
OSStatus CMSDecoderGetNumSigners(
                                 CMSDecoderRef		cmsDecoder,
                                 size_t				*numSigners)			/* RETURNED */
	if((cmsDecoder == NULL) || (numSigners == NULL)) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Final) {
		return errSecParam;
	*numSigners = cmsDecoder->numSigners;
	return errSecSuccess;

 * Obtain the status of a CMS message's signature. A CMS message can
 * be signed my multiple signers; this function returns the status
 * associated with signer 'n' as indicated by the signerIndex parameter.
OSStatus CMSDecoderCopySignerStatus(
                                    CMSDecoderRef		cmsDecoder,
                                    size_t				signerIndex,
                                    CFTypeRef			policyOrArray,
                                    Boolean				evaluateSecTrust,
                                    CMSSignerStatus		*signerStatus,			/* optional; RETURNED */
                                    SecTrustRef			*secTrust,				/* optional; RETURNED */
                                    OSStatus			*certVerifyResultCode)	/* optional; RETURNED */
	if((cmsDecoder == NULL) || (cmsDecoder->decState != DS_Final) || (!policyOrArray)) {
		return errSecParam;
	/* initialize return values */
	if(signerStatus) {
		*signerStatus = kCMSSignerUnsigned;
	if(secTrust) {
		*secTrust = NULL;
	if(certVerifyResultCode) {
		*certVerifyResultCode = 0;
	if(cmsDecoder->signedData == NULL) {
		*signerStatus = kCMSSignerUnsigned;	/* redundant, I know, but explicit */
		return errSecSuccess;
	ASSERT(cmsDecoder->numSigners > 0);
	if(signerIndex >= cmsDecoder->numSigners) {
		*signerStatus = kCMSSignerInvalidIndex;
		return errSecSuccess;
	if(!SecCmsSignedDataHasDigests(cmsDecoder->signedData)) {
		*signerStatus = kCMSSignerNeedsDetachedContent;
		return errSecSuccess;
	 * OK, we should be able to verify this signerInfo.
	 * I think we have to do the SecCmsSignedDataVerifySignerInfo first
	 * in order get all the cert pieces into place before returning them
	 * to the caller.
	SecTrustRef theTrust = NULL;
	OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
                                                        * FIXME this cast should not be necessary, but libsecurity_smime
                                                        * declares this argument as a SecKeychainRef

	syslog(LOG_ERR, "CMSDecoderCopySignerStatus: SecCmsSignedDataVerifySignerInfo returned %d", (int)vfyRtn);
	if (policyOrArray) CFShow(policyOrArray);
	if (theTrust) CFShow(theTrust);

    /* Subsequent errors to errOut: */
	 * NOTE the smime lib did NOT evaluate that SecTrust - it only does
	 * SecTrustEvaluate() if we don't ask for a copy.
	 * FIXME deal with multitudes of status returns here...for now, proceed with
	 * obtaining components the caller wants and assume that a nonzero vfyRtn
	 * means "bad signature".
	OSStatus ortn = errSecSuccess;
	SecTrustResultType secTrustResult;
	OSStatus evalRtn;
	if(secTrust != NULL) {
		*secTrust = theTrust;
		/* we'll release our reference at the end */
		if (theTrust)
	SecCmsSignerInfoRef signerInfo =
    SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
	if(signerInfo == NULL) {
		/* should never happen */
		dprintf("CMSDecoderCopySignerStatus: no signerInfo\n");
		ortn = errSecInternalComponent;
		goto errOut;
	/* now do the actual cert verify */
	if(evaluateSecTrust) {
		evalRtn = SecTrustEvaluate(theTrust, &secTrustResult);
		if(evalRtn) {
			/* should never happen */
			CSSM_PERROR("SecTrustEvaluate", evalRtn);
			dprintf("CMSDecoderCopySignerStatus: SecTrustEvaluate error\n");
			ortn = errSecInternalComponent;
			goto errOut;
		switch(secTrustResult) {
			case kSecTrustResultUnspecified:
				/* cert chain valid, no special UserTrust assignments */
			case kSecTrustResultProceed:
				/* cert chain valid AND user explicitly trusts this */
			case kSecTrustResultDeny:
			case kSecTrustResultConfirm:
				dprintf("SecTrustEvaluate reported confirm\n");
				/* get low-level TP error */
				OSStatus tpStatus;
				ortn = SecTrustGetCssmResultCode(theTrust, &tpStatus);
				if(ortn) {
					CSSM_PERROR("SecTrustGetCssmResultCode", ortn);
				else {
					tpVfyStatus = tpStatus;
				CSSM_PERROR("TP status after SecTrustEvaluate", tpVfyStatus);
		} 	/* switch(secTrustResult) */
	}		/* evaluateSecTrust true */
	if(certVerifyResultCode != NULL) {
		*certVerifyResultCode = tpVfyStatus;
	/* cook up global status based on vfyRtn and tpVfyStatus */
	if(signerStatus != NULL) {
		if((vfyRtn == errSecSuccess) && (tpVfyStatus == CSSM_OK))  {
			*signerStatus = kCMSSignerValid;
		else if(vfyRtn != errSecSuccess) {
			/* this could mean other things, but for now... */
			*signerStatus = kCMSSignerInvalidSignature;
		else {
			*signerStatus = kCMSSignerInvalidCert;
	return ortn;

 * Obtain the email address of signer 'signerIndex' of a CMS message, if
 * present.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.
OSStatus CMSDecoderCopySignerEmailAddress(
                                          CMSDecoderRef		cmsDecoder,
                                          size_t				signerIndex,
                                          CFStringRef			*signerEmailAddress)	/* RETURNED */
	if((cmsDecoder == NULL) ||
	   (signerEmailAddress == NULL) ||
	   (cmsDecoder->signedData == NULL) ||			/* not signed */
	   (signerIndex >= cmsDecoder->numSigners) ||	/* index out of range */
	   (cmsDecoder->decState != DS_Final)) {
		return errSecParam;
	SecCmsSignerInfoRef signerInfo =
    SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
	if(signerInfo == NULL) {
		/* should never happen */
		dprintf("CMSDecoderCopySignerEmailAddress: no signerInfo\n");
		return errSecInternalComponent;
	 * This is leaking memory in libsecurityKeychain per Radar 4412699.
	*signerEmailAddress = SecCmsSignerInfoGetSignerEmailAddress(signerInfo);
	return errSecSuccess;

 * Obtain the certificate of signer 'signerIndex' of a CMS message, if
 * present.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.
OSStatus CMSDecoderCopySignerCert(
                                  CMSDecoderRef		cmsDecoder,
                                  size_t				signerIndex,
                                  SecCertificateRef	*signerCert)			/* RETURNED */
	if((cmsDecoder == NULL) ||
	   (signerCert == NULL) ||
	   (cmsDecoder->signedData == NULL) ||			/* not signed */
	   (signerIndex >= cmsDecoder->numSigners) ||	/* index out of range */
	   (cmsDecoder->decState != DS_Final)) {
		return errSecParam;
	SecCmsSignerInfoRef signerInfo =
    SecCmsSignedDataGetSignerInfo(cmsDecoder->signedData, (int)signerIndex);
	if(signerInfo == NULL) {
		/* should never happen */
		dprintf("CMSDecoderCopySignerCertificate: no signerInfo\n");
		return errSecInternalComponent;
	*signerCert = SecCmsSignerInfoGetSigningCertificate(signerInfo, NULL);
	/* libsecurity_smime does NOT retain that */
	if(*signerCert == NULL) {
		/* should never happen */
		dprintf("CMSDecoderCopySignerCertificate: no signerCert\n");
		return errSecInternalComponent;
	return errSecSuccess;

 * Determine whether a CMS message was encrypted, and if so, whether we were
 * able to decrypt it.
OSStatus CMSDecoderIsContentEncrypted(
                                      CMSDecoderRef	cmsDecoder,
                                      Boolean			*wasEncrypted)
	if((cmsDecoder == NULL) || (wasEncrypted == NULL)) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Final) {
		return errSecParam;
	*wasEncrypted = cmsDecoder->wasEncrypted;
	return errSecSuccess;

 * Obtain the eContentType OID for a SignedData's EncapsulatedContentType, if
 * present.
OSStatus CMSDecoderCopyEncapsulatedContentType(
                                               CMSDecoderRef		cmsDecoder,
                                               CFDataRef			*eContentType)		/* RETURNED */
	if((cmsDecoder == NULL) || (eContentType == NULL)) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Final) {
		return errSecParam;
	if(cmsDecoder->signedData == NULL) {
		*eContentType = NULL;
	else {
		CSSM_OID *ecOid = cmsDecoder->eContentType;
		*eContentType = CFDataCreate(NULL, ecOid->Data, ecOid->Length);
	return errSecSuccess;

 * Obtain an array of all of the certificates in a message. Elements of the
 * returned array are SecCertificateRefs. The caller must CFRelease the returned
 * array.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.
OSStatus CMSDecoderCopyAllCerts(
                                CMSDecoderRef		cmsDecoder,
                                CFArrayRef			*certs)					/* RETURNED */
	if((cmsDecoder == NULL) || (certs == NULL)) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Final) {
		return errSecParam;
	if(cmsDecoder->signedData == NULL) {
		/* message wasn't signed */
		*certs = NULL;
		return errSecSuccess;
	/* NULL_terminated array of CSSM_DATA ptrs */
	CSSM_DATA_PTR *cssmCerts = SecCmsSignedDataGetCertificateList(cmsDecoder->signedData);
	if((cssmCerts == NULL) || (*cssmCerts == NULL)) {
		*certs = NULL;
		return errSecSuccess;
	CFMutableArrayRef allCerts = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
	CSSM_DATA_PTR *cssmCert;
	for(cssmCert=cssmCerts; *cssmCert!=NULL; cssmCert++) {
		OSStatus ortn;
		SecCertificateRef cfCert;
		ortn = SecCertificateCreateFromData(*cssmCert,
                                            CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER,
		if(ortn) {
			return ortn;
		CFArrayAppendValue(allCerts, cfCert);
		/* the array holds the only needed refcount */
	*certs = allCerts;
	return errSecSuccess;

 * Obtain the actual message content (payload), if any. If the message was
 * signed with detached content this will return NULL.
 * Caller must CFRelease the result.
OSStatus CMSDecoderCopyContent(
                               CMSDecoderRef		cmsDecoder,
                               CFDataRef			*content)				/* RETURNED */
	if((cmsDecoder == NULL) || (content == NULL)) {
		return errSecParam;
	if(cmsDecoder->decState != DS_Final) {
		return errSecParam;
	if(cmsDecoder->cmsMsg == NULL) {
		/* Hmmm....looks like the finalize call failed */
		return errSecParam;
	CSSM_DATA_PTR odata = SecCmsMessageGetContent(cmsDecoder->cmsMsg);
	if((odata == NULL) || (odata->Length == 0)) {
		/* i.e., detached content */
		*content = NULL;
		return errSecSuccess;
	*content = CFDataCreate(NULL, (const UInt8 *)odata->Data, odata->Length);
	return errSecSuccess;

#pragma mark --- SPI declared in CMSPrivate.h ---

 * Obtain the SecCmsMessageRef associated with a CMSDecoderRef. Intended
 * to be called after decoding the message (i.e., after
 * CMSDecoderFinalizeMessage() to gain finer access to the contents of the
 * SecCmsMessageRef than is otherwise available via the CMSDecoder interface.
 * Returns a NULL SecCmsMessageRef if CMSDecoderFinalizeMessage() has not been
 * called.
 * The CMSDecoder retains ownership of the returned SecCmsMessageRef.
OSStatus CMSDecoderGetCmsMessage(
                                 CMSDecoderRef		cmsDecoder,
                                 SecCmsMessageRef	*cmsMessage)		/* RETURNED */
	if((cmsDecoder == NULL) || (cmsMessage == NULL)) {
		return errSecParam;
	/* any state, whether we have a msg or not is OK */
	*cmsMessage = cmsDecoder->cmsMsg;
	return errSecSuccess;

 * Optionally specify a SecCmsDecoderRef to use with a CMSDecoderRef.
 * If this is called, it must be called before the first call to
 * CMSDecoderUpdateMessage(). The CMSDecoderRef takes ownership of the
 * incoming SecCmsDecoderRef.
OSStatus CMSDecoderSetDecoder(
                              CMSDecoderRef		cmsDecoder,
                              SecCmsDecoderRef	decoder)
	if((cmsDecoder == NULL) || (decoder == NULL)) {
		return errSecParam;
	switch(cmsDecoder->decState) {
		case DS_Init:
			ASSERT(cmsDecoder->decoder == NULL);
			cmsDecoder->decoder = decoder;
			cmsDecoder->decState = DS_Updating;
			return errSecSuccess;
		case DS_Updating:
		case DS_Final:
			return errSecParam;
	return errSecSuccess;

 * Obtain the SecCmsDecoderRef associated with a CMSDecoderRef.
 * Returns a NULL SecCmsDecoderRef if neither CMSDecoderSetDecoder() nor
 * CMSDecoderUpdateMessage() has been called.
 * The CMSDecoderRef retains ownership of the SecCmsDecoderRef.
OSStatus CMSDecoderGetDecoder(
                              CMSDecoderRef		cmsDecoder,
                              SecCmsDecoderRef	*decoder)			/* RETURNED */
	if((cmsDecoder == NULL) || (decoder == NULL)) {
		return errSecParam;
	/* any state, whether we have a decoder or not is OK */
	*decoder = cmsDecoder->decoder;
	return errSecSuccess;

 * Obtain the signing time of signer 'signerIndex' of a CMS message, if
 * present. This is an unauthenticate time, although it is part of the
 * signed attributes of the message.
 * Returns errSecParam if the CMS message was not signed or if signerIndex
 * is greater than the number of signers of the message minus one.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.
OSStatus CMSDecoderCopySignerSigningTime(
                                         CMSDecoderRef		cmsDecoder,
                                         size_t				signerIndex,            /* usually 0 */
                                         CFAbsoluteTime      *signingTime)			/* RETURNED */
    OSStatus status = errSecParam;
	SecCmsMessageRef cmsg;
	SecCmsSignedDataRef signedData = NULL;
    int numContentInfos = 0;
    require(cmsDecoder && signingTime, xit);
	require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
    numContentInfos = SecCmsMessageContentLevelCount(cmsg);
    for (int dex = 0; !signedData && dex < numContentInfos; dex++)
        SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
        SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
        if (tag == SEC_OID_PKCS7_SIGNED_DATA)
            if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
                if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
                    status = SecCmsSignerInfoGetSigningTime(signerInfo, signingTime);
    return status;

 * Obtain the timestamp of signer 'signerIndex' of a CMS message, if
 * present. This timestamp is an authenticated timestamp provided by
 * a timestamping authority.
 * Returns errSecParam if the CMS message was not signed or if signerIndex
 * is greater than the number of signers of the message minus one.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.

OSStatus CMSDecoderCopySignerTimestamp(
                                       CMSDecoderRef		cmsDecoder,
                                       size_t				signerIndex,        /* usually 0 */
                                       CFAbsoluteTime      *timestamp)			/* RETURNED */
    return CMSDecoderCopySignerTimestampWithPolicy(cmsDecoder, NULL, signerIndex, timestamp);

OSStatus CMSDecoderCopySignerTimestampWithPolicy(
                                       CMSDecoderRef		cmsDecoder,
                                       CFTypeRef            timeStampPolicy,
                                       size_t				signerIndex,        /* usually 0 */
                                       CFAbsoluteTime      *timestamp)			/* RETURNED */
    OSStatus status = errSecParam;
	SecCmsMessageRef cmsg;
	SecCmsSignedDataRef signedData = NULL;
    int numContentInfos = 0;
    require(cmsDecoder && timestamp, xit);
	require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
    numContentInfos = SecCmsMessageContentLevelCount(cmsg);
    for (int dex = 0; !signedData && dex < numContentInfos; dex++)
        SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
        SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
        if (tag == SEC_OID_PKCS7_SIGNED_DATA)
            if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
                if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
                    status = SecCmsSignerInfoGetTimestampTimeWithPolicy(signerInfo, timeStampPolicy, timestamp);
    return status;

 * Obtain an array of the certificates in a timestamp response. Elements of the
 * returned array are SecCertificateRefs. The caller must CFRelease the returned
 * array. This timestamp is an authenticated timestamp provided by
 * a timestamping authority.
 * Returns errSecParam if the CMS message was not signed or if signerIndex
 * is greater than the number of signers of the message minus one. It returns
 * errSecItemNotFound if no certificates were found.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called. 
OSStatus CMSDecoderCopySignerTimestampCertificates(
                                                   CMSDecoderRef		cmsDecoder,
                                                   size_t				signerIndex,            /* usually 0 */
                                                   CFArrayRef          *certificateRefs)       /* RETURNED */
    OSStatus status = errSecParam;
	SecCmsMessageRef cmsg = NULL;
	SecCmsSignedDataRef signedData = NULL;
    int numContentInfos = 0;
    CFIndex tsn = 0;
    bool good = false;
    require(cmsDecoder && certificateRefs, xit);
	require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
    numContentInfos = SecCmsMessageContentLevelCount(cmsg);
    for (int dex = 0; !signedData && dex < numContentInfos; dex++)
        SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
        SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
        if (tag == SEC_OID_PKCS7_SIGNED_DATA)
            if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
                if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
                    CFArrayRef certList = SecCmsSignerInfoGetTimestampCertList(signerInfo);
                    require_action(certList, xit, status = errSecItemNotFound);
                    CFMutableArrayRef certs = CFArrayCreateMutableCopy(kCFAllocatorDefault, CFArrayGetCount(certList), certList);
                        //reorder certificates:
                        tsn = CFArrayGetCount(certs);
                        good = tsn > 0 && Security::CodeSigning::isAppleCA(SecCertificateRef(CFArrayGetValueAtIndex(certs, tsn-1)));
                        if ( good == false )
                            //change TS certificate ordering.
                            for (CFIndex n = 0; n < tsn; n++)
                                if (SecCertificateRef tsRoot = SecCertificateRef(CFArrayGetValueAtIndex(certs, n)))
                                    if ((good = Security::CodeSigning::isAppleCA(tsRoot))) {
                                        CFArrayExchangeValuesAtIndices(certs, n, tsn-1);
                        *certificateRefs = CFArrayCreateCopy(kCFAllocatorDefault, certs);
                        status = errSecSuccess;
        return status;

 * Obtain the Hash Agility attribute value of signer 'signerIndex'
 * of a CMS message, if present.
 * Returns errSecParam if the CMS message was not signed or if signerIndex
 * is greater than the number of signers of the message minus one.
 * This cannot be called until after CMSDecoderFinalizeMessage() is called.
OSStatus CMSDecoderCopySignerAppleCodesigningHashAgility(
    CMSDecoderRef		cmsDecoder,
    size_t				signerIndex,            /* usually 0 */
    CFDataRef  CF_RETURNS_RETAINED *hashAgilityAttrValue)			/* RETURNED */
    OSStatus status = errSecParam;
    SecCmsMessageRef cmsg;
    SecCmsSignedDataRef signedData = NULL;
    int numContentInfos = 0;
    CFDataRef returnedValue = NULL;

    require(cmsDecoder && hashAgilityAttrValue, xit);
    require_noerr(CMSDecoderGetCmsMessage(cmsDecoder, &cmsg), xit);
    numContentInfos = SecCmsMessageContentLevelCount(cmsg);
    for (int dex = 0; !signedData && dex < numContentInfos; dex++)
        SecCmsContentInfoRef ci = SecCmsMessageContentLevel(cmsg, dex);
        SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci);
        if (tag == SEC_OID_PKCS7_SIGNED_DATA)
            if ((signedData = SecCmsSignedDataRef(SecCmsContentInfoGetContent(ci))))
                if (SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, (int)signerIndex))
                    status = SecCmsSignerInfoGetAppleCodesigningHashAgility(signerInfo, &returnedValue);
    if (status == errSecSuccess && returnedValue) {
        *hashAgilityAttrValue = (CFDataRef) CFRetain(returnedValue);
    } else {
        *hashAgilityAttrValue = NULL;
    return status;