SOSCircle.c   [plain text]

/*
 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


/*
 * SOSCircle.c -  Implementation of the secure object syncing transport
 */

#include <AssertMacros.h>

#include <CoreFoundation/CFArray.h>
#include "keychain/SecureObjectSync/SOSTypes.h"
#include "keychain/SecureObjectSync/SOSPeerInfo.h"
#include "keychain/SecureObjectSync/SOSPeer.h"
#include "keychain/SecureObjectSync/SOSCircle.h"
#include "keychain/SecureObjectSync/SOSCloudCircle.h"
#include "keychain/SecureObjectSync/SOSCloudCircleInternal.h"
#include "keychain/SecureObjectSync/SOSInternal.h"
#include "keychain/SecureObjectSync/SOSEnginePriv.h"
#include "keychain/SecureObjectSync/SOSPeerInfoInternal.h"
#include "keychain/SecureObjectSync/SOSGenCount.h"
#include "keychain/SecureObjectSync/SOSPeerInfoCollections.h"
#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecFramework.h>

#include <Security/SecKey.h>
#include <Security/SecKeyPriv.h>
#include <utilities/SecBuffer.h>

#include <utilities/SecCFWrappers.h>
#include <utilities/SecCFError.h>

#include "keychain/SecureObjectSync/SOSCirclePriv.h"

//#include "ckdUtilities.h"

#include <corecrypto/ccder.h>
#include <corecrypto/ccdigest.h>
#include <corecrypto/ccsha2.h>

#include <stdlib.h>
#include <utilities/simulatecrash_assert.h>

CFGiblisWithCompareFor(SOSCircle);

SOSCircleRef SOSCircleCreate(CFAllocatorRef allocator, CFStringRef name, CFErrorRef *error) {
    SOSCircleRef c = CFTypeAllocate(SOSCircle, struct __OpaqueSOSCircle, allocator);
    assert(name);
    
    c->name = CFStringCreateCopy(allocator, name);
    c->generation = SOSGenerationCreate();
    c->peers = CFSetCreateMutableForSOSPeerInfosByID(allocator);
    c->applicants = CFSetCreateMutableForSOSPeerInfosByID(allocator);
    c->rejected_applicants = CFSetCreateMutableForSOSPeerInfosByID(allocator);
    c->signatures = CFDictionaryCreateMutableForCFTypes(allocator);
    return c;
}

static CFMutableSetRef CFSetOfPeerInfoDeepCopy(CFAllocatorRef allocator, CFSetRef peerInfoSet)
{
   __block CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(allocator);
    CFSetForEach(peerInfoSet, ^(const void *value) {
        SOSPeerInfoRef pi = (SOSPeerInfoRef) value;
        CFErrorRef localError = NULL;
        SOSPeerInfoRef copiedPeer = SOSPeerInfoCreateCopy(allocator, pi, &localError);
        if (copiedPeer) {
            CFSetAddValue(result, copiedPeer);
        } else {
            secerror("Failed to copy peer: %@ (%@)", pi, localError);
        }
        CFReleaseSafe(copiedPeer);
        CFReleaseSafe(localError);
    });
    return result;
}

SOSCircleRef SOSCircleCopyCircle(CFAllocatorRef allocator, SOSCircleRef otherCircle, CFErrorRef *error)
{
    SOSCircleRef c = CFTypeAllocate(SOSCircle, struct __OpaqueSOSCircle, allocator);

    assert(otherCircle);
    c->name = CFStringCreateCopy(allocator, otherCircle->name);
    c->generation = SOSGenerationCopy(otherCircle->generation);

    c->peers = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->peers);
    c->applicants = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->applicants);
    c->rejected_applicants = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->rejected_applicants);

    c->signatures = CFDictionaryCreateMutableCopy(allocator, 0, otherCircle->signatures);
    
    return c;
}

static Boolean SOSCircleCompare(CFTypeRef lhs, CFTypeRef rhs) {
    if (CFGetTypeID(lhs) != SOSCircleGetTypeID()
     || CFGetTypeID(rhs) != SOSCircleGetTypeID())
        return false;

    SOSCircleRef left = SOSCircleConvertAndAssertStable(lhs);
    SOSCircleRef right = SOSCircleConvertAndAssertStable(rhs);

    // TODO: we should be doing set equality for peers and applicants.
    return NULL != left && NULL != right
        && CFEqualSafe(left->generation, right->generation)
        && SOSPeerInfoSetContainsIdenticalPeers(left->peers, right->peers)
        && SOSPeerInfoSetContainsIdenticalPeers(left->applicants, right->applicants)
        && SOSPeerInfoSetContainsIdenticalPeers(left->rejected_applicants, right->rejected_applicants)
        && CFEqualSafe(left->signatures, right->signatures);
}

static CFMutableArrayRef CFSetCopyValuesCFArray(CFSetRef set)
{
    CFIndex count = CFSetGetCount(set);

    CFMutableArrayRef result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
    if (count > 0) {
        const void * values[count];
        CFSetGetValues(set, values);
        for (int current = 0; current < count; ++current) {
            CFArrayAppendValue(result, values[current]);
        }
    }
    
    return result;
}

static bool SOSCircleDigestArray(const struct ccdigest_info *di, CFMutableArrayRef array, void *hash_result, CFErrorRef *error)
{
    __block bool success = true;
    ccdigest_di_decl(di, array_digest);
    void * a_digest = (void * )array_digest;

    ccdigest_init(di, array_digest);
    CFArraySortValues(array, CFRangeMake(0, CFArrayGetCount(array)), SOSPeerInfoCompareByID, (void *)SOSPeerCmpPubKeyHash);
    CFArrayForEach(array, ^(const void *peer) {
        if (!SOSPeerInfoUpdateDigestWithPublicKeyBytes((SOSPeerInfoRef)peer, di, a_digest, error))
            success = false;
    });
    ccdigest_final(di, array_digest, hash_result);

    return success;
}

static bool SOSCircleDigestSet(const struct ccdigest_info *di, CFMutableSetRef set, void *hash_result, CFErrorRef *error)
{
    CFMutableArrayRef values = CFSetCopyValuesCFArray(set);
    
    bool result = SOSCircleDigestArray(di, values, hash_result, error);
    
    CFReleaseSafe(values);
    
    return result;
}

static bool SOSCircleHashGenAndPeers(const struct ccdigest_info *di, SOSGenCountRef gen, CFMutableSetRef peers, void*hash_result, CFErrorRef *error) {
    ccdigest_di_decl(di, circle_digest);
    ccdigest_init(di, circle_digest);
    int64_t generation = SOSGetGenerationSint(gen);
    ccdigest_update(di, circle_digest, sizeof(generation), &generation);

    SOSCircleDigestSet(di, peers, hash_result, error);
    ccdigest_update(di, circle_digest, di->output_size, hash_result);
    ccdigest_final(di, circle_digest, hash_result);
    return true;
}

static bool SOSCircleHash(const struct ccdigest_info *di, SOSCircleRef circle, void *hash_result, CFErrorRef *error) {
    return SOSCircleHashGenAndPeers(di, SOSCircleGetGeneration(circle), circle->peers, hash_result, error);
}

static bool SOSCircleHashNextGenWithAdditionalPeer(const struct ccdigest_info *di, SOSCircleRef circle, SOSPeerInfoRef additionalPeer, void *hash_result, CFErrorRef *error) {
    bool result = false;
    CFMutableSetRef peers = CFSetCreateMutableCopy(NULL, 0, circle->peers);
    CFSetAddValue(peers, additionalPeer);

    SOSGenCountRef nextGen = SOSGenerationIncrementAndCreate(circle->generation);

    result = SOSCircleHashGenAndPeers(di, nextGen, peers, hash_result, error);

    CFReleaseNull(nextGen);
    CFReleaseNull(peers);

    return result;
}

bool SOSCircleSetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFDataRef signature, CFErrorRef *error) {
    bool result = false;
    
    CFStringRef pubKeyID = SOSCopyIDOfKey(pubkey, error);
    require_quiet(pubKeyID, fail);
    CFDictionarySetValue(circle->signatures, pubKeyID, signature);
    result = true;

fail:
    CFReleaseSafe(pubKeyID);
    return result;
}

static bool SOSCircleRemoveSignatures(SOSCircleRef circle, CFErrorRef *error) {
    CFDictionaryRemoveAllValues(circle->signatures);
    return true;
}

CFDataRef SOSCircleGetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFErrorRef *error) {
    CFStringRef pubKeyID = SOSCopyIDOfKey(pubkey, error);
    CFDataRef result = NULL;
    require_quiet(pubKeyID, fail);

    CFTypeRef value = (CFDataRef)CFDictionaryGetValue(circle->signatures, pubKeyID);
    
    if (isData(value)) result = (CFDataRef) value;

fail:
    CFReleaseSafe(pubKeyID);
    return result;
}

CFDictionaryRef SOSCircleCopyAllSignatures(SOSCircleRef circle) {
    return CFDictionaryCreateCopy(kCFAllocatorDefault, circle->signatures);
}

#define circle_signature_di() ccsha256_di()

static CFDataRef SecKeyCopyRawHashSignature(const struct ccdigest_info *di, const uint8_t* hashToSign, SecKeyRef privKey, CFErrorRef *error) {
    CFDataRef result = NULL;

    CFMutableDataRef signature = CFDataCreateMutableWithScratch(kCFAllocatorDefault, SecKeyGetSize(privKey, kSecKeySignatureSize));
    size_t signatureSpace = CFDataGetLength(signature);

    OSStatus status = SecKeyRawSign(privKey, kSecPaddingNone, hashToSign, di->output_size, CFDataGetMutableBytePtr(signature), &signatureSpace);
    require_quiet(SecError(status, error, CFSTR("Signing failed: %d"), (int)status), fail);

    if (signatureSpace < (size_t)CFDataGetLength(signature)) {
        CFDataSetLength(signature, signatureSpace);
    }

    CFTransferRetained(result, signature);
fail:
    CFReleaseNull(signature);
    return result;
}

bool SOSCircleSign(SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error) {
    const struct ccdigest_info *di = circle_signature_di();

    __block CFDataRef signature = NULL;
    bool didSign = false;
    require_quiet(privKey, fail);

    PerformWithBuffer(di->output_size, ^(size_t size, uint8_t *hash_result) {
        if (SOSCircleHash(di, circle, hash_result, error)) {
            signature = SecKeyCopyRawHashSignature(di, hash_result, privKey, error);
        }
    });
    require_quiet(signature, fail);
    require_quiet(SOSCircleSetSignature(circle, privKey, signature, error), fail);

    didSign = true;

fail:
    CFReleaseNull(signature);
    return didSign;
}

CFDataRef SOSCircleCopyNextGenSignatureWithPeerAdded(SOSCircleRef circle, SOSPeerInfoRef peer, SecKeyRef privKey, CFErrorRef *error) {
    const struct ccdigest_info *di = circle_signature_di();

    __block CFDataRef signature = NULL;
    require_quiet(privKey, fail);

    PerformWithBuffer(di->output_size, ^(size_t size, uint8_t *hash_result) {
        if (SOSCircleHashNextGenWithAdditionalPeer(di, circle, peer, hash_result, error)) {
            signature = SecKeyCopyRawHashSignature(di, hash_result, privKey, error);
        }
    });

fail:
    return signature;
}


static bool SOSCircleConcordanceRingSign(SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error) {
    secnotice("Development", "SOSCircleEnsureRingConsistency requires ring signing op", NULL);
    return true;
}


bool SOSCircleVerifySignatureExists(SOSCircleRef circle, SecKeyRef pubKey, CFErrorRef *error) {
    if(!pubKey) {
        secerror("SOSCircleVerifySignatureExists no pubKey");
        SOSCreateError(kSOSErrorBadFormat, CFSTR("SOSCircleVerifySignatureExists no pubKey"), (error != NULL) ? *error : NULL, error);
        return false;
    }
    CFDataRef signature = SOSCircleGetSignature(circle, pubKey, error);
    return NULL != signature;
}

CFStringRef SOSCircleCopyHashString(SOSCircleRef circle) {
    const struct ccdigest_info *di = ccsha256_di();
    uint8_t hash_result[di->output_size];
    SOSCircleHash(di, circle, hash_result, NULL);
    return SOSCopyHashBufAsString(hash_result, sizeof(hash_result));
}

bool SOSCircleVerify(SOSCircleRef circle, SecKeyRef pubKey, CFErrorRef *error) {
    const struct ccdigest_info *di = ccsha256_di();
    uint8_t hash_result[di->output_size];
    
    SOSCircleHash(di, circle, hash_result, error);

    CFDataRef signature = SOSCircleGetSignature(circle, pubKey, error);
    if(!signature) return false;

    return SecError(SecKeyRawVerify(pubKey, kSecPaddingNone, hash_result, di->output_size,
                                    CFDataGetBytePtr(signature), CFDataGetLength(signature)), error, CFSTR("Signature verification failed."));;
}

bool SOSCircleVerifyPeerSignatureExists(SOSCircleRef circle, SOSPeerInfoRef peer) {
    bool result = false;
    SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer, NULL);
    require_quiet(pub_key, fail);
    result = SOSCircleVerifySignatureExists(circle, pub_key, NULL);
fail:
    CFReleaseSafe(pub_key);
    return result;
}

bool SOSCircleVerifyPeerSigned(SOSCircleRef circle, SOSPeerInfoRef peer, CFErrorRef *error) {
    bool result = false;
    SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer, error);
    require_quiet(pub_key, fail);
    
    result = SOSCircleVerify(circle, pub_key, error);
fail:
    CFReleaseSafe(pub_key);
    return result;
}

static void CFSetRemoveAllPassing(CFMutableSetRef set, bool (^test)(const void *) ){
    CFMutableArrayRef toBeRemoved = CFArrayCreateMutable(kCFAllocatorDefault, 0, NULL);

    CFSetForEach(set, ^(const void *value) {
        if (test(value))
            CFArrayAppendValue(toBeRemoved, value);
    });
    
    CFArrayForEach(toBeRemoved, ^(const void *value) {
        CFSetRemoveValue(set, value);
    });
    CFReleaseNull(toBeRemoved);
}

static void SOSCircleRejectNonValidApplicants(SOSCircleRef circle, SecKeyRef pubkey) {
    CFMutableSetRef applicants = SOSCircleCopyApplicants(circle, NULL);
    CFSetForEach(applicants, ^(const void *value) {
        SOSPeerInfoRef pi = (SOSPeerInfoRef) value;
        if(!SOSPeerInfoApplicationVerify(pi, pubkey, NULL)) {
            CFSetTransferObject(pi, circle->applicants, circle->rejected_applicants);
        }
    });
    CFReleaseNull(applicants);
}

static SOSPeerInfoRef SOSCircleCopyPeerInfo(SOSCircleRef circle, CFStringRef peer_id, CFErrorRef *error) {
    __block SOSPeerInfoRef result = NULL;
    
    CFSetForEach(circle->peers, ^(const void *value) {
        if (result == NULL) {
            SOSPeerInfoRef tpi = (SOSPeerInfoRef)value;
            if (CFEqual(SOSPeerInfoGetPeerID(tpi), peer_id))
                result = tpi;
        }
    });
    
    CFRetainSafe(result);
    return result;
}

static bool SOSCircleUpgradePeerInfo(SOSCircleRef circle, SecKeyRef user_approver, SOSFullPeerInfoRef peerinfo) {
    bool retval = false;
    SecKeyRef userPubKey = SecKeyCreatePublicFromPrivate(user_approver);
    SOSPeerInfoRef fpi_pi = SOSFullPeerInfoGetPeerInfo(peerinfo);
    SOSPeerInfoRef pi = SOSCircleCopyPeerInfo(circle, SOSPeerInfoGetPeerID(fpi_pi), NULL);
    require_quiet(pi, out);
    require_quiet(SOSPeerInfoApplicationVerify(pi, userPubKey, NULL), re_sign);
    CFReleaseNull(userPubKey);
    CFReleaseNull(pi);
    return true;

re_sign:
    secnotice("circle", "SOSCircleGenerationSign: Upgraded peer's Application Signature");
    SecKeyRef device_key = SOSFullPeerInfoCopyDeviceKey(peerinfo, NULL);
    require_quiet(device_key, out);
    SOSPeerInfoRef new_pi = SOSPeerInfoCopyAsApplication(pi, user_approver, device_key, NULL);
    if(SOSCircleUpdatePeerInfo(circle, new_pi))
        retval = true;
    CFReleaseNull(new_pi);
    CFReleaseNull(device_key);
out:
    CFReleaseNull(userPubKey);
    CFReleaseNull(pi);
    return retval;
}

static bool SOSCircleEnsureRingConsistency(SOSCircleRef circle, CFErrorRef *error) {
    secnotice("Development", "SOSCircleEnsureRingConsistency requires ring membership and generation count consistency check", NULL);
    return true;
}

bool SOSCircleSignOldStyleResetToOfferingCircle(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, SecKeyRef user_approver, CFErrorRef *error){
    
    SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
    SecKeyRef publicKey = NULL;
    require_quiet(ourKey, fail);
    
    // Check if we're using an invalid peerinfo for this op.  There are cases where we might not be "upgraded".
    require_quiet(SOSCircleUpgradePeerInfo(circle, user_approver, peerinfo), fail);
    SOSCircleRemoveRetired(circle, error); // Prune off retirees since we're signing this one
    CFSetRemoveAllValues(circle->rejected_applicants); // Dump rejects so we clean them up sometime.
    publicKey = SecKeyCreatePublicFromPrivate(user_approver);
    SOSCircleRejectNonValidApplicants(circle, publicKey);
    require_quiet(SOSCircleEnsureRingConsistency(circle, error), fail);
    require_quiet(SOSCircleRemoveSignatures(circle, error), fail);
    require_quiet(SOSCircleSign(circle, user_approver, error), fail);
    require_quiet(SOSCircleSign(circle, ourKey, error), fail);
    
    CFReleaseNull(ourKey);
    CFReleaseNull(publicKey);
    return true;
    
fail:
    CFReleaseNull(ourKey);
    CFReleaseNull(publicKey);
    return false;
}

bool SOSCirclePreGenerationSign(SOSCircleRef circle, SecKeyRef userPubKey, CFErrorRef *error) {
    bool retval = false;
    
    SOSCircleRemoveRetired(circle, error); // Prune off retirees since we're signing this one
    CFSetRemoveAllValues(circle->rejected_applicants); // Dump rejects so we clean them up sometime.
    SOSCircleRejectNonValidApplicants(circle, userPubKey);

    require_quiet(SOSCircleRemoveSignatures(circle, error), errOut);
    
    retval = true;

errOut:
    return retval;
    
}

static bool SOSCircleGenerationSign_Internal(SOSCircleRef circle, SecKeyRef userKey, SOSFullPeerInfoRef fpi, CFErrorRef *error) {
    // require_quiet(SOSCircleEnsureRingConsistency(circle, error), fail); Placeholder - this was never implemented
    bool retval = false;
    SecKeyRef ourKey = NULL;
    if (SOSCircleCountPeers(circle) != 0) {
        ourKey = SOSFullPeerInfoCopyDeviceKey(fpi, error);
        require_quiet(ourKey, errOut);
        
        // Check if we're using an invalid peerinfo for this op.  There are cases where we might not be "upgraded".
        require_quiet(SOSCircleUpgradePeerInfo(circle, userKey, fpi), errOut);
        
        require_quiet(SOSCircleSign(circle, userKey, error), errOut);
        require_quiet(SOSCircleSign(circle, ourKey, error), errOut);
        CFReleaseNull(ourKey);
    }
    retval = true;
    
errOut:
    CFReleaseNull(ourKey);
    return retval;
}

bool SOSCircleGenerationSign(SOSCircleRef circle, SecKeyRef userKey, SOSFullPeerInfoRef fpi, CFErrorRef *error) {
    bool retval = false;
    SecKeyRef publicKey = NULL;
    publicKey = SecKeyCreatePublicFromPrivate(userKey);

    require_quiet(SOSCirclePreGenerationSign(circle, publicKey, error), errOut);
    SOSCircleGenerationIncrement(circle);
    require_quiet(SOSCircleGenerationSign_Internal(circle, userKey, fpi, error), errOut);
    retval = true;
    
errOut:
    CFReleaseNull(publicKey);
    return retval;
}


static bool SOSCircleGenerationSignWithGenCount(SOSCircleRef circle, SecKeyRef userKey, SOSFullPeerInfoRef fpi, SOSGenCountRef gencount, CFErrorRef *error) {
    bool retval = false;
    SOSGenCountRef currentGen = SOSCircleGetGeneration(circle);
    require_action_quiet(SOSGenerationIsOlder(currentGen, gencount), errOut, SOSCreateError(kSOSErrorReplay, CFSTR("Generation Count for new circle is too old"), NULL, error));
    require_quiet(SOSCirclePreGenerationSign(circle, userKey, error), errOut);
    SOSCircleSetGeneration(circle, gencount);
    require_quiet(SOSCircleGenerationSign_Internal(circle, userKey, fpi, error), errOut);
    retval = true;
    
errOut:
    return retval;
}


bool SOSCircleConcordanceSign(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, CFErrorRef *error) {
    bool success = false;
    SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
    require_quiet(ourKey, exit);
    
    success = SOSCircleSign(circle, ourKey, error);
    SOSCircleConcordanceRingSign(circle, ourKey, error);

exit:
    CFReleaseNull(ourKey);
    return success;
}

static inline SOSConcordanceStatus CheckPeerStatus(SOSCircleRef circle, SOSPeerInfoRef peer, SecKeyRef user_public_key, CFErrorRef *error) {
    SOSConcordanceStatus result = kSOSConcordanceNoPeer;
    SecKeyRef pubKey = SOSPeerInfoCopyPubKey(peer, error);
    require_quiet(pubKey, exit);

    require_action_quiet(SOSCircleHasActiveValidPeer(circle, peer, user_public_key, error), exit, result = kSOSConcordanceNoPeer);
    require_action_quiet(SOSCircleVerifySignatureExists(circle, pubKey, error), exit, result = kSOSConcordanceNoPeerSig);
    require_action_quiet(SOSCircleVerify(circle, pubKey, error), exit, result = kSOSConcordanceBadPeerSig);

    result = kSOSConcordanceTrusted;
    
exit:
    CFReleaseNull(pubKey);
    return result;
}

static inline SOSConcordanceStatus CombineStatus(SOSConcordanceStatus status1, SOSConcordanceStatus status2)
{
    if (status1 == kSOSConcordanceTrusted || status2 == kSOSConcordanceTrusted)
        return kSOSConcordanceTrusted;
    
    if (status1 == kSOSConcordanceBadPeerSig || status2 == kSOSConcordanceBadPeerSig)
        return kSOSConcordanceBadPeerSig;
    
    if (status1 == kSOSConcordanceNoPeerSig || status2 == kSOSConcordanceNoPeerSig)
        return kSOSConcordanceNoPeerSig;

    return status1;
}

static inline bool SOSCircleIsEmpty(SOSCircleRef circle) {
    return SOSCircleCountPeers(circle) == 0;
}

static inline bool SOSCircleHasDegenerateGeneration(SOSCircleRef deGenCircle){
    CFIndex testPtr;
    CFNumberRef genCountTest = SOSCircleGetGeneration(deGenCircle);
    CFNumberGetValue(genCountTest, kCFNumberCFIndexType, &testPtr);
    return (testPtr== 0);
}


static inline bool SOSCircleIsDegenerateReset(SOSCircleRef deGenCircle){
    return SOSCircleHasDegenerateGeneration(deGenCircle) && SOSCircleIsEmpty(deGenCircle);
}

static inline SOSConcordanceStatus GetSignersStatus(SOSCircleRef signers_circle, SOSCircleRef status_circle,
                                                    SecKeyRef user_pubKey, SOSPeerInfoRef exclude, CFErrorRef *error) {
    CFStringRef excluded_id = exclude ? SOSPeerInfoGetPeerID(exclude) : NULL;

    __block SOSConcordanceStatus status = kSOSConcordanceNoPeer;
    SOSCircleForEachActivePeer(signers_circle, ^(SOSPeerInfoRef peer) {
        SOSConcordanceStatus peerStatus = CheckPeerStatus(status_circle, peer, user_pubKey, error);

        if (peerStatus == kSOSConcordanceNoPeerSig &&
            (CFEqualSafe(SOSPeerInfoGetPeerID(peer), excluded_id) || SOSPeerInfoIsCloudIdentity(peer)))
            peerStatus = kSOSConcordanceNoPeer;

        status = CombineStatus(status, peerStatus); // TODO: Use multiple error gathering.
    });

    return status;
}

// Is current older than proposed?
bool SOSCircleIsOlderGeneration(SOSCircleRef older, SOSCircleRef newer) {
    return SOSGenerationIsOlder(older->generation, newer->generation);
}

static inline bool SOSCircleIsValidReset(SOSCircleRef current, SOSCircleRef proposed) {
    bool retval = false;
    retval = SOSCircleIsEmpty(proposed);
    require_quiet(retval, errOut);
    retval = SOSCircleIsOlderGeneration(current, proposed);
errOut:
    return retval;
}


bool SOSCircleSharedTrustedPeers(SOSCircleRef current, SOSCircleRef proposed, SOSPeerInfoRef me) {
    __block bool retval = false;
    SOSCircleForEachPeer(current, ^(SOSPeerInfoRef peer) {
        if(!CFEqual(me, peer) && SOSCircleHasPeer(proposed, peer, NULL)) retval = true;
    });
    return retval;
}

static SOSConcordanceStatus GetOfferingStatus(SOSCircleRef circle, SecKeyRef user_pubKey, CFErrorRef *error) {
    __block SOSConcordanceStatus status = kSOSConcordanceNoPeer;
    SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
        status = CheckPeerStatus(circle, peer, user_pubKey, error);
        if(status != kSOSConcordanceTrusted) status = kSOSConcordanceNoPeer;
    });
    return status;
}


SOSConcordanceStatus SOSCircleConcordanceTrust(SOSCircleRef known_circle, SOSCircleRef proposed_circle,
                                               SecKeyRef known_pubkey, SecKeyRef user_pubkey,
                                               SOSPeerInfoRef me, CFErrorRef *error) {
    if(user_pubkey == NULL) {
        SOSCreateError(kSOSErrorPublicKeyAbsent, CFSTR("Concordance with no user public key"), NULL, error);
        return kSOSConcordanceNoUserKey;
    }
    
    if(SOSCircleIsDegenerateReset(proposed_circle)) {
        return kSOSConcordanceTrusted;
    }

    if (SOSCircleIsValidReset(known_circle, proposed_circle)) {
        return kSOSConcordanceTrusted;
    }
    
    if(!SOSCircleVerifySignatureExists(proposed_circle, user_pubkey, error)) {
        SOSCreateError(kSOSErrorBadSignature, CFSTR("No public signature to match current user key"), (error != NULL) ? *error : NULL, error);
        return kSOSConcordanceNoUserSig;
    }
    
    if(!SOSCircleVerify(proposed_circle, user_pubkey, error)) {
        SOSCreateError(kSOSErrorBadSignature, CFSTR("Bad user public signature"), (error != NULL) ? *error : NULL, error);
        debugDumpCircle(CFSTR("proposed_circle"), proposed_circle);
        return kSOSConcordanceBadUserSig;
    }

    if (SOSCircleIsEmpty(known_circle)) {
        return GetSignersStatus(proposed_circle, proposed_circle, user_pubkey, NULL, error);
    }
    
    if(SOSCircleHasDegenerateGeneration(proposed_circle) && SOSCircleIsOffering(proposed_circle)){
        return GetSignersStatus(proposed_circle, proposed_circle, user_pubkey, NULL, error);
    }
    
    if(SOSCircleIsOlderGeneration(proposed_circle, known_circle)) {
        SOSCreateError(kSOSErrorReplay, CFSTR("Bad generation - proposed circle gencount is older than known circle gencount"), NULL, error);
        debugDumpCircle(CFSTR("isOlderGeneration known_circle"), known_circle);
        debugDumpCircle(CFSTR("isOlderGeneration proposed_circle"), proposed_circle);
        return kSOSConcordanceGenOld;
    }
    
    if(SOSCircleIsOffering(proposed_circle)){
        return GetOfferingStatus(proposed_circle, user_pubkey, error);
    }

    return GetSignersStatus(known_circle, proposed_circle, user_pubkey, me, error);
}


static void SOSCircleDestroy(CFTypeRef aObj) {
    SOSCircleRef c = (SOSCircleRef) aObj;

    CFReleaseNull(c->name);
    CFReleaseNull(c->generation);
    CFReleaseNull(c->peers);
    CFReleaseNull(c->applicants);
    CFReleaseNull(c->rejected_applicants);
    CFReleaseNull(c->signatures);
}

static CFMutableStringRef defaultDescriptionCreate(CFTypeRef aObj){
    SOSCircleRef c = (SOSCircleRef) aObj;
    CFStringRef initPeerSep = CFSTR("\n");
    CFStringRef peerSep = CFSTR("\n");

    CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0);

    SOSGenerationCountWithDescription(c->generation, ^(CFStringRef genDescription) {
        CFStringAppendFormat(description, NULL, CFSTR("<SOSCircle@%p: '%@' %@ P:["), c, c->name, genDescription);
    });

    __block CFStringRef separator = initPeerSep;
    SOSCircleForEachActivePeer(c, ^(SOSPeerInfoRef peer) {
        CFStringRef sig = NULL;
        if (SOSCircleVerifyPeerSigned(c, peer, NULL)) {
            sig = CFSTR("√");
        } else {
            SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer, NULL);
            CFDataRef signature = pub_key ? SOSCircleGetSignature(c, pub_key, NULL) : NULL;
            sig = (signature == NULL) ? CFSTR("-") : CFSTR("?");
            CFReleaseNull(pub_key);
        }
        
        CFStringAppendFormat(description, NULL, CFSTR("%@%@ %@"), separator, peer, sig);
        separator = peerSep;
    });
    
    //applicants
    CFStringAppend(description, CFSTR("], A:["));
    separator = initPeerSep;
    if(CFSetGetCount(c->applicants) == 0 )
        CFStringAppendFormat(description, NULL, CFSTR("-"));
    else{
        
        SOSCircleForEachApplicant(c, ^(SOSPeerInfoRef peer) {
            CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer);
            separator = peerSep;
        });
    }
    
    //rejected
    CFStringAppend(description, CFSTR("], R:["));
    separator = initPeerSep;
    if(CFSetGetCount(c->rejected_applicants) == 0)
        CFStringAppendFormat(description, NULL, CFSTR("-"));
    else{
        CFSetForEach(c->rejected_applicants, ^(const void *value) {
            SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
            CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer);
            separator = peerSep;
        });
    }
    CFStringAppend(description, CFSTR("]>"));
    return description;
    
}
static CFMutableStringRef descriptionCreateWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){
    SOSCircleRef c = (SOSCircleRef) aObj;

    CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0);

    if(CFDictionaryContainsKey(formatOptions, CFSTR("SyncD"))) {
        CFStringRef generationDescription = SOSGenerationCountCopyDescription(c->generation);
        CFStringAppendFormat(description, NULL, CFSTR("<C: gen:'%@' %@>\n"), generationDescription, c->name);
        CFReleaseNull(generationDescription);
        __block CFStringRef separator = CFSTR("\t\t");
        SOSCircleForEachActivePeer(c, ^(SOSPeerInfoRef peer) {
            CFStringRef sig = NULL;
            if (SOSCircleVerifyPeerSigned(c, peer, NULL)) {
                sig = CFSTR("√");
            } else {
                SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer, NULL);
                CFDataRef signature = pub_key ? SOSCircleGetSignature(c, pub_key, NULL) : NULL;
                sig = (signature == NULL) ? CFSTR("-") : CFSTR("?");
                CFReleaseNull(pub_key);
            }
            
            CFStringAppendFormat(description, formatOptions, CFSTR("%@%@ %@"), separator, peer, sig);
            separator = CFSTR("\n\t\t");
        });
        CFStringAppend(description, CFSTR("\n\t\t<A:["));
        separator = CFSTR("");
        
        //applicants list
        if(CFSetGetCount(c->applicants) == 0 )
            CFStringAppendFormat(description, NULL, CFSTR("-"));
        else{
            
            SOSCircleForEachApplicant(c, ^(SOSPeerInfoRef peer) {
                CFStringAppendFormat(description, formatOptions, CFSTR("%@A: %@"), separator, peer);
                separator = CFSTR("\n\t\t\t");
            });
        }
        //rejected list
        CFStringAppend(description, CFSTR("]> \n\t\t<R:["));
        separator = CFSTR("");
        if(CFSetGetCount(c->rejected_applicants) == 0)
            CFStringAppendFormat(description, NULL, CFSTR("-"));
        else{
            CFSetForEach(c->rejected_applicants, ^(const void *value) {
                SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
                CFStringAppendFormat(description, formatOptions, CFSTR("%@R: %@"), separator, peer);
                separator = CFSTR("\n\t\t");
            });
        }
        CFStringAppend(description, CFSTR("]>"));
    }

    else{
        CFReleaseNull(description);
        description = defaultDescriptionCreate(aObj);
    }
    
    return description;
    
}


static CFStringRef SOSCircleCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) {
    SOSCircleRef c = (SOSCircleRef) aObj;
    SOSCircleAssertStable(c);
    CFMutableStringRef description = NULL;
    
    if(formatOptions != NULL){
        description = descriptionCreateWithFormatOptions(aObj, formatOptions);
    }
    else{
        description = defaultDescriptionCreate(aObj);
    }
    return description;
}

CFStringRef SOSCircleGetName(SOSCircleRef circle) {
    if(!circle || !circle->name) {
        return NULL;
    }
    return circle->name;
}

const char *SOSCircleGetNameC(SOSCircleRef circle) {
    CFStringRef name = SOSCircleGetName(circle);
    if (!name)
        return strdup("");
    return CFStringToCString(name);
}

SOSGenCountRef SOSCircleGetGeneration(SOSCircleRef circle) {
    assert(circle);
    assert(circle->generation);
    return circle->generation;
}

void SOSCircleSetGeneration(SOSCircleRef circle, SOSGenCountRef gencount) {
    assert(circle);
    CFReleaseNull(circle->generation);
    circle->generation = CFRetainSafe(gencount);
}

int64_t SOSCircleGetGenerationSint(SOSCircleRef circle) {
    SOSGenCountRef gen = SOSCircleGetGeneration(circle);
    return SOSGetGenerationSint(gen);
}

void SOSCircleGenerationSetValue(SOSCircleRef circle, int64_t value) {
    CFAssignRetained(circle->generation, SOSGenerationCreateWithValue(value));
}

void SOSCircleGenerationIncrement(SOSCircleRef circle) {
    SOSGenCountRef old = circle->generation;
    circle->generation = SOSGenerationIncrementAndCreate(old);
    CFReleaseNull(old);
}

int SOSCircleCountPeers(SOSCircleRef circle) {
    SOSCircleAssertStable(circle);
    __block int count = 0;
    SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
        ++count;
    });
    return count;
}

int SOSCircleCountActivePeers(SOSCircleRef circle) {
    SOSCircleAssertStable(circle);
    __block int count = 0;
    SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
        ++count;
    });
    return count;
}

int SOSCircleCountActiveValidPeers(SOSCircleRef circle, SecKeyRef pubkey) {
    SOSCircleAssertStable(circle);
    __block int count = 0;
    SOSCircleForEachActiveValidPeer(circle, pubkey, ^(SOSPeerInfoRef peer) {
        ++count;
    });
    return count;
}

int SOSCircleCountValidSyncingPeers(SOSCircleRef circle, SecKeyRef pubkey) {
    SOSCircleAssertStable(circle);
    __block int count = 0;
    SOSCircleForEachValidSyncingPeer(circle, pubkey, ^(SOSPeerInfoRef peer) {
        ++count;
    });
    return count;

}

int SOSCircleCountRetiredPeers(SOSCircleRef circle) {
    SOSCircleAssertStable(circle);
    __block int count = 0;
    SOSCircleForEachRetiredPeer(circle, ^(SOSPeerInfoRef peer) {
        ++count;
    });
    return count;
}

int SOSCircleCountApplicants(SOSCircleRef circle) {
    SOSCircleAssertStable(circle);
    
    return (int)CFSetGetCount(circle->applicants);
}

bool SOSCircleHasApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    
    return CFSetContainsValue(circle->applicants, peerInfo);
}

CFMutableSetRef SOSCircleCopyApplicants(SOSCircleRef circle, CFAllocatorRef allocator) {
    SOSCircleAssertStable(circle);
    
    return CFSetCreateMutableCopy(allocator, 0, circle->applicants);
}

int SOSCircleCountRejectedApplicants(SOSCircleRef circle) {
    SOSCircleAssertStable(circle);
    
    return (int)CFSetGetCount(circle->rejected_applicants);
}

bool SOSCircleHasRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    return CFSetContainsValue(circle->rejected_applicants, peerInfo);
}

SOSPeerInfoRef SOSCircleCopyRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    return CFRetainSafe((SOSPeerInfoRef)CFSetGetValue(circle->rejected_applicants, peerInfo));
}

CFMutableArrayRef SOSCircleCopyRejectedApplicants(SOSCircleRef circle, CFAllocatorRef allocator) {
    SOSCircleAssertStable(circle);
    
    return CFSetCopyValuesCFArray(circle->rejected_applicants);
}

bool SOSCircleResetToEmpty(SOSCircleRef circle, CFErrorRef *error) {
    CFSetRemoveAllValues(circle->applicants);
    CFSetRemoveAllValues(circle->rejected_applicants);
    CFSetRemoveAllValues(circle->peers);
    CFDictionaryRemoveAllValues(circle->signatures);
    SOSGenCountRef oldGen = SOSCircleGetGeneration(circle);
    SOSGenCountRef newGen = SOSGenerationCreateWithBaseline(oldGen);
    SOSCircleSetGeneration(circle, newGen);
    CFReleaseSafe(newGen);
    return true;
}

bool SOSCircleResetToEmptyWithSameGeneration(SOSCircleRef circle, CFErrorRef *error) {
    SOSGenCountRef gen = SOSGenerationCopy(SOSCircleGetGeneration(circle));
    SOSCircleResetToEmpty(circle, error);
    SOSCircleSetGeneration(circle, gen);
    CFReleaseNull(gen);
    return true;
}

bool SOSCircleResetToOffering(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error){

    return SOSCircleResetToEmpty(circle, error)
        && SOSCircleRequestAdmission(circle, user_privkey, requestor, error)
        && SOSCircleAcceptRequest(circle, user_privkey, requestor, SOSFullPeerInfoGetPeerInfo(requestor), error);
}

bool SOSCircleRemoveRetired(SOSCircleRef circle, CFErrorRef *error) {
    CFSetRemoveAllPassing(circle->peers,  ^ bool (const void *element) {
        SOSPeerInfoRef peer = (SOSPeerInfoRef) element;
        
        return SOSPeerInfoIsRetirementTicket(peer);
    });
    
    return true;
}

static bool SOSCircleRecordAdmissionRequest(SOSCircleRef circle, SecKeyRef user_pubkey, SOSPeerInfoRef requestorPeerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    
    bool isPeer = SOSCircleHasPeer(circle, requestorPeerInfo, error);
    
    require_action_quiet(!isPeer, fail, SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Cannot request admission when already a peer"), NULL, error));
    
    // This adds to applicants and will take off rejected if it's there.
    CFSetTransferObject(requestorPeerInfo, circle->rejected_applicants, circle->applicants);
    
    return true;
    
fail:
    return false;
    
}

bool SOSCircleRequestReadmission(SOSCircleRef circle, SecKeyRef user_pubkey, SOSPeerInfoRef peer, CFErrorRef *error) {
    bool success = false;
    
    require_quiet(SOSPeerInfoApplicationVerify(peer, user_pubkey, error), fail);
    success = SOSCircleRecordAdmissionRequest(circle, user_pubkey, peer, error);
fail:
    return success;
}

bool SOSCircleRequestAdmission(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    bool success = false;
    
    SecKeyRef user_pubkey = SecKeyCreatePublicFromPrivate(user_privkey);
    require_action_quiet(user_pubkey, fail, SOSCreateError(kSOSErrorBadKey, CFSTR("No public key for key"), NULL, error));

    require(SOSFullPeerInfoPromoteToApplication(requestor, user_privkey, error), fail);
    
    success = SOSCircleRecordAdmissionRequest(circle, user_pubkey, SOSFullPeerInfoGetPeerInfo(requestor), error);
fail:
    CFReleaseNull(user_pubkey);
    return success;
}

static bool sosCircleUpdatePeerInfoSet(CFMutableSetRef theSet, SOSPeerInfoRef replacement_peer_info) {
    CFTypeRef old = NULL;
    if(!replacement_peer_info) return false;
    if(!(old = CFSetGetValue(theSet, replacement_peer_info))) return false;
    if(CFEqualSafe(old, replacement_peer_info)) return false;
    CFSetReplaceValue(theSet, replacement_peer_info);
    return true;
}

bool SOSCircleUpdatePeerInfo(SOSCircleRef circle, SOSPeerInfoRef replacement_peer_info) {
    if(sosCircleUpdatePeerInfoSet(circle->peers, replacement_peer_info)) return true;
    if(sosCircleUpdatePeerInfoSet(circle->applicants, replacement_peer_info)) return true;
    if(sosCircleUpdatePeerInfoSet(circle->rejected_applicants, replacement_peer_info)) return true;
    return false;
}

static bool SOSCircleRemovePeerInternal(SOSCircleRef circle, SOSFullPeerInfoRef requestor, SOSPeerInfoRef peer_to_remove, CFErrorRef *error) {
    SOSPeerInfoRef requestor_peer_info = SOSFullPeerInfoGetPeerInfo(requestor);

    if (SOSCircleHasPeer(circle, peer_to_remove, NULL)) {
        if (!SOSCircleHasPeer(circle, requestor_peer_info, error)) {
            SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Must be peer to remove peer"), NULL, error);
            return false;
        }
        CFSetRemoveValue(circle->peers, peer_to_remove);
    }

    if (SOSCircleHasApplicant(circle, peer_to_remove, error)) {
        return SOSCircleRejectRequest(circle, requestor, peer_to_remove, error);
    }

    return true;
}

bool SOSCircleRemovePeers(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFSetRef peersToRemove, CFErrorRef *error) {

    bool success = false;

    __block bool removed_all = true;
    CFSetForEach(peersToRemove, ^(const void *value) {
        SOSPeerInfoRef peerInfo = asSOSPeerInfo(value);
        if (peerInfo) {
            removed_all &= SOSCircleRemovePeerInternal(circle, requestor, peerInfo, error);
        }
    });

    require_quiet(removed_all, exit);

    require_quiet(SOSCircleGenerationSign(circle, user_privkey, requestor, error), exit);

    success = true;

exit:
    return success;
}


bool SOSCircleRemovePeersByID(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFSetRef peersToRemove, CFErrorRef *error) {
    
    bool success = false;
    
    __block bool removed_all = true;
    CFSetForEach(peersToRemove, ^(const void *value) {
        CFStringRef peerID = asString(value, NULL);
        if(peerID) {
            SOSPeerInfoRef peerInfo = SOSCircleCopyPeerInfo(circle, peerID, NULL);
            if (peerInfo) {
                removed_all &= SOSCircleRemovePeerInternal(circle, requestor, peerInfo, error);
                CFReleaseNull(peerInfo);
            }
        }
    });
    
    require_quiet(removed_all, exit);
    
    require_quiet(SOSCircleGenerationSign(circle, user_privkey, requestor, error), exit);
    
    success = true;
    
exit:
    return success;
}

static bool SOSCircleRemovePeerUnsigned(SOSCircleRef circle, SOSPeerInfoRef peer_to_remove) {
    bool retval = false;
    if (SOSCircleHasPeer(circle, peer_to_remove, NULL)) {
        CFSetRemoveValue(circle->peers, peer_to_remove);
        retval = true;
    }
    return retval;
}

bool SOSCircleRemovePeersByIDUnsigned(SOSCircleRef circle, CFSetRef peersToRemove) {
    __block bool removed_all = true;
    CFSetForEach(peersToRemove, ^(const void *value) {
        CFStringRef peerID = asString(value, NULL);
        SOSPeerInfoRef peerInfo = SOSCircleCopyPeerInfo(circle, peerID, NULL);
        removed_all &= SOSCircleRemovePeerUnsigned(circle, peerInfo);
        CFReleaseNull(peerInfo);
    });
    return removed_all;
}

bool SOSCircleRemovePeer(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, SOSPeerInfoRef peer_to_remove, CFErrorRef *error) {
    bool success = false;

    require_quiet(SOSCircleRemovePeerInternal(circle, requestor, peer_to_remove, error), exit);

    require_quiet(SOSCircleGenerationSign(circle, user_privkey, requestor, error), exit);

    success = true;
exit:
    return success;
}

bool SOSCircleAcceptRequest(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);

    SecKeyRef publicKey = NULL;
    bool result = false;

    require_action_quiet(CFSetContainsValue(circle->applicants, peerInfo), fail,
                         SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot accept non-applicant"), NULL, error));
    
    publicKey = SecKeyCreatePublicFromPrivate(user_privkey);
    require_quiet(SOSPeerInfoApplicationVerify(peerInfo, publicKey, error), fail);

    CFSetTransferObject(peerInfo, circle->applicants, circle->peers);
    
    result = SOSCircleGenerationSign(circle, user_privkey, device_approver, error);

fail:
    CFReleaseNull(publicKey);
    return result;
}

bool SOSCircleWithdrawRequest(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);

    CFSetRemoveValue(circle->applicants, peerInfo);

    return true;
}

bool SOSCircleRemoveRejectedPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    
    CFSetRemoveValue(circle->rejected_applicants, peerInfo);
    
    return true;
}


bool SOSCircleRejectRequest(SOSCircleRef circle, SOSFullPeerInfoRef device_rejector,
                            SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    SOSCircleAssertStable(circle);

    if (CFEqual(SOSPeerInfoGetPeerID(peerInfo), SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(device_rejector))))
        return SOSCircleWithdrawRequest(circle, peerInfo, error);

    if (!CFSetContainsValue(circle->applicants, peerInfo)) {
        SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot reject non-applicant"), NULL, error);
        return false;
    }
    
    CFSetTransferObject(peerInfo, circle->applicants, circle->rejected_applicants);
    
    // TODO: Maybe we sign the rejection with device_rejector.
    
    return true;
}

bool SOSCircleAcceptRequests(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver,
                             CFErrorRef *error) {
    // Returns true if we accepted someone and therefore have to post the circle back to KVS
    __block bool result = false;
    
    SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
        if (!SOSCircleAcceptRequest(circle, user_privkey, device_approver, peer, error)) {
            secnotice("circle", "error in SOSCircleAcceptRequest\n");
        } else {
            secnotice("circle", "Accepted peer: %@", peer);
            result = true;
        }
    });
    
    if (result) {
        SOSCircleGenerationSign(circle, user_privkey, device_approver, error);
        secnotice("circle", "Countersigned accepted requests");
    }

    return result;
}

bool SOSCirclePeerSigUpdate(SOSCircleRef circle, SecKeyRef userPrivKey, SOSFullPeerInfoRef fpi,
                             CFErrorRef *error) {
    // Returns true if we accepted someone and therefore have to post the circle back to KVS
    __block bool result = false;
    SecKeyRef userPubKey = SecKeyCreatePublicFromPrivate(userPrivKey);

    // We're going to remove any applicants using a mismatched user key.
    SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
        if(!SOSPeerInfoApplicationVerify(peer, userPubKey, NULL)) {
            if(!SOSCircleRejectRequest(circle, fpi, peer, NULL)) {
                // do we care?
            }
        }
    });
    
    result = SOSCircleUpdatePeerInfo(circle, SOSFullPeerInfoGetPeerInfo(fpi));
    
    if (result) {
        SOSCircleGenerationSign(circle, userPrivKey, fpi, error);
        secnotice("circle", "Generation signed updated signatures on peerinfo");
    }
    
    return result;
}

//
// Peer iteration and membership
//

static inline void SOSCircleForEachPeerMatching(SOSCircleRef circle,
                                                void (^action)(SOSPeerInfoRef peer),
                                                bool (^condition)(SOSPeerInfoRef peer)) {
    CFSetForEach(circle->peers, ^(const void *value) {
        SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
        if (condition(peer))
            action(peer);
    });
}

static inline bool isHiddenPeer(SOSPeerInfoRef peer) {
    return SOSPeerInfoIsRetirementTicket(peer) || SOSPeerInfoIsCloudIdentity(peer);
}

void SOSCircleForEachPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return !isHiddenPeer(peer);
    });
}

void SOSCircleForEachRetiredPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return SOSPeerInfoIsRetirementTicket(peer);
    });
}

void SOSCircleForEachiCloudIdentityPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return SOSPeerInfoIsCloudIdentity(peer);
    });
} 


void SOSCircleForEachActivePeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return true;
    });
}

void SOSCircleForEachActiveValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return SOSPeerInfoApplicationVerify(peer, user_public_key, NULL);
    });
}

void SOSCircleForEachValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return !isHiddenPeer(peer) && SOSPeerInfoApplicationVerify(peer, user_public_key, NULL);
    });
}

void SOSCircleForEachValidSyncingPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachValidPeer(circle, user_public_key, action);
}

void SOSCircleForEachBackupCapablePeerForView(SOSCircleRef circle, SecKeyRef user_public_key, CFStringRef viewName, void (^action)(SOSPeerInfoRef peer)) {
    SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
        return (!isHiddenPeer(peer) && SOSPeerInfoIsEnabledView(peer, viewName) /* let the wookie win --- && SOSPeerInfoHasBackupKey(peer)*/ && SOSPeerInfoApplicationVerify(peer, user_public_key, NULL));
    });
}

void SOSCircleForEachApplicant(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
    CFSetForEach(circle->applicants, ^(const void*value) { action((SOSPeerInfoRef) value); } );
}


bool SOSCircleHasPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    if(!peerid) {
        return false;
    }
    SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid));
    return found && !isHiddenPeer(found);
}

SOSPeerInfoRef SOSCircleCopyPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
    SOSCircleAssertStable(circle);

    SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid));
    return found ? SOSPeerInfoCreateCopy(kCFAllocatorDefault, found, NULL) : NULL;
}

bool SOSCircleHasPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    if(!peerInfo) return false;
    return SOSCircleHasPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error);
}

bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid));
    return found;
}

bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
    if(!peerInfo) return false;
    return SOSCircleHasActivePeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error);
}

bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid));
    return found && SOSPeerInfoApplicationVerify(found, user_public_key, NULL);
}

bool SOSCircleHasValidSyncingPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) {
    SOSCircleAssertStable(circle);
    SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerInfo));
    return found && !isHiddenPeer(found) && SOSPeerInfoApplicationVerify(found, user_public_key, NULL);
}

bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) {
    if(!peerInfo) return false;
    return SOSCircleHasActiveValidPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), user_public_key, error);
}


CFMutableSetRef SOSCircleCopyPeers(SOSCircleRef circle, CFAllocatorRef allocator) {
    SOSCircleAssertStable(circle);
    
    CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(allocator);
    
    SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
        CFSetAddValue(result, peer);
    });

    return result;
}


CFMutableSetRef SOSCircleCopyBackupCapablePeersForView(SOSCircleRef circle, CFAllocatorRef allocator, SecKeyRef userPubKey, CFStringRef viewName) {
    SOSCircleAssertStable(circle);

    CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(allocator);

    SOSCircleForEachBackupCapablePeerForView(circle, userPubKey, viewName, ^(SOSPeerInfoRef peer) {
        CFSetAddValue(result, peer);
    });

    return result;
}

bool SOSCircleAppendConcurringPeers(SOSCircleRef circle, CFMutableArrayRef appendHere, CFErrorRef *error) {
    SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
        CFErrorRef localError = NULL;
        if (SOSCircleVerifyPeerSigned(circle, peer, &localError)) {
            SOSPeerInfoRef peerInfo = SOSPeerInfoCreateCopy(kCFAllocatorDefault, peer, error);
            CFArrayAppendValue(appendHere, peerInfo);
            CFRelease(peerInfo);
        } else if (error != NULL) {
            secerror("Error checking concurrence: %@", localError);
        }
        CFReleaseNull(localError);
    });

    return true;
}

CFMutableArrayRef SOSCircleCopyConcurringPeers(SOSCircleRef circle, CFErrorRef* error) {
    SOSCircleAssertStable(circle);

    CFMutableArrayRef concurringPeers = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);

    if (!SOSCircleAppendConcurringPeers(circle, concurringPeers, error))
        CFReleaseNull(concurringPeers);

    return concurringPeers;
}

SOSFullPeerInfoRef SOSCircleCopyiCloudFullPeerInfoRef(SOSCircleRef circle, CFErrorRef *error) {
    __block SOSFullPeerInfoRef cloud_full_peer = NULL;
    __block CFErrorRef searchError = NULL;
    SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
        if (SOSPeerInfoIsCloudIdentity(peer)) {
            if (cloud_full_peer == NULL) {
                if (searchError) {
                    secerror("More than one cloud identity found, first had error, trying new one.");
                }
                CFReleaseNull(searchError);
                cloud_full_peer = SOSFullPeerInfoCreateCloudIdentity(kCFAllocatorDefault, peer, &searchError);
                if (!cloud_full_peer) {
                    secnotice("icloud-identity", "Failed to make FullPeer for iCloud Identity: %@ (%@)", cloud_full_peer, searchError);
                }
            } else {
                secerror("Additional cloud identity found in circle after successful creation: %@", circle);
            }
        }
    });
    // If we didn't find one at all, report the error.
    if (cloud_full_peer == NULL && searchError == NULL) {
        SOSErrorCreate(kSOSErrorNoiCloudPeer, &searchError, NULL, CFSTR("No iCloud identity PeerInfo found in circle"));
        secnotice("icloud-identity", "No iCloud identity PeerInfo found in circle");
    }
    if (error) {
        CFTransferRetained(*error, searchError);
    }
    CFReleaseNull(searchError);
    return cloud_full_peer;
}

SOSFullPeerInfoRef SOSCircleCopyiCloudFullPeerInfoVerifier(SOSCircleRef circle, CFErrorRef *error) {
    __block CFErrorRef searchError = NULL;
    __block SOSFullPeerInfoRef cloud_full_peer = NULL;
    SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
        // There should only ever be one signing iCloud identity.  If there are more we'll take the first one.
        if (!cloud_full_peer && SOSPeerInfoIsCloudIdentity(peer) && SOSCircleVerifyPeerSignatureExists(circle, peer)) {
            cloud_full_peer = SOSFullPeerInfoCreateCloudIdentity(kCFAllocatorDefault, peer, &searchError);
        }
    });
    // If we didn't find one at all, report the error.
    if (cloud_full_peer == NULL && searchError == NULL) {
        SOSErrorCreate(kSOSErrorNoiCloudPeer, &searchError, NULL, CFSTR("No iCloud identity PeerInfo found in circle"));
        secnotice("icloud-identity", "No iCloud identity PeerInfo found in circle");
    }
    if (error) {
        CFTransferRetained(*error, searchError);
    }
    CFReleaseNull(searchError);
    return cloud_full_peer;
}

void debugDumpCircle(CFStringRef message, SOSCircleRef circle) {
    CFErrorRef error;

    secinfo("circledebug", "%@: %@", message, circle);
    if (!circle)
        return;

    CFDataRef derdata = SOSCircleCopyEncodedData(circle, kCFAllocatorDefault, &error);
    if (derdata) {
        CFStringRef hex = CFDataCopyHexString(derdata);
        secinfo("circledebug", "Full contents: %@", hex);
        if (hex) CFRelease(hex);
        CFRelease(derdata);
    }
}

bool SOSCircleAcceptPeerFromHSA2(SOSCircleRef circle, SecKeyRef userKey, SOSGenCountRef gencount, SecKeyRef pPubKey, CFDataRef signature, SOSFullPeerInfoRef fpi, CFErrorRef *error) {
    SOSPeerInfoRef peerInfo = SOSFullPeerInfoGetPeerInfo(fpi);
    bool res;

    CFSetAddValue(circle->peers, peerInfo);

    // Gen sign first, then add signature from our approver - remember gensign removes all existing sigs.
    res = SOSCircleGenerationSignWithGenCount(circle, userKey, fpi, gencount, error);
    if (!res) {
        secnotice("circleOps", "Failed to regenerate circle with new gen count: %@", error ? *error : NULL);
        return res;
    }
    res = SOSCircleSetSignature(circle, pPubKey, signature, error);
    if (!res) {
        secnotice("circleOps", "Failed to set signature: %@", error ? *error : NULL);
        return res;
    }
    res = SOSCircleVerify(circle, pPubKey, error);
    if (!res) {
        secnotice("circleOps", "Circle failed to validate after peer signature: %@", error ? *error : NULL);
        return res;
    }
    secnotice("circleOps", "Circle accepted successfully");

    return true;
}


/*
 ccstatus: Not in Circle (1)
 Account user public is trusted
 Generation Count: [2016-05-19 15:53 4]

 */

static inline void logPeerInfo(char *category, SOSCircleRef circle, SecKeyRef pubKey, CFStringRef myPID, SOSPeerInfoRef peer) {
    char sigchr = 'v';
    if (SOSCircleVerifyPeerSignatureExists(circle, peer)) {
        sigchr = 'V';
    }
    SOSPeerInfoLogState(category, peer, pubKey, myPID, sigchr);
}

void SOSCircleLogState(char *category, SOSCircleRef circle, SecKeyRef pubKey, CFStringRef myPID) {
    if(!circle) return;
    CFStringRef genString = SOSGenerationCountCopyDescription(SOSCircleGetGeneration(circle));
    char sigchr = 'v';
    if(pubKey && SOSCircleVerifySignatureExists(circle, pubKey, NULL)) {
        sigchr = 'V';
    }
    secnotice(category, "CIRCLE:    [%20@] UserSigned: %c", genString, sigchr);
    if(CFSetGetCount(circle->peers) == 0 )
        secnotice(category, "Peers In Circle: None");
    else{
        secnotice(category, "Peers In Circle:");
        SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
            logPeerInfo(category, circle, pubKey, myPID, peer);
        });
        SOSCircleForEachRetiredPeer(circle, ^(SOSPeerInfoRef peer) {
            logPeerInfo(category, circle, pubKey, myPID, peer);
        });
        SOSCircleForEachiCloudIdentityPeer(circle, ^(SOSPeerInfoRef peer) {
            logPeerInfo(category, circle, pubKey, myPID, peer);
        });
    }

    //applicants
    if(CFSetGetCount(circle->applicants) == 0 )
        secnotice(category, "Applicants To Circle: None");
    else{
        secnotice(category, "Applicants To Circle:");

        SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
            SOSPeerInfoLogState(category, peer, pubKey, myPID, 'v');
        });
    }
    
    //rejected
    if(CFSetGetCount(circle->rejected_applicants) == 0)
        secnotice(category, "Rejected Applicants To Circle: None");
    else{
        secnotice(category, "Rejected Applicants To Circle:");
        CFSetForEach(circle->rejected_applicants, ^(const void *value) {
            SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
            SOSPeerInfoLogState(category, peer, pubKey, myPID, 'v');
        });
    }
    CFReleaseNull(genString);
}