github.com/AESNooper/go/src@v0.0.0-20220218095104-b56a4ab1bbbb/crypto/x509/internal/macos/security.go (about) 1 // Copyright 2020 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build darwin 6 7 package macOS 8 9 import ( 10 "errors" 11 "fmt" 12 "internal/abi" 13 "strconv" 14 "unsafe" 15 ) 16 17 // Security.framework linker flags for the external linker. See Issue 42459. 18 //go:cgo_ldflag "-framework" 19 //go:cgo_ldflag "Security" 20 21 // Based on https://opensource.apple.com/source/Security/Security-59306.41.2/base/Security.h 22 23 type SecTrustSettingsResult int32 24 25 const ( 26 SecTrustSettingsResultInvalid SecTrustSettingsResult = iota 27 SecTrustSettingsResultTrustRoot 28 SecTrustSettingsResultTrustAsRoot 29 SecTrustSettingsResultDeny 30 SecTrustSettingsResultUnspecified 31 ) 32 33 type SecTrustResultType int32 34 35 const ( 36 SecTrustResultInvalid SecTrustResultType = iota 37 SecTrustResultProceed 38 SecTrustResultConfirm // deprecated 39 SecTrustResultDeny 40 SecTrustResultUnspecified 41 SecTrustResultRecoverableTrustFailure 42 SecTrustResultFatalTrustFailure 43 SecTrustResultOtherError 44 ) 45 46 type SecTrustSettingsDomain int32 47 48 const ( 49 SecTrustSettingsDomainUser SecTrustSettingsDomain = iota 50 SecTrustSettingsDomainAdmin 51 SecTrustSettingsDomainSystem 52 ) 53 54 type OSStatus struct { 55 call string 56 status int32 57 } 58 59 func (s OSStatus) Error() string { 60 return s.call + " error: " + strconv.Itoa(int(s.status)) 61 } 62 63 // Dictionary keys are defined as build-time strings with CFSTR, but the Go 64 // linker's internal linking mode can't handle CFSTR relocations. Create our 65 // own dynamic strings instead and just never release them. 66 // 67 // Note that this might be the only thing that can break over time if 68 // these values change, as the ABI arguably requires using the strings 69 // pointed to by the symbols, not values that happen to be equal to them. 70 71 var SecTrustSettingsResultKey = StringToCFString("kSecTrustSettingsResult") 72 var SecTrustSettingsPolicy = StringToCFString("kSecTrustSettingsPolicy") 73 var SecTrustSettingsPolicyString = StringToCFString("kSecTrustSettingsPolicyString") 74 var SecPolicyOid = StringToCFString("SecPolicyOid") 75 var SecPolicyAppleSSL = StringToCFString("1.2.840.113635.100.1.3") // defined by POLICYMACRO 76 77 var ErrNoTrustSettings = errors.New("no trust settings found") 78 79 const errSecNoTrustSettings = -25263 80 81 //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security" 82 83 func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) { 84 ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyCertificates_trampoline), uintptr(domain), 85 uintptr(unsafe.Pointer(&certArray)), 0, 0, 0, 0) 86 if int32(ret) == errSecNoTrustSettings { 87 return 0, ErrNoTrustSettings 88 } else if ret != 0 { 89 return 0, OSStatus{"SecTrustSettingsCopyCertificates", int32(ret)} 90 } 91 return certArray, nil 92 } 93 func x509_SecTrustSettingsCopyCertificates_trampoline() 94 95 const errSecItemNotFound = -25300 96 97 //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security" 98 99 func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain) (trustSettings CFRef, err error) { 100 ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyTrustSettings_trampoline), uintptr(cert), uintptr(domain), 101 uintptr(unsafe.Pointer(&trustSettings)), 0, 0, 0) 102 if int32(ret) == errSecItemNotFound { 103 return 0, ErrNoTrustSettings 104 } else if ret != 0 { 105 return 0, OSStatus{"SecTrustSettingsCopyTrustSettings", int32(ret)} 106 } 107 return trustSettings, nil 108 } 109 func x509_SecTrustSettingsCopyTrustSettings_trampoline() 110 111 //go:cgo_import_dynamic x509_SecPolicyCopyProperties SecPolicyCopyProperties "/System/Library/Frameworks/Security.framework/Versions/A/Security" 112 113 func SecPolicyCopyProperties(policy CFRef) CFRef { 114 ret := syscall(abi.FuncPCABI0(x509_SecPolicyCopyProperties_trampoline), uintptr(policy), 0, 0, 0, 0, 0) 115 return CFRef(ret) 116 } 117 func x509_SecPolicyCopyProperties_trampoline() 118 119 //go:cgo_import_dynamic x509_SecTrustCreateWithCertificates SecTrustCreateWithCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security" 120 121 func SecTrustCreateWithCertificates(certs CFRef, policies CFRef) (CFRef, error) { 122 var trustObj CFRef 123 ret := syscall(abi.FuncPCABI0(x509_SecTrustCreateWithCertificates_trampoline), uintptr(certs), uintptr(policies), 124 uintptr(unsafe.Pointer(&trustObj)), 0, 0, 0) 125 if int32(ret) != 0 { 126 return 0, OSStatus{"SecTrustCreateWithCertificates", int32(ret)} 127 } 128 return trustObj, nil 129 } 130 func x509_SecTrustCreateWithCertificates_trampoline() 131 132 //go:cgo_import_dynamic x509_SecCertificateCreateWithData SecCertificateCreateWithData "/System/Library/Frameworks/Security.framework/Versions/A/Security" 133 134 func SecCertificateCreateWithData(b []byte) CFRef { 135 data := BytesToCFData(b) 136 ret := syscall(abi.FuncPCABI0(x509_SecCertificateCreateWithData_trampoline), kCFAllocatorDefault, uintptr(data), 0, 0, 0, 0) 137 CFRelease(data) 138 return CFRef(ret) 139 } 140 func x509_SecCertificateCreateWithData_trampoline() 141 142 //go:cgo_import_dynamic x509_SecPolicyCreateSSL SecPolicyCreateSSL "/System/Library/Frameworks/Security.framework/Versions/A/Security" 143 144 func SecPolicyCreateSSL(name string) CFRef { 145 var hostname CFString 146 if name != "" { 147 hostname = StringToCFString(name) 148 defer CFRelease(CFRef(hostname)) 149 } 150 ret := syscall(abi.FuncPCABI0(x509_SecPolicyCreateSSL_trampoline), 1 /* true */, uintptr(hostname), 0, 0, 0, 0) 151 return CFRef(ret) 152 } 153 func x509_SecPolicyCreateSSL_trampoline() 154 155 //go:cgo_import_dynamic x509_SecTrustSetVerifyDate SecTrustSetVerifyDate "/System/Library/Frameworks/Security.framework/Versions/A/Security" 156 157 func SecTrustSetVerifyDate(trustObj CFRef, dateRef CFRef) error { 158 ret := syscall(abi.FuncPCABI0(x509_SecTrustSetVerifyDate_trampoline), uintptr(trustObj), uintptr(dateRef), 0, 0, 0, 0) 159 if int32(ret) != 0 { 160 return OSStatus{"SecTrustSetVerifyDate", int32(ret)} 161 } 162 return nil 163 } 164 func x509_SecTrustSetVerifyDate_trampoline() 165 166 //go:cgo_import_dynamic x509_SecTrustEvaluate SecTrustEvaluate "/System/Library/Frameworks/Security.framework/Versions/A/Security" 167 168 func SecTrustEvaluate(trustObj CFRef) (CFRef, error) { 169 var result CFRef 170 ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluate_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&result)), 0, 0, 0, 0) 171 if int32(ret) != 0 { 172 return 0, OSStatus{"SecTrustEvaluate", int32(ret)} 173 } 174 return CFRef(result), nil 175 } 176 func x509_SecTrustEvaluate_trampoline() 177 178 //go:cgo_import_dynamic x509_SecTrustGetResult SecTrustGetResult "/System/Library/Frameworks/Security.framework/Versions/A/Security" 179 180 func SecTrustGetResult(trustObj CFRef, result CFRef) (CFRef, CFRef, error) { 181 var chain, info CFRef 182 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetResult_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&result)), 183 uintptr(unsafe.Pointer(&chain)), uintptr(unsafe.Pointer(&info)), 0, 0) 184 if int32(ret) != 0 { 185 return 0, 0, OSStatus{"SecTrustGetResult", int32(ret)} 186 } 187 return chain, info, nil 188 } 189 func x509_SecTrustGetResult_trampoline() 190 191 //go:cgo_import_dynamic x509_SecTrustEvaluateWithError SecTrustEvaluateWithError "/System/Library/Frameworks/Security.framework/Versions/A/Security" 192 193 func SecTrustEvaluateWithError(trustObj CFRef) error { 194 var errRef CFRef 195 ret := syscall(abi.FuncPCABI0(x509_SecTrustEvaluateWithError_trampoline), uintptr(trustObj), uintptr(unsafe.Pointer(&errRef)), 0, 0, 0, 0) 196 if int32(ret) != 1 { 197 errStr := CFErrorCopyDescription(errRef) 198 err := fmt.Errorf("x509: %s", CFStringToString(errStr)) 199 CFRelease(errRef) 200 CFRelease(errStr) 201 return err 202 } 203 return nil 204 } 205 func x509_SecTrustEvaluateWithError_trampoline() 206 207 //go:cgo_import_dynamic x509_SecTrustGetCertificateCount SecTrustGetCertificateCount "/System/Library/Frameworks/Security.framework/Versions/A/Security" 208 209 func SecTrustGetCertificateCount(trustObj CFRef) int { 210 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetCertificateCount_trampoline), uintptr(trustObj), 0, 0, 0, 0, 0) 211 return int(ret) 212 } 213 func x509_SecTrustGetCertificateCount_trampoline() 214 215 //go:cgo_import_dynamic x509_SecTrustGetCertificateAtIndex SecTrustGetCertificateAtIndex "/System/Library/Frameworks/Security.framework/Versions/A/Security" 216 217 func SecTrustGetCertificateAtIndex(trustObj CFRef, i int) CFRef { 218 ret := syscall(abi.FuncPCABI0(x509_SecTrustGetCertificateAtIndex_trampoline), uintptr(trustObj), uintptr(i), 0, 0, 0, 0) 219 return CFRef(ret) 220 } 221 func x509_SecTrustGetCertificateAtIndex_trampoline() 222 223 //go:cgo_import_dynamic x509_SecCertificateCopyData SecCertificateCopyData "/System/Library/Frameworks/Security.framework/Versions/A/Security" 224 225 func SecCertificateCopyData(cert CFRef) ([]byte, error) { 226 ret := syscall(abi.FuncPCABI0(x509_SecCertificateCopyData_trampoline), uintptr(cert), 0, 0, 0, 0, 0) 227 if ret == 0 { 228 return nil, errors.New("x509: invalid certificate object") 229 } 230 b := CFDataToSlice(CFRef(ret)) 231 CFRelease(CFRef(ret)) 232 return b, nil 233 } 234 func x509_SecCertificateCopyData_trampoline()