github.com/code-reading/golang@v0.0.0-20220303082512-ba5bc0e589a3/go/src/crypto/x509/internal/macos/security.go

github.com/code-reading/golang@v0.0.0-20220303082512-ba5bc0e589a3/go/src/crypto/x509/internal/macos/security.go (about)

     1  // Copyright 2020 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build darwin && !ios
     6  // +build darwin,!ios
     7  
     8  package macOS
     9  
    10  import (
    11  	"errors"
    12  	"internal/abi"
    13  	"strconv"
    14  	"unsafe"
    15  )
    16  
    17  // Security.framework linker flags for the external linker. See Issue 42459.
    18  //go:cgo_ldflag "-framework"
    19  //go:cgo_ldflag "Security"
    20  
    21  // Based on https://opensource.apple.com/source/Security/Security-59306.41.2/base/Security.h
    22  
    23  type SecTrustSettingsResult int32
    24  
    25  const (
    26  	SecTrustSettingsResultInvalid SecTrustSettingsResult = iota
    27  	SecTrustSettingsResultTrustRoot
    28  	SecTrustSettingsResultTrustAsRoot
    29  	SecTrustSettingsResultDeny
    30  	SecTrustSettingsResultUnspecified
    31  )
    32  
    33  type SecTrustSettingsDomain int32
    34  
    35  const (
    36  	SecTrustSettingsDomainUser SecTrustSettingsDomain = iota
    37  	SecTrustSettingsDomainAdmin
    38  	SecTrustSettingsDomainSystem
    39  )
    40  
    41  type OSStatus struct {
    42  	call   string
    43  	status int32
    44  }
    45  
    46  func (s OSStatus) Error() string {
    47  	return s.call + " error: " + strconv.Itoa(int(s.status))
    48  }
    49  
    50  // Dictionary keys are defined as build-time strings with CFSTR, but the Go
    51  // linker's internal linking mode can't handle CFSTR relocations. Create our
    52  // own dynamic strings instead and just never release them.
    53  //
    54  // Note that this might be the only thing that can break over time if
    55  // these values change, as the ABI arguably requires using the strings
    56  // pointed to by the symbols, not values that happen to be equal to them.
    57  
    58  var SecTrustSettingsResultKey = StringToCFString("kSecTrustSettingsResult")
    59  var SecTrustSettingsPolicy = StringToCFString("kSecTrustSettingsPolicy")
    60  var SecTrustSettingsPolicyString = StringToCFString("kSecTrustSettingsPolicyString")
    61  var SecPolicyOid = StringToCFString("SecPolicyOid")
    62  var SecPolicyAppleSSL = StringToCFString("1.2.840.113635.100.1.3") // defined by POLICYMACRO
    63  
    64  var ErrNoTrustSettings = errors.New("no trust settings found")
    65  
    66  const errSecNoTrustSettings = -25263
    67  
    68  //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    69  
    70  func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) {
    71  	ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyCertificates_trampoline), uintptr(domain),
    72  		uintptr(unsafe.Pointer(&certArray)), 0, 0, 0, 0)
    73  	if int32(ret) == errSecNoTrustSettings {
    74  		return 0, ErrNoTrustSettings
    75  	} else if ret != 0 {
    76  		return 0, OSStatus{"SecTrustSettingsCopyCertificates", int32(ret)}
    77  	}
    78  	return certArray, nil
    79  }
    80  func x509_SecTrustSettingsCopyCertificates_trampoline()
    81  
    82  const kSecFormatX509Cert int32 = 9
    83  
    84  //go:cgo_import_dynamic x509_SecItemExport SecItemExport "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    85  
    86  func SecItemExport(cert CFRef) (data CFRef, err error) {
    87  	ret := syscall(abi.FuncPCABI0(x509_SecItemExport_trampoline), uintptr(cert), uintptr(kSecFormatX509Cert),
    88  		0 /* flags */, 0 /* keyParams */, uintptr(unsafe.Pointer(&data)), 0)
    89  	if ret != 0 {
    90  		return 0, OSStatus{"SecItemExport", int32(ret)}
    91  	}
    92  	return data, nil
    93  }
    94  func x509_SecItemExport_trampoline()
    95  
    96  const errSecItemNotFound = -25300
    97  
    98  //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    99  
   100  func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain) (trustSettings CFRef, err error) {
   101  	ret := syscall(abi.FuncPCABI0(x509_SecTrustSettingsCopyTrustSettings_trampoline), uintptr(cert), uintptr(domain),
   102  		uintptr(unsafe.Pointer(&trustSettings)), 0, 0, 0)
   103  	if int32(ret) == errSecItemNotFound {
   104  		return 0, ErrNoTrustSettings
   105  	} else if ret != 0 {
   106  		return 0, OSStatus{"SecTrustSettingsCopyTrustSettings", int32(ret)}
   107  	}
   108  	return trustSettings, nil
   109  }
   110  func x509_SecTrustSettingsCopyTrustSettings_trampoline()
   111  
   112  //go:cgo_import_dynamic x509_SecPolicyCopyProperties SecPolicyCopyProperties "/System/Library/Frameworks/Security.framework/Versions/A/Security"
   113  
   114  func SecPolicyCopyProperties(policy CFRef) CFRef {
   115  	ret := syscall(abi.FuncPCABI0(x509_SecPolicyCopyProperties_trampoline), uintptr(policy), 0, 0, 0, 0, 0)
   116  	return CFRef(ret)
   117  }
   118  func x509_SecPolicyCopyProperties_trampoline()