github.com/geraldss/go/src@v0.0.0-20210511222824-ac7d0ebfc235/crypto/x509/internal/macos/security.go

github.com/geraldss/go/src@v0.0.0-20210511222824-ac7d0ebfc235/crypto/x509/internal/macos/security.go (about)

     1  // Copyright 2020 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // +build darwin,!ios
     6  
     7  package macOS
     8  
     9  import (
    10  	"errors"
    11  	"strconv"
    12  	"unsafe"
    13  )
    14  
    15  // Security.framework linker flags for the external linker. See Issue 42459.
    16  //go:cgo_ldflag "-framework"
    17  //go:cgo_ldflag "Security"
    18  
    19  // Based on https://opensource.apple.com/source/Security/Security-59306.41.2/base/Security.h
    20  
    21  type SecTrustSettingsResult int32
    22  
    23  const (
    24  	SecTrustSettingsResultInvalid SecTrustSettingsResult = iota
    25  	SecTrustSettingsResultTrustRoot
    26  	SecTrustSettingsResultTrustAsRoot
    27  	SecTrustSettingsResultDeny
    28  	SecTrustSettingsResultUnspecified
    29  )
    30  
    31  type SecTrustSettingsDomain int32
    32  
    33  const (
    34  	SecTrustSettingsDomainUser SecTrustSettingsDomain = iota
    35  	SecTrustSettingsDomainAdmin
    36  	SecTrustSettingsDomainSystem
    37  )
    38  
    39  type OSStatus struct {
    40  	call   string
    41  	status int32
    42  }
    43  
    44  func (s OSStatus) Error() string {
    45  	return s.call + " error: " + strconv.Itoa(int(s.status))
    46  }
    47  
    48  // Dictionary keys are defined as build-time strings with CFSTR, but the Go
    49  // linker's internal linking mode can't handle CFSTR relocations. Create our
    50  // own dynamic strings instead and just never release them.
    51  //
    52  // Note that this might be the only thing that can break over time if
    53  // these values change, as the ABI arguably requires using the strings
    54  // pointed to by the symbols, not values that happen to be equal to them.
    55  
    56  var SecTrustSettingsResultKey = StringToCFString("kSecTrustSettingsResult")
    57  var SecTrustSettingsPolicy = StringToCFString("kSecTrustSettingsPolicy")
    58  var SecTrustSettingsPolicyString = StringToCFString("kSecTrustSettingsPolicyString")
    59  var SecPolicyOid = StringToCFString("SecPolicyOid")
    60  var SecPolicyAppleSSL = StringToCFString("1.2.840.113635.100.1.3") // defined by POLICYMACRO
    61  
    62  var ErrNoTrustSettings = errors.New("no trust settings found")
    63  
    64  const errSecNoTrustSettings = -25263
    65  
    66  //go:linkname x509_SecTrustSettingsCopyCertificates x509_SecTrustSettingsCopyCertificates
    67  //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    68  
    69  func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) {
    70  	ret := syscall(funcPC(x509_SecTrustSettingsCopyCertificates_trampoline), uintptr(domain),
    71  		uintptr(unsafe.Pointer(&certArray)), 0, 0, 0, 0)
    72  	if int32(ret) == errSecNoTrustSettings {
    73  		return 0, ErrNoTrustSettings
    74  	} else if ret != 0 {
    75  		return 0, OSStatus{"SecTrustSettingsCopyCertificates", int32(ret)}
    76  	}
    77  	return certArray, nil
    78  }
    79  func x509_SecTrustSettingsCopyCertificates_trampoline()
    80  
    81  const kSecFormatX509Cert int32 = 9
    82  
    83  //go:linkname x509_SecItemExport x509_SecItemExport
    84  //go:cgo_import_dynamic x509_SecItemExport SecItemExport "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    85  
    86  func SecItemExport(cert CFRef) (data CFRef, err error) {
    87  	ret := syscall(funcPC(x509_SecItemExport_trampoline), uintptr(cert), uintptr(kSecFormatX509Cert),
    88  		0 /* flags */, 0 /* keyParams */, uintptr(unsafe.Pointer(&data)), 0)
    89  	if ret != 0 {
    90  		return 0, OSStatus{"SecItemExport", int32(ret)}
    91  	}
    92  	return data, nil
    93  }
    94  func x509_SecItemExport_trampoline()
    95  
    96  const errSecItemNotFound = -25300
    97  
    98  //go:linkname x509_SecTrustSettingsCopyTrustSettings x509_SecTrustSettingsCopyTrustSettings
    99  //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security"
   100  
   101  func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain) (trustSettings CFRef, err error) {
   102  	ret := syscall(funcPC(x509_SecTrustSettingsCopyTrustSettings_trampoline), uintptr(cert), uintptr(domain),
   103  		uintptr(unsafe.Pointer(&trustSettings)), 0, 0, 0)
   104  	if int32(ret) == errSecItemNotFound {
   105  		return 0, ErrNoTrustSettings
   106  	} else if ret != 0 {
   107  		return 0, OSStatus{"SecTrustSettingsCopyTrustSettings", int32(ret)}
   108  	}
   109  	return trustSettings, nil
   110  }
   111  func x509_SecTrustSettingsCopyTrustSettings_trampoline()
   112  
   113  //go:linkname x509_SecPolicyCopyProperties x509_SecPolicyCopyProperties
   114  //go:cgo_import_dynamic x509_SecPolicyCopyProperties SecPolicyCopyProperties "/System/Library/Frameworks/Security.framework/Versions/A/Security"
   115  
   116  func SecPolicyCopyProperties(policy CFRef) CFRef {
   117  	ret := syscall(funcPC(x509_SecPolicyCopyProperties_trampoline), uintptr(policy), 0, 0, 0, 0, 0)
   118  	return CFRef(ret)
   119  }
   120  func x509_SecPolicyCopyProperties_trampoline()