github.com/gidoBOSSftw5731/go/src@v0.0.0-20210226122457-d24b0edbf019/crypto/x509/internal/macos/security.go

github.com/gidoBOSSftw5731/go/src@v0.0.0-20210226122457-d24b0edbf019/crypto/x509/internal/macos/security.go (about)

     1  // Copyright 2020 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build darwin && !ios
     6  // +build darwin,!ios
     7  
     8  package macOS
     9  
    10  import (
    11  	"errors"
    12  	"strconv"
    13  	"unsafe"
    14  )
    15  
    16  // Security.framework linker flags for the external linker. See Issue 42459.
    17  //go:cgo_ldflag "-framework"
    18  //go:cgo_ldflag "Security"
    19  
    20  // Based on https://opensource.apple.com/source/Security/Security-59306.41.2/base/Security.h
    21  
    22  type SecTrustSettingsResult int32
    23  
    24  const (
    25  	SecTrustSettingsResultInvalid SecTrustSettingsResult = iota
    26  	SecTrustSettingsResultTrustRoot
    27  	SecTrustSettingsResultTrustAsRoot
    28  	SecTrustSettingsResultDeny
    29  	SecTrustSettingsResultUnspecified
    30  )
    31  
    32  type SecTrustSettingsDomain int32
    33  
    34  const (
    35  	SecTrustSettingsDomainUser SecTrustSettingsDomain = iota
    36  	SecTrustSettingsDomainAdmin
    37  	SecTrustSettingsDomainSystem
    38  )
    39  
    40  type OSStatus struct {
    41  	call   string
    42  	status int32
    43  }
    44  
    45  func (s OSStatus) Error() string {
    46  	return s.call + " error: " + strconv.Itoa(int(s.status))
    47  }
    48  
    49  // Dictionary keys are defined as build-time strings with CFSTR, but the Go
    50  // linker's internal linking mode can't handle CFSTR relocations. Create our
    51  // own dynamic strings instead and just never release them.
    52  //
    53  // Note that this might be the only thing that can break over time if
    54  // these values change, as the ABI arguably requires using the strings
    55  // pointed to by the symbols, not values that happen to be equal to them.
    56  
    57  var SecTrustSettingsResultKey = StringToCFString("kSecTrustSettingsResult")
    58  var SecTrustSettingsPolicy = StringToCFString("kSecTrustSettingsPolicy")
    59  var SecTrustSettingsPolicyString = StringToCFString("kSecTrustSettingsPolicyString")
    60  var SecPolicyOid = StringToCFString("SecPolicyOid")
    61  var SecPolicyAppleSSL = StringToCFString("1.2.840.113635.100.1.3") // defined by POLICYMACRO
    62  
    63  var ErrNoTrustSettings = errors.New("no trust settings found")
    64  
    65  const errSecNoTrustSettings = -25263
    66  
    67  //go:cgo_import_dynamic x509_SecTrustSettingsCopyCertificates SecTrustSettingsCopyCertificates "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    68  
    69  func SecTrustSettingsCopyCertificates(domain SecTrustSettingsDomain) (certArray CFRef, err error) {
    70  	ret := syscall(funcPC(x509_SecTrustSettingsCopyCertificates_trampoline), uintptr(domain),
    71  		uintptr(unsafe.Pointer(&certArray)), 0, 0, 0, 0)
    72  	if int32(ret) == errSecNoTrustSettings {
    73  		return 0, ErrNoTrustSettings
    74  	} else if ret != 0 {
    75  		return 0, OSStatus{"SecTrustSettingsCopyCertificates", int32(ret)}
    76  	}
    77  	return certArray, nil
    78  }
    79  func x509_SecTrustSettingsCopyCertificates_trampoline()
    80  
    81  const kSecFormatX509Cert int32 = 9
    82  
    83  //go:cgo_import_dynamic x509_SecItemExport SecItemExport "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    84  
    85  func SecItemExport(cert CFRef) (data CFRef, err error) {
    86  	ret := syscall(funcPC(x509_SecItemExport_trampoline), uintptr(cert), uintptr(kSecFormatX509Cert),
    87  		0 /* flags */, 0 /* keyParams */, uintptr(unsafe.Pointer(&data)), 0)
    88  	if ret != 0 {
    89  		return 0, OSStatus{"SecItemExport", int32(ret)}
    90  	}
    91  	return data, nil
    92  }
    93  func x509_SecItemExport_trampoline()
    94  
    95  const errSecItemNotFound = -25300
    96  
    97  //go:cgo_import_dynamic x509_SecTrustSettingsCopyTrustSettings SecTrustSettingsCopyTrustSettings "/System/Library/Frameworks/Security.framework/Versions/A/Security"
    98  
    99  func SecTrustSettingsCopyTrustSettings(cert CFRef, domain SecTrustSettingsDomain) (trustSettings CFRef, err error) {
   100  	ret := syscall(funcPC(x509_SecTrustSettingsCopyTrustSettings_trampoline), uintptr(cert), uintptr(domain),
   101  		uintptr(unsafe.Pointer(&trustSettings)), 0, 0, 0)
   102  	if int32(ret) == errSecItemNotFound {
   103  		return 0, ErrNoTrustSettings
   104  	} else if ret != 0 {
   105  		return 0, OSStatus{"SecTrustSettingsCopyTrustSettings", int32(ret)}
   106  	}
   107  	return trustSettings, nil
   108  }
   109  func x509_SecTrustSettingsCopyTrustSettings_trampoline()
   110  
   111  //go:cgo_import_dynamic x509_SecPolicyCopyProperties SecPolicyCopyProperties "/System/Library/Frameworks/Security.framework/Versions/A/Security"
   112  
   113  func SecPolicyCopyProperties(policy CFRef) CFRef {
   114  	ret := syscall(funcPC(x509_SecPolicyCopyProperties_trampoline), uintptr(policy), 0, 0, 0, 0, 0)
   115  	return CFRef(ret)
   116  }
   117  func x509_SecPolicyCopyProperties_trampoline()