github.com/sean-/go@v0.0.0-20151219100004-97f854cd7bb6/src/crypto/x509/root_cgo_darwin.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // +build cgo,!arm,!arm64,!ios 6 7 package x509 8 9 /* 10 #cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060 11 #cgo LDFLAGS: -framework CoreFoundation -framework Security 12 13 #include <CoreFoundation/CoreFoundation.h> 14 #include <Security/Security.h> 15 16 // FetchPEMRoots fetches the system's list of trusted X.509 root certificates. 17 // 18 // On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root 19 // certificates of the system. On failure, the function returns -1. 20 // 21 // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after 22 // we've consumed its content. 23 int FetchPEMRoots(CFDataRef *pemRoots) { 24 if (pemRoots == NULL) { 25 return -1; 26 } 27 28 CFArrayRef certs = NULL; 29 OSStatus err = SecTrustCopyAnchorCertificates(&certs); 30 if (err != noErr) { 31 return -1; 32 } 33 34 CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0); 35 int i, ncerts = CFArrayGetCount(certs); 36 for (i = 0; i < ncerts; i++) { 37 CFDataRef data = NULL; 38 SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i); 39 if (cert == NULL) { 40 continue; 41 } 42 43 // Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport. 44 // Once we support weak imports via cgo we should prefer that, and fall back to this 45 // for older systems. 46 err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data); 47 if (err != noErr) { 48 continue; 49 } 50 51 if (data != NULL) { 52 CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data)); 53 CFRelease(data); 54 } 55 } 56 57 CFRelease(certs); 58 59 *pemRoots = combinedData; 60 return 0; 61 } 62 */ 63 import "C" 64 import "unsafe" 65 66 func initSystemRoots() { 67 roots := NewCertPool() 68 69 var data C.CFDataRef = nil 70 err := C.FetchPEMRoots(&data) 71 if err == -1 { 72 return 73 } 74 75 defer C.CFRelease(C.CFTypeRef(data)) 76 buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) 77 roots.AppendCertsFromPEM(buf) 78 systemRoots = roots 79 }