github.com/xushiwei/go@v0.0.0-20130601165731-2b9d83f45bc9/src/pkg/crypto/x509/root_darwin.go

github.com/xushiwei/go@v0.0.0-20130601165731-2b9d83f45bc9/src/pkg/crypto/x509/root_darwin.go (about)

     1  // Copyright 2011 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package x509
     6  
     7  /*
     8  #cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
     9  #cgo LDFLAGS: -framework CoreFoundation -framework Security
    10  
    11  #include <CoreFoundation/CoreFoundation.h>
    12  #include <Security/Security.h>
    13  
    14  // FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
    15  //
    16  // On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
    17  // certificates of the system. On failure, the function returns -1.
    18  //
    19  // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
    20  // we've consumed its content.
    21  int FetchPEMRoots(CFDataRef *pemRoots) {
    22  	if (pemRoots == NULL) {
    23  		return -1;
    24  	}
    25  
    26  	CFArrayRef certs = NULL;
    27  	OSStatus err = SecTrustCopyAnchorCertificates(&certs);
    28  	if (err != noErr) {
    29  		return -1;
    30  	}
    31  
    32  	CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
    33  	int i, ncerts = CFArrayGetCount(certs);
    34  	for (i = 0; i < ncerts; i++) {
    35  		CFDataRef data = NULL;
    36  		SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
    37  		if (cert == NULL) {
    38  			continue;
    39  		}
    40  
    41  		// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
    42  		// Once we support weak imports via cgo we should prefer that, and fall back to this
    43  		// for older systems.
    44  		err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
    45  		if (err != noErr) {
    46  			continue;
    47  		}
    48  
    49  		if (data != NULL) {
    50  			CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
    51  			CFRelease(data);
    52  		}
    53  	}
    54  
    55  	CFRelease(certs);
    56  
    57  	*pemRoots = combinedData;
    58  	return 0;
    59  }
    60  */
    61  import "C"
    62  import "unsafe"
    63  
    64  func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
    65  	return nil, nil
    66  }
    67  
    68  func initSystemRoots() {
    69  	roots := NewCertPool()
    70  
    71  	var data C.CFDataRef = nil
    72  	err := C.FetchPEMRoots(&data)
    73  	if err == -1 {
    74  		return
    75  	}
    76  
    77  	defer C.CFRelease(C.CFTypeRef(data))
    78  	buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
    79  	roots.AppendCertsFromPEM(buf)
    80  	systemRoots = roots
    81  }