1  /*
  2   * Copyright (c) 2002-2004,2011-2015 Apple Inc. All Rights Reserved.
  3   *
  4   * @APPLE_LICENSE_HEADER_START@
  5   *
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   *
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   *
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  #include <Security/SecPolicySearch.h>
 25  #include <Security/SecPolicyPriv.h>
 26  #include <security_keychain/PolicyCursor.h>
 27  #include <security_keychain/Policies.h>
 28  #include "SecBridge.h"
 29  
 30  //
 31  // CF Boilerplate
 32  CFTypeID
 33  SecPolicySearchGetTypeID(void)
 34  {
 35  	BEGIN_SECAPI
 36  	return gTypes().PolicyCursor.typeID;
 37  
 38  	END_SECAPI1(_kCFRuntimeNotATypeID)
 39  }
 40  
 41  
 42  OSStatus
 43  SecPolicySearchCreate(
 44              CSSM_CERT_TYPE certType,
 45  			const CSSM_OID* oid,
 46              const CSSM_DATA* value,
 47  			SecPolicySearchRef* searchRef)
 48  {
 49      BEGIN_SECAPI
 50  	Required(searchRef);	// preflight
 51      PolicyCursor* pc = new PolicyCursor(oid, value);
 52      if (pc == NULL)
 53      {
 54          return errSecPolicyNotFound;
 55      }
 56  
 57  	SecPointer<PolicyCursor> cursor(pc);
 58  	*searchRef = cursor->handle();
 59  	END_SECAPI
 60  }
 61  
 62  
 63  OSStatus
 64  SecPolicySearchCopyNext(
 65              SecPolicySearchRef searchRef,
 66              SecPolicyRef* policyRef)
 67  {
 68  	BEGIN_SECAPI
 69  	RequiredParam(policyRef);
 70  	SecPointer<Policy> policy;
 71  
 72  	/* bridge to support API functionality */
 73  	CFStringRef oidStr = NULL;
 74  	PolicyCursor *policyCursor = PolicyCursor::required(searchRef);
 75  	do {
 76  		if (!policyCursor->next(policy))
 77  			return errSecPolicyNotFound;
 78  		CssmOid oid = policy->oid();
 79  		CFStringRef str = SecPolicyGetStringForOID(&oid);
 80  		if (str) {
 81  			oidStr = str;
 82  			if (CFEqual(str, kSecPolicyAppleiChat) ||
 83  				CFEqual(str, kSecPolicyApplePKINITClient) ||
 84  				CFEqual(str, kSecPolicyApplePKINITServer)) {
 85  				oidStr = NULL; /* TBD: support for PKINIT policies in unified code */
 86  			}
 87  			else if (policyCursor->oidProvided() == false &&
 88  				CFEqual(str, kSecPolicyAppleRevocation)) {
 89  				oidStr = NULL; /* filter this out unless specifically requested */
 90  			}
 91  		}
 92  	}
 93  	while (!oidStr);
 94  	/* create and vend a unified SecPolicyRef instance */
 95  	CFRef<CFDictionaryRef> properties = policy->properties();
 96  	if ((*policyRef = SecPolicyCreateWithProperties(oidStr, properties)) != NULL) {
 97  		__secapiresult = errSecSuccess;
 98  	} else {
 99  		__secapiresult = errSecPolicyNotFound;
100  	}
101  
102  	END_SECAPI
103  }