Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1208)

Delta Between Two Patch Sets: src/pkg/crypto/x509/root_darwin.go

Issue 22020045: code review 22020045: crypto/x509: add non-cgo darwin system anchor certs (Closed)
Left Patch Set: diff -r c0c2d0b05a77 https://code.google.com/p/go Created 10 years, 3 months ago
Right Patch Set: diff -r c0c2d0b05a77 https://code.google.com/p/go Created 10 years, 3 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Right: Side by side diff | Download
« no previous file with change/comment | « src/pkg/crypto/x509/root_cgo_darwin.go ('k') | src/pkg/crypto/x509/root_darwin_test.go » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
(no file at all)
1 // Copyright 2011 The Go Authors. All rights reserved. 1 // Copyright 2013 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package x509 5 package x509
6 6
7 /* 7 import "os/exec"
8 #cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
9 #cgo LDFLAGS: -framework CoreFoundation -framework Security
10
11 #include <CoreFoundation/CoreFoundation.h>
12 #include <Security/Security.h>
13
14 // FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
15 //
16 // On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
17 // certificates of the system. On failure, the function returns -1.
18 //
19 // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) a fter
20 // we've consumed its content.
21 int FetchPEMRoots(CFDataRef *pemRoots) {
22 » if (pemRoots == NULL) {
23 » » return -1;
24 » }
25
26 » CFArrayRef certs = NULL;
27 » OSStatus err = SecTrustCopyAnchorCertificates(&certs);
28 » if (err != noErr) {
29 » » return -1;
30 » }
31
32 » CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
33 » int i, ncerts = CFArrayGetCount(certs);
34 » for (i = 0; i < ncerts; i++) {
35 » » CFDataRef data = NULL;
36 » » SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtInd ex(certs, i);
37 » » if (cert == NULL) {
38 » » » continue;
39 » » }
40
41 » » // Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
42 » » // Once we support weak imports via cgo we should prefer that, a nd fall back to this
43 » » // for older systems.
44 » » err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPe mArmour, NULL, &data);
45 » » if (err != noErr) {
46 » » » continue;
47 » » }
48
49 » » if (data != NULL) {
50 » » » CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
51 » » » CFRelease(data);
52 » » }
53 » }
54
55 » CFRelease(certs);
56
57 » *pemRoots = combinedData;
58 » return 0;
59 }
60 */
61 import "C"
62 import "unsafe"
63 8
64 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate , err error) { 9 func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate , err error) {
agl1 2013/12/12 16:29:47 I don't think a common, darwin, .go file is justif
65 return nil, nil 10 return nil, nil
66 } 11 }
67 12
68 func initSystemRoots() { 13 func execSecurityRoots() (*CertPool, error) {
agl1 2013/12/12 16:29:47 Why isn't this code in the nocgo_darwin file?
69 » roots := NewCertPool() 14 » cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
70 15 » data, err := cmd.Output()
71 » var data C.CFDataRef = nil 16 » if err != nil {
72 » err := C.FetchPEMRoots(&data) 17 » » return nil, err
73 » if err == -1 {
74 » » return
75 } 18 }
76 19
77 » defer C.CFRelease(C.CFTypeRef(data)) 20 » roots := NewCertPool()
78 » buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDat aGetLength(data))) 21 » roots.AppendCertsFromPEM(data)
79 » roots.AppendCertsFromPEM(buf) 22 » return roots, nil
80 » systemRoots = roots
81 } 23 }
LEFTRIGHT

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b