We use cookies to ensure you get the best experience on our website
ホーム エクスプローラ ヘルプ
登録 サインイン
0ct0pu5
/
moby
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: 56da020e6b
ブランチ タグ
moby
/
vendor
/
github.com
/
google
/
certificate-transparency
/
go
/
x509
/
root_darwin.go

root_darwin.go 2.2 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. // Copyright 2011 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. // +build darwin,cgo
    6. 

  6. 

  7. package x509
    8. 

  8. 

  9. /*
    10. 

  10. #cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
    11. 

  11. #cgo LDFLAGS: -framework CoreFoundation -framework Security
    12. 

  12. 

  13. #include <CoreFoundation/CoreFoundation.h>
    14. 

  14. #include <Security/Security.h>
    15. 

  15. 

  16. // FetchPEMRootsCTX509 fetches the system's list of trusted X.509 root certificates.
    17. 

  17. //
    18. 

  18. // On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
    19. 

  19. // certificates of the system. On failure, the function returns -1.
    20. 

  20. //
    21. 

  21. // Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
    22. 

  22. // we've consumed its content.
    23. 

  23. int FetchPEMRootsCTX509(CFDataRef *pemRoots) {
    24. 

  24. 	if (pemRoots == NULL) {
    25. 

  25. 		return -1;
    26. 

  26. 	}
    27. 

  27. 

  28. 	CFArrayRef certs = NULL;
    29. 

  29. 	OSStatus err = SecTrustCopyAnchorCertificates(&certs);
    30. 

  30. 	if (err != noErr) {
    31. 

  31. 		return -1;
    32. 

  32. 	}
    33. 

  33. 

  34. 	CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
    35. 

  35. 	int i, ncerts = CFArrayGetCount(certs);
    36. 

  36. 	for (i = 0; i < ncerts; i++) {
    37. 

  37. 		CFDataRef data = NULL;
    38. 

  38. 		SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, i);
    39. 

  39. 		if (cert == NULL) {
    40. 

  40. 			continue;
    41. 

  41. 		}
    42. 

  42. 

  43. 		// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
    44. 

  44. 		// Once we support weak imports via cgo we should prefer that, and fall back to this
    45. 

  45. 		// for older systems.
    46. 

  46. 		err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
    47. 

  47. 		if (err != noErr) {
    48. 

  48. 			continue;
    49. 

  49. 		}
    50. 

  50. 

  51. 		if (data != NULL) {
    52. 

  52. 			CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
    53. 

  53. 			CFRelease(data);
    54. 

  54. 		}
    55. 

  55. 	}
    56. 

  56. 

  57. 	CFRelease(certs);
    58. 

  58. 

  59. 	*pemRoots = combinedData;
    60. 

  60. 	return 0;
    61. 

  61. }
    62. 

  62. */
    63. 

  63. import "C"
    64. 

  64. import "unsafe"
    65. 

  65. 

  66. func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
    67. 

  67. 	return nil, nil
    68. 

  68. }
    69. 

  69. 

  70. func initSystemRoots() {
    71. 

  71. 	roots := NewCertPool()
    72. 

  72. 

  73. 	var data C.CFDataRef = nil
    74. 

  74. 	err := C.FetchPEMRootsCTX509(&data)
    75. 

  75. 	if err == -1 {
    76. 

  76. 		return
    77. 

  77. 	}
    78. 

  78. 

  79. 	defer C.CFRelease(C.CFTypeRef(data))
    80. 

  80. 	buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
    81. 

  81. 	roots.AppendCertsFromPEM(buf)
    82. 

  82. 	systemRoots = roots
    83. 

  83. }
    84.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5