本文整理汇总了C++中CFRef::take方法的典型用法代码示例。如果您正苦于以下问题:C++ CFRef::take方法的具体用法?C++ CFRef::take怎么用?C++ CFRef::take使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类CFRef的用法示例。
在下文中一共展示了CFRef::take方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: loadRootCertificates
//
// Load root (anchor) certificates from disk
//
void TrustStore::loadRootCertificates()
{
StLock<Mutex> _(mMutex);
CFRef<CFArrayRef> anchors;
OSStatus ortn;
/*
* Get the current set of all positively trusted anchors.
*/
ortn = SecTrustSettingsCopyUnrestrictedRoots(
true, true, true, /* all domains */
anchors.take());
if(ortn) {
MacOSError::throwMe(ortn);
}
// how many data bytes do we need?
size_t size = 0;
CFIndex numCerts = CFArrayGetCount(anchors);
CSSM_RETURN crtn;
for(CFIndex dex=0; dex<numCerts; dex++) {
SecCertificateRef certRef = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, dex);
CSSM_DATA certData;
crtn = SecCertificateGetData(certRef, &certData);
if(crtn) {
CssmError::throwMe(crtn);
}
size += certData.Length;
}
mRootBytes.length(size);
// fill CssmData vector while copying data bytes together
mRoots.clear();
uint8 *base = mRootBytes.data<uint8>();
for(CFIndex dex=0; dex<numCerts; dex++) {
SecCertificateRef certRef = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, dex);
CSSM_DATA certData;
SecCertificateGetData(certRef, &certData);
memcpy(base, certData.Data, certData.Length);
mRoots.push_back(CssmData(base, certData.Length));
base += certData.Length;
}
secdebug("anchors", "%ld anchors loaded", (long)numCerts);
mRootsValid = true; // ready to roll
}示例2: SecCodeCopySigningInformation
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
CFDictionaryRef *infoRef)
{
BEGIN_CSAPI
checkFlags(flags,
kSecCSInternalInformation
| kSecCSSigningInformation
| kSecCSRequirementInformation
| kSecCSDynamicInformation
| kSecCSContentInformation);
SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
CFRef<CFDictionaryRef> info = code->signingInformation(flags);
if (flags & kSecCSDynamicInformation)
if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));
CodeSigning::Required(infoRef) = info.yield();
END_CSAPI
}示例3: CFDataGetLength
//
// Identify a guest by attribute set, and return a new GenericCode representing it.
// This uses cshosting RPCs to ask the host (or its proxy).
//
SecCode *GenericCode::locateGuest(CFDictionaryRef attributes)
{
if (Port host = hostingPort()) {
CFRef<CFDataRef> attrData;
void *attrPtr = NULL; size_t attrLength = 0;
if (attributes) {
attrData.take(CFPropertyListCreateXMLData(NULL, attributes));
attrPtr = (void *)CFDataGetBytePtr(attrData);
attrLength = CFDataGetLength(attrData);
}
GuestChain guestPath;
mach_msg_type_number_t guestPathLength;
mach_port_t subport;
CALL(host, findGuest, guestRef(), attrPtr, (mach_msg_type_number_t)attrLength,
&guestPath, &guestPathLength, &subport);
CODESIGN_GUEST_LOCATE_GENERIC(this, guestPath, guestPathLength, subport);
SecPointer<SecCode> code = this;
for (unsigned n = 0; n < guestPathLength; n++)
code = new GenericCode(code, guestPath[n]);
return code.yield();
} else
return NULL; // not found, no error
}示例4: resources
//
// Contemplate the object-to-be-signed and set up the Signer state accordingly.
//
void SecCodeSigner::Signer::prepare(SecCSFlags flags)
{
// get the Info.plist out of the rep for some creative defaulting
CFRef<CFDictionaryRef> infoDict;
if (CFRef<CFDataRef> infoData = rep->component(cdInfoSlot))
infoDict.take(makeCFDictionaryFrom(infoData));
// work out the canonical identifier
identifier = state.mIdentifier;
if (identifier.empty()) {
identifier = rep->recommendedIdentifier(state);
if (identifier.find('.') == string::npos)
identifier = state.mIdentifierPrefix + identifier;
if (identifier.find('.') == string::npos && state.isAdhoc())
identifier = identifier + "-" + uniqueName();
secdebug("signer", "using default identifier=%s", identifier.c_str());
} else
secdebug("signer", "using explicit identifier=%s", identifier.c_str());
// work out the CodeDirectory flags word
if (state.mCdFlagsGiven) {
cdFlags = state.mCdFlags;
secdebug("signer", "using explicit cdFlags=0x%x", cdFlags);
} else {
cdFlags = 0;
if (infoDict)
if (CFTypeRef csflags = CFDictionaryGetValue(infoDict, CFSTR("CSFlags"))) {
if (CFGetTypeID(csflags) == CFNumberGetTypeID()) {
cdFlags = cfNumber<uint32_t>(CFNumberRef(csflags));
secdebug("signer", "using numeric cdFlags=0x%x from Info.plist", cdFlags);
} else if (CFGetTypeID(csflags) == CFStringGetTypeID()) {
cdFlags = cdTextFlags(cfString(CFStringRef(csflags)));
secdebug("signer", "using text cdFlags=0x%x from Info.plist", cdFlags);
} else
MacOSError::throwMe(errSecCSBadDictionaryFormat);
}
}
if (state.mSigner == SecIdentityRef(kCFNull)) // ad-hoc signing requested...
cdFlags |= kSecCodeSignatureAdhoc; // ... so note that
// prepare the resource directory, if any
string rpath = rep->resourcesRootPath();
if (!rpath.empty()) {
// explicitly given resource rules always win
CFCopyRef<CFDictionaryRef> resourceRules = state.mResourceRules;
// embedded resource rules come next
if (!resourceRules && infoDict)
if (CFTypeRef spec = CFDictionaryGetValue(infoDict, _kCFBundleResourceSpecificationKey)) {
if (CFGetTypeID(spec) == CFStringGetTypeID())
if (CFRef<CFDataRef> data = cfLoadFile(rpath + "/" + cfString(CFStringRef(spec))))
if (CFDictionaryRef dict = makeCFDictionaryFrom(data))
resourceRules.take(dict);
if (!resourceRules) // embedded rules present but unacceptable
MacOSError::throwMe(errSecCSResourceRulesInvalid);
}
// finally, ask the DiskRep for its default
if (!resourceRules)
resourceRules.take(rep->defaultResourceRules(state));
// build the resource directory
ResourceBuilder resources(rpath, cfget<CFDictionaryRef>(resourceRules, "rules"), digestAlgorithm());
rep->adjustResources(resources); // DiskRep-specific adjustments
CFRef<CFDictionaryRef> rdir = resources.build();
resourceDirectory.take(CFPropertyListCreateXMLData(NULL, rdir));
}
// screen and set the signing time
CFAbsoluteTime now = CFAbsoluteTimeGetCurrent();
if (state.mSigningTime == CFDateRef(kCFNull)) {
signingTime = 0; // no time at all
} else if (!state.mSigningTime) {
signingTime = now; // default
} else {
CFAbsoluteTime time = CFDateGetAbsoluteTime(state.mSigningTime);
if (time > now) // not allowed to post-date a signature
MacOSError::throwMe(errSecCSBadDictionaryFormat);
signingTime = time;
}
pagesize = state.mPageSize ? cfNumber<size_t>(state.mPageSize) : rep->pageSize(state);
// Timestamping setup
CFRef<SecIdentityRef> mTSAuth; // identity for client-side authentication to the Timestamp server
}示例5: setTrustSettings
/*
* Modify cert's trust settings, or add a new cert to the record.
*/
void TrustSettings::setTrustSettings(
SecCertificateRef certRef,
CFTypeRef trustSettingsDictOrArray)
{
/* to validate, we need to know if the cert is self-signed */
OSStatus ortn;
Boolean isSelfSigned = false;
if(certRef == kSecTrustSettingsDefaultRootCertSetting) {
/*
* Validate settings as if this were root, specifically,
* kSecTrustSettingsResultTrustRoot (explicitly or by
* default) is OK.
*/
isSelfSigned = true;
}
else {
ortn = SecCertificateIsSelfSigned(certRef, &isSelfSigned);
if(ortn) {
MacOSError::throwMe(ortn);
}
}
/* caller's app/policy spec OK? */
CFRef<CFArrayRef> trustSettings(validateApiTrustSettings(
trustSettingsDictOrArray, isSelfSigned));
/* caller is responsible for ensuring these */
assert(mPropList != NULL);
assert(mDomain != kSecTrustSettingsDomainSystem);
/* extract issuer and serial number from the cert, if it's a cert */
CFRef<CFDataRef> issuer;
CFRef<CFDataRef> serial;
if(certRef != kSecTrustSettingsDefaultRootCertSetting) {
copyIssuerAndSerial(certRef, issuer.take(), serial.take());
}
else {
UInt8 dummy;
issuer = CFDataCreate(NULL, &dummy, 0);
serial = CFDataCreate(NULL, &dummy, 0);
}
/* SHA1 digest as string */
CFRef<CFStringRef> certHashStr(SecTrustSettingsCertHashStrFromCert(certRef));
if(!certHashStr) {
trustSettingsDbg("TrustSettings::setTrustSettings: CertHashStrFromCert error");
MacOSError::throwMe(errSecItemNotFound);
}
/*
* Find entry for this cert, if present.
*/
CFMutableDictionaryRef certDict =
(CFMutableDictionaryRef)findDictionaryForCertHash(certHashStr);
if(certDict == NULL) {
/* create new dictionary */
certDict = CFDictionaryCreateMutable(NULL, kSecTrustRecordNumCertDictKeys,
&kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
if(certDict == NULL) {
MacOSError::throwMe(memFullErr);
}
CFDictionaryAddValue(certDict, kTrustRecordIssuer, issuer);
CFDictionaryAddValue(certDict, kTrustRecordSerialNumber, serial);
if(CFArrayGetCount(trustSettings) != 0) {
/* skip this if the settings array is empty */
CFDictionaryAddValue(certDict, kTrustRecordTrustSettings, trustSettings);
}
tsSetModDate(certDict);
/* add this new cert dictionary to top-level mTrustDict */
CFDictionaryAddValue(mTrustDict, static_cast<CFStringRef>(certHashStr), certDict);
/* mTrustDict owns the dictionary now */
CFRelease(certDict);
}
else {
/* update */
tsSetModDate(certDict);
if(CFArrayGetCount(trustSettings) != 0) {
CFDictionarySetValue(certDict, kTrustRecordTrustSettings, trustSettings);
}
else {
/* empty settings array: remove from dictionary */
CFDictionaryRemoveValue(certDict, kTrustRecordTrustSettings);
}
}
mDirty = true;
}示例6: flushToDisk
/*
* Flush property list data out to disk if dirty.
*/
void TrustSettings::flushToDisk()
{
if(!mDirty) {
trustSettingsDbg("flushToDisk, domain %d, !dirty!", (int)mDomain);
return;
}
if(mPropList == NULL) {
trustSettingsDbg("flushToDisk, domain %d, trimmed!", (int)mDomain);
assert(0);
MacOSError::throwMe(internalComponentErr);
}
switch(mDomain) {
case kSecTrustSettingsDomainSystem:
case kSecTrustSettingsDomainMemory:
/* caller shouldn't even try this */
default:
trustSettingsDbg("flushToDisk, bad domain (%d)", (int)mDomain);
MacOSError::throwMe(internalComponentErr);
case kSecTrustSettingsDomainUser:
case kSecTrustSettingsDomainAdmin:
break;
}
/*
* Optimization: if there are no certs in the mTrustDict dictionary,
* we tell ocspd to *remove* the settings for the specified domain.
* Having *no* settings uses less memory and is faster than having
* an empty settings file, especially for the admin domain, where we
* can avoid
* an RPC if the settings file is simply not there.
*/
CFRef<CFDataRef> xmlData;
CSSM_DATA cssmXmlData = {0, NULL};
CFIndex numCerts = CFDictionaryGetCount(mTrustDict);
if(numCerts) {
xmlData.take(CFPropertyListCreateXMLData(NULL, mPropList));
if(!xmlData) {
/* we've been very careful; this should never happen */
trustSettingsDbg("flushToDisk, domain %d: error converting to XML", (int)mDomain);
MacOSError::throwMe(internalComponentErr);
}
cssmXmlData.Data = (uint8 *)CFDataGetBytePtr(xmlData);
cssmXmlData.Length = CFDataGetLength(xmlData);
}
else {
trustSettingsDbg("flushToDisk, domain %d: DELETING trust settings", (int)mDomain);
}
/* cook up auth stuff so ocspd can act on our behalf */
AuthorizationRef authRef;
OSStatus ortn;
ortn = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
0, &authRef);
if(ortn) {
trustSettingsDbg("flushToDisk, domain %d: AuthorizationCreate returned %ld",
(int)mDomain, (long)ortn);
MacOSError::throwMe(internalComponentErr);
}
AuthorizationExternalForm authExt;
CSSM_DATA authBlob = {sizeof(authExt), (uint8 *)&authExt};
ortn = AuthorizationMakeExternalForm(authRef, &authExt);
if(ortn) {
trustSettingsDbg("flushToDisk, domain %d: AuthorizationMakeExternalForm returned %ld",
(int)mDomain, (long)ortn);
ortn = internalComponentErr;
goto errOut;
}
ortn = ocspdTrustSettingsWrite(mDomain, authBlob, cssmXmlData);
if(ortn) {
trustSettingsDbg("flushToDisk, domain %d: ocspdTrustSettingsWrite returned %ld",
(int)mDomain, (long)ortn);
goto errOut;
}
trustSettingsDbg("flushToDisk, domain %d: wrote to disk", (int)mDomain);
mDirty = false;
errOut:
AuthorizationFree(authRef, 0);
if(ortn) {
MacOSError::throwMe(ortn);
}
}