本文整理汇总了C++中SecPointer::buildEvidence方法的典型用法代码示例。如果您正苦于以下问题:C++ SecPointer::buildEvidence方法的具体用法?C++ SecPointer::buildEvidence怎么用?C++ SecPointer::buildEvidence使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SecPointer的用法示例。
在下文中一共展示了SecPointer::buildEvidence方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: findPreferredIdentity
bool
IdentityCursorPolicyAndID::next(SecPointer<Identity> &identity)
{
SecPointer<Identity> currIdentity;
Boolean identityOK = true;
if (!mPreferredIdentityChecked)
{
try
{
findPreferredIdentity();
}
catch(...) {}
mPreferredIdentityChecked = true;
if (mPreferredIdentity)
{
identity = mPreferredIdentity;
return true;
}
}
for (;;)
{
bool result = IdentityCursor::next(currIdentity); // base class finds the next identity by keyUsage
if ( result )
{
if (mPreferredIdentity && (currIdentity == mPreferredIdentity))
{
identityOK = false; // we already returned this one, move on to the next
continue;
}
// If there was no policy specified, we're done.
if ( !mPolicy )
{
identityOK = true; // return this identity
break;
}
// To reduce the number of (potentially expensive) trust evaluations performed, we need
// to do some pre-processing to filter out certs that don't match the search criteria.
// Rather than try to duplicate the TP's policy logic here, we'll just call the TP with
// a single-element certificate array, no anchors, and no keychains to search.
SecPointer<Certificate> certificate = currIdentity->certificate();
CFRef<SecCertificateRef> certRef(certificate->handle());
CFRef<CFMutableArrayRef> anchorsArray(CFArrayCreateMutable(NULL, 1, NULL));
CFRef<CFMutableArrayRef> certArray(CFArrayCreateMutable(NULL, 1, NULL));
if ( !certArray || !anchorsArray )
{
identityOK = false; // skip this and move on to the next one
continue;
}
CFArrayAppendValue(certArray, certRef);
SecPointer<Trust> trustLite = new Trust(certArray, mPolicy);
StorageManager::KeychainList emptyList;
// Set the anchors and keychain search list to be empty
trustLite->anchors(anchorsArray);
trustLite->searchLibs(emptyList);
trustLite->evaluate();
SecTrustResultType trustResult = trustLite->result();
if (trustResult == kSecTrustResultRecoverableTrustFailure ||
trustResult == kSecTrustResultFatalTrustFailure)
{
CFArrayRef certChain = NULL;
CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL, *evInfo = NULL;
trustLite->buildEvidence(certChain, TPEvidenceInfo::overlayVar(statusChain));
if (statusChain)
evInfo = &statusChain[0];
if (!evInfo || evInfo->NumStatusCodes > 0) // per-cert codes means we can't use this cert for this policy
trustResult = kSecTrustResultInvalid; // handled below
if (certChain)
CFRelease(certChain);
}
if (trustResult == kSecTrustResultInvalid)
{
identityOK = false; // move on to the next one
continue;
}
// If trust evaluation isn't requested, we're done.
if ( !mReturnOnlyValidIdentities )
{
identityOK = true; // return this identity
break;
}
// Perform a full trust evaluation on the certificate with the specified policy.
SecPointer<Trust> trust = new Trust(certArray, mPolicy);
trust->evaluate();
trustResult = trust->result();
if (trustResult == kSecTrustResultInvalid ||
trustResult == kSecTrustResultRecoverableTrustFailure ||
trustResult == kSecTrustResultFatalTrustFailure)
{
identityOK = false; // move on to the next one
continue;
//.........这里部分代码省略.........