[CalendarServer-changes] [15436] OSXFrameworks/trunk

source_changes at macosforge.org source_changes at macosforge.org
Mon Jan 11 13:19:50 PST 2016 

Revision: 15436
          http://trac.calendarserver.org//changeset/15436
Author:   cdaboo at apple.com
Date:     2016-01-11 13:19:50 -0800 (Mon, 11 Jan 2016)
Log Message:
-----------
Add more APIs for Security CMS processing.

Modified Paths:
--------------
    OSXFrameworks/trunk/osx/_corefoundation_cffi_build.py
    OSXFrameworks/trunk/osx/corefoundation.py
    OSXFrameworks/trunk/osx/frameworks/__init__.py
    OSXFrameworks/trunk/osx/frameworks/_security_cffi.py

Added Paths:
-----------
    OSXFrameworks/trunk/osx/frameworks/_security_cms_cffi.py

Property Changed:
----------------
    OSXFrameworks/trunk/


Property changes on: OSXFrameworks/trunk
___________________________________________________________________
Modified: svn:ignore
   - .project
.pydevproject

   + .project
.pydevproject
build


Modified: OSXFrameworks/trunk/osx/_corefoundation_cffi_build.py
===================================================================
--- OSXFrameworks/trunk/osx/_corefoundation_cffi_build.py	2016-01-11 18:42:25 UTC (rev 15435)
+++ OSXFrameworks/trunk/osx/_corefoundation_cffi_build.py	2016-01-11 21:19:50 UTC (rev 15436)
@@ -23,6 +23,7 @@
     "_corefoundation_cffi",
     "_opendirectory_cffi",
     "_security_cffi",
+    "_security_cms_cffi",
     "_utils_cffi",
 )]
 

Modified: OSXFrameworks/trunk/osx/corefoundation.py
===================================================================
--- OSXFrameworks/trunk/osx/corefoundation.py	2016-01-11 18:42:25 UTC (rev 15435)
+++ OSXFrameworks/trunk/osx/corefoundation.py	2016-01-11 21:19:50 UTC (rev 15436)
@@ -254,7 +254,7 @@
 
     def count(self):
         """
-        The number of items in the wrapped CFArrayRef.
+        The length of the data in the CFDataRef.
 
         @return: the count
         @rtype: L{int}

Modified: OSXFrameworks/trunk/osx/frameworks/__init__.py
===================================================================
--- OSXFrameworks/trunk/osx/frameworks/__init__.py	2016-01-11 18:42:25 UTC (rev 15435)
+++ OSXFrameworks/trunk/osx/frameworks/__init__.py	2016-01-11 21:19:50 UTC (rev 15436)
@@ -18,5 +18,6 @@
     "_corefoundation_cffi",
     "_opendirectory_cffi",
     "_security_cffi",
+    "_security_cms_cffi",
     "_utils_cffi",
 ]

Modified: OSXFrameworks/trunk/osx/frameworks/_security_cffi.py
===================================================================
--- OSXFrameworks/trunk/osx/frameworks/_security_cffi.py	2016-01-11 18:42:25 UTC (rev 15435)
+++ OSXFrameworks/trunk/osx/frameworks/_security_cffi.py	2016-01-11 21:19:50 UTC (rev 15436)
@@ -28,6 +28,7 @@
 typedef struct OpaqueSecCertificateRef *SecCertificateRef;
 typedef struct OpaqueSecIdentityRef *SecIdentityRef;
 typedef struct OpaqueSecKeychainRef *SecKeychainRef;
+typedef struct OpaqueSecPolicyRef *SecPolicyRef;
 
 // SecImportExport.h
 typedef enum
@@ -102,6 +103,9 @@
 
 typedef OSStatus (*SSLReadFunc) ( SSLConnectionRef connection, void *data, size_t *dataLength );
 typedef OSStatus (*SSLWriteFunc) ( SSLConnectionRef connection, const void *data, size_t *dataLength );
+
+// SecTrust.h
+typedef struct __SecTrust *SecTrustRef;
 """
 
 CONSTANTS = """
@@ -406,6 +410,11 @@
 // SecKeychain.h
 OSStatus SecKeychainSetUserInteractionAllowed ( Boolean state );
 
+// SecPolicy.h
+SecPolicyRef SecPolicyCreateBasicX509(void);
+SecPolicyRef SecPolicyCreateSSL(Boolean server, CFStringRef hostname);
+
+
 // SecTransform.h
 SecTransformRef SecSignTransformCreate( SecKeyRef key, CFErrorRef *error ) ;
 Boolean SecTransformSetAttribute(SecTransformRef transformRef,

Added: OSXFrameworks/trunk/osx/frameworks/_security_cms_cffi.py
===================================================================
--- OSXFrameworks/trunk/osx/frameworks/_security_cms_cffi.py	                        (rev 0)
+++ OSXFrameworks/trunk/osx/frameworks/_security_cms_cffi.py	2016-01-11 21:19:50 UTC (rev 15436)
@@ -0,0 +1,163 @@
+##
+# Copyright (c) 2016 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+
+INCLUDES = """
+#include <Security/Security.h>
+"""
+
+EXTRA_LINKS = []
+
+TYPES = """
+
+// CMSDecoder.h
+typedef struct _CMSDecoder *CMSDecoderRef;
+
+typedef enum
+{
+    kCMSSignerUnsigned = 0,                /* message was not signed */
+    kCMSSignerValid,                       /* message was signed and signature verify OK */
+    kCMSSignerNeedsDetachedContent,        /* message was signed but needs detached content
+                                            *   to verify */
+    kCMSSignerInvalidSignature,            /* message was signed but had a signature error */
+    kCMSSignerInvalidCert,                 /* message was signed but an error occurred in verifying
+                                            *   the signer's certificate */
+    kCMSSignerInvalidIndex                 /* specified signer index out of range */
+} CMSSignerStatus;
+
+// CMSEncoder.h
+typedef struct _CMSEncoder *CMSEncoderRef;
+
+typedef enum {
+    kCMSAttrNone                        = 0x0000,
+    /*
+     * S/MIME Capabilities - identifies supported signature, encryption, and
+     * digest algorithms.
+     */
+    kCMSAttrSmimeCapabilities            = 0x0001,
+    /*
+     * Indicates that a cert is the preferred cert for S/MIME encryption.
+     */
+    kCMSAttrSmimeEncryptionKeyPrefs        = 0x0002,
+    /*
+     * Same as kCMSSmimeEncryptionKeyPrefs, using an attribute OID preferred
+     * by Microsoft.
+     */
+    kCMSAttrSmimeMSEncryptionKeyPrefs    = 0x0004,
+    /*
+     * Include the signing time.
+     */
+    kCMSAttrSigningTime                    = 0x0008
+} CMSSignedAttributes;
+
+typedef enum {
+    kCMSCertificateNone = 0,        /* don't include any certificates */
+    kCMSCertificateSignerOnly,        /* only include signer certificate(s) */
+    kCMSCertificateChain,            /* signer certificate chain up to but not
+                                     *   including root certiticate */
+    kCMSCertificateChainWithRoot    /* signer certificate chain including root */
+} CMSCertificateChainMode;
+"""
+
+CONSTANTS = """
+// CMSEncoder.h
+extern const CFStringRef kCMSEncoderDigestAlgorithmSHA1;
+extern const CFStringRef kCMSEncoderDigestAlgorithmSHA256;
+"""
+
+FUNCTIONS = """
+
+// CMSDecoder.h
+CFTypeID CMSDecoderGetTypeID(void);
+
+OSStatus CMSDecoderCreate(CMSDecoderRef *cmsDecoderOut);
+OSStatus CMSDecoderUpdateMessage(
+    CMSDecoderRef        cmsDecoder,
+    const void            *msgBytes,
+    size_t                msgBytesLen);
+OSStatus CMSDecoderFinalizeMessage(
+    CMSDecoderRef        cmsDecoder);
+
+OSStatus CMSDecoderGetNumSigners(
+    CMSDecoderRef        cmsDecoder,
+    size_t                *numSignersOut);
+OSStatus CMSDecoderCopySignerStatus(
+    CMSDecoderRef               cmsDecoder,
+    size_t                      signerIndex,
+    CFTypeRef                   policyOrArray,
+    Boolean                     evaluateSecTrust,
+    CMSSignerStatus *signerStatusOut,
+    SecTrustRef *secTrustOut,
+    OSStatus *certVerifyResultCodeOut);
+OSStatus CMSDecoderCopySignerCert(
+    CMSDecoderRef        cmsDecoder,
+    size_t                signerIndex,
+    SecCertificateRef *signerCertOut);
+
+OSStatus CMSDecoderIsContentEncrypted(
+    CMSDecoderRef        cmsDecoder,
+    Boolean                *isEncryptedOut);
+OSStatus CMSDecoderCopyEncapsulatedContentType(
+    CMSDecoderRef        cmsDecoder,
+    CFDataRef *eContentTypeOut);
+OSStatus CMSDecoderCopyContent(
+    CMSDecoderRef        cmsDecoder,
+    CFDataRef *contentOut);
+
+// CMSEncoder.h
+CFTypeID CMSEncoderGetTypeID(void);
+
+OSStatus CMSEncoderCreate(CMSEncoderRef * cmsEncoderOut);
+OSStatus CMSEncoderSetSignerAlgorithm(
+    CMSEncoderRef        cmsEncoder,
+    CFStringRef        digestAlgorithm);
+OSStatus CMSEncoderAddSigners(
+    CMSEncoderRef        cmsEncoder,
+    CFTypeRef            signerOrArray);
+OSStatus CMSEncoderAddRecipients(
+    CMSEncoderRef        cmsEncoder,
+    CFTypeRef            recipientOrArray);
+OSStatus CMSEncoderSetEncapsulatedContentTypeOID(
+    CMSEncoderRef        cmsEncoder,
+    CFTypeRef            eContentTypeOID);
+
+OSStatus CMSEncoderAddSignedAttributes(
+    CMSEncoderRef        cmsEncoder,
+    CMSSignedAttributes    signedAttributes);
+OSStatus CMSEncoderSetCertificateChainMode(
+    CMSEncoderRef            cmsEncoder,
+    CMSCertificateChainMode    chainMode);
+
+OSStatus CMSEncoderUpdateContent(
+    CMSEncoderRef        cmsEncoder,
+    const void            *content,
+    size_t                contentLen);
+
+OSStatus CMSEncoderCopyEncodedContent(
+    CMSEncoderRef        cmsEncoder,
+    CFDataRef *encodedContentOut);
+
+OSStatus CMSEncodeContent(
+    CFTypeRef    signers,
+    CFTypeRef    recipients,
+    CFTypeRef    eContentTypeOID,
+    Boolean                 detachedContent,
+    CMSSignedAttributes     signedAttributes,
+    const void              *content,
+    size_t                  contentLen,
+    CFDataRef *encodedContentOut);
+
+"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160111/d9a6f1dd/attachment.html>

More information about the calendarserver-changes mailing list