mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2025-12-06 06:13:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Read System.keychain as well as SystemRootCertificates.keychain for MacOS CA Bundle

Browse Source
This commit is contained in:
Don 2025-01-31 16:02:42 -06:00 committed by Alex Rønne Petersen
parent ea1ce2df9b
commit b3a11018ae
1 changed files with 46 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
lib/std/crypto/Certificate/Bundle/macos.zig
View File

@ -11,61 +11,68 @@ pub fn rescanMac(cb: *Bundle, gpa: Allocator) RescanMacError!void {
cb.bytes.clearRetainingCapacity(); cb.bytes.clearRetainingCapacity();
cb.map.clearRetainingCapacity(); cb.map.clearRetainingCapacity();
const file = try fs.openFileAbsolute("/System/Library/Keychains/SystemRootCertificates.keychain", .{}); const keychainPaths = [2][]const u8{
defer file.close(); "/System/Library/Keychains/SystemRootCertificates.keychain",
"/Library/Keychains/System.keychain",
};
const bytes = try file.readToEndAlloc(gpa, std.math.maxInt(u32)); for (keychainPaths) |keychainPath| {
defer gpa.free(bytes); const file = try fs.openFileAbsolute(keychainPath, .{});
defer file.close();
var stream = std.io.fixedBufferStream(bytes); const bytes = try file.readToEndAlloc(gpa, std.math.maxInt(u32));
const reader = stream.reader(); defer gpa.free(bytes);
const db_header = try reader.readStructEndian(ApplDbHeader, .big); var stream = std.io.fixedBufferStream(bytes);
assert(mem.eql(u8, &db_header.signature, "kych")); const reader = stream.reader();
try stream.seekTo(db_header.schema_offset); const db_header = try reader.readStructEndian(ApplDbHeader, .big);
assert(mem.eql(u8, &db_header.signature, "kych"));
const db_schema = try reader.readStructEndian(ApplDbSchema, .big); try stream.seekTo(db_header.schema_offset);
var table_list = try gpa.alloc(u32, db_schema.table_count); const db_schema = try reader.readStructEndian(ApplDbSchema, .big);
defer gpa.free(table_list);
var table_idx: u32 = 0; var table_list = try gpa.alloc(u32, db_schema.table_count);
while (table_idx < table_list.len) : (table_idx += 1) { defer gpa.free(table_list);
table_list[table_idx] = try reader.readInt(u32, .big);
}
const now_sec = std.time.timestamp(); var table_idx: u32 = 0;
while (table_idx < table_list.len) : (table_idx += 1) {
for (table_list) |table_offset| { table_list[table_idx] = try reader.readInt(u32, .big);
try stream.seekTo(db_header.schema_offset + table_offset);
const table_header = try reader.readStructEndian(TableHeader, .big);
if (@as(std.c.DB_RECORDTYPE, @enumFromInt(table_header.table_id)) != .X509_CERTIFICATE) {
continue;
} }
var record_list = try gpa.alloc(u32, table_header.record_count); const now_sec = std.time.timestamp();
defer gpa.free(record_list);
var record_idx: u32 = 0; for (table_list) |table_offset| {
while (record_idx < record_list.len) : (record_idx += 1) { try stream.seekTo(db_header.schema_offset + table_offset);
record_list[record_idx] = try reader.readInt(u32, .big);
}
for (record_list) |record_offset| { const table_header = try reader.readStructEndian(TableHeader, .big);
try stream.seekTo(db_header.schema_offset + table_offset + record_offset);
const cert_header = try reader.readStructEndian(X509CertHeader, .big); if (@as(std.c.DB_RECORDTYPE, @enumFromInt(table_header.table_id)) != .X509_CERTIFICATE) {
continue;
}
try cb.bytes.ensureUnusedCapacity(gpa, cert_header.cert_size); var record_list = try gpa.alloc(u32, table_header.record_count);
defer gpa.free(record_list);
const cert_start = @as(u32, @intCast(cb.bytes.items.len)); var record_idx: u32 = 0;
const dest_buf = cb.bytes.allocatedSlice()[cert_start..]; while (record_idx < record_list.len) : (record_idx += 1) {
cb.bytes.items.len += try reader.readAtLeast(dest_buf, cert_header.cert_size); record_list[record_idx] = try reader.readInt(u32, .big);
}
try cb.parseCert(gpa, cert_start, now_sec); for (record_list) |record_offset| {
try stream.seekTo(db_header.schema_offset + table_offset + record_offset);
const cert_header = try reader.readStructEndian(X509CertHeader, .big);
try cb.bytes.ensureUnusedCapacity(gpa, cert_header.cert_size);
const cert_start = @as(u32, @intCast(cb.bytes.items.len));
const dest_buf = cb.bytes.allocatedSlice()[cert_start..];
cb.bytes.items.len += try reader.readAtLeast(dest_buf, cert_header.cert_size);
try cb.parseCert(gpa, cert_start, now_sec);
}
} }
} }