From 7da430c3829569bc1d13bbb31727d37d31de9db4 Mon Sep 17 00:00:00 2001 From: Tim Jacomb Date: Wed, 22 Jan 2025 10:10:13 +0000 Subject: [PATCH] Snakecase --- src/crypto/crypto_context.cc | 115 +++++++++++++++++------------------ 1 file changed, 57 insertions(+), 58 deletions(-) diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index 9e96d07ac7554e..4ea99d48562877 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -239,7 +239,7 @@ enum class TrustStatus { DISTRUSTED }; -bool IsSelfSigned(X509* cert) { +bool isSelfIssued(X509* cert) { auto subject = X509_get_subject_name(cert); auto issuer = X509_get_issuer_name(cert); @@ -253,7 +253,7 @@ bool IsSelfSigned(X509* cert) { // See https://chromium.googlesource.com/chromium/src/+/HEAD/LICENSE for // details. TrustStatus IsTrustDictionaryTrustedForPolicy(CFDictionaryRef trust_dict, - bool isSelfIssued) { + bool is_self_issued) { // Trust settings may be scoped to a single application // skip as this is not supported if (CFDictionaryContainsKey(trust_dict, kSecTrustSettingsApplication)) { @@ -274,8 +274,8 @@ TrustStatus IsTrustDictionaryTrustedForPolicy(CFDictionaryRef trust_dict, // |kSecPolicyAppleSSL|. If there is no kSecTrustSettingsPolicy key, it's // considered a match for all policies. if (CFDictionaryContainsKey(trust_dict, kSecTrustSettingsPolicy)) { - SecPolicyRef policy_ref = (SecPolicyRef) CFDictionaryGetValue( - trust_dict, kSecTrustSettingsPolicy); + SecPolicyRef policy_ref = + (SecPolicyRef)CFDictionaryGetValue(trust_dict, kSecTrustSettingsPolicy); if (!policy_ref) { return TrustStatus::UNSPECIFIED; } @@ -283,8 +283,8 @@ TrustStatus IsTrustDictionaryTrustedForPolicy(CFDictionaryRef trust_dict, CFDictionaryRef policy_dict(SecPolicyCopyProperties(policy_ref)); // kSecPolicyOid is guaranteed to be present in the policy dictionary. - CFStringRef policy_oid = (CFStringRef) CFDictionaryGetValue( - policy_dict, kSecPolicyOid); + CFStringRef policy_oid = + (CFStringRef)CFDictionaryGetValue(policy_dict, kSecPolicyOid); if (!CFEqual(policy_oid, kSecPolicyAppleSSL)) { return TrustStatus::UNSPECIFIED; @@ -317,7 +317,7 @@ TrustStatus IsTrustDictionaryTrustedForPolicy(CFDictionaryRef trust_dict, // if using the platform APIs, and may require supporting MD5 signature // algorithms on some older OSX versions or locally added roots, which is // undesirable in the built-in signature verifier. - if (isSelfIssued) { + if (is_self_issued) { return trust_settings_result == kSecTrustSettingsResultTrustRoot || trust_settings_result == kSecTrustSettingsResultTrustAsRoot ? TrustStatus::TRUSTED @@ -333,26 +333,24 @@ TrustStatus IsTrustDictionaryTrustedForPolicy(CFDictionaryRef trust_dict, return TrustStatus::UNSPECIFIED; } -TrustStatus IsTrustSettingsTrustedForPolicy(CFArrayRef trustSettings, - bool isSelfIssued) { - // The trustSettings parameter can return a valid but empty CFArrayRef. +TrustStatus IsTrustSettingsTrustedForPolicy(CFArrayRef trust_settings, + bool is_self_issued) { + // The trust_settings parameter can return a valid but empty CFArrayRef. // This empty trust-settings array means “always trust this certificate” // with an overall trust setting for the certificate of // kSecTrustSettingsResultTrustRoot - if (CFArrayGetCount(trustSettings) == 0) { - if (isSelfIssued) { + if (CFArrayGetCount(trust_settings) == 0) { + if (is_self_issued) { return TrustStatus::TRUSTED; } } - CFIndex trustSettingsCount = CFArrayGetCount(trustSettings); - - for (CFIndex i = 0; i < trustSettingsCount; ++i) { + for (CFIndex i = 0; i < CFArrayGetCount(trust_settings); ++i) { CFDictionaryRef trust_dict = reinterpret_cast( - const_cast(CFArrayGetValueAtIndex(trustSettings, i))); + const_cast(CFArrayGetValueAtIndex(trust_settings, i))); TrustStatus trust = - IsTrustDictionaryTrustedForPolicy(trust_dict, isSelfIssued); + IsTrustDictionaryTrustedForPolicy(trust_dict, is_self_issued); if (trust == TrustStatus::DISTRUSTED || trust == TrustStatus::TRUSTED) { return trust; @@ -362,28 +360,29 @@ TrustStatus IsTrustSettingsTrustedForPolicy(CFArrayRef trustSettings, } bool IsCertificateTrustValid(SecCertificateRef ref) { - SecTrustRef secTrust = nullptr; - CFMutableArrayRef subjCerts = + SecTrustRef sec_trust = nullptr; + CFMutableArrayRef subj_certs = CFArrayCreateMutable(nullptr, 1, &kCFTypeArrayCallBacks); - CFArraySetValueAtIndex(subjCerts, 0, ref); + CFArraySetValueAtIndex(subj_certs, 0, ref); SecPolicyRef policy = SecPolicyCreateBasicX509(); - OSStatus ortn = SecTrustCreateWithCertificates(subjCerts, policy, &secTrust); + OSStatus ortn = + SecTrustCreateWithCertificates(subj_certs, policy, &sec_trust); bool result = false; if (ortn) { /* should never happen */ } else { - result = SecTrustEvaluateWithError(secTrust, nullptr); + result = SecTrustEvaluateWithError(sec_trust, nullptr); } if (policy) { CFRelease(policy); } - if (secTrust) { - CFRelease(secTrust); + if (sec_trust) { + CFRelease(sec_trust); } - if (subjCerts) { - CFRelease(subjCerts); + if (subj_certs) { + CFRelease(subj_certs); } return result; } @@ -391,38 +390,38 @@ bool IsCertificateTrustValid(SecCertificateRef ref) { bool IsCertificateTrustedForPolicy(X509* cert, SecCertificateRef ref) { OSStatus err; - bool trustEvaluated = false; - bool isSelfSigned = IsSelfSigned(cert); + bool trust_evaluated = false; + bool is_self_issued = isSelfIssued(cert); // Evaluate user trust domain, then admin. User settings can override // admin (and both override the system domain, but we don't check that). for (const auto& trust_domain : {kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin}) { - CFArrayRef trustSettings; - err = SecTrustSettingsCopyTrustSettings(ref, trust_domain, &trustSettings); + CFArrayRef trust_settings; + err = SecTrustSettingsCopyTrustSettings(ref, trust_domain, &trust_settings); - if (err == errSecSuccess && trustSettings != nullptr) { + if (err == errSecSuccess && trust_settings != nullptr) { TrustStatus result = - IsTrustSettingsTrustedForPolicy(trustSettings, isSelfSigned); + IsTrustSettingsTrustedForPolicy(trust_settings, is_self_issued); if (result != TrustStatus::UNSPECIFIED) { - CFRelease(trustSettings); + CFRelease(trust_settings); return result == TrustStatus::TRUSTED; } } // An empty trust settings array isn’t the same as no trust settings, - // where the trustSettings parameter returns NULL. + // where the trust_settings parameter returns NULL. // No trust-settings array means // “this certificate must be verifiable using a known trusted certificate”. - if (trustSettings == nullptr && !trustEvaluated) { + if (trust_settings == nullptr && !trust_evaluated) { bool result = IsCertificateTrustValid(ref); if (result) { return true; } // no point re-evaluating this in the admin domain - trustEvaluated = true; - } else if (trustSettings) { - CFRelease(trustSettings); + trust_evaluated = true; + } else if (trust_settings) { + CFRelease(trust_settings); } } return false; @@ -430,61 +429,61 @@ bool IsCertificateTrustedForPolicy(X509* cert, SecCertificateRef ref) { void ReadMacOSKeychainCertificates( std::vector* system_root_certificates) { - CFTypeRef searchKeys[] = {kSecClass, kSecMatchLimit, kSecReturnRef}; - CFTypeRef searchValues[] = { + CFTypeRef search_keys[] = {kSecClass, kSecMatchLimit, kSecReturnRef}; + CFTypeRef search_values[] = { kSecClassCertificate, kSecMatchLimitAll, kCFBooleanTrue}; CFDictionaryRef search = CFDictionaryCreate(kCFAllocatorDefault, - searchKeys, - searchValues, + search_keys, + search_values, 3, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFArrayRef currAnchors = nullptr; + CFArrayRef curr_anchors = nullptr; OSStatus ortn = - SecItemCopyMatching(search, reinterpret_cast(&currAnchors)); + SecItemCopyMatching(search, reinterpret_cast(&curr_anchors)); CFRelease(search); if (ortn) { fprintf(stderr, "ERROR: SecItemCopyMatching failed %d\n", ortn); } - CFIndex count = CFArrayGetCount(currAnchors); + CFIndex count = CFArrayGetCount(curr_anchors); std::vector system_root_certificates_X509; for (int i = 0; i < count; ++i) { - SecCertificateRef certRef = reinterpret_cast( - const_cast(CFArrayGetValueAtIndex(currAnchors, i))); + SecCertificateRef cert_ref = reinterpret_cast( + const_cast(CFArrayGetValueAtIndex(curr_anchors, i))); - CFDataRef derData = SecCertificateCopyData(certRef); - if (!derData) { + CFDataRef der_data = SecCertificateCopyData(cert_ref); + if (!der_data) { fprintf(stderr, "ERROR: SecCertificateCopyData failed\n"); continue; } - auto dataBufferPointer = CFDataGetBytePtr(derData); + auto data_buffer_pointer = CFDataGetBytePtr(der_data); X509* cert = - d2i_X509(nullptr, &dataBufferPointer, CFDataGetLength(derData)); - CFRelease(derData); - bool isValid = IsCertificateTrustedForPolicy(cert, certRef); - if (isValid) { + d2i_X509(nullptr, &data_buffer_pointer, CFDataGetLength(der_data)); + CFRelease(der_data); + bool is_valid = IsCertificateTrustedForPolicy(cert, cert_ref); + if (is_valid) { system_root_certificates_X509.emplace_back(cert); } } - CFRelease(currAnchors); + CFRelease(curr_anchors); for (size_t i = 0; i < system_root_certificates_X509.size(); i++) { ncrypto::X509View x509_view(system_root_certificates_X509[i]); - auto pemBio = x509_view.toPEM(); - if (!pemBio) { + auto pem_bio = x509_view.toPEM(); + if (!pem_bio) { fprintf(stderr, "Warning: converting system certificate to PEM format failed\n"); continue; } char* pem_data = nullptr; - auto pem_size = BIO_get_mem_data(pemBio.get(), &pem_data); + auto pem_size = BIO_get_mem_data(pem_bio.get(), &pem_data); if (pem_size <= 0 || !pem_data) { fprintf( stderr,