Commit 16e0efae authored by George Nachman's avatar George Nachman

Only return valid (non-expired, etc.) certificates from allIdentities

parent 3c983af1
......@@ -11,6 +11,8 @@
#import "SIGCertificate.h"
#import "SIGKey.h"
#import "SIGKeychain.h"
#import "SIGPolicy.h"
#import "SIGTrust.h"
@implementation SIGIdentity {
SIGCertificate *_signingCertificate;
......@@ -40,15 +42,35 @@
CFArrayRef array = (CFArrayRef)result;
NSMutableArray<SIGIdentity *> *identities = [NSMutableArray array];
dispatch_group_t group = dispatch_group_create();
for (NSInteger i = 0; i < CFArrayGetCount(array); i++) {
SecIdentityRef secIdentity = (SecIdentityRef)CFArrayGetValueAtIndex(array, i);
SIGIdentity *identity = [[SIGIdentity alloc] initWithSecIdentity:secIdentity];
if (!identity) {
continue;
}
[identities addObject:identity];
NSError *trustError = nil;
// Don't use the CRL policy because it would need to make a network round-trip.
SIGTrust *trust = [[SIGTrust alloc] initWithCertificates:@[ identity.signingCertificate]
policies:@[ [[SIGX509Policy alloc] init] ]
error:&trustError];
if (!trust || trustError) {
continue;
}
dispatch_group_enter(group);
[trust evaluateWithCompletion:^(BOOL ok, NSError * _Nullable error) {
if (ok) {
@synchronized(identities) {
[identities addObject:identity];
}
}
dispatch_group_leave(group);
}];
}
dispatch_group_wait(group, DISPATCH_TIME_FOREVER);
@synchronized(identities) {
return identities;
}
return identities;
}
- (instancetype)initWithSecIdentity:(SecIdentityRef)secIdentity {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment