in aws_signing_helper/cert_store_signer_darwin.go [232:281]
func (signer *DarwinCertStoreSigner) CertificateChain() ([]*x509.Certificate, error) {
if signer.certChain != nil {
return signer.certChain, nil
}
certRef, err := signer.getCertRef()
if err != nil {
return nil, err
}
policy := C.SecPolicyCreateSSL(0, 0)
var trustRef C.SecTrustRef
if err := osStatusError(C.SecTrustCreateWithCertificates(C.CFTypeRef(certRef), C.CFTypeRef(policy), &trustRef)); err != nil {
return nil, err
}
defer C.CFRelease(C.CFTypeRef(trustRef))
// var status C.SecTrustResultType
var cfErrRef C.CFErrorRef
if C.SecTrustEvaluateWithError(trustRef, &cfErrRef) {
return nil, cfErrorError(cfErrRef)
}
var (
nChain = C.SecTrustGetCertificateCount(trustRef)
certChain = make([]*x509.Certificate, 0, int(nChain))
)
certChainArr := C.SecTrustCopyCertificateChain(trustRef)
defer C.CFRelease(C.CFTypeRef(certChainArr))
for i := C.CFIndex(0); i < nChain; i++ {
chainCertRef := C.SecCertificateRef(C.CFArrayGetValueAtIndex(certChainArr, i))
if chainCertRef == 0 {
return nil, errors.New("nil certificate in chain")
}
chainCert, err := exportCertRef(chainCertRef)
if err != nil {
return nil, err
}
certChain = append(certChain, chainCert)
}
certChain = certChain[1:]
signer.certChain = certChain
return signer.certChain, nil
}