Add function to retrieve certificates as byte data from the keychain

MatteoPologruto · MatteoPologruto · commit 2f3282d95a71 · 2024-04-23T17:40:46.000+02:00
diff --git a/certificates/install_darwin.go b/certificates/install_darwin.go
@@ -139,6 +139,40 @@ const char *evaluateCert(){
     }
     return "";
 }
+
+const char *getExpirationDate(){
+    // Create a key-value dictionary used to query the Keychain and look for the "Arduino" root certificate.
+    NSDictionary *getquery = @{
+                (id)kSecClass:     (id)kSecClassCertificate,
+                (id)kSecAttrLabel: @"Arduino",
+                (id)kSecReturnRef: @YES,
+            };
+
+    OSStatus err = noErr;
+    SecCertificateRef cert = NULL;
+
+    // Use this function to check for errors
+    err = SecItemCopyMatching((CFDictionaryRef)getquery, (CFTypeRef *)&cert);
+
+    if (err != errSecItemNotFound && err != noErr){
+        NSString *errString = [@"Error: " stringByAppendingFormat:@"%d", err];
+        NSLog(@"%@", errString);
+        return "";
+    }
+
+    // Get data from the certificate. We just need the "invalidity date" property.
+    CFDictionaryRef valuesDict = SecCertificateCopyValues(cert, (__bridge CFArrayRef)@[(__bridge id)kSecOIDInvalidityDate], NULL);
+
+    // TODO: Error checking.
+    CFDictionaryRef invalidityDateDictionaryRef = CFDictionaryGetValue(valuesDict, kSecOIDInvalidityDate);
+    CFTypeRef invalidityRef = CFDictionaryGetValue(invalidityDateDictionaryRef, kSecPropertyKeyValue);
+    id expirationDateValue = CFBridgingRelease(invalidityRef);
+
+    CFRelease(valuesDict);
+
+    NSString *outputString = [@"" stringByAppendingFormat:@"%@", expirationDateValue];
+    return [outputString cStringUsingEncoding:[NSString defaultCStringEncoding]];
+}
 */
 import "C"
 import (
@@ -195,3 +229,14 @@ func EvaluateCertificates() error {
 	}
 	return nil
 }
+
+// GetCertificate returns the expiration date of a certificate stored in the keychain
+func GetExpirationDate() (string, error) {
+	log.Infof("Retrieving certificate's expiration date")
+	p := C.getExpirationDate()
+	s := C.GoString(p)
+	if len(s) != 0 {
+		return s, nil
+	}
+	return "", nil
+}
diff --git a/certificates/install_default.go b/certificates/install_default.go
@@ -42,3 +42,9 @@ func EvaluateCertificates() error {
 	log.Warn("platform not supported for the certificates evaluation")
 	return errors.New("platform not supported for the certificates evaluation")
 }
+
+// GetCertificate won't do anything on unsupported Operative Systems
+func GetExpirationDate() (string, error) {
+	log.Warn("platform not supported for retrieving certificates expiration date")
+	return "", errors.New("platform not supported for retrieving certificates expiration date")
+}
