I'm wondering if there's any way I could basically take a SecTrust object and evaluate it in terms of a SecRequirement instance?
I understand that the Code Signing Requirement Language goes a bit beyond just X.509 certificate stuff, and is primarily intended for, well, code signing. That said, its certificate related features seem completely applicable in other contexts.
I'm in a situation where I'm checking certificates in a TLS context, rather than any code object. E.g. given a URLAuthenticationChallenge I'd like to assert that its `.protectionSpace.serverTrust` meets a requirements string such as "anchor = H\"b72bb0424ed86ff665b4776c006ac57014d3b6a5\"".
The requirements language is easy to read and to tweak in the future, especially compared to using the SecCert APIs directly. Poking into the code for e.g. SecStaticCode::validateRequirement makes me pessimistic, but I wanted to double-check: does Apple provide any API I could use to evaluate a SecTrust object in terms of a SecRequirement?