[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmtrust.h

/*
 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// cssmtrust - CSSM layer Trust (TP) related objects.
//
#ifndef _H_CSSMTRUST
#define _H_CSSMTRUST

#include <security_cdsa_utilities/cssmbridge.h>
#include <security_cdsa_utilities/cssmcert.h>
#include <security_cdsa_utilities/cssmcred.h>
#include <security_cdsa_utilities/cssmdb.h>


namespace Security {


//
// A TP "POLICYINFO" structure, essentially an OID/Data pair.
//
class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
public:
    uint32 count() const				{ return NumberOfPolicyIds; }
    uint32 &count()						{ return NumberOfPolicyIds; }
    CssmField *policies() const			{ return CssmField::overlay(PolicyIds); }
    CssmField * &policies()				{ return CssmField::overlayVar(PolicyIds); }
    void *control() const				{ return PolicyControl; }
    
    CssmField &operator [] (uint32 ix)
    { assert(ix < count()); return policies()[ix]; }
    
    void setPolicies(uint32 n, CSSM_FIELD *p)
    { count() = n; policies() = CssmField::overlay(p); }
};


//
// TP caller authentication contexts
//
class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
public:
    CSSM_TP_STOP_ON stopCriterion() const	{ return VerificationAbortOn; }
    void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
    
    CSSM_TIMESTRING time() const			{ return VerifyTime; }
    void time(CSSM_TIMESTRING newTime)		{ VerifyTime = newTime; }
    
    PolicyInfo &policies()					{ return PolicyInfo::overlay(Policy); }
    const PolicyInfo &policies() const		{ return PolicyInfo::overlay(Policy); }
    void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
    
    AccessCredentials *creds() const
    { return AccessCredentials::optional(CallerCredentials); }
    void creds(AccessCredentials *newCreds)	{ CallerCredentials = newCreds; }
    
    uint32 anchorCount() const				{ return NumberOfAnchorCerts; }
    uint32 &anchorCount()					{ return NumberOfAnchorCerts; }
    CssmData *anchors() const				{ return CssmData::overlay(AnchorCerts); }
    CssmData * &anchors()					{ return CssmData::overlayVar(AnchorCerts); }
	
	CssmDlDbList *dlDbList() const			{ return CssmDlDbList::overlay(DBList); }
	CssmDlDbList * &dlDbList()				{ return CssmDlDbList::overlayVar(DBList); }
};


//
// TP Verify Contexts - a monster collection of possibly useful stuff
// when verifying a certificate against trust policies
//
class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
public:
    CSSM_TP_ACTION action() const		{ return Action; }
    CssmData &actionData()				{ return CssmData::overlay(ActionData); }
    const CssmData &actionData() const	{ return CssmData::overlay(ActionData); }
    
    // set and reference the CallerAuth component
    TPCallerAuth &callerAuth() const	{ return TPCallerAuth::required(Cred); }
    operator TPCallerAuth &() const		{ return callerAuth(); }
    TPCallerAuth *callerAuthPtr() const	{ return TPCallerAuth::optional(Cred); }
    void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
    
    // forward CallerAuth operations
    
    CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
    void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
    PolicyInfo &policies() const		{ return callerAuth().policies(); }
    void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
    CSSM_TIMESTRING time() const		{ return callerAuth().time(); }
    void time(CSSM_TIMESTRING newTime)	{ return callerAuth().time(newTime); }
    AccessCredentials *creds() const	{ return callerAuth().creds(); }
    void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
    uint32 anchorCount() const			{ return callerAuth().anchorCount(); }
    uint32 &anchorCount()				{ return callerAuth().anchorCount(); }
    CssmData *anchors() const			{ return callerAuth().anchors(); }
    CssmData * &anchors()				{ return callerAuth().anchors(); }
    void anchors(uint32 count, CSSM_DATA *vector)
    { anchorCount() = count; anchors() = CssmData::overlay(vector); }
	void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
	{ callerAuth().dlDbList()->setDlDbList(n, list); }
};


//
// The result of a (raw) TP trust verification call
//
class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
public:
    CSSM_EVIDENCE_FORM form() const		{ return EvidenceForm; }
	void *data() const					{ return Evidence; }
    operator void *() const				{ return data(); }
    
    template <class T>
    T *as() const { return reinterpret_cast<T *>(Evidence); }
};

class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
public:
    uint32 count() const				{ return NumberOfEvidences; }
    const TPEvidence &operator [] (uint32 ix) const
    { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
};


//
// A PodWrapper for Apple's TP supporting-evidence structure
//
class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
public:
    CSSM_TP_APPLE_CERT_STATUS status() const	{ return StatusBits; }
    CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
    { return status() & flags; }
    
    uint32 index() const		{ return Index; }
    const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
    CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
    
    uint32 codes() const		{ return NumStatusCodes; }
    CSSM_RETURN operator [] (uint32 ix)
    { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
	
	void destroy(Allocator &allocator);
};


//
// Walkers
//
namespace DataWalkers {


}	// end namespace DataWalkers
}	// end namespace Security

#endif //_H_CSSMTRUST
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// cssmtrust - CSSM layer Trust (TP) related objects.
	27	//
	28	#ifndef _H_CSSMTRUST
	29	#define _H_CSSMTRUST
	30
	31	#include <security_cdsa_utilities/cssmbridge.h>
	32	#include <security_cdsa_utilities/cssmcert.h>
	33	#include <security_cdsa_utilities/cssmcred.h>
	34	#include <security_cdsa_utilities/cssmdb.h>
	35
	36
	37	namespace Security {
	38
	39
	40	//
	41	// A TP "POLICYINFO" structure, essentially an OID/Data pair.
	42	//
	43	class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
	44	public:
	45	uint32 count() const { return NumberOfPolicyIds; }
	46	uint32 &count() { return NumberOfPolicyIds; }
	47	CssmField *policies() const { return CssmField::overlay(PolicyIds); }
	48	CssmField * &policies() { return CssmField::overlayVar(PolicyIds); }
	49	void *control() const { return PolicyControl; }
	50
	51	CssmField &operator [] (uint32 ix)
	52	{ assert(ix < count()); return policies()[ix]; }
	53
	54	void setPolicies(uint32 n, CSSM_FIELD *p)
	55	{ count() = n; policies() = CssmField::overlay(p); }
	56	};
	57
	58
	59	//
	60	// TP caller authentication contexts
	61	//
	62	class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
	63	public:
	64	CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; }
	65	void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
	66
67	CSSM_TIMESTRING time() const { return VerifyTime; }
68	void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; }
69
70	PolicyInfo &policies() { return PolicyInfo::overlay(Policy); }
71	const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); }
72	void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
73
74	AccessCredentials *creds() const
75	{ return AccessCredentials::optional(CallerCredentials); }
76	void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; }
77
78	uint32 anchorCount() const { return NumberOfAnchorCerts; }
79	uint32 &anchorCount() { return NumberOfAnchorCerts; }
80	CssmData *anchors() const { return CssmData::overlay(AnchorCerts); }
81	CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); }
82
83	CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); }
84	CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); }
85	};
86
87
88	//
89	// TP Verify Contexts - a monster collection of possibly useful stuff
90	// when verifying a certificate against trust policies
91	//
92	class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
93	public:
94	CSSM_TP_ACTION action() const { return Action; }
95	CssmData &actionData() { return CssmData::overlay(ActionData); }
96	const CssmData &actionData() const { return CssmData::overlay(ActionData); }
97
98	// set and reference the CallerAuth component
99	TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); }
100	operator TPCallerAuth &() const { return callerAuth(); }
101	TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
102	void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
103
104	// forward CallerAuth operations
105
106	CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
107	void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
108	PolicyInfo &policies() const { return callerAuth().policies(); }
109	void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
110	CSSM_TIMESTRING time() const { return callerAuth().time(); }
111	void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); }
112	AccessCredentials *creds() const { return callerAuth().creds(); }
113	void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
114	uint32 anchorCount() const { return callerAuth().anchorCount(); }
115	uint32 &anchorCount() { return callerAuth().anchorCount(); }
116	CssmData *anchors() const { return callerAuth().anchors(); }
117	CssmData * &anchors() { return callerAuth().anchors(); }
118	void anchors(uint32 count, CSSM_DATA *vector)
119	{ anchorCount() = count; anchors() = CssmData::overlay(vector); }
120	void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
121	{ callerAuth().dlDbList()->setDlDbList(n, list); }
122	};
123
124
125	//
126	// The result of a (raw) TP trust verification call
127	//
128	class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
129	public:
130	CSSM_EVIDENCE_FORM form() const { return EvidenceForm; }
131	void *data() const { return Evidence; }
132	operator void *() const { return data(); }
133
134	template <class T>
135	T as() const { return reinterpret_cast<T >(Evidence); }
136	};
137
138	class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
139	public:
140	uint32 count() const { return NumberOfEvidences; }
141	const TPEvidence &operator [] (uint32 ix) const
142	{ assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
143	};
144
145
146	//
147	// A PodWrapper for Apple's TP supporting-evidence structure
148	//
149	class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
150	public:
151	CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; }
152	CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
153	{ return status() & flags; }
154
155	uint32 index() const { return Index; }
156	const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
157	CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
158
159	uint32 codes() const { return NumStatusCodes; }
160	CSSM_RETURN operator [] (uint32 ix)
161	{ assert(ix < NumStatusCodes); return StatusCodes[ix]; }
162
163	void destroy(Allocator &allocator);
164	};
165
166
167	//
168	// Walkers
169	//
170	namespace DataWalkers {
171
172
173
174
175	} // end namespace DataWalkers
176	} // end namespace Security
177
178	#endif //_H_CSSMTRUST