[apple/security.git] / Security / libsecurity_apple_x509_tp / lib / AppleTPSession.h

/*
 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/* 
 * AppleTPSession.h - TP session functions.
 * 
 */
 
#ifndef _H_APPLE_TP_SESSION
#define _H_APPLE_TP_SESSION

#include <security_cdsa_plugin/TPsession.h>
#include "TPCertInfo.h"

#define REALLOC_WORKAROUND	0
#if 	REALLOC_WORKAROUND
#include <string.h>
#endif

class AppleTPSession : public TPPluginSession {

public:

	AppleTPSession(
		CSSM_MODULE_HANDLE theHandle,
		CssmPlugin &plug,
		const CSSM_VERSION &version,
		uint32 subserviceId,
		CSSM_SERVICE_TYPE subserviceType,
		CSSM_ATTACH_FLAGS attachFlags,
		const CSSM_UPCALLS &upcalls);

	~AppleTPSession();
	
	#if		REALLOC_WORKAROUND
	void *realloc(void *oldp, size_t size) {
		void *newp = malloc(size);
		memmove(newp, oldp, size);
		free(oldp);
		return newp;
	}
	#endif	/* REALLOC_WORKAROUND */

	/* methods declared in TPabstractSession.h */
	void CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
         uint32 NumberOfFields,
         const CSSM_FIELD CertFields[],
         CssmData &CertTemplate);
	void CrlVerify(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CSSM_ENCODED_CRL &CrlToBeVerified,
         const CSSM_CERTGROUP &SignerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult);
	void CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
         uint32 CertIndex,
         CSSM_LONG_HANDLE KeyCacheHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry);
	void CertGroupVerify(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CSSM_CERTGROUP &CertGroupToBeVerified,
         const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult);
	void CertGroupConstruct(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CSSM_DL_DB_LIST &DBList,
         const void *ConstructParams,
         const CSSM_CERTGROUP &CertGroupFrag,
         CSSM_CERTGROUP_PTR &CertGroup);
	void CertSign(CSSM_CL_HANDLE CLHandle,
         CSSM_CC_HANDLE CCHandle,
         const CssmData &CertTemplateToBeSigned,
         const CSSM_CERTGROUP &SignerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
         CssmData &SignedCert);
	void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
         const CSSM_TUPLEGROUP &TupleGroup,
         CSSM_CERTGROUP_PTR &CertTemplates);
	void ReceiveConfirmation(const CssmData &ReferenceIdentifier,
         CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
         sint32 &ElapsedTime);
	void PassThrough(CSSM_CL_HANDLE CLHandle,
         CSSM_CC_HANDLE CCHandle,
         const CSSM_DL_DB_LIST *DBList,
         uint32 PassThroughId,
         const void *InputParams,
         void **OutputParams);
	void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CssmData *OldCrlTemplate,
         const CSSM_CERTGROUP &CertGroupToBeRemoved,
         const CSSM_CERTGROUP &RevokerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
         CssmData &NewCrlTemplate);
	void CertRevoke(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CssmData *OldCrlTemplate,
         const CSSM_CERTGROUP &CertGroupToBeRevoked,
         const CSSM_CERTGROUP &RevokerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
         CSSM_TP_CERTCHANGE_REASON Reason,
         CssmData &NewCrlTemplate);
	void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle);
	void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
         uint32 NumberOfFields,
         const CSSM_FIELD CrlFields[],
         CssmData &NewCrlTemplate);
	void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
         const CSSM_CERTGROUP &CertGroup,
         CSSM_TUPLEGROUP_PTR &TupleGroup);
	void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
         CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
         const CSSM_TP_REQUEST_SET &RequestInput,
         const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
         sint32 &EstimatedTime,
         CssmData &ReferenceIdentifier);
	void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
         CSSM_TP_FORM_TYPE FormType,
         CssmData &BlankForm);
	void CrlSign(CSSM_CL_HANDLE CLHandle,
         CSSM_CC_HANDLE CCHandle,
         const CSSM_ENCODED_CRL &CrlToBeSigned,
         const CSSM_CERTGROUP &SignerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
         CssmData &SignedCrl);
	void CertGroupPrune(CSSM_CL_HANDLE CLHandle,
         const CSSM_DL_DB_LIST &DBList,
         const CSSM_CERTGROUP &OrderedCertGroup,
         CSSM_CERTGROUP_PTR &PrunedCertGroup);
	void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
         CSSM_CSP_HANDLE CSPHandle,
         const CSSM_ENCODED_CRL &CrlToBeApplied,
         const CSSM_CERTGROUP &SignerCertGroup,
         const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
         CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult);
	void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
         const CssmData &CertTemplate,
         uint32 &NumberOfFields,
         CSSM_FIELD_PTR &CertFields);
	void ConfirmCredResult(const CssmData &ReferenceIdentifier,
         const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
         const CSSM_TP_CONFIRM_RESPONSE &Responses,
         const CSSM_TP_AUTHORITY_ID *PreferredAuthority);
	void FormSubmit(CSSM_TP_FORM_TYPE FormType,
         const CssmData &Form,
         const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
         const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
         AccessCredentials *Credentials);
	void RetrieveCredResult(const CssmData &ReferenceIdentifier,
         const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
         sint32 &EstimatedTime,
         CSSM_BOOL &ConfirmationRequired,
         CSSM_TP_RESULT_SET_PTR &RetrieveOutput);

private:
	void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
		CSSM_CSP_HANDLE 		cspHand,
		TPCertGroup 			&inCertGroup,
		const CSSM_DL_DB_LIST 	*DBList,			// optional here
		const char 				*cssmTimeStr,		// optional
		uint32 					numAnchorCerts,		// optional
		const CSSM_DATA			*anchorCerts,
		
		/* CSSM_TP_ACTION_FETCH_CERT_FROM_NET, CSSM_TP_ACTION_TRUST_SETTINGS */
		CSSM_APPLE_TP_ACTION_FLAGS	actionFlags,
		
		/* optional user trust parameters */
		const CSSM_OID			*policyOid,
		const char				*policyStr,
		uint32					policyStrLen,
		CSSM_KEYUSE				keyUse,

		/* 
		 * Certs to be freed by caller (i.e., TPCertInfo which we allocate
		 * as a result of using a cert from anchorCerts of dbList) are added
		 * to this group.
		 */
		TPCertGroup				&certsToBeFreed,

		/* returned */
		CSSM_BOOL				&verifiedToRoot,	// end of chain self-verifies
		CSSM_BOOL				&verifiedToAnchor,	// end of chain in anchors
		CSSM_BOOL				&verifiedViaTrustSetting,	// chain ends per Trust Setting
		TPCertGroup 			&outCertGroup);		// RETURNED
			
	/* in tpCredRequest.cp */
	CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
		unsigned numNames);
	void freeX509Name(CSSM_X509_NAME *top);
	CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
	void freeX509Time(CSSM_X509_TIME *xtime);
	void refKeyToRaw(
		CSSM_CSP_HANDLE	cspHand,
		const CSSM_KEY	*refKey,	
		CSSM_KEY_PTR	rawKey);
	void makeCertTemplate(
		/* required */
		CSSM_CL_HANDLE			clHand,
		CSSM_CSP_HANDLE			cspHand,		// for converting ref to raw key
		uint32					serialNumber,
		const CSSM_X509_NAME	*issuerName,	
		const CSSM_X509_NAME	*subjectName,
		const CSSM_X509_TIME	*notBefore,	
		const CSSM_X509_TIME	*notAfter,	
		const CSSM_KEY			*subjectPubKey,
		const CSSM_OID			&sigOid,		// e.g., CSSMOID_SHA1WithRSA
		/* optional */
		const CSSM_DATA			*subjectUniqueId,
		const CSSM_DATA			*issuerUniqueId,
		CSSM_X509_EXTENSION		*extensions,
		unsigned				numExtensions,
		CSSM_DATA_PTR			&rawCert);

	void SubmitCsrRequest(
		const CSSM_TP_REQUEST_SET &RequestInput,
		const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
		sint32 					&EstimatedTime,	
		CssmData 				&ReferenceIdentifier);
		
	/* 
	 * Per-session storage of SubmitCredRequest results.
	 *
	 * A TpCredHandle is just an address of a cert, cast to a CSSM_INTPTR. It's 
	 * what ReferenceIdentifier.Data points to.
	 */ 
	typedef CSSM_INTPTR TpCredHandle;
	typedef std::map<TpCredHandle, 
				     const CSSM_DATA * /* the actual cert */ > credMap;
	credMap					tpCredMap;
	Mutex					tpCredMapLock;
	
	/* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and 
	 * add it and the cert to tpCredMap. */
	void addCertToMap(
		const CSSM_DATA		*cert,
		CSSM_DATA_PTR		refId);
		
	/* given a ReferenceIdentifier, obtain associated cert and remove from the map */
	CSSM_DATA_PTR getCertFromMap(
		const CSSM_DATA		*refId);

};

#endif	/* _H_APPLE_TP_SESSION */
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	* AppleTPSession.h - TP session functions.
	21	*
b1ab9ed8 A	22	*/
	23
	24	#ifndef _H_APPLE_TP_SESSION
	25	#define _H_APPLE_TP_SESSION
	26
	27	#include <security_cdsa_plugin/TPsession.h>
	28	#include "TPCertInfo.h"
	29
	30	#define REALLOC_WORKAROUND 0
	31	#if REALLOC_WORKAROUND
	32	#include <string.h>
	33	#endif
	34
	35	class AppleTPSession : public TPPluginSession {
	36
	37	public:
	38
	39	AppleTPSession(
	40	CSSM_MODULE_HANDLE theHandle,
	41	CssmPlugin &plug,
	42	const CSSM_VERSION &version,
	43	uint32 subserviceId,
	44	CSSM_SERVICE_TYPE subserviceType,
	45	CSSM_ATTACH_FLAGS attachFlags,
	46	const CSSM_UPCALLS &upcalls);
	47
	48	~AppleTPSession();
	49
	50	#if REALLOC_WORKAROUND
	51	void realloc(void oldp, size_t size) {
	52	void *newp = malloc(size);
	53	memmove(newp, oldp, size);
	54	free(oldp);
	55	return newp;
	56	}
	57	#endif /* REALLOC_WORKAROUND */
	58
	59	/* methods declared in TPabstractSession.h */
	60	void CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
	61	uint32 NumberOfFields,
	62	const CSSM_FIELD CertFields[],
	63	CssmData &CertTemplate);
	64	void CrlVerify(CSSM_CL_HANDLE CLHandle,
	65	CSSM_CSP_HANDLE CSPHandle,
	66	const CSSM_ENCODED_CRL &CrlToBeVerified,
	67	const CSSM_CERTGROUP &SignerCertGroup,
	68	const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
	69	CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult);
	70	void CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
	71	uint32 CertIndex,
	72	CSSM_LONG_HANDLE KeyCacheHandle,
	73	CSSM_CSP_HANDLE CSPHandle,
	74	const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry);
	75	void CertGroupVerify(CSSM_CL_HANDLE CLHandle,
	76	CSSM_CSP_HANDLE CSPHandle,
	77	const CSSM_CERTGROUP &CertGroupToBeVerified,
	78	const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
	79	CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult);
	80	void CertGroupConstruct(CSSM_CL_HANDLE CLHandle,
	81	CSSM_CSP_HANDLE CSPHandle,
	82	const CSSM_DL_DB_LIST &DBList,
	83	const void *ConstructParams,
	84	const CSSM_CERTGROUP &CertGroupFrag,
	85	CSSM_CERTGROUP_PTR &CertGroup);
86	void CertSign(CSSM_CL_HANDLE CLHandle,
87	CSSM_CC_HANDLE CCHandle,
88	const CssmData &CertTemplateToBeSigned,
89	const CSSM_CERTGROUP &SignerCertGroup,
90	const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
91	CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
92	CssmData &SignedCert);
93	void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
94	const CSSM_TUPLEGROUP &TupleGroup,
95	CSSM_CERTGROUP_PTR &CertTemplates);
96	void ReceiveConfirmation(const CssmData &ReferenceIdentifier,
97	CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
98	sint32 &ElapsedTime);
99	void PassThrough(CSSM_CL_HANDLE CLHandle,
100	CSSM_CC_HANDLE CCHandle,
101	const CSSM_DL_DB_LIST *DBList,
102	uint32 PassThroughId,
103	const void *InputParams,
104	void **OutputParams);
105	void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
106	CSSM_CSP_HANDLE CSPHandle,
107	const CssmData *OldCrlTemplate,
108	const CSSM_CERTGROUP &CertGroupToBeRemoved,
109	const CSSM_CERTGROUP &RevokerCertGroup,
110	const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
111	CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
112	CssmData &NewCrlTemplate);
113	void CertRevoke(CSSM_CL_HANDLE CLHandle,
114	CSSM_CSP_HANDLE CSPHandle,
115	const CssmData *OldCrlTemplate,
116	const CSSM_CERTGROUP &CertGroupToBeRevoked,
117	const CSSM_CERTGROUP &RevokerCertGroup,
118	const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
119	CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
120	CSSM_TP_CERTCHANGE_REASON Reason,
121	CssmData &NewCrlTemplate);
122	void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle);
123	void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
124	uint32 NumberOfFields,
125	const CSSM_FIELD CrlFields[],
126	CssmData &NewCrlTemplate);
127	void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
128	const CSSM_CERTGROUP &CertGroup,
129	CSSM_TUPLEGROUP_PTR &TupleGroup);
130	void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
131	CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
132	const CSSM_TP_REQUEST_SET &RequestInput,
133	const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
134	sint32 &EstimatedTime,
135	CssmData &ReferenceIdentifier);
136	void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
137	CSSM_TP_FORM_TYPE FormType,
138	CssmData &BlankForm);
139	void CrlSign(CSSM_CL_HANDLE CLHandle,
140	CSSM_CC_HANDLE CCHandle,
141	const CSSM_ENCODED_CRL &CrlToBeSigned,
142	const CSSM_CERTGROUP &SignerCertGroup,
143	const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
144	CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
145	CssmData &SignedCrl);
146	void CertGroupPrune(CSSM_CL_HANDLE CLHandle,
147	const CSSM_DL_DB_LIST &DBList,
148	const CSSM_CERTGROUP &OrderedCertGroup,
149	CSSM_CERTGROUP_PTR &PrunedCertGroup);
150	void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
151	CSSM_CSP_HANDLE CSPHandle,
152	const CSSM_ENCODED_CRL &CrlToBeApplied,
153	const CSSM_CERTGROUP &SignerCertGroup,
154	const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
155	CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult);
156	void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
157	const CssmData &CertTemplate,
158	uint32 &NumberOfFields,
159	CSSM_FIELD_PTR &CertFields);
160	void ConfirmCredResult(const CssmData &ReferenceIdentifier,
161	const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
162	const CSSM_TP_CONFIRM_RESPONSE &Responses,
163	const CSSM_TP_AUTHORITY_ID *PreferredAuthority);
164	void FormSubmit(CSSM_TP_FORM_TYPE FormType,
165	const CssmData &Form,
166	const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
167	const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
168	AccessCredentials *Credentials);
169	void RetrieveCredResult(const CssmData &ReferenceIdentifier,
170	const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
171	sint32 &EstimatedTime,
172	CSSM_BOOL &ConfirmationRequired,
173	CSSM_TP_RESULT_SET_PTR &RetrieveOutput);
174
175	private:
176	void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
177	CSSM_CSP_HANDLE cspHand,
178	TPCertGroup &inCertGroup,
179	const CSSM_DL_DB_LIST *DBList, // optional here
180	const char *cssmTimeStr, // optional
181	uint32 numAnchorCerts, // optional
182	const CSSM_DATA *anchorCerts,
183
184	/* CSSM_TP_ACTION_FETCH_CERT_FROM_NET, CSSM_TP_ACTION_TRUST_SETTINGS */
185	CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
186
187	/* optional user trust parameters */
188	const CSSM_OID *policyOid,
189	const char *policyStr,
190	uint32 policyStrLen,
191	CSSM_KEYUSE keyUse,
192
193	/*
194	* Certs to be freed by caller (i.e., TPCertInfo which we allocate
195	* as a result of using a cert from anchorCerts of dbList) are added
196	* to this group.
197	*/
198	TPCertGroup &certsToBeFreed,
199
200	/* returned */
201	CSSM_BOOL &verifiedToRoot, // end of chain self-verifies
202	CSSM_BOOL &verifiedToAnchor, // end of chain in anchors
203	CSSM_BOOL &verifiedViaTrustSetting, // chain ends per Trust Setting
204	TPCertGroup &outCertGroup); // RETURNED
205
206	/* in tpCredRequest.cp */
207	CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
208	unsigned numNames);
209	void freeX509Name(CSSM_X509_NAME *top);
210	CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
211	void freeX509Time(CSSM_X509_TIME *xtime);
212	void refKeyToRaw(
213	CSSM_CSP_HANDLE cspHand,
214	const CSSM_KEY *refKey,
215	CSSM_KEY_PTR rawKey);
216	void makeCertTemplate(
217	/* required */
218	CSSM_CL_HANDLE clHand,
219	CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
220	uint32 serialNumber,
221	const CSSM_X509_NAME *issuerName,
222	const CSSM_X509_NAME *subjectName,
223	const CSSM_X509_TIME *notBefore,
224	const CSSM_X509_TIME *notAfter,
225	const CSSM_KEY *subjectPubKey,
226	const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
227	/* optional */
228	const CSSM_DATA *subjectUniqueId,
229	const CSSM_DATA *issuerUniqueId,
230	CSSM_X509_EXTENSION *extensions,
231	unsigned numExtensions,
232	CSSM_DATA_PTR &rawCert);
233
234	void SubmitCsrRequest(
235	const CSSM_TP_REQUEST_SET &RequestInput,
236	const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
237	sint32 &EstimatedTime,
238	CssmData &ReferenceIdentifier);
239
240	/*
241	* Per-session storage of SubmitCredRequest results.
242	*
243	* A TpCredHandle is just an address of a cert, cast to a CSSM_INTPTR. It's
244	* what ReferenceIdentifier.Data points to.
245	*/
246	typedef CSSM_INTPTR TpCredHandle;
247	typedef std::map<TpCredHandle,
248	const CSSM_DATA * /* the actual cert */ > credMap;
249	credMap tpCredMap;
250	Mutex tpCredMapLock;
251
252	/* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
253	* add it and the cert to tpCredMap. */
254	void addCertToMap(
255	const CSSM_DATA *cert,
256	CSSM_DATA_PTR refId);
257
258	/* given a ReferenceIdentifier, obtain associated cert and remove from the map */
259	CSSM_DATA_PTR getCertFromMap(
260	const CSSM_DATA *refId);
261
262	};
263
264	#endif /* _H_APPLE_TP_SESSION */