[apple/security.git] / OSX / libsecurity_keychain / lib / Certificate.h

/*
 * Copyright (c) 2002-2007,2011-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// Certificate.h - Certificate objects
//
#ifndef _SECURITY_CERTIFICATE_H_
#define _SECURITY_CERTIFICATE_H_

#include <security_keychain/Item.h>

#include <security_keychain/StorageManager.h>
// @@@ This should not be here.
#include <Security/SecBase.h>
#include <security_cdsa_client/clclient.h>

namespace Security
{

namespace KeychainCore
{

class KeyItem;

class Certificate : public ItemImpl
{
	NOCOPY(Certificate)
public:
	SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)

	static CL clForType(CSSM_CERT_TYPE type);

	// new item constructor
    Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);

private:
	// db item constructor
    Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);

	// PrimaryKey item constructor
    Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);

public:
	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);

	Certificate(Certificate &certificate);
    virtual ~Certificate();

	virtual void update();
	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
	virtual void didModify(); // Forget any attributes and data we just wrote to the db

    const CssmData &data();
    CSSM_CERT_TYPE type();
	CSSM_CERT_ENCODING encoding();
    CFDataRef sha1Hash();
    CFDataRef sha256Hash();
	CFStringRef commonName();
	CFStringRef distinguishedName(const CSSM_OID *sourceOid, const CSSM_OID *componentOid);
	CFStringRef copyFirstEmailAddress();
	CFArrayRef copyEmailAddresses();
	CFArrayRef copyDNSNames();
    CSSM_X509_NAME_PTR subjectName();
    CSSM_X509_NAME_PTR issuerName();
	CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
   	CSSM_CL_HANDLE clHandle();
	void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
	SecPointer<KeyItem> publicKey();
	const CssmData &publicKeyHash();
	const CssmData &subjectKeyIdentifier();

	static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);

	SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
	static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);

	static void normalizeEmailAddress(CSSM_DATA &emailAddress);
	static void getNames(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, CE_GeneralNameType generalNameType, std::vector<CssmData> &names);

	bool operator < (Certificate &other);
	bool operator == (Certificate &other);

	virtual CFHashCode hash();

public:
	CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
	void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);

	CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
	void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
	Boolean isSelfSigned();

protected:
	virtual void willRead();
	virtual PrimaryKey add(Keychain &keychain);
	CSSM_HANDLE certHandle();

	void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);

	void addSubjectKeyIdentifier();
	void populateAttributes();
	bool verifyEncoding(CSSM_DATA_PTR data);

private:
	bool mHaveTypeAndEncoding;
	bool mPopulated;
    CSSM_CERT_TYPE mType;
	CSSM_CERT_ENCODING mEncoding;
    CssmClient::CL mCL;
	CSSM_HANDLE mCertHandle;
	CssmData mPublicKeyHash;
	uint8 mPublicKeyHashBytes[20];
	CssmData mSubjectKeyID;
	uint8 mSubjectKeyIDBytes[20];
	CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
    CSSM_DATA_PTR mV1SubjectNameCStructValue;
    CSSM_DATA_PTR mV1IssuerNameCStructValue;
    CFDataRef mSha1Hash;
    CFDataRef mSha256Hash;
	bool mEncodingVerified;
};

} // end namespace KeychainCore

} // end namespace Security

#endif // !_SECURITY_CERTIFICATE_H_
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2002-2007,2011-2014 Apple Inc. All Rights Reserved.
427c49bc	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
d8f41ccd	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
d8f41ccd	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
d8f41ccd	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// Certificate.h - Certificate objects
	26	//
	27	#ifndef _SECURITY_CERTIFICATE_H_
	28	#define _SECURITY_CERTIFICATE_H_
	29
	30	#include <security_keychain/Item.h>
	31
	32	#include <security_keychain/StorageManager.h>
	33	// @@@ This should not be here.
	34	#include <Security/SecBase.h>
	35	#include <security_cdsa_client/clclient.h>
	36
	37	namespace Security
	38	{
	39
	40	namespace KeychainCore
	41	{
	42
	43	class KeyItem;
	44
	45	class Certificate : public ItemImpl
	46	{
	47	NOCOPY(Certificate)
	48	public:
	49	SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)
	50
	51	static CL clForType(CSSM_CERT_TYPE type);
	52
	53	// new item constructor
	54	Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);
	55
	56	private:
	57	// db item constructor
	58	Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	59
	60	// PrimaryKey item constructor
	61	Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);
	62
	63	public:
	64	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	65	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);
	66
	67	Certificate(Certificate &certificate);
427c49bc	68	virtual ~Certificate();
b1ab9ed8 A	69
	70	virtual void update();
	71	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
	72	virtual void didModify(); // Forget any attributes and data we just wrote to the db
	73
	74	const CssmData &data();
	75	CSSM_CERT_TYPE type();
	76	CSSM_CERT_ENCODING encoding();
e3d460c9 A	77	CFDataRef sha1Hash();
e3d460c9 A	78	CFDataRef sha256Hash();
b1ab9ed8 A	79	CFStringRef commonName();
	80	CFStringRef distinguishedName(const CSSM_OID sourceOid, const CSSM_OID componentOid);
	81	CFStringRef copyFirstEmailAddress();
	82	CFArrayRef copyEmailAddresses();
4d3cab3d	83	CFArrayRef copyDNSNames();
6b200bc3 A	84	CSSM_X509_NAME_PTR subjectName();
	85	CSSM_X509_NAME_PTR issuerName();
	86	CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
b1ab9ed8 A	87	CSSM_CL_HANDLE clHandle();
	88	void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
	89	SecPointer<KeyItem> publicKey();
	90	const CssmData &publicKeyHash();
	91	const CssmData &subjectKeyIdentifier();
	92
	93	static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	94	static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	95	static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	96	static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);
	97
	98	SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
	99	static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	100	static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	101	static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	102
	103	static void normalizeEmailAddress(CSSM_DATA &emailAddress);
4d3cab3d	104	static void getNames(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, CE_GeneralNameType generalNameType, std::vector<CssmData> &names);
b1ab9ed8 A	105
	106	bool operator < (Certificate &other);
	107	bool operator == (Certificate &other);
4d3cab3d	108
427c49bc	109	virtual CFHashCode hash();
b1ab9ed8 A	110
	111	public:
	112	CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
	113	void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);
	114
	115	CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
	116	void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
	117	Boolean isSelfSigned();
	118
	119	protected:
	120	virtual void willRead();
	121	virtual PrimaryKey add(Keychain &keychain);
	122	CSSM_HANDLE certHandle();
	123
	124	void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);
	125
	126	void addSubjectKeyIdentifier();
	127	void populateAttributes();
949d2ff0	128	bool verifyEncoding(CSSM_DATA_PTR data);
b1ab9ed8 A	129
	130	private:
	131	bool mHaveTypeAndEncoding;
	132	bool mPopulated;
	133	CSSM_CERT_TYPE mType;
	134	CSSM_CERT_ENCODING mEncoding;
	135	CssmClient::CL mCL;
	136	CSSM_HANDLE mCertHandle;
	137	CssmData mPublicKeyHash;
	138	uint8 mPublicKeyHashBytes[20];
	139	CssmData mSubjectKeyID;
	140	uint8 mSubjectKeyIDBytes[20];
	141	CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
	142	CSSM_DATA_PTR mV1SubjectNameCStructValue;
	143	CSSM_DATA_PTR mV1IssuerNameCStructValue;
e3d460c9 A	144	CFDataRef mSha1Hash;
e3d460c9 A	145	CFDataRef mSha256Hash;
949d2ff0	146	bool mEncodingVerified;
b1ab9ed8 A	147	};
	148
	149	} // end namespace KeychainCore
	150
	151	} // end namespace Security
	152
	153	#endif // !_SECURITY_CERTIFICATE_H_