[apple/security.git] / AppleX509CL / AppleX509CLSession.h

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// AppleX509CLSession.h - general CL session functions.
//
#ifndef _H_APPLEX509CLSESSION
#define _H_APPLEX509CLSESSION

#include <Security/CLsession.h>
#include "CLCachedEntry.h"
#include "DecodedCert.h"
#include "LockedMap.h"
#include <Security/threading.h>
#include <Security/cssmapple.h>

class AppleX509CLSession : public CLPluginSession {

public:

	AppleX509CLSession(
		CSSM_MODULE_HANDLE theHandle,
		CssmPlugin &plug,
		const CSSM_VERSION &version,
		uint32 subserviceId,
		CSSM_SERVICE_TYPE subserviceType,
		CSSM_ATTACH_FLAGS attachFlags,
		const CSSM_UPCALLS &upcalls);

	~AppleX509CLSession();

// ====================================================================
// Cert Interpretation
// ====================================================================				
	
	void CertDescribeFormat(
		uint32 &NumberOfFields,
		CSSM_OID_PTR &OidList);

// Non-cached
	
	void CertGetAllFields(
		const CssmData &Cert,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CertFields);

	CSSM_HANDLE CertGetFirstFieldValue(
		const CssmData &Cert,
		const CssmData &CertField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CertGetNextFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);


// Cached
	
	void CertCache(
		const CssmData &Cert,
		CSSM_HANDLE &CertHandle);

	CSSM_HANDLE CertGetFirstCachedFieldValue(
		CSSM_HANDLE CertHandle,
		const CssmData &CertField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CertGetNextCachedFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void CertAbortCache(
		CSSM_HANDLE CertHandle);

	void CertAbortQuery(
		CSSM_HANDLE ResultsHandle);


// Templates
							
	void CertCreateTemplate(
		uint32 NumberOfFields,
		const CSSM_FIELD CertFields[],
		CssmData &CertTemplate);

	void CertGetAllTemplateFields(
		const CssmData &CertTemplate,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CertFields);
						

// Memory						

	void FreeFields(
		uint32 NumberOfFields,
		CSSM_FIELD_PTR &FieldArray);
	void FreeFieldValue(
		const CssmData &CertOrCrlOid,
		CssmData &Value);

// Key
	
	void CertGetKeyInfo(
		const CssmData &Cert,
		CSSM_KEY_PTR &Key);
						
// ====================================================================
// CRL Interpretation
// ====================================================================

// Non-cached
	
	void CrlDescribeFormat(
		uint32 &NumberOfFields,
		CSSM_OID_PTR &OidList);

	void CrlGetAllFields(
		const CssmData &Crl,
		uint32 &NumberOfCrlFields,
		CSSM_FIELD_PTR &CrlFields);

	CSSM_HANDLE CrlGetFirstFieldValue(
		const CssmData &Crl,
		const CssmData &CrlField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);
	
	bool CrlGetNextFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void IsCertInCrl(
		const CssmData &Cert,
		const CssmData &Crl,
		CSSM_BOOL &CertFound);
	
	
// Cached

	void CrlCache(
		const CssmData &Crl,
		CSSM_HANDLE &CrlHandle);

	void CrlGetAllCachedRecordFields(CSSM_HANDLE CrlHandle,
		const CssmData &CrlRecordIndex,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CrlFields);
						
	CSSM_HANDLE CrlGetFirstCachedFieldValue(
		CSSM_HANDLE CrlHandle,
		const CssmData *CrlRecordIndex,
		const CssmData &CrlField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CrlGetNextCachedFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void IsCertInCachedCrl(
		const CssmData &Cert,
		CSSM_HANDLE CrlHandle,
		CSSM_BOOL &CertFound,
		CssmData &CrlRecordIndex);

	void CrlAbortCache(
		CSSM_HANDLE CrlHandle);

	void CrlAbortQuery(
		CSSM_HANDLE ResultsHandle);


// Template

	void CrlCreateTemplate(
		uint32 NumberOfFields,
		const CSSM_FIELD *CrlTemplate,
		CssmData &NewCrl);

	void CrlSetFields(
		uint32 NumberOfFields,
		const CSSM_FIELD *CrlTemplate,
		const CssmData &OldCrl,
		CssmData &ModifiedCrl);

	void CrlAddCert(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &Cert,
		uint32 NumberOfFields,
		const CSSM_FIELD CrlEntryFields[],
		const CssmData &OldCrl,
		CssmData &NewCrl);

	void CrlRemoveCert(
		const CssmData &Cert,
		const CssmData &OldCrl,
		CssmData &NewCrl);

// ====================================================================
// Verify/Sign
// ====================================================================
	
// Certs
	
	void CertVerifyWithKey(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertToBeVerified);
	
	void CertVerify(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertToBeVerified,
		const CssmData *SignerCert,
		const CSSM_FIELD *VerifyScope,
		uint32 ScopeSize);
						
	void CertSign(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertTemplate,
		const CSSM_FIELD *SignScope,
		uint32 ScopeSize,
		CssmData &SignedCert);

// Cert Groups

	void CertGroupFromVerifiedBundle(
		CSSM_CC_HANDLE CCHandle,
		const CSSM_CERT_BUNDLE &CertBundle,
		const CssmData *SignerCert,
		CSSM_CERTGROUP_PTR &CertGroup);
						
	void CertGroupToSignedBundle(
		CSSM_CC_HANDLE CCHandle,
		const CSSM_CERTGROUP &CertGroupToBundle,
		const CSSM_CERT_BUNDLE_HEADER *BundleInfo,
		CssmData &SignedBundle);
						
// CRLs

	void CrlVerifyWithKey(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CrlToBeVerified);

	void CrlVerify(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CrlToBeVerified,
		const CssmData *SignerCert,
		const CSSM_FIELD *VerifyScope,
		uint32 ScopeSize);
						
	void CrlSign(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &UnsignedCrl,
		const CSSM_FIELD *SignScope,
		uint32 ScopeSize,
		CssmData &SignedCrl);

// ====================================================================
// Module Specific Pass-Through
// ====================================================================
	
	void PassThrough(
		CSSM_CC_HANDLE CCHandle,
		uint32 PassThroughId,
		const void *InputParams,
		void **OutputParams);

private:
	/* routines in Session_Cert.cpp */
	void getAllParsedCertFields(
		const DecodedCert	&cert,
		uint32 				&NumberOfFields,		// RETURNED
		CSSM_FIELD_PTR 		&CertFields);			// RETURNED

	/* routines in Session_Crypto.cpp */
	void signData(
		CSSM_CC_HANDLE		ccHand,
		const CssmData		&tbs,
		CssmOwnedData		&sig);			// mallocd and returned
	void verifyData(
		CSSM_CC_HANDLE		ccHand,
		const CssmData		&tbs,
		const CssmData		&sig);	
		
	/* routines in Session_CSR.cpp */
	void generateCsr(
		CSSM_CC_HANDLE 		CCHandle,
		const CSSM_APPLE_CL_CSR_REQUEST *csrReq,
		CSSM_DATA_PTR		&csrPtr);
	void verifyCsr(
		const CSSM_DATA		*csrPtr);

	/*
	 * Maps of cached certs, CRLs, and active queries
	 * This one holds cached certs and CRLs.
	 */
	LockedMap<CSSM_HANDLE, CLCachedEntry>	cacheMap;
	LockedMap<CSSM_HANDLE, CLQuery>			queryMap;

	CLCachedCert *lookupCachedCert(CSSM_HANDLE handle);
	CLCachedCRL	 *lookupCachedCRL(CSSM_HANDLE handle);
};

#endif //_H_APPLEX509CLSESSION
Commit	Line	Data
bac41a7b A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// AppleX509CLSession.h - general CL session functions.
	21	//
	22	#ifndef _H_APPLEX509CLSESSION
	23	#define _H_APPLEX509CLSESSION
	24
	25	#include <Security/CLsession.h>
	26	#include "CLCachedEntry.h"
	27	#include "DecodedCert.h"
	28	#include "LockedMap.h"
	29	#include <Security/threading.h>
29654253	30	#include <Security/cssmapple.h>
bac41a7b A	31
	32	class AppleX509CLSession : public CLPluginSession {
	33
	34	public:
	35
	36	AppleX509CLSession(
	37	CSSM_MODULE_HANDLE theHandle,
	38	CssmPlugin &plug,
	39	const CSSM_VERSION &version,
	40	uint32 subserviceId,
	41	CSSM_SERVICE_TYPE subserviceType,
	42	CSSM_ATTACH_FLAGS attachFlags,
	43	const CSSM_UPCALLS &upcalls);
	44
	45	~AppleX509CLSession();
	46
	47	// ====================================================================
	48	// Cert Interpretation
	49	// ====================================================================
	50
	51	void CertDescribeFormat(
	52	uint32 &NumberOfFields,
	53	CSSM_OID_PTR &OidList);
	54
	55	// Non-cached
	56
	57	void CertGetAllFields(
	58	const CssmData &Cert,
	59	uint32 &NumberOfFields,
	60	CSSM_FIELD_PTR &CertFields);
	61
	62	CSSM_HANDLE CertGetFirstFieldValue(
	63	const CssmData &Cert,
	64	const CssmData &CertField,
	65	uint32 &NumberOfMatchedFields,
	66	CSSM_DATA_PTR &Value);
	67
	68	bool CertGetNextFieldValue(
	69	CSSM_HANDLE ResultsHandle,
	70	CSSM_DATA_PTR &Value);
	71
	72
	73	// Cached
	74
	75	void CertCache(
	76	const CssmData &Cert,
	77	CSSM_HANDLE &CertHandle);
	78
	79	CSSM_HANDLE CertGetFirstCachedFieldValue(
	80	CSSM_HANDLE CertHandle,
	81	const CssmData &CertField,
	82	uint32 &NumberOfMatchedFields,
	83	CSSM_DATA_PTR &Value);
	84
	85	bool CertGetNextCachedFieldValue(
	86	CSSM_HANDLE ResultsHandle,
	87	CSSM_DATA_PTR &Value);
	88
	89	void CertAbortCache(
	90	CSSM_HANDLE CertHandle);
	91
	92	void CertAbortQuery(
	93	CSSM_HANDLE ResultsHandle);
	94
95
96
97	// Templates
98
99	void CertCreateTemplate(
100	uint32 NumberOfFields,
101	const CSSM_FIELD CertFields[],
102	CssmData &CertTemplate);
103
104	void CertGetAllTemplateFields(
105	const CssmData &CertTemplate,
106	uint32 &NumberOfFields,
107	CSSM_FIELD_PTR &CertFields);
108
109
110	// Memory
111
112	void FreeFields(
113	uint32 NumberOfFields,
114	CSSM_FIELD_PTR &FieldArray);
115	void FreeFieldValue(
116	const CssmData &CertOrCrlOid,
df0e469f	117	CssmData &Value);
bac41a7b A	118
	119	// Key
	120
	121	void CertGetKeyInfo(
	122	const CssmData &Cert,
	123	CSSM_KEY_PTR &Key);
	124
	125	// ====================================================================
	126	// CRL Interpretation
	127	// ====================================================================
	128
	129	// Non-cached
	130
	131	void CrlDescribeFormat(
	132	uint32 &NumberOfFields,
	133	CSSM_OID_PTR &OidList);
	134
	135	void CrlGetAllFields(
	136	const CssmData &Crl,
	137	uint32 &NumberOfCrlFields,
	138	CSSM_FIELD_PTR &CrlFields);
	139
	140	CSSM_HANDLE CrlGetFirstFieldValue(
	141	const CssmData &Crl,
	142	const CssmData &CrlField,
	143	uint32 &NumberOfMatchedFields,
	144	CSSM_DATA_PTR &Value);
	145
	146	bool CrlGetNextFieldValue(
	147	CSSM_HANDLE ResultsHandle,
	148	CSSM_DATA_PTR &Value);
	149
	150	void IsCertInCrl(
	151	const CssmData &Cert,
	152	const CssmData &Crl,
	153	CSSM_BOOL &CertFound);
	154
	155
	156	// Cached
	157
	158	void CrlCache(
	159	const CssmData &Crl,
	160	CSSM_HANDLE &CrlHandle);
	161
	162	void CrlGetAllCachedRecordFields(CSSM_HANDLE CrlHandle,
	163	const CssmData &CrlRecordIndex,
	164	uint32 &NumberOfFields,
	165	CSSM_FIELD_PTR &CrlFields);
	166
	167	CSSM_HANDLE CrlGetFirstCachedFieldValue(
	168	CSSM_HANDLE CrlHandle,
	169	const CssmData *CrlRecordIndex,
	170	const CssmData &CrlField,
	171	uint32 &NumberOfMatchedFields,
	172	CSSM_DATA_PTR &Value);
	173
	174	bool CrlGetNextCachedFieldValue(
	175	CSSM_HANDLE ResultsHandle,
	176	CSSM_DATA_PTR &Value);
	177
	178	void IsCertInCachedCrl(
	179	const CssmData &Cert,
	180	CSSM_HANDLE CrlHandle,
	181	CSSM_BOOL &CertFound,
182	CssmData &CrlRecordIndex);
183
184	void CrlAbortCache(
185	CSSM_HANDLE CrlHandle);
186
187	void CrlAbortQuery(
188	CSSM_HANDLE ResultsHandle);
189
190
191	// Template
192
193	void CrlCreateTemplate(
194	uint32 NumberOfFields,
195	const CSSM_FIELD *CrlTemplate,
196	CssmData &NewCrl);
197
198	void CrlSetFields(
199	uint32 NumberOfFields,
200	const CSSM_FIELD *CrlTemplate,
201	const CssmData &OldCrl,
202	CssmData &ModifiedCrl);
203
204	void CrlAddCert(
205	CSSM_CC_HANDLE CCHandle,
206	const CssmData &Cert,
207	uint32 NumberOfFields,
208	const CSSM_FIELD CrlEntryFields[],
209	const CssmData &OldCrl,
210	CssmData &NewCrl);
211
212	void CrlRemoveCert(
213	const CssmData &Cert,
214	const CssmData &OldCrl,
215	CssmData &NewCrl);
216
217	// ====================================================================
218	// Verify/Sign
219	// ====================================================================
220
221	// Certs
222
223	void CertVerifyWithKey(
224	CSSM_CC_HANDLE CCHandle,
225	const CssmData &CertToBeVerified);
226
227	void CertVerify(
228	CSSM_CC_HANDLE CCHandle,
229	const CssmData &CertToBeVerified,
230	const CssmData *SignerCert,
231	const CSSM_FIELD *VerifyScope,
232	uint32 ScopeSize);
233
234	void CertSign(
235	CSSM_CC_HANDLE CCHandle,
236	const CssmData &CertTemplate,
237	const CSSM_FIELD *SignScope,
238	uint32 ScopeSize,
239	CssmData &SignedCert);
240
241	// Cert Groups
242
243	void CertGroupFromVerifiedBundle(
244	CSSM_CC_HANDLE CCHandle,
245	const CSSM_CERT_BUNDLE &CertBundle,
246	const CssmData *SignerCert,
247	CSSM_CERTGROUP_PTR &CertGroup);
248
249	void CertGroupToSignedBundle(
250	CSSM_CC_HANDLE CCHandle,
251	const CSSM_CERTGROUP &CertGroupToBundle,
252	const CSSM_CERT_BUNDLE_HEADER *BundleInfo,
253	CssmData &SignedBundle);
254
255	// CRLs
256
257	void CrlVerifyWithKey(
258	CSSM_CC_HANDLE CCHandle,
259	const CssmData &CrlToBeVerified);
260
261	void CrlVerify(
262	CSSM_CC_HANDLE CCHandle,
263	const CssmData &CrlToBeVerified,
df0e469f	264	const CssmData *SignerCert,
bac41a7b A	265	const CSSM_FIELD *VerifyScope,
	266	uint32 ScopeSize);
	267
	268	void CrlSign(
	269	CSSM_CC_HANDLE CCHandle,
	270	const CssmData &UnsignedCrl,
	271	const CSSM_FIELD *SignScope,
	272	uint32 ScopeSize,
	273	CssmData &SignedCrl);
	274
	275	// ====================================================================
	276	// Module Specific Pass-Through
	277	// ====================================================================
	278
	279	void PassThrough(
	280	CSSM_CC_HANDLE CCHandle,
	281	uint32 PassThroughId,
	282	const void *InputParams,
	283	void **OutputParams);
	284
	285	private:
	286	/* routines in Session_Cert.cpp */
	287	void getAllParsedCertFields(
	288	const DecodedCert &cert,
	289	uint32 &NumberOfFields, // RETURNED
	290	CSSM_FIELD_PTR &CertFields); // RETURNED
	291
	292	/* routines in Session_Crypto.cpp */
	293	void signData(
	294	CSSM_CC_HANDLE ccHand,
	295	const CssmData &tbs,
	296	CssmOwnedData &sig); // mallocd and returned
	297	void verifyData(
	298	CSSM_CC_HANDLE ccHand,
	299	const CssmData &tbs,
29654253 A	300	const CssmData &sig);
	301
	302	/* routines in Session_CSR.cpp */
	303	void generateCsr(
	304	CSSM_CC_HANDLE CCHandle,
	305	const CSSM_APPLE_CL_CSR_REQUEST *csrReq,
	306	CSSM_DATA_PTR &csrPtr);
	307	void verifyCsr(
	308	const CSSM_DATA *csrPtr);
	309
bac41a7b A	310	/*
	311	* Maps of cached certs, CRLs, and active queries
	312	* This one holds cached certs and CRLs.
	313	*/
	314	LockedMap<CSSM_HANDLE, CLCachedEntry> cacheMap;
	315	LockedMap<CSSM_HANDLE, CLQuery> queryMap;
	316
	317	CLCachedCert *lookupCachedCert(CSSM_HANDLE handle);
	318	CLCachedCRL *lookupCachedCRL(CSSM_HANDLE handle);
	319	};
	320
	321	#endif //_H_APPLEX509CLSESSION