[apple/security.git] / AppleX509TP / rootCerts.h

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
	File:		rootCerts.h

	Contains:	Interface to local cache of system-wide trusted root certs

	Written by:	Doug Mitchell. 

	Copyright:	Copyright 1999 by Apple Computer, Inc., all rights reserved.

*/

#ifndef	_TP_ROOT_CERTS_H_
#define _TP_ROOT_CERTS_H_

/*
 * As of 3/18/02, use of the built-in root certs is disabled by default. 
 * Their use is enabled at in CSSM_TP_CertGroupVerify by the use of the 
 * CSSM_TP_USE_INTERNAL_ROOT_CERTS bit in 
 * CSSM_APPLE_TP_ACTION_DATA.ActionFlags.  The presence of the root certs 
 * at all (at compile time) is controlled TP_ROOT_CERT_ENABLE.
 */
#define TP_ROOT_CERT_ENABLE		0

#if		TP_ROOT_CERT_ENABLE

#include <Security/cssmtype.h>
#include <Security/globalizer.h>
#include <Security/threading.h>
#include "TPCertInfo.h"

/*
 * Each one of these represents one known root cert.
 */
typedef struct {
	CSSM_DATA 	subjectName;	// normalized and DER-encoded
	CSSM_DATA 	publicKey;		// DER-encoded
	uint32 		keySize;
} tpRootCert;

/* One of these per process which caches the roots in tpRootCert format */
class TPRootStore
{
public:
	TPRootStore() : mRootCerts(NULL), mNumRootCerts(0) { }
	~TPRootStore();
	const tpRootCert *rootCerts(
		CSSM_CL_HANDLE clHand,
		unsigned &numRootCerts);
	static ModuleNexus<TPRootStore> tpGlobalRoots;
	
private:
	tpRootCert *mRootCerts;
	unsigned mNumRootCerts;
	Mutex mLock;
};


/*
 * Compare a root cert to a list of known embedded roots.
 */
extern "C" {

CSSM_BOOL tp_isKnownRootCert(
	TPCertInfo		*rootCert,			// raw cert to compare
	CSSM_CL_HANDLE	clHand);
	
CSSM_BOOL tp_verifyWithKnownRoots(
	CSSM_CL_HANDLE	clHand, 
	CSSM_CSP_HANDLE	cspHand, 
	TPCertInfo 		*certToVfy);		// last in chain, not root

}

#endif	/* TP_ROOT_CERT_ENABLE */

#endif	/* _TP_ROOT_CERTS_H_ */
Commit	Line	Data
bac41a7b A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	/*
	20	File: rootCerts.h
	21
29654253	22	Contains: Interface to local cache of system-wide trusted root certs
bac41a7b A	23
	24	Written by: Doug Mitchell.
	25
	26	Copyright: Copyright 1999 by Apple Computer, Inc., all rights reserved.
	27
	28	*/
	29
	30	#ifndef _TP_ROOT_CERTS_H_
	31	#define _TP_ROOT_CERTS_H_
	32
29654253 A	33	/*
29654253 A	34	* As of 3/18/02, use of the built-in root certs is disabled by default.
df0e469f A	35	* Their use is enabled at in CSSM_TP_CertGroupVerify by the use of the
	36	* CSSM_TP_USE_INTERNAL_ROOT_CERTS bit in
	37	* CSSM_APPLE_TP_ACTION_DATA.ActionFlags. The presence of the root certs
	38	* at all (at compile time) is controlled TP_ROOT_CERT_ENABLE.
29654253	39	*/
df0e469f	40	#define TP_ROOT_CERT_ENABLE 0
29654253 A	41
29654253 A	42	#if TP_ROOT_CERT_ENABLE
bac41a7b	43
df0e469f A	44	#include <Security/cssmtype.h>
	45	#include <Security/globalizer.h>
	46	#include <Security/threading.h>
	47	#include "TPCertInfo.h"
	48
bac41a7b A	49	/*
	50	* Each one of these represents one known root cert.
	51	*/
	52	typedef struct {
29654253 A	53	CSSM_DATA subjectName; // normalized and DER-encoded
	54	CSSM_DATA publicKey; // DER-encoded
	55	uint32 keySize;
bac41a7b A	56	} tpRootCert;
bac41a7b A	57
29654253 A	58	/* One of these per process which caches the roots in tpRootCert format */
	59	class TPRootStore
	60	{
	61	public:
	62	TPRootStore() : mRootCerts(NULL), mNumRootCerts(0) { }
	63	~TPRootStore();
	64	const tpRootCert *rootCerts(
	65	CSSM_CL_HANDLE clHand,
	66	unsigned &numRootCerts);
	67	static ModuleNexus<TPRootStore> tpGlobalRoots;
	68
	69	private:
	70	tpRootCert *mRootCerts;
	71	unsigned mNumRootCerts;
	72	Mutex mLock;
	73	};
	74
df0e469f A	75
	76	/*
	77	* Compare a root cert to a list of known embedded roots.
	78	*/
	79	extern "C" {
	80
	81	CSSM_BOOL tp_isKnownRootCert(
	82	TPCertInfo *rootCert, // raw cert to compare
	83	CSSM_CL_HANDLE clHand);
	84
	85	CSSM_BOOL tp_verifyWithKnownRoots(
	86	CSSM_CL_HANDLE clHand,
	87	CSSM_CSP_HANDLE cspHand,
	88	TPCertInfo *certToVfy); // last in chain, not root
	89
	90	}
	91
29654253 A	92	#endif /* TP_ROOT_CERT_ENABLE */
	93
	94	#endif /* _TP_ROOT_CERTS_H_ */