[apple/security.git] / libsecurity_keychain / lib / Certificate.h

/*
 * Copyright (c) 2002-2007,2012 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

//
// Certificate.h - Certificate objects
//
#ifndef _SECURITY_CERTIFICATE_H_
#define _SECURITY_CERTIFICATE_H_

#include <security_keychain/Item.h>

#include <security_keychain/StorageManager.h>
// @@@ This should not be here.
#include <Security/SecBase.h>
#include <security_cdsa_client/clclient.h>

namespace Security
{

namespace KeychainCore
{

class KeyItem;

class Certificate : public ItemImpl
{
	NOCOPY(Certificate)
public:
	SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)

	static CL clForType(CSSM_CERT_TYPE type);

	// new item constructor
    Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);

private:
	// db item constructor
    Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);

	// PrimaryKey item constructor
    Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);

public:
	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);

	Certificate(Certificate &certificate);
    virtual ~Certificate();

	virtual void update();
	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
	virtual void didModify(); // Forget any attributes and data we just wrote to the db

    const CssmData &data();
    CSSM_CERT_TYPE type();
	CSSM_CERT_ENCODING encoding();
	CFDataRef sha1Hash();
	CFStringRef commonName();
	CFStringRef distinguishedName(const CSSM_OID *sourceOid, const CSSM_OID *componentOid);
	CFStringRef copyFirstEmailAddress();
	CFArrayRef copyEmailAddresses();
	CFArrayRef copyDNSNames();
    const CSSM_X509_NAME_PTR subjectName();
    const CSSM_X509_NAME_PTR issuerName();
	const CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
   	CSSM_CL_HANDLE clHandle();
	void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
	SecPointer<KeyItem> publicKey();
	const CssmData &publicKeyHash();
	const CssmData &subjectKeyIdentifier();

	static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);

	SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
	static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);

	static void normalizeEmailAddress(CSSM_DATA &emailAddress);
	static void getNames(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, CE_GeneralNameType generalNameType, std::vector<CssmData> &names);

	bool operator < (Certificate &other);
	bool operator == (Certificate &other);

	virtual CFHashCode hash();

public:
	CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
	void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);

	CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
	void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
	Boolean isSelfSigned();

protected:
	virtual void willRead();
	virtual PrimaryKey add(Keychain &keychain);
	CSSM_HANDLE certHandle();

	void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);

	void addSubjectKeyIdentifier();
	void populateAttributes();

private:
	bool mHaveTypeAndEncoding;
	bool mPopulated;
    CSSM_CERT_TYPE mType;
	CSSM_CERT_ENCODING mEncoding;
    CssmClient::CL mCL;
	CSSM_HANDLE mCertHandle;
	CssmData mPublicKeyHash;
	uint8 mPublicKeyHashBytes[20];
	CssmData mSubjectKeyID;
	uint8 mSubjectKeyIDBytes[20];
	CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
    CSSM_DATA_PTR mV1SubjectNameCStructValue;
    CSSM_DATA_PTR mV1IssuerNameCStructValue;
	CFDataRef mSha1Hash;
};

} // end namespace KeychainCore

} // end namespace Security

#endif // !_SECURITY_CERTIFICATE_H_
Commit	Line	Data
b1ab9ed8	1	/*
427c49bc A	2	* Copyright (c) 2002-2007,2012 Apple Inc. All Rights Reserved.
427c49bc A	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
427c49bc	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
427c49bc	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
427c49bc	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// Certificate.h - Certificate objects
	26	//
	27	#ifndef _SECURITY_CERTIFICATE_H_
	28	#define _SECURITY_CERTIFICATE_H_
	29
	30	#include <security_keychain/Item.h>
	31
	32	#include <security_keychain/StorageManager.h>
	33	// @@@ This should not be here.
	34	#include <Security/SecBase.h>
	35	#include <security_cdsa_client/clclient.h>
	36
	37	namespace Security
	38	{
	39
	40	namespace KeychainCore
	41	{
	42
	43	class KeyItem;
	44
	45	class Certificate : public ItemImpl
	46	{
	47	NOCOPY(Certificate)
	48	public:
	49	SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)
	50
	51	static CL clForType(CSSM_CERT_TYPE type);
	52
	53	// new item constructor
	54	Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);
	55
	56	private:
	57	// db item constructor
	58	Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	59
	60	// PrimaryKey item constructor
	61	Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);
	62
	63	public:
	64	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	65	static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);
	66
	67	Certificate(Certificate &certificate);
427c49bc	68	virtual ~Certificate();
b1ab9ed8 A	69
	70	virtual void update();
	71	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
	72	virtual void didModify(); // Forget any attributes and data we just wrote to the db
	73
	74	const CssmData &data();
	75	CSSM_CERT_TYPE type();
	76	CSSM_CERT_ENCODING encoding();
427c49bc	77	CFDataRef sha1Hash();
b1ab9ed8 A	78	CFStringRef commonName();
	79	CFStringRef distinguishedName(const CSSM_OID sourceOid, const CSSM_OID componentOid);
	80	CFStringRef copyFirstEmailAddress();
	81	CFArrayRef copyEmailAddresses();
4d3cab3d	82	CFArrayRef copyDNSNames();
b1ab9ed8 A	83	const CSSM_X509_NAME_PTR subjectName();
	84	const CSSM_X509_NAME_PTR issuerName();
	85	const CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
	86	CSSM_CL_HANDLE clHandle();
	87	void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
	88	SecPointer<KeyItem> publicKey();
	89	const CssmData &publicKeyHash();
	90	const CssmData &subjectKeyIdentifier();
	91
	92	static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	93	static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	94	static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	95	static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);
	96
	97	SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
	98	static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
	99	static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
	100	static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
	101
	102	static void normalizeEmailAddress(CSSM_DATA &emailAddress);
4d3cab3d	103	static void getNames(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, CE_GeneralNameType generalNameType, std::vector<CssmData> &names);
b1ab9ed8 A	104
	105	bool operator < (Certificate &other);
	106	bool operator == (Certificate &other);
4d3cab3d	107
427c49bc	108	virtual CFHashCode hash();
b1ab9ed8 A	109
	110	public:
	111	CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
	112	void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);
	113
	114	CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
	115	void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
	116	Boolean isSelfSigned();
	117
	118	protected:
	119	virtual void willRead();
	120	virtual PrimaryKey add(Keychain &keychain);
	121	CSSM_HANDLE certHandle();
	122
	123	void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);
	124
	125	void addSubjectKeyIdentifier();
	126	void populateAttributes();
	127
	128	private:
	129	bool mHaveTypeAndEncoding;
	130	bool mPopulated;
	131	CSSM_CERT_TYPE mType;
	132	CSSM_CERT_ENCODING mEncoding;
	133	CssmClient::CL mCL;
	134	CSSM_HANDLE mCertHandle;
	135	CssmData mPublicKeyHash;
	136	uint8 mPublicKeyHashBytes[20];
	137	CssmData mSubjectKeyID;
	138	uint8 mSubjectKeyIDBytes[20];
	139	CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
	140	CSSM_DATA_PTR mV1SubjectNameCStructValue;
	141	CSSM_DATA_PTR mV1IssuerNameCStructValue;
427c49bc	142	CFDataRef mSha1Hash;
b1ab9ed8 A	143	};
	144
	145	} // end namespace KeychainCore
	146
	147	} // end namespace Security
	148
	149	#endif // !_SECURITY_CERTIFICATE_H_