[apple/security.git] / libsecurity_keychain / lib / TrustStore.h

/*
 * Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// TrustStore.h - Abstract interface to permanent user trust assignments
//
#ifndef _SECURITY_TRUSTSTORE_H_
#define _SECURITY_TRUSTSTORE_H_

#include <security_keychain/Certificate.h>
#include <security_keychain/Policies.h>
#include <Security/SecTrust.h>
#include <security_keychain/TrustItem.h>


namespace Security {
namespace KeychainCore {


//
// A TrustStore object mediates access to "user trust" information stored
// for a user (usually in her keychains).
// For lack of a better home, access to the default anchor certificate
// list is also provided here.
//
class TrustStore {
	NOCOPY(TrustStore)
public:
    TrustStore(Allocator &alloc = Allocator::standard());
    virtual ~TrustStore();
	
	Allocator &allocator;

	// set/get user trust for a certificate and policy
    SecTrustUserSetting find(Certificate *cert, Policy *policy, 
		StorageManager::KeychainList &keychainList);
    void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment);
    
	void getCssmRootCertificates(CertGroup &roots);
	
	typedef UserTrustItem::TrustData TrustData;
	
protected:
	Item findItem(Certificate *cert, Policy *policy, 
		StorageManager::KeychainList &keychainList);
	void loadRootCertificates();

private:
	bool mRootsValid;			// roots have been loaded from disk
	vector<CssmData> mRoots;	// array of CssmDatas to certificate datas
	CssmAutoData mRootBytes;	// certificate data blobs (bunched up)
    CFRef<CFArrayRef> mCFRoots;	// mRoots as CFArray<SecCertificate>
	Mutex mMutex;
};

} // end namespace KeychainCore
} // end namespace Security

#endif // !_SECURITY_TRUSTSTORE_H_
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// TrustStore.h - Abstract interface to permanent user trust assignments
	26	//
	27	#ifndef _SECURITY_TRUSTSTORE_H_
	28	#define _SECURITY_TRUSTSTORE_H_
	29
	30	#include <security_keychain/Certificate.h>
	31	#include <security_keychain/Policies.h>
	32	#include <Security/SecTrust.h>
	33	#include <security_keychain/TrustItem.h>
	34
	35
	36	namespace Security {
	37	namespace KeychainCore {
	38
	39
	40	//
	41	// A TrustStore object mediates access to "user trust" information stored
	42	// for a user (usually in her keychains).
	43	// For lack of a better home, access to the default anchor certificate
	44	// list is also provided here.
	45	//
	46	class TrustStore {
	47	NOCOPY(TrustStore)
	48	public:
	49	TrustStore(Allocator &alloc = Allocator::standard());
	50	virtual ~TrustStore();
	51
	52	Allocator &allocator;
	53
	54	// set/get user trust for a certificate and policy
	55	SecTrustUserSetting find(Certificate cert, Policy policy,
	56	StorageManager::KeychainList &keychainList);
	57	void assign(Certificate cert, Policy policy, SecTrustUserSetting assignment);
	58
	59	void getCssmRootCertificates(CertGroup &roots);
	60
	61	typedef UserTrustItem::TrustData TrustData;
	62
	63	protected:
	64	Item findItem(Certificate cert, Policy policy,
65	StorageManager::KeychainList &keychainList);
66	void loadRootCertificates();
67
68	private:
69	bool mRootsValid; // roots have been loaded from disk
70	vector<CssmData> mRoots; // array of CssmDatas to certificate datas
71	CssmAutoData mRootBytes; // certificate data blobs (bunched up)
72	CFRef<CFArrayRef> mCFRoots; // mRoots as CFArray<SecCertificate>
73	Mutex mMutex;
74	};
75
76	} // end namespace KeychainCore
77	} // end namespace Security
78
79	#endif // !_SECURITY_TRUSTSTORE_H_