[apple/security.git] / OSX / libsecurity_keychain / lib / PolicyCursor.cpp

/*
 * Copyright (c) 2002-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// PolicyCursor.cpp
//
#include <security_keychain/PolicyCursor.h>
#include <security_keychain/Policies.h>
#include <Security/oidsalg.h>
#include <security_cdsa_client/tpclient.h>

using namespace KeychainCore;
using namespace CssmClient;


//
// This preliminary implementation bypasses MDS and uses
// a fixed set of policies known to exist in the one known TP.
//
struct TheOneTP : public TP {
	TheOneTP() : TP(gGuidAppleX509TP) { }
};

static ModuleNexus<TheOneTP> theOneTP;
static const CssmOid *theOidList[] = {
	static_cast<const CssmOid *>(&CSSMOID_APPLE_ISIGN),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_X509_BASIC),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SSL),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SMIME),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_EAP),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SW_UPDATE_SIGNING),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_IP_SEC),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_ICHAT),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_RESOURCE_SIGN),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_CLIENT),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_SERVER),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_CODE_SIGNING),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PACKAGE_SIGNING),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_CRL),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_OCSP),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_APPLEID_SHARING),
	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_TIMESTAMPING),
	NULL	// sentinel
};


//
// Canonical Construction
//
PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value)
    : mOid(Allocator::standard()), mOidGiven(false), mMutex(Mutex::recursive)
{
    if (oid) {
        mOid = CssmOid::required(oid);
        mOidGiven = true;
    }
    mSearchPos = 0;
}


//
// Destroy
//
PolicyCursor::~PolicyCursor() throw()
{
}


//
// Crank the iterator
//
bool PolicyCursor::next(SecPointer<Policy> &policy)
{
	StLock<Mutex>_(mMutex);

    while (theOidList[mSearchPos]) {
        if (mOidGiven && mOid != *theOidList[mSearchPos]) {
            mSearchPos++;
            continue;	// no oid match
        }
        // ignoring mValue - not used by current TP
        policy = new Policy(theOneTP(), *theOidList[mSearchPos]);
        mSearchPos++;	// advance cursor
        return true;	// return next match
    }
    return false;	// end of table, no more matches
}

//
// Return a new policy instance for an OID, outside of cursor iteration
//
void PolicyCursor::policy(const CSSM_OID* oid, SecPointer<Policy> &policy)
{
	const CssmOid *policyOid = static_cast<const CssmOid *>(oid);
	policy = new Policy(theOneTP(), *policyOid);
}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2002-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
427c49bc	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
d8f41ccd	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
d8f41ccd	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
d8f41ccd	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// PolicyCursor.cpp
	26	//
	27	#include <security_keychain/PolicyCursor.h>
	28	#include <security_keychain/Policies.h>
	29	#include <Security/oidsalg.h>
	30	#include <security_cdsa_client/tpclient.h>
	31
	32	using namespace KeychainCore;
	33	using namespace CssmClient;
	34
	35
	36	//
	37	// This preliminary implementation bypasses MDS and uses
	38	// a fixed set of policies known to exist in the one known TP.
	39	//
	40	struct TheOneTP : public TP {
	41	TheOneTP() : TP(gGuidAppleX509TP) { }
	42	};
	43
	44	static ModuleNexus<TheOneTP> theOneTP;
	45	static const CssmOid *theOidList[] = {
	46	static_cast<const CssmOid *>(&CSSMOID_APPLE_ISIGN),
	47	static_cast<const CssmOid *>(&CSSMOID_APPLE_X509_BASIC),
	48	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SSL),
	49	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SMIME),
	50	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_EAP),
	51	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SW_UPDATE_SIGNING),
	52	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_IP_SEC),
	53	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_ICHAT),
	54	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_RESOURCE_SIGN),
	55	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_CLIENT),
	56	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_SERVER),
	57	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_CODE_SIGNING),
	58	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PACKAGE_SIGNING),
	59	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_CRL),
	60	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_OCSP),
427c49bc	61	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT),
b1ab9ed8 A	62	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_APPLEID_SHARING),
	63	static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_TIMESTAMPING),
	64	NULL // sentinel
	65	};
	66
	67
	68	//
	69	// Canonical Construction
	70	//
	71	PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value)
	72	: mOid(Allocator::standard()), mOidGiven(false), mMutex(Mutex::recursive)
	73	{
	74	if (oid) {
	75	mOid = CssmOid::required(oid);
	76	mOidGiven = true;
	77	}
	78	mSearchPos = 0;
	79	}
	80
	81
	82	//
	83	// Destroy
	84	//
	85	PolicyCursor::~PolicyCursor() throw()
	86	{
	87	}
	88
	89
	90	//
	91	// Crank the iterator
	92	//
	93	bool PolicyCursor::next(SecPointer<Policy> &policy)
	94	{
	95	StLock<Mutex>_(mMutex);
	96
	97	while (theOidList[mSearchPos]) {
	98	if (mOidGiven && mOid != *theOidList[mSearchPos]) {
	99	mSearchPos++;
	100	continue; // no oid match
	101	}
	102	// ignoring mValue - not used by current TP
	103	policy = new Policy(theOneTP(), *theOidList[mSearchPos]);
	104	mSearchPos++; // advance cursor
	105	return true; // return next match
	106	}
	107	return false; // end of table, no more matches
	108	}
427c49bc A	109
	110	//
	111	// Return a new policy instance for an OID, outside of cursor iteration
	112	//
	113	void PolicyCursor::policy(const CSSM_OID* oid, SecPointer<Policy> &policy)
	114	{
	115	const CssmOid policyOid = static_cast<const CssmOid >(oid);
	116	policy = new Policy(theOneTP(), *policyOid);
	117	}
	118