[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmcred.h

/*
 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// cssmcred - enhanced PodWrappers and construction aids for ACL credentials
//
#ifndef _CSSMCRED
#define _CSSMCRED

#include <security_utilities/utilities.h>
#include <security_cdsa_utilities/cssmlist.h>
#include <security_cdsa_utilities/cssmalloc.h>
#include <list>

namespace Security {


//
// PodWrappers for samples and sample groups
//
class CssmSample : public PodWrapper<CssmSample, CSSM_SAMPLE> {
public:
	CssmSample(const TypedList &list)
	{ TypedSample = list; Verifier = NULL; }
	CssmSample(const TypedList &list, const CssmSubserviceUid &ver)
	{ TypedSample = list; Verifier = &ver; }

	TypedList &value() { return TypedList::overlay(TypedSample); }
	const TypedList &value() const { return TypedList::overlay(TypedSample); }
	operator TypedList & () { return value(); }
	
	const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); }
	CssmSubserviceUid * &verifier()
	{ return const_cast<CssmSubserviceUid * &>(CssmSubserviceUid::overlayVar(Verifier)); }
};

class SampleGroup : public PodWrapper<SampleGroup, CSSM_SAMPLEGROUP> {
public:
	SampleGroup() { clearPod(); }
	SampleGroup(CssmSample &single)	{ NumberOfSamples = 1; Samples = &single; }

	uint32 size() const { return NumberOfSamples; }
	uint32 length() const { return size(); }	// legacy; prefer size()
	CssmSample *&samples() { return CssmSample::overlayVar(const_cast<CSSM_SAMPLE *&>(Samples)); }
	CssmSample *samples() const { return CssmSample::overlay(const_cast<CSSM_SAMPLE *>(Samples)); }

	CssmSample &operator [] (uint32 ix) const
	{ assert(ix < size()); return samples()[ix]; }
	
public:
	// extract all samples of a given sample type. return true if any found
	// note that you get a shallow copy of the sample structures for temporary use ONLY
	bool collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &samples) const;
};


//
// The PodWrapper for the top-level CSSM credentials structure
//
class AccessCredentials : public PodWrapper<AccessCredentials, CSSM_ACCESS_CREDENTIALS> {
public:
	AccessCredentials() { clearPod(); }
	explicit AccessCredentials(const SampleGroup &samples, const char *tag = NULL)
	{ this->samples() = samples; this->tag(tag); }
	explicit AccessCredentials(const SampleGroup &samples, const std::string &tag)
	{ this->samples() = samples; this->tag(tag); }
	
	const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
	std::string s_tag() const { return EntryTag; }
	void tag(const char *tagString);
	void tag(const std::string &tagString) { return tag(tagString.c_str()); }

	SampleGroup &samples() { return SampleGroup::overlay(Samples); }
	const SampleGroup &samples() const { return SampleGroup::overlay(Samples); }
	
	// pass-throughs to our SampleGroup
	uint32 size() const { return samples().size(); }
	CssmSample &operator [] (uint32 ix) const { return samples()[ix]; }

    // Do these access credentials allow you to pop ui?
    bool authorizesUI() const;

public:
    static const AccessCredentials &null;	// all null credential
	
	// turn NULL into a null credential if needed
	static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred)
	{ return cred ? overlay(cred) : &null; }
};


//
// An AccessCredentials object with some construction help.
// Note that this is NOT a PodWrapper.
//
class AutoCredentials : public AccessCredentials {
public:
	AutoCredentials(Allocator &alloc);
	AutoCredentials(Allocator &alloc, uint32 nSamples);
	
	Allocator &allocator;
	
	CssmSample &sample(uint32 n) { return getSample(n); }
	
	CssmSample &append(const CssmSample &sample)
	{ return getSample(samples().length()) = sample; }
	TypedList &append(const TypedList &exhibit)
	{ return (getSample(samples().length()) = exhibit).value(); }
	
	CssmSample &operator += (const CssmSample &sample)	{ return append(sample); }
	TypedList &operator += (const TypedList &exhibit)	{ return append(exhibit); }
	
private:
	void init();
	CssmSample &getSample(uint32 n);
	
	CssmSample *sampleArray;
	uint32 nSamples;
};


//
// Walkers for the CSSM API structure types.
// Note that there are irrational "const"s strewn about the credential sub-structures.
// They make it essentially impossible to incrementally construction them without
// violating them. Since we know what we're doing, we do.
//
namespace DataWalkers
{

// CssmSample (with const override)
template <class Action>
void walk(Action &operate, CssmSample &sample)
{
	operate(sample);
	walk(operate, sample.value());
	if (sample.verifier())
		walk(operate, sample.verifier());
}

// SampleGroup
template <class Action>
void walk(Action &operate, SampleGroup &samples)
{
	operate(samples);
	enumerateArray(operate, samples, &SampleGroup::samples);
}

// AccessCredentials
template <class Action>
AccessCredentials *walk(Action &operate, AccessCredentials * &cred)
{
	operate(cred);
	//@@@ ignoring BaseCerts
	walk(operate, cred->samples());
	//@@@ ignoring challenge callback
	return cred;
}

template <class Action>
CSSM_ACCESS_CREDENTIALS *walk(Action &operate, CSSM_ACCESS_CREDENTIALS * &cred)
{ return walk(operate, AccessCredentials::overlayVar(cred)); }

template <class Action>
AutoCredentials *walk(Action &operate, AutoCredentials * &cred)
{ return (AutoCredentials *)walk(operate, (AccessCredentials * &)cred); }


} // end namespace DataWalkers
} // end namespace Security


#endif //_CSSMCRED
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// cssmcred - enhanced PodWrappers and construction aids for ACL credentials
	27	//
	28	#ifndef _CSSMCRED
	29	#define _CSSMCRED
	30
	31	#include <security_utilities/utilities.h>
	32	#include <security_cdsa_utilities/cssmlist.h>
	33	#include <security_cdsa_utilities/cssmalloc.h>
	34	#include <list>
	35
	36	namespace Security {
	37
	38
	39	//
	40	// PodWrappers for samples and sample groups
	41	//
	42	class CssmSample : public PodWrapper<CssmSample, CSSM_SAMPLE> {
	43	public:
	44	CssmSample(const TypedList &list)
	45	{ TypedSample = list; Verifier = NULL; }
	46	CssmSample(const TypedList &list, const CssmSubserviceUid &ver)
	47	{ TypedSample = list; Verifier = &ver; }
	48
	49	TypedList &value() { return TypedList::overlay(TypedSample); }
	50	const TypedList &value() const { return TypedList::overlay(TypedSample); }
	51	operator TypedList & () { return value(); }
	52
	53	const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); }
	54	CssmSubserviceUid * &verifier()
	55	{ return const_cast<CssmSubserviceUid * &>(CssmSubserviceUid::overlayVar(Verifier)); }
	56	};
	57
	58	class SampleGroup : public PodWrapper<SampleGroup, CSSM_SAMPLEGROUP> {
	59	public:
	60	SampleGroup() { clearPod(); }
	61	SampleGroup(CssmSample &single) { NumberOfSamples = 1; Samples = &single; }
	62
	63	uint32 size() const { return NumberOfSamples; }
	64	uint32 length() const { return size(); } // legacy; prefer size()
	65	CssmSample &samples() { return CssmSample::overlayVar(const_cast<CSSM_SAMPLE &>(Samples)); }
	66	CssmSample samples() const { return CssmSample::overlay(const_cast<CSSM_SAMPLE >(Samples)); }
67
68	CssmSample &operator [] (uint32 ix) const
69	{ assert(ix < size()); return samples()[ix]; }
70
71	public:
72	// extract all samples of a given sample type. return true if any found
73	// note that you get a shallow copy of the sample structures for temporary use ONLY
74	bool collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &samples) const;
75	};
76
77
78	//
79	// The PodWrapper for the top-level CSSM credentials structure
80	//
81	class AccessCredentials : public PodWrapper<AccessCredentials, CSSM_ACCESS_CREDENTIALS> {
82	public:
83	AccessCredentials() { clearPod(); }
84	explicit AccessCredentials(const SampleGroup &samples, const char *tag = NULL)
85	{ this->samples() = samples; this->tag(tag); }
86	explicit AccessCredentials(const SampleGroup &samples, const std::string &tag)
87	{ this->samples() = samples; this->tag(tag); }
88
89	const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
90	std::string s_tag() const { return EntryTag; }
91	void tag(const char *tagString);
92	void tag(const std::string &tagString) { return tag(tagString.c_str()); }
93
94	SampleGroup &samples() { return SampleGroup::overlay(Samples); }
95	const SampleGroup &samples() const { return SampleGroup::overlay(Samples); }
96
97	// pass-throughs to our SampleGroup
98	uint32 size() const { return samples().size(); }
99	CssmSample &operator [] (uint32 ix) const { return samples()[ix]; }
e3d460c9 A	100
	101	// Do these access credentials allow you to pop ui?
	102	bool authorizesUI() const;
	103
b1ab9ed8 A	104	public:
	105	static const AccessCredentials &null; // all null credential
	106
	107	// turn NULL into a null credential if needed
	108	static const AccessCredentials needed(const CSSM_ACCESS_CREDENTIALS cred)
	109	{ return cred ? overlay(cred) : &null; }
	110	};
	111
	112
	113	//
	114	// An AccessCredentials object with some construction help.
	115	// Note that this is NOT a PodWrapper.
	116	//
	117	class AutoCredentials : public AccessCredentials {
	118	public:
	119	AutoCredentials(Allocator &alloc);
	120	AutoCredentials(Allocator &alloc, uint32 nSamples);
	121
	122	Allocator &allocator;
	123
	124	CssmSample &sample(uint32 n) { return getSample(n); }
	125
	126	CssmSample &append(const CssmSample &sample)
	127	{ return getSample(samples().length()) = sample; }
	128	TypedList &append(const TypedList &exhibit)
	129	{ return (getSample(samples().length()) = exhibit).value(); }
	130
	131	CssmSample &operator += (const CssmSample &sample) { return append(sample); }
	132	TypedList &operator += (const TypedList &exhibit) { return append(exhibit); }
	133
	134	private:
	135	void init();
	136	CssmSample &getSample(uint32 n);
	137
	138	CssmSample *sampleArray;
	139	uint32 nSamples;
	140	};
	141
	142
	143	//
	144	// Walkers for the CSSM API structure types.
	145	// Note that there are irrational "const"s strewn about the credential sub-structures.
	146	// They make it essentially impossible to incrementally construction them without
	147	// violating them. Since we know what we're doing, we do.
	148	//
	149	namespace DataWalkers
	150	{
	151
	152	// CssmSample (with const override)
	153	template <class Action>
	154	void walk(Action &operate, CssmSample &sample)
	155	{
	156	operate(sample);
	157	walk(operate, sample.value());
	158	if (sample.verifier())
	159	walk(operate, sample.verifier());
	160	}
	161
	162	// SampleGroup
	163	template <class Action>
	164	void walk(Action &operate, SampleGroup &samples)
	165	{
	166	operate(samples);
	167	enumerateArray(operate, samples, &SampleGroup::samples);
168	}
169
170	// AccessCredentials
171	template <class Action>
172	AccessCredentials walk(Action &operate, AccessCredentials &cred)
173	{
174	operate(cred);
175	//@@@ ignoring BaseCerts
176	walk(operate, cred->samples());
177	//@@@ ignoring challenge callback
178	return cred;
179	}
180
181	template <class Action>
182	CSSM_ACCESS_CREDENTIALS walk(Action &operate, CSSM_ACCESS_CREDENTIALS &cred)
183	{ return walk(operate, AccessCredentials::overlayVar(cred)); }
184
185	template <class Action>
186	AutoCredentials walk(Action &operate, AutoCredentials &cred)
187	{ return (AutoCredentials )walk(operate, (AccessCredentials &)cred); }
188
189
190	} // end namespace DataWalkers
191	} // end namespace Security
192
193
194	#endif //_CSSMCRED