securityd/src/kckey.h

   1 /*
   2  * Copyright (c) 2000-2001,2004-2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // key - representation of SecurityServer key objects
  27 //
  28 #ifndef _H_KCKEY
  29 #define _H_KCKEY
  30
  31 #include "localkey.h"
  32 #include <security_cdsa_utilities/handleobject.h>
  33 #include <security_cdsa_client/keyclient.h>
  34
  35
  36 class KeychainDatabase;
  37
  38
  39 //
  40 // A KeychainKey object represents a CssmKey that is stored in a KeychainDatabase.
  41 //
  42 // This is a LocalKey with deferred instantiation. A KeychainKey always exists in one of
  43 // two states:
  44 //  (*) Decoded: The CssmKey is valid; the blob may or may not be.
  45 //  (*) Encoded: The blob is valid, the CssmKey may or may not be.
  46 // One of (blob, CssmKey) is always valid. The process of decoding the CssmKey from the
  47 // blob (and vice versa) requires keychain cryptography, which unlocks the keychain
  48 // (implicitly as needed).
  49 // Other than that, this is just a LocalKey.
  50 //
  51 class KeychainKey : public LocalKey, public SecurityServerAcl {
  52 public:
  53         KeychainKey(Database &db, const KeyBlob *blob);
  54         KeychainKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  55                 const AclEntryPrototype *owner = NULL);
  56         virtual ~KeychainKey();
  57
  58         KeychainDatabase &database() const;
  59
  60     // we can also yield an encoded KeyBlob
  61         KeyBlob *blob();
  62
  63         void invalidateBlob();
  64
  65     // ACL state management hooks
  66         void instantiateAcl();
  67         void changedAcl();
  68     Database *relatedDatabase();
  69         void validate(AclAuthorization auth, const AccessCredentials *cred, Database *relatedDatabase);
  70
  71 public:
  72         // SecurityServerAcl personality
  73         AclKind aclKind() const;
  74
  75         SecurityServerAcl &acl();
  76
  77 private:
  78     void decode();
  79         void getKey();
  80         virtual void getHeader(CssmKey::Header &hdr); // get header (only) without mKey
  81
  82 private:
  83         KeyBlob *mBlob;                 // key blob encoded by mDatabase
  84         bool mValidBlob;                // mBlob is valid key encoding
  85 };
  86
  87
  88 #endif //_H_KCKEY