]> git.saurik.com Git - apple/security.git/blob - Keychain/TrustItem.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.tar.gz
[apple/security.git] / Keychain / TrustItem.cpp
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 //
19 // TrustStore.h - Abstract interface to permanent user trust assignments
20 //
21 #include <Security/TrustItem.h>
22 #include <Security/Schema.h>
23 #include <Security/SecCFTypes.h>
24
25
26 namespace Security {
27 namespace KeychainCore {
28
29
30 //
31 // Construct a UserTrustItem from attributes and initial content
32 //
33 UserTrustItem::UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trustData) :
34 ItemImpl(CSSM_DL_DB_RECORD_USER_TRUST,
35 reinterpret_cast<SecKeychainAttributeList *>(NULL),
36 UInt32(sizeof(trustData)),
37 reinterpret_cast<const void *>(&trustData)),
38 mCertificate(cert), mPolicy(policy)
39 {
40 debug("usertrust", "create %p (%p,%p) = %d", this, cert, policy, trustData.trust);
41 }
42
43
44 //
45 // Destroy it
46 //
47 UserTrustItem::~UserTrustItem()
48 {
49 debug("usertrust", "destroy %p", this);
50 }
51
52
53 //
54 // Retrieve the trust value from a UserTrustItem
55 //
56 UserTrustItem::TrustData UserTrustItem::trust()
57 {
58 CssmDataContainer data;
59 getData(data);
60 if (data.length() != sizeof(TrustData))
61 MacOSError::throwMe(errSecInvalidTrustSetting);
62 return *data.interpretedAs<TrustData>();
63 }
64
65
66 //
67 // Add item to keychain
68 //
69 PrimaryKey UserTrustItem::add(Keychain &keychain)
70 {
71 // If we already have a Keychain we can't be added.
72 if (mKeychain)
73 MacOSError::throwMe(errSecDuplicateItem);
74
75 populateAttributes();
76
77 CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
78
79 Db db(keychain->database());
80 // add the item to the (regular) db
81 try
82 {
83 mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
84 debug("usertrust", "%p inserted", this);
85 }
86 catch (const CssmError &e)
87 {
88 if (e.cssmError() != CSSMERR_DL_INVALID_RECORDTYPE)
89 throw;
90
91 // Create the cert relation and try again.
92 debug("usertrust", "adding schema relation for user trusts");
93 db->createRelation(CSSM_DL_DB_RECORD_USER_TRUST, "CSSM_DL_DB_RECORD_USER_TRUST",
94 Schema::UserTrustSchemaAttributeCount,
95 Schema::UserTrustSchemaAttributeList,
96 Schema::UserTrustSchemaIndexCount,
97 Schema::UserTrustSchemaIndexList);
98
99 mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
100 debug("usertrust", "%p inserted now", this);
101 }
102
103 mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
104 mKeychain = keychain;
105
106 return mPrimaryKey;
107 }
108
109
110 void UserTrustItem::populateAttributes()
111 {
112 const CssmData &certData = mCertificate->data();
113 const CssmOid &policyOid = mPolicy->oid();
114 mDbAttributes->add(Schema::attributeInfo(kSecTrustCertAttr), certData);
115 mDbAttributes->add(Schema::attributeInfo(kSecTrustPolicyAttr), policyOid);
116 }
117
118
119 } // end namespace KeychainCore
120 } // end namespace Security
mirror of Security