]> git.saurik.com Git - apple/security.git/blob - cdsa/cdsa_utilities/cssmtrust.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.tar.gz
[apple/security.git] / cdsa / cdsa_utilities / cssmtrust.h
1 /*
2 * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // cssmtrust - CSSM layer Trust (TP) related objects.
21 //
22 #ifndef _H_CSSMTRUST
23 #define _H_CSSMTRUST
24
25 #include <Security/utilities.h>
26 #include <Security/cssmcert.h>
27 #include <Security/cssmcred.h>
28
29
30 namespace Security {
31
32
33 //
34 // A TP "POLICYINFO" structure, essentially an OID/Data pair.
35 //
36 class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
37 public:
38 uint32 count() const { return NumberOfPolicyIds; }
39 uint32 &count() { return NumberOfPolicyIds; }
40 CssmField *policies() const { return CssmField::overlay(PolicyIds); }
41 CssmField * &policies() { return CssmField::overlayVar(PolicyIds); }
42 void *control() const { return PolicyControl; }
43
44 CssmField &operator [] (uint32 ix)
45 { assert(ix < count()); return policies()[ix]; }
46
47 void setPolicies(uint32 n, CSSM_FIELD *p)
48 { count() = n; policies() = CssmField::overlay(p); }
49 };
50
51
52 //
53 // A CSSM_DL_DB_LIST wrapper.
54 // Note that there is a DLDBList class elsewhere that is quite
55 // unrelated to this structure.
56 //
57 class CssmDlDbHandle : public PodWrapper<CssmDlDbHandle, CSSM_DL_DB_HANDLE> {
58 public:
59 CssmDlDbHandle(CSSM_DL_HANDLE dl, CSSM_DB_HANDLE db)
60 { DLHandle = dl; DBHandle = db; }
61
62 CSSM_DL_HANDLE dl() const { return DLHandle; }
63 CSSM_DB_HANDLE db() const { return DBHandle; }
64
65 operator bool() const { return DLHandle && DBHandle; }
66 };
67
68
69 class CssmDlDbList : public PodWrapper<CssmDlDbList, CSSM_DL_DB_LIST> {
70 public:
71 uint32 count() const { return NumHandles; }
72 uint32 &count() { return NumHandles; }
73 CssmDlDbHandle *handles() const { return CssmDlDbHandle::overlay(DLDBHandle); }
74 CssmDlDbHandle * &handles() { return CssmDlDbHandle::overlayVar(DLDBHandle); }
75
76 CssmDlDbHandle &operator [] (uint32 ix) const
77 { assert(ix < count()); return CssmDlDbHandle::overlay(DLDBHandle[ix]); }
78
79 void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
80 { count() = n; handles() = CssmDlDbHandle::overlay(list); }
81 };
82
83
84 //
85 // TP caller authentication contexts
86 //
87 class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
88 public:
89 CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; }
90 void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
91
92 CSSM_TIMESTRING time() const { return VerifyTime; }
93 void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; }
94
95 PolicyInfo &policies() { return PolicyInfo::overlay(Policy); }
96 const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); }
97 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
98
99 AccessCredentials *creds() const
100 { return AccessCredentials::optional(CallerCredentials); }
101 void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; }
102
103 uint32 anchorCount() const { return NumberOfAnchorCerts; }
104 uint32 &anchorCount() { return NumberOfAnchorCerts; }
105 CssmData *anchors() const { return CssmData::overlay(AnchorCerts); }
106 CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); }
107
108 CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); }
109 CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); }
110 };
111
112
113 //
114 // TP Verify Contexts - a monster collection of possibly useful stuff
115 // when verifying a certificate against trust policies
116 //
117 class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
118 public:
119 CSSM_TP_ACTION action() const { return Action; }
120 CssmData &actionData() { return CssmData::overlay(ActionData); }
121 const CssmData &actionData() const { return CssmData::overlay(ActionData); }
122
123 // set and reference the CallerAuth component
124 TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); }
125 operator TPCallerAuth &() const { return callerAuth(); }
126 TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
127 void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
128
129 // forward CallerAuth operations
130
131 CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
132 void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
133 PolicyInfo &policies() const { return callerAuth().policies(); }
134 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
135 CSSM_TIMESTRING time() const { return callerAuth().time(); }
136 void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); }
137 AccessCredentials *creds() const { return callerAuth().creds(); }
138 void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
139 uint32 anchorCount() const { return callerAuth().anchorCount(); }
140 uint32 &anchorCount() { return callerAuth().anchorCount(); }
141 CssmData *anchors() const { return callerAuth().anchors(); }
142 CssmData * &anchors() { return callerAuth().anchors(); }
143 void anchors(uint32 count, CSSM_DATA *vector)
144 { anchorCount() = count; anchors() = CssmData::overlay(vector); }
145 void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
146 { callerAuth().dlDbList()->setDlDbList(n, list); }
147 };
148
149
150 //
151 // The result of a (raw) TP trust verification call
152 //
153 class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
154 public:
155 CSSM_EVIDENCE_FORM form() const { return EvidenceForm; }
156 void *data() const { return Evidence; }
157 operator void *() const { return data(); }
158
159 template <class T>
160 T *as() const { return reinterpret_cast<T *>(Evidence); }
161 };
162
163 class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
164 public:
165 uint32 count() const { return NumberOfEvidences; }
166 const TPEvidence &operator [] (uint32 ix) const
167 { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
168 };
169
170
171 //
172 // A PodWrapper for Apple's TP supporting-evidence structure
173 //
174 class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
175 public:
176 CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; }
177 CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
178 { return status() & flags; }
179
180 uint32 index() const { return Index; }
181 const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
182 CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
183
184 uint32 codes() const { return NumStatusCodes; }
185 CSSM_RETURN operator [] (uint32 ix)
186 { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
187
188 void destroy(CssmAllocator &allocator);
189 };
190
191
192 //
193 // Walkers
194 //
195 namespace DataWalkers {
196
197
198
199
200 } // end namespace DataWalkers
201 } // end namespace Security
202
203 #endif //_H_CSSMTRUST
mirror of Security