]> git.saurik.com Git - apple/security.git/blob - libsecurity_apple_x509_tp/lib/TPCertInfo.h
Security-55179.1.tar.gz
[apple/security.git] / libsecurity_apple_x509_tp / lib / TPCertInfo.h
1 /*
2 * Copyright (c) 2000-2011 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * TPCertInfo.h - TP's private certificate info and cert group classes
21 */
22
23 #ifndef _TP_CERT_INFO_H_
24 #define _TP_CERT_INFO_H_
25
26 #include <Security/cssm.h>
27 #include <Security/SecTrust.h>
28 #include <Security/SecTrustSettings.h>
29 #include <security_utilities/alloc.h>
30 #include <security_utilities/threading.h>
31 #include <security_utilities/globalizer.h>
32 #include <CoreFoundation/CFDate.h>
33
34 /* protects TP-wide access to time() and gmtime() */
35 extern ModuleNexus<Mutex> tpTimeLock;
36
37 /*
38 * Prototypes for functions which are isomorphic between certs and CRLs at the
39 * CL API.
40 */
41 typedef CSSM_RETURN (*clGetFirstFieldFcn)(
42 CSSM_CL_HANDLE CLHandle,
43 CSSM_HANDLE ItemHandle, // cached cert or CRL
44 const CSSM_OID *ItemField,
45 CSSM_HANDLE_PTR ResultsHandle,
46 uint32 *NumberOfMatchedFields,
47 CSSM_DATA_PTR *Value);
48 typedef CSSM_RETURN (*clAbortQueryFcn)(
49 CSSM_CL_HANDLE CLHandle,
50 CSSM_HANDLE ResultsHandle); // from clGetFirstFieldFcn
51 typedef CSSM_RETURN (*clCacheItemFcn)(
52 CSSM_CL_HANDLE CLHandle,
53 const CSSM_DATA *Item, // raw cert or CRL
54 CSSM_HANDLE_PTR CertHandle);
55 typedef CSSM_RETURN (*clAbortCacheFcn)(
56 CSSM_CL_HANDLE CLHandle,
57 CSSM_HANDLE ItemHandle); // from clCacheItemFcn
58 typedef CSSM_RETURN (*clItemVfyFcn)(
59 CSSM_CL_HANDLE CLHandle,
60 CSSM_CC_HANDLE CCHandle,
61 const CSSM_DATA *CrlOrCertToBeVerified,
62 const CSSM_DATA *SignerCert,
63 const CSSM_FIELD *VerifyScope,
64 uint32 ScopeSize);
65
66 typedef struct {
67 /* CL/cert-specific functions */
68 clGetFirstFieldFcn getField;
69 clAbortQueryFcn abortQuery;
70 clCacheItemFcn cacheItem;
71 clAbortCacheFcn abortCache;
72 clItemVfyFcn itemVerify;
73 /* CL/cert-specific OIDs */
74 const CSSM_OID *notBeforeOid;
75 const CSSM_OID *notAfterOid;
76 /* CL/cert specific errors */
77 CSSM_RETURN invalidItemRtn; // CSSMERR_TP_INVALID_{CERT,CRL}_POINTER
78 CSSM_RETURN expiredRtn;
79 CSSM_RETURN notValidYetRtn;
80 } TPClItemCalls;
81
82 class TPCertInfo;
83
84 /*
85 * On construction of a TPClItemInfo, specifies whether or not to
86 * copy the incoming item data (in which we free it upon destruction)
87 * or to use caller's data as is (in which case the caller maintains
88 * the data).
89 */
90 typedef enum {
91 TIC_None = 0, // never used
92 TIC_NoCopy, // caller maintains
93 TIC_CopyData // we copy and free
94 } TPItemCopy;
95
96 /*
97 * State of a cert's mIsRoot flag. We do signature self-verify on demand.
98 */
99 typedef enum {
100 TRS_Unknown, // initial state
101 TRS_NamesMatch, // subject == issuer, but no sig verify yet
102 TRS_NotRoot, // subject != issuer, OR sig verify failed
103 TRS_IsRoot // it's a root
104 } TPRootState;
105
106 /*
107 * Base class for TPCertInfo and TPCrlInfo. Encapsulates caching of
108 * an entity within the CL, field lookup/free, and signature verify,
109 * all of which use similar functions at the CL API.
110 */
111 class TPClItemInfo
112 {
113 NOCOPY(TPClItemInfo)
114 public:
115 TPClItemInfo(
116 CSSM_CL_HANDLE clHand,
117 CSSM_CSP_HANDLE cspHand,
118 const TPClItemCalls &clCalls,
119 const CSSM_DATA *itemData,
120 TPItemCopy copyItemData,
121 const char *verifyTime); // may be NULL
122
123 ~TPClItemInfo();
124 void releaseResources();
125
126 /*
127 * Fetch arbitrary field from cached item.
128 * Only should be used when caller is sure there is either zero or one
129 * of the requested fields present in the cert.
130 */
131 CSSM_RETURN fetchField(
132 const CSSM_OID *fieldOid,
133 CSSM_DATA_PTR *fieldData); // mallocd by CL and RETURNED
134
135 /* free arbitrary field obtained from fetchField() */
136 CSSM_RETURN freeField(
137 const CSSM_OID *fieldOid,
138 CSSM_DATA_PTR fieldData);
139
140 /*
141 * Verify with an issuer cert - works on certs and CRLs.
142 * Issuer/subject name match already performed by caller.
143 * May return CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE without
144 * performing a signature op, in which case it is the caller's
145 * resposibility to complete this operation later when
146 * sufficient information is available.
147 *
148 * Optional paramCert is used to provide parameters when issuer
149 * has a partial public key.
150 */
151 CSSM_RETURN verifyWithIssuer(
152 TPCertInfo *issuerCert,
153 TPCertInfo *paramCert = NULL) const;
154
155 /* accessors */
156 CSSM_CL_HANDLE clHand() const { return mClHand; }
157 CSSM_CSP_HANDLE cspHand() const { return mCspHand; }
158 CSSM_HANDLE cacheHand() const { return mCacheHand; }
159 const CSSM_DATA *itemData() const { return mItemData; }
160 const CSSM_DATA *issuerName() const { return mIssuerName; };
161 unsigned index() const { return mIndex; }
162 void index(unsigned dex) { mIndex = dex; }
163 bool isExpired() { return mIsExpired; }
164 bool isNotValidYet() { return mIsNotValidYet; }
165
166 /*
167 * Calculate validity (not before/after). Returns
168 * CSSMERR_{TP_CERT,APPLETP_CRL}_NOT_VALID_YET
169 * CSSMERR_xxx_T_EXPIRED
170 * CSSM_OK
171 * CSSMERR_xxx_INVALID_CERT_POINTER, other "bogus cert" errors
172 */
173 CSSM_RETURN calculateCurrent(
174 const char *verifyString = NULL);
175
176 private:
177
178 /* Tell CL to parse and cache the item */
179 CSSM_RETURN cacheItem(
180 const CSSM_DATA *itemData,
181 TPItemCopy copyItemData);
182
183
184 /* fetch not before/after fields */
185 void fetchNotBeforeAfter();
186
187 CSSM_CL_HANDLE mClHand; // always valid
188 CSSM_CSP_HANDLE mCspHand; // always valid
189 const TPClItemCalls &mClCalls;
190 bool mWeOwnTheData; // if true, we have to free
191 // mCertData
192 /* following four valid subsequent to cacheItem(), generally
193 * called by subclass's constructor */
194 CSSM_HANDLE mCacheHand;
195 CSSM_DATA_PTR mIssuerName;
196 CSSM_DATA *mItemData;
197 CSSM_ALGORITHMS mSigAlg;
198
199 /* calculated implicitly at construction */
200 CFDateRef mNotBefore;
201 CFDateRef mNotAfter;
202
203 /* also calculated at construction, but can be recalculated at will */
204 bool mIsExpired;
205 bool mIsNotValidYet;
206
207 unsigned mIndex;
208 };
209
210 /*
211 * Class representing one certificate. The raw cert data usually comes from
212 * a client (via incoming cert groups in CertGroupConstruct() and
213 * CertGroupVerify()); in this case, we don't own the raw data and
214 * don't copy or free it. Caller can optionally specify that we copy
215 * (and own and eventually free) the raw cert data. Currently this is
216 * done when we find a cert in a DlDb or from the net. The constructor throws
217 * on any error (bad cert data); subsequent to successful construction, no CSSM
218 * errors are thrown and it's guaranteed that the cert is basically good and
219 * successfully cached in the CL, and that we have a locally cached subject
220 * and issuer name (in normalized encoded format).
221 */
222 class TPCertInfo : public TPClItemInfo
223 {
224 NOCOPY(TPCertInfo)
225 public:
226 /*
227 * No default constructor - this is the only way.
228 * This caches the cert and fetches subjectName and issuerName
229 * to ensure the incoming certData is well-constructed.
230 */
231 TPCertInfo(
232 CSSM_CL_HANDLE clHand,
233 CSSM_CSP_HANDLE cspHand,
234 const CSSM_DATA *certData,
235 TPItemCopy copyCertData,
236
237 const char *verifyTime); // may be NULL
238
239 /* frees mSubjectName, mIssuerName, mCacheHand via mClHand */
240 ~TPCertInfo();
241
242 /* accessors */
243 const CSSM_DATA *subjectName();
244
245 bool isSelfSigned(bool avoidVerify = false);
246
247 bool isAnchor() { return mIsAnchor; }
248 void isAnchor(bool a) { mIsAnchor = a; }
249 bool isFromNet() { return mIsFromNet; }
250 void isFromNet(bool n) { mIsFromNet = n; };
251 bool isFromInputCerts() { return mIsFromInputCerts; }
252 void isFromInputCerts(bool i) { mIsFromInputCerts = i; }
253 unsigned numStatusCodes() { return mNumStatusCodes; }
254 CSSM_RETURN *statusCodes() { return mStatusCodes; }
255 CSSM_DL_DB_HANDLE dlDbHandle() { return mDlDbHandle; }
256 void dlDbHandle(CSSM_DL_DB_HANDLE hand)
257 { mDlDbHandle = hand; }
258 CSSM_DB_UNIQUE_RECORD_PTR uniqueRecord()
259 { return mUniqueRecord; }
260 void uniqueRecord(CSSM_DB_UNIQUE_RECORD_PTR rec)
261 { mUniqueRecord = rec; }
262 CSSM_KEY_PTR pubKey() { return mPublicKey; }
263 bool used() { return mUsed; }
264 void used(bool u) { mUsed = u; }
265 bool isLeaf() { return mIsLeaf; }
266 void isLeaf(bool l) { mIsLeaf = l; }
267
268 SecTrustSettingsDomain trustSettingsDomain() { return mTrustSettingsDomain; }
269 SecTrustSettingsResult trustSettingsResult() { return mTrustSettingsResult; }
270 bool ignoredError() { return mIgnoredError; }
271
272 /* true means "verification terminated due to user trust setting" */
273 bool trustSettingsFound();
274 /*
275 * Am I the issuer of the specified subject item? Returns true if so.
276 * Works for subject certs as well as CRLs.
277 */
278 bool isIssuerOf(
279 const TPClItemInfo &subject);
280
281 /*
282 * Add error status to mStatusCodes[]. Check to see if the
283 * added status is allowed per mAllowedErrs; if not return true.
284 * Returns false of the status *is* an allowed error.
285 */
286 bool addStatusCode(
287 CSSM_RETURN code);
288
289 /*
290 * See if the specified error status is in the mStatusCodes array.
291 */
292 bool hasStatusCode(
293 CSSM_RETURN code);
294
295 /*
296 * See if the specified error status is allowed (return false) or
297 * fatal (return true) per mAllowedErrs[].
298 */
299 bool isStatusFatal(
300 CSSM_RETURN code);
301
302 /*
303 * Indicate whether this cert's public key is a CSSM_KEYATTR_PARTIAL
304 * key.
305 */
306 bool hasPartialKey();
307
308 /* Indicate whether this cert should be explicitly rejected.
309 */
310 bool shouldReject();
311
312 /*
313 * Flag to indicate that at least one revocation policy has successfully
314 * achieved a positive verification of the cert.
315 */
316 bool revokeCheckGood() { return mRevCheckGood; }
317 void revokeCheckGood(bool b) { mRevCheckGood = b; }
318
319 /*
320 * Flag to indicate "I have successfully been checked for revocation
321 * status and the per-policy action data indicates that I need not be
322 * checked again by any other revocation policy". E.g.,
323 * CSSM_TP_ACTION_CRL_SUFFICIENT is set and CRL revocation checking
324 * was successful for this cert.
325 */
326 bool revokeCheckComplete() { return mRevCheckComplete; }
327 void revokeCheckComplete(bool b) { mRevCheckComplete = b; }
328
329 /*
330 * Evaluate user trust; returns true if positive match found - i.e.,
331 * cert chain construction is done.
332 * The foundEntry return value indicates that *some* entry was found for
333 * the cert, regardless of the trust setting evaluation.
334 */
335 OSStatus evaluateTrustSettings(
336 const CSSM_OID &policyOid,
337 const char *policyString, // optional
338 uint32 policyStringLen,
339 SecTrustSettingsKeyUsage keyUse, // optional
340 bool *foundMatchingEntry,
341 bool *foundEntry); // RETURNED
342
343 bool hasEmptySubjectName();
344
345 /* Free mUniqueRecord if it exists */
346 void freeUniqueRecord();
347
348 private:
349 /* obtained from CL at construction */
350 CSSM_DATA_PTR mSubjectName; // always valid
351 CSSM_DATA_PTR mPublicKeyData; // mPublicKey obtained from this field
352 CSSM_KEY_PTR mPublicKey;
353
354 /* maintained by caller, default at constructor 0/false */
355 bool mIsAnchor;
356 bool mIsFromInputCerts;
357 bool mIsFromNet;
358 unsigned mNumStatusCodes;
359 CSSM_RETURN *mStatusCodes;
360 CSSM_DL_DB_HANDLE mDlDbHandle;
361 CSSM_DB_UNIQUE_RECORD_PTR mUniqueRecord;
362 bool mUsed; // e.g., used in current loop
363 bool mIsLeaf; // first in chain
364 TPRootState mIsRoot; // subject == issuer
365 bool mRevCheckGood; // >= 1 revoke check good
366 bool mRevCheckComplete; // no more revoke checking needed
367
368 /*
369 * When true, we've already called SecTrustSettingsEvaluateCert,
370 * and the cached results are in following member vars.
371 */
372 bool mTrustSettingsEvaluated;
373
374 /* result of trust settings evaluation */
375 SecTrustSettingsDomain mTrustSettingsDomain;
376 SecTrustSettingsResult mTrustSettingsResult;
377 bool mTrustSettingsFoundAnyEntry;
378 bool mTrustSettingsFoundMatchingEntry;
379
380 /* allowed errors obtained from SecTrustSettingsEvaluateCert() */
381 CSSM_RETURN *mAllowedErrs;
382 uint32 mNumAllowedErrs;
383
384 /* we actually ignored one of mAllowedErrors[] */
385 bool mIgnoredError;
386
387 /* key usage for which mTrustSettingsResult was evaluated */
388 SecTrustSettingsKeyUsage mTrustSettingsKeyUsage;
389
390 /* for SecTrustSettingsEvaluateCert() */
391 CFStringRef mCertHashStr;
392
393 void releaseResources();
394 };
395
396 /* Describe who owns the items in a TP{Cert,Crl}Group */
397 typedef enum {
398 TGO_None = 0, // not used
399 TGO_Group, // TP{Cert,Crl}Group owns the items
400 TGO_Caller // caller owns the items
401 } TPGroupOwner;
402
403 /*
404 * TP's private Cert Group class. Provides a list of TPCertInfo pointers,
405 * to which caller can append additional elements, access an element at
406 * an arbitrary position, and remove an element at an arbitrary position.
407 */
408 class TPCertGroup
409 {
410 NOCOPY(TPCertGroup)
411 public:
412 /*
413 * No default constructor.
414 * This one creates an empty TPCertGroup.
415 */
416 TPCertGroup(
417 Allocator &alloc,
418 TPGroupOwner whoOwns); // if TGO_Group, we delete
419
420 /*
421 * Construct from unordered, untrusted CSSM_CERTGROUP. Resulting
422 * TPCertInfos are more or less in the same order as the incoming
423 * certs, though incoming certs are discarded if they don't parse.
424 * No verification of any sort is performed.
425 */
426 TPCertGroup(
427 const CSSM_CERTGROUP &CertGroupFrag,
428 CSSM_CL_HANDLE clHand,
429 CSSM_CSP_HANDLE cspHand,
430 Allocator &alloc,
431 const char *verifyString, // may be NULL
432 bool firstCertMustBeValid,
433 TPGroupOwner whoOwns);
434
435 /*
436 * Deletes all TPCertInfo's.
437 */
438 ~TPCertGroup();
439
440 /*
441 * Construct ordered, verified cert chain from a variety of inputs.
442 * Time validity is ignored and needs to be checked by caller (it's
443 * stored in each TPCertInfo we add to ourself during construction).
444 * The only error returned is CSSMERR_APPLETP_INVALID_ROOT, meaning
445 * we verified back to a supposed root cert which did not in fact
446 * self-verify. Other interesting status is returned via the
447 * verifiedToRoot and verifiedToAnchor flags.
448 *
449 * NOTE: is it the caller's responsibility to call setAllUnused()
450 * for both incoming cert groups (inCertGroup and gatheredCerts).
451 * We don't do that here because we may call ourself recursively.
452 *
453 * subjectItem may or may not be in the cert group (currently, it
454 * is in the group if it's a cert and it's not if it's a CRL, but
455 * we don't rely on that).
456 */
457 CSSM_RETURN buildCertGroup(
458 const TPClItemInfo &subjectItem, // Cert or CRL
459 TPCertGroup *inCertGroup, // optional
460 const CSSM_DL_DB_LIST *dbList, // optional
461 CSSM_CL_HANDLE clHand,
462 CSSM_CSP_HANDLE cspHand,
463 const char *verifyString, // optional, for establishing
464 // validity of new TPCertInfos
465 /* trusted anchors, optional */
466 /* FIXME - maybe this should be a TPCertGroup */
467 uint32 numAnchorCerts,
468 const CSSM_DATA *anchorCerts,
469
470 /*
471 * Certs to be freed by caller (i.e., TPCertInfo which we allocate
472 * as a result of using a cert from anchorCerts or dbList) are added
473 * to this group.
474 */
475 TPCertGroup &certsToBeFreed,
476
477 /*
478 * Other certificates gathered during the course of this operation,
479 * currently consisting of certs fetched from DBs and from the net.
480 * This is not used when called by AppleTPSession::CertGroupConstructPriv;
481 * it's an optimization for the case when we're building a cert group
482 * for TPCrlInfo::verifyWithContext - we avoid re-fetching certs from
483 * the net which are needed to verify both the subject cert and a CRL.
484 */
485 TPCertGroup *gatheredCerts,
486
487 /*
488 * Indicates that subjectItem is a cert in this cert group.
489 * If true, that cert will be tested for "root-ness", including
490 * -- subject/issuer compare
491 * -- signature self-verify
492 * -- anchor compare
493 */
494 CSSM_BOOL subjectIsInGroup,
495
496 /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET and
497 * CSSM_TP_ACTION_TRUST_SETTINGS are interesting */
498 CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
499
500 /* CSSM_TP_ACTION_TRUST_SETTINGS parameters */
501 const CSSM_OID *policyOid,
502 const char *policyStr,
503 uint32 policyStrLen,
504 SecTrustSettingsKeyUsage leafKeyUse,
505
506 /* returned */
507 CSSM_BOOL &verifiedToRoot, // end of chain self-verifies
508 CSSM_BOOL &verifiedToAnchor, // end of chain in anchors
509 CSSM_BOOL &verifiedViaTrustSettings); // chain ends per User Trust setting
510
511 /* add/remove/access TPTCertInfo's. */
512 void appendCert(
513 TPCertInfo *certInfo); // appends to end of mCertInfo
514 TPCertInfo *certAtIndex(
515 unsigned index);
516 TPCertInfo *removeCertAtIndex(
517 unsigned index); // doesn't delete the cert, just
518 // removes it from our list
519 unsigned numCerts() const // how many do we have?
520 { return mNumCerts; }
521
522 /*
523 * Convenience accessors for first and last cert, only valid when we have
524 * at least one cert.
525 */
526 TPCertInfo *firstCert();
527 TPCertInfo *lastCert();
528
529 /* build a CSSM_CERTGROUP corresponding with our mCertInfo */
530 CSSM_CERTGROUP_PTR buildCssmCertGroup();
531
532 /* build a CSSM_TP_APPLE_EVIDENCE_INFO array corresponding with our
533 * mCertInfo */
534 CSSM_TP_APPLE_EVIDENCE_INFO *buildCssmEvidenceInfo();
535
536 /* Given a status for basic construction of a cert group and a status
537 * of (optional) policy verification, plus the implicit notBefore/notAfter
538 * status in the certs, calculate a global return code. This just
539 * encapsulates a policy for CertGroupConstruct and CertGroupVerify.
540 */
541 CSSM_RETURN getReturnCode(
542 CSSM_RETURN constructStatus,
543 CSSM_RETURN policyStatus,
544 CSSM_APPLE_TP_ACTION_FLAGS actionFlags);
545
546 Allocator
547 &alloc() {return mAlloc; }
548
549 /* set all TPCertInfo.mUsed flags false */
550 void setAllUnused();
551
552 /* free records obtained from DBs */
553 void freeDbRecords();
554
555 /*
556 * See if the specified error status is allowed (return true) or
557 * fatal (return false) per each cert's mAllowedErrs[]. Returns
558 * true if any cert returns false for its isStatusFatal() call.
559 * The list of errors which can apply to cert-chain-wide allowedErrors
560 * is right here; if the incoming error is not in that list, we
561 * return false. If the incoming error code is CSSM_OK we return
562 * true as a convenience for our callers.
563 */
564 bool isAllowedError(
565 CSSM_RETURN code);
566
567 /*
568 * Determine if we already have the specified cert in this group.
569 */
570 bool isInGroup(TPCertInfo &certInfo);
571
572 /*
573 * Given a constructed cert group, encode all the issuers
574 * (i.e. chain minus the leaf, unless numCerts() is 1) as a PEM data blob.
575 * Caller is responsible for freeing the data.
576 */
577 void encodeIssuers(CSSM_DATA &issuers);
578
579 private:
580
581 /*
582 * Search unused incoming certs to find an issuer of specified
583 * cert or CRL.
584 * WARNING this assumes a valied "used" state for all certs
585 * in this group.
586 * If partialIssuerKey is true on return, caller must re-verify signature
587 * of subject later when sufficient info is available.
588 */
589 TPCertInfo *findIssuerForCertOrCrl(
590 const TPClItemInfo &subject,
591 bool &partialIssuerKey);
592
593 /*
594 * Called from buildCertGroup as final processing of a constructed
595 * group when CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE has been
596 * detected. Perform partial public key processing.
597 * Returns:
598 * CSSMERR_TP_CERTIFICATE_CANT_OPERATE - can't complete partial key
599 * CSSMERR_TP_INVALID_CERT_AUTHORITY - sig verify failed with
600 * (supposedly) completed partial key
601 */
602 CSSM_RETURN verifyWithPartialKeys(
603 const TPClItemInfo &subjectItem); // Cert or CRL
604
605 Allocator &mAlloc;
606 TPCertInfo **mCertInfo; // just an array of pointers
607 unsigned mNumCerts; // valid certs in certInfo
608 unsigned mSizeofCertInfo; // mallocd space in certInfo
609 TPGroupOwner mWhoOwns; // if TGO_Group, we delete certs
610 // upon destruction
611 };
612 #endif /* _TP_CERT_INFO_H_ */