Keychain/TrustStore.h

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18 //
  19 // TrustStore.h - Abstract interface to permanent user trust assignments
  20 //
  21 #ifndef _SECURITY_TRUSTSTORE_H_
  22 #define _SECURITY_TRUSTSTORE_H_
  23
  24 #include <Security/utilities.h>
  25 #include <Security/Certificate.h>
  26 #include <Security/Policies.h>
  27 #include <Security/SecTrust.h>
  28 #include <Security/TrustItem.h>
  29
  30
  31 namespace Security {
  32 namespace KeychainCore {
  33
  34
  35 //
  36 // A TrustStore object mediates access to "user trust" information stored
  37 // for a user (usually in her keychains).
  38 // For lack of a better home, access to the default anchor certificate
  39 // list is also provided here.
  40 //
  41 class TrustStore {
  42         NOCOPY(TrustStore)
  43 public:
  44     TrustStore(CssmAllocator &alloc = CssmAllocator::standard());
  45     virtual ~TrustStore();
  46
  47         CssmAllocator &allocator;
  48
  49         // set/get user trust for a certificate and policy
  50     SecTrustUserSetting find(Certificate *cert, Policy *policy);
  51     void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment);
  52
  53         // get access to the default root anchor certificates for X509
  54     CFArrayRef copyRootCertificates();
  55         void getCssmRootCertificates(CertGroup &roots);
  56         void refreshRootCertificates();
  57
  58         typedef UserTrustItem::TrustData TrustData;
  59
  60 protected:
  61         Item findItem(Certificate *cert, Policy *policy);
  62         void loadRootCertificates();
  63
  64 private:
  65         bool mRootsValid;                       // roots have been loaded from disk
  66         vector<CssmData> mRoots;        // array of CssmDatas to certificate datas
  67         CssmAutoData mRootBytes;        // certificate data blobs (bunched up)
  68     CFRef<CFArrayRef> mCFRoots; // mRoots as CFArray<SecCertificate>
  69 };
  70
  71 } // end namespace KeychainCore
  72 } // end namespace Security
  73
  74 #endif // !_SECURITY_TRUSTSTORE_H_