2 * Copyright (c) 2002-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #include <security_keychain/PolicyCursor.h>
28 #include <security_keychain/Policies.h>
29 #include <Security/oidsalg.h>
30 #include <security_cdsa_client/tpclient.h>
32 using namespace KeychainCore
;
33 using namespace CssmClient
;
37 // This preliminary implementation bypasses MDS and uses
38 // a fixed set of policies known to exist in the one known TP.
40 struct TheOneTP
: public TP
{
41 TheOneTP() : TP(gGuidAppleX509TP
) { }
44 static ModuleNexus
<TheOneTP
> theOneTP
;
45 static const CssmOid
*theOidList
[] = {
46 static_cast<const CssmOid
*>(&CSSMOID_APPLE_ISIGN
),
47 static_cast<const CssmOid
*>(&CSSMOID_APPLE_X509_BASIC
),
48 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_SSL
),
49 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_SMIME
),
50 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_EAP
),
51 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_SW_UPDATE_SIGNING
),
52 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_IP_SEC
),
53 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_ICHAT
),
54 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_RESOURCE_SIGN
),
55 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_PKINIT_CLIENT
),
56 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_PKINIT_SERVER
),
57 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_CODE_SIGNING
),
58 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_PACKAGE_SIGNING
),
59 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_REVOCATION_CRL
),
60 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_REVOCATION_OCSP
),
61 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT
),
62 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_APPLEID_SHARING
),
63 static_cast<const CssmOid
*>(&CSSMOID_APPLE_TP_TIMESTAMPING
),
69 // Canonical Construction
71 PolicyCursor::PolicyCursor(const CSSM_OID
* oid
, const CSSM_DATA
* value
)
72 : mOid(Allocator::standard()), mOidGiven(false), mMutex(Mutex::recursive
)
75 mOid
= CssmOid::required(oid
);
85 PolicyCursor::~PolicyCursor() throw()
93 bool PolicyCursor::next(SecPointer
<Policy
> &policy
)
95 StLock
<Mutex
>_(mMutex
);
97 while (theOidList
[mSearchPos
]) {
98 if (mOidGiven
&& mOid
!= *theOidList
[mSearchPos
]) {
100 continue; // no oid match
102 // ignoring mValue - not used by current TP
103 policy
= new Policy(theOneTP(), *theOidList
[mSearchPos
]);
104 mSearchPos
++; // advance cursor
105 return true; // return next match
107 return false; // end of table, no more matches
111 // Return a new policy instance for an OID, outside of cursor iteration
113 void PolicyCursor::policy(const CSSM_OID
* oid
, SecPointer
<Policy
> &policy
)
115 const CssmOid
*policyOid
= static_cast<const CssmOid
*>(oid
);
116 policy
= new Policy(theOneTP(), *policyOid
);
projects / apple / security.git / blob