]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / TPCrlInfo.h
1 /*
2 * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * TPCrlInfo.h - TP's private CRL and CRL group classes
21 *
22 */
23
24 #ifndef _TP_CRL_INFO_H_
25 #define _TP_CRL_INFO_H_
26
27 #include <Security/cssmtype.h>
28 #include <security_utilities/alloc.h>
29 #include <security_utilities/threading.h>
30 #include <security_utilities/globalizer.h>
31 #include "TPCertInfo.h"
32 #include "tpCrlVerify.h"
33
34 /*
35 * Verification state of a TPCrlInfo. Verification refers to the process
36 * of cert chain validation from the CRL to a trusted root. Since this
37 * is a rather heavyweight operation, this is done on demand, when a given
38 * CRL is "believed to be" the appropriate one for a given cert. It
39 * is separate from not before/after verification, which is performed
40 * on the fly as needed.
41 */
42 typedef enum {
43 CVS_Unknown, // initial default state
44 CVS_Good, // known good
45 CVS_Bad // known bad
46 } TPCrlVerifyState;
47
48 /*
49 * Indicates where a particular CRL came from. Currently only used
50 * in the tpCrlVerify module.
51 */
52 typedef enum {
53 CFW_Nowhere, // default, never returned
54 CFW_InGroup, // from incoming TPCrlGroup
55 CFW_DlDb, // verifyContext.dbList
56 CFW_LocalCache, // tpGlobalCrlCache
57 CFW_Net, // tpFetchCrlFromNet
58 /* probably others */
59 } TPCrlFromWhere;
60
61
62 /*
63 * Class representing one CRL. The raw CRL data usually comes from
64 * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we
65 * don't own the raw data and don't copy or free it. Caller can
66 * optionally specify that we copy (and own and eventually free) the raw cert data.
67 * Currently this is only done when we find a CRL in a DlDb. The constructor throws
68 * on any error (bad CRL data); subsequent to successful construction, no CSSM
69 * errors are thrown and it's guaranteed that the CRL is basically readable and
70 * successfully cached in the CL, and that we have a locally cached
71 * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format).
72 */
73 class TPCrlInfo : public TPClItemInfo
74 {
75 NOCOPY(TPCrlInfo)
76 public:
77 /*
78 * No default constructor - this is the only way.
79 */
80 TPCrlInfo(
81 CSSM_CL_HANDLE clHand,
82 CSSM_CSP_HANDLE cspHand,
83 const CSSM_DATA *crlData,
84 TPItemCopy copyCrlData,
85 const char *verifyTime); // NULL ==> time = right now
86
87 /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */
88 ~TPCrlInfo();
89
90 /*
91 * The heavyweight "perform full verification" op.
92 * If doCrlVerify is true, we'll do an eventually recursive
93 * CRL verification test on the cert group we construct
94 * here to verify the CRL in question. This recursive
95 * verify is also done if the CRL is an indirect CRL.
96 * Currently, the doCrlVerifyFlag will be set false in the
97 * normal case of verifying a cert chain; in that case the
98 * various certs needed to verify the CRL are assumed to
99 * be a subset of the cert chain being verified, and CRL
100 * verification of that cert chain is being performed
101 * elsewhere. The caller would set doCrlVerify true when
102 * the top-level op is simply a CRL verify.
103 */
104 CSSM_RETURN verifyWithContext(
105 TPVerifyContext &tpVerifyContext,
106 TPCertInfo *forCert, // optional
107 bool doCrlVerify = false);
108
109 /*
110 * Wrapper for verifyWithContext for use when evaluating a CRL
111 * "now" instead of at the time in TPVerifyContext.verifyTime.
112 */
113 CSSM_RETURN verifyWithContextNow(
114 TPVerifyContext &tpVerifyContext,
115 TPCertInfo *forCert, // optional
116 bool doCrlVerify = false);
117
118 /*
119 * Do I have the same issuer as the specified subject cert?
120 * Returns true if so.
121 */
122 bool hasSameIssuer(
123 const TPCertInfo &subject);
124
125 /*
126 * Determine if specified cert has been revoked as of the
127 * provided time; a NULL timestring indicates "now".
128 * Assumes that the current CRL has been fully verified.
129 */
130 CSSM_RETURN isCertRevoked(
131 TPCertInfo &subjectCert,
132 CSSM_TIMESTRING verifyTime);
133
134 /* accessors */
135 const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; }
136 TPCrlVerifyState verifyState() { return mVerifyState; }
137
138 const CSSM_DATA *uri() { return &mUri; }
139 void uri(const CSSM_DATA &uri);
140
141 /*
142 * Ref count info maintained by caller (currently only in
143 * tpCrlVfy.cpp's global cache module).
144 */
145 int mRefCount;
146
147 /* used only by tpCrlVerify */
148 TPCrlFromWhere mFromWhere;
149
150
151 private:
152 CSSM_X509_SIGNED_CRL *mX509Crl;
153 CSSM_DATA_PTR mCrlFieldToFree;
154 TPCrlVerifyState mVerifyState;
155 CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad
156 CSSM_DATA mUri; // if fetched from net
157
158 void releaseResources();
159 CSSM_RETURN parseExtensions(
160 TPVerifyContext &tpVerifyContext,
161 bool isPerEntry,
162 uint32 entryIndex, // if isPerEntry
163 const CSSM_X509_EXTENSIONS &extens,
164 TPCertInfo *forCert, // optional
165 bool &isIndirectCrl);// RETURNED
166
167 };
168
169 /*
170 * TP's private CRL Group class.
171 */
172 class TPCrlGroup
173 {
174 NOCOPY(TPCrlGroup)
175 public:
176 /* construct empty CRL group */
177 TPCrlGroup(
178 Allocator &alloc,
179 TPGroupOwner whoOwns); // if TGO_Group, we delete
180
181 /*
182 * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting
183 * TPCrlInfos are more or less in the same order as the incoming
184 * CRLs, though incoming CRLs are discarded if they don't parse.
185 * No verification of any sort is performed.
186 */
187 TPCrlGroup(
188 const CSSM_CRLGROUP *cssmCrlGroup, // optional
189 CSSM_CL_HANDLE clHand,
190 CSSM_CSP_HANDLE cspHand,
191 Allocator &alloc,
192 const char *cssmTimeStr, // may be NULL
193 TPGroupOwner whoOwns);
194
195 /*
196 * Deletes all TPCrlInfo's.
197 */
198 ~TPCrlGroup();
199
200 /* add/remove/access TPCrlInfo's. */
201 void appendCrl(
202 TPCrlInfo &crlInfo); // appends to end of mCertInfo
203 TPCrlInfo *crlAtIndex(
204 unsigned index);
205 TPCrlInfo &removeCrlAtIndex(
206 unsigned index); // doesn't delete the cert, just
207 // removes it from our list
208 void removeCrl(
209 TPCrlInfo &crlInfo); // ditto
210
211 /*
212 * Convenience accessors for first and last CRL, only valid when we have
213 * at least one cert.
214 */
215 TPCrlInfo *firstCrl();
216 TPCrlInfo *lastCrl();
217
218 /*
219 * Find a CRL whose issuer matches specified subject cert.
220 * Returned CRL has not necessarily been verified.
221 */
222 TPCrlInfo *findCrlForCert(
223 TPCertInfo &subject);
224
225 Allocator &alloc() { return mAlloc; }
226 unsigned numCrls() { return mNumCrls; }
227
228 private:
229 Allocator &mAlloc;
230 TPCrlInfo **mCrlInfo; // just an array of pointers
231 unsigned mNumCrls; // valid certs in certInfo
232 unsigned mSizeofCrlInfo; // mallocd space in certInfo
233 TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs
234 // upon destruction
235 };
236 #endif /* _TP_CRL_INFO_H_ */
237
mirror of Security