OSX/libsecurity_keychain/Security/TrustStore.h

   1 /*
   2  * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // TrustStore.h - Abstract interface to permanent user trust assignments
  26 //
  27 #ifndef _SECURITY_TRUSTSTORE_H_
  28 #define _SECURITY_TRUSTSTORE_H_
  29
  30 #include <security_keychain/Certificate.h>
  31 #include <security_keychain/Policies.h>
  32 #include <Security/SecTrust.h>
  33 #include <security_keychain/TrustItem.h>
  34
  35
  36 namespace Security {
  37 namespace KeychainCore {
  38
  39
  40 //
  41 // A TrustStore object mediates access to "user trust" information stored
  42 // for a user (usually in her keychains).
  43 // For lack of a better home, access to the default anchor certificate
  44 // list is also provided here.
  45 //
  46 class TrustStore {
  47         NOCOPY(TrustStore)
  48 public:
  49     TrustStore(Allocator &alloc = Allocator::standard());
  50     virtual ~TrustStore();
  51
  52         Allocator &allocator;
  53
  54         // set/get user trust for a certificate and policy
  55     SecTrustUserSetting find(Certificate *cert, Policy *policy,
  56                 StorageManager::KeychainList &keychainList);
  57     void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment);
  58
  59         void getCssmRootCertificates(CertGroup &roots);
  60
  61         typedef UserTrustItem::TrustData TrustData;
  62
  63 protected:
  64         Item findItem(Certificate *cert, Policy *policy,
  65                 StorageManager::KeychainList &keychainList);
  66         void loadRootCertificates();
  67
  68 private:
  69         bool mRootsValid;                       // roots have been loaded from disk
  70         vector<CssmData> mRoots;        // array of CssmDatas to certificate datas
  71         CssmAutoData mRootBytes;        // certificate data blobs (bunched up)
  72     CFRef<CFArrayRef> mCFRoots; // mRoots as CFArray<SecCertificate>
  73         Mutex mMutex;
  74 };
  75
  76 } // end namespace KeychainCore
  77 } // end namespace Security
  78
  79 #endif // !_SECURITY_TRUSTSTORE_H_