2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
19 // Trust.h - Trust control wrappers
21 #ifndef _SECURITY_TRUST_H_
22 #define _SECURITY_TRUST_H_
24 #include <Security/SecRuntime.h>
25 #include <CoreFoundation/CoreFoundation.h>
26 #include <Security/StorageManager.h>
27 #include <Security/tpclient.h>
28 #include <Security/cfutilities.h>
29 #include <Security/SecTrust.h>
30 #include <Security/Certificate.h>
31 #include <Security/Policies.h>
32 #include <Security/TrustStore.h>
35 using namespace CssmClient
;
38 namespace KeychainCore
{
42 // The Trust object manages trust-verification workflow.
43 // As such, it represents a somewhat more complex concept than
46 class Trust
: public SecCFObject
50 Trust(CFTypeRef certificates
, CFTypeRef policies
);
53 // set more input parameters
54 void action(CSSM_TP_ACTION action
) { mAction
= action
; }
55 void actionData(CFDataRef data
) { mActionData
= data
; }
56 void time(CFDateRef verifyTime
) { mVerifyTime
= verifyTime
; }
57 void anchors(CFArrayRef anchorList
) { mAnchors
= cfArrayize(anchorList
); }
58 StorageManager::KeychainList
&searchLibs() { return mSearchLibs
; }
63 // get at evaluation results
64 void buildEvidence(CFArrayRef
&certChain
, TPEvidenceInfo
* &statusChain
);
65 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
cssmResult();
67 SecTrustResultType
result() const { return mResult
; }
68 TP
getTPHandle() const { return mTP
; }
70 // an independent release function for TP evidence results
71 // (yes, we could hand this out to the C layer if desired)
72 static void releaseTPEvidence(TPVerifyResult
&result
, CssmAllocator
&allocator
);
75 SecTrustResultType
diagnoseOutcome();
76 void evaluateUserTrust(const CertGroup
&certs
,
77 const CSSM_TP_APPLE_EVIDENCE_INFO
*info
);
83 // input arguments: set up before evaluate()
84 CSSM_TP_ACTION mAction
; // TP action to verify
85 CFRef
<CFDataRef
> mActionData
; // action data
86 CFRef
<CFDateRef
> mVerifyTime
; // verification "now"
87 CFRef
<CFArrayRef
> mCerts
; // certificates to verify (item 1 is subject)
88 CFRef
<CFArrayRef
> mPolicies
; // array of policy objects to control verification
89 CFRef
<CFArrayRef
> mAnchors
; // array of anchor certs
90 StorageManager::KeychainList mSearchLibs
; // array of databases to search
92 // evaluation results: set as a result of evaluate()
93 SecTrustResultType mResult
; // result classification
94 uint32 mResultIndex
; // which result cert made the decision?
95 OSStatus mTpReturn
; // return code from TP Verify
96 TPVerifyResult mTpResult
; // result of latest TP verify
98 vector
< RefPointer
<Certificate
> > mCertChain
; // distilled certificate chain
100 // information returned to caller but owned by us
101 CFRef
<CFArrayRef
> mEvidenceReturned
; // evidence chain returned
104 static ModuleNexus
<TrustStore
> Trust::gStore
;
107 } // end namespace KeychainCore
109 } // end namespace Security
111 #endif // !_SECURITY_TRUST_H_
projects / apple / security.git / blob