cdsa/cdsa_client/aclsupport.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // aclsupport.h - support for special Keychain style acls
  21 //
  22
  23 #ifndef _ACLSUPPORT_H_
  24 #define _ACLSUPPORT_H_
  25
  26 #include <Security/cssmdata.h>
  27 #include <Security/threading.h>
  28 #include <Security/cssmalloc.h>
  29 #include <Security/refcount.h>
  30 #include <Security/keyclient.h>
  31 #include <vector>
  32
  33
  34 namespace Security
  35 {
  36
  37 namespace CssmClient
  38 {
  39
  40 class TrustedApplicationImpl : public RefCount
  41 {
  42 public:
  43         TrustedApplicationImpl(const CssmData &signature, const CssmData &comment, bool enabled);
  44         TrustedApplicationImpl(const char *path, const CssmData &comment, bool enabled);
  45
  46         const CssmData &signature() const;
  47         const CssmData &comment() const;
  48         bool enabled() const;
  49         void enabled(bool enabled);
  50
  51         bool sameSignature(const char *path); // return true if object at path has same signature
  52
  53 protected:
  54         void calcSignature(const char *path, CssmOwnedData &signature); // generate a signature
  55
  56 private:
  57         CssmAutoData mSignature;
  58         CssmAutoData mComment;
  59         bool mEnabled;
  60 };
  61
  62 class TrustedApplication : public RefPointer<TrustedApplicationImpl>
  63 {
  64 public:
  65         TrustedApplication();
  66         TrustedApplication(const CssmData &signature, const CssmData &comment, bool enabled = true);
  67         TrustedApplication(const char *path, const CssmData &comment, bool enabled = true);
  68 };
  69
  70 class KeychainACL : public vector<TrustedApplication>
  71 {
  72 public:
  73         KeychainACL(const Key &key);
  74         void commit();
  75
  76         void anyAllow(bool allow);
  77         bool anyAllow() const;
  78
  79         void alwaysAskUser(bool allow);
  80         bool alwaysAskUser() const;
  81         bool isCustomACL() const;
  82     void label(const CssmData &label);
  83
  84 private:
  85         void initialize();
  86         Key mKey;
  87         bool mAnyAllow;
  88         bool mAlwaysAskUser;
  89         bool mIsCustomACL;
  90         CssmAutoData mLabel;
  91         CssmAutoData mSelector;
  92
  93         CSSM_ACL_HANDLE mHandle;
  94 };
  95
  96 }; // end namespace CssmClient
  97
  98 } // end namespace Security
  99
 100 #endif // _ACLSUPPORT_H_