2 * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 * SecExternalRep.h - private classes representing external representations of
24 * SecKeychainItemRefs, used by SecImportExport.h
27 #ifndef _SECURITY_SEC_EXTERNAL_REP_H_
28 #define _SECURITY_SEC_EXTERNAL_REP_H_
30 #include <Security/SecImportExport.h>
33 * mechanism to limit private key import
36 PIS_NoLimit
, // no limit
37 PIS_AllowOne
, // allow import of at most one
38 PIS_NoMore
// found one, no more allowed
39 } ImpPrivKeyImportState
;
44 namespace KeychainCore
48 * When exporting, each instance of this represents one keychain item we're
49 * exporting. Note that SecIdentityRefs are represented by two of these - one
50 * for the cert, one for the key.
59 /* default constructor throws */
63 * Gleans SecExternalItemType from incoming type, throws MacOSError if
64 * incoming type is bogus, and vends an instance of a suitable subclass.
65 * Vended object holds a reference to kcItem for its lifetime.
67 static SecExportRep
*vend(
70 virtual ~SecExportRep();
73 * Append external representation to CFData.
74 * Implemented in subclass.
76 virtual OSStatus
exportRep(
77 SecExternalFormat format
,
78 SecItemImportExportFlags flags
,
79 const SecKeyImportExportParameters
*keyParams
, // optional
80 CFMutableDataRef outData
, // data appended here
81 const char **pemHeader
); // e.g., "X509 CERTIFICATE"
83 /* member variables are read-only to the public */
84 SecKeychainItemRef
kcItem() { return mKcItem
; }
85 SecExternalItemType
externType() { return mExternType
; }
86 CFArrayRef
pemParamLines() { return mPemParamLines
; }
89 SecKeychainItemRef mKcItem
;
90 SecExternalItemType mExternType
; // inferred in vend()
91 CFArrayRef mPemParamLines
; // optional PEM header strings
96 * Class representing one item we're importing from external representation.
97 * Normally represents the one "thing" the app has provided to
98 * SecKeychainItemImport(), but when importing in kSecFormatPEMSequence
99 * format, the inpus is parsed into separate components, each of which
100 * gets one instance of this class.
105 /* no default constructor */
110 * Between constructor and the importRep() call, we're a placeholder to
111 * allow our owner to keep track of what is in an incoming pile of bits.
112 * We keep a reference to the incoming CFDataRef for our lifetime.
116 SecExternalItemType externType
, // may be unknown
117 SecExternalFormat externFormat
, // may be unknown
118 CSSM_ALGORITHMS keyAlg
, // may be unknown, CSSM_ALGID_NONE
119 CFArrayRef pemParamLines
= NULL
);
124 * Convert to one or more SecKeychainItemRefs and/or import to keychain.
125 * Both mExternType and mExternFormat must be valid at this point.
126 * Any conversion requiring unwrapping rerquires either a keychain
127 * into which the unwrapped items will be imported) or a CSPDL handle (in
128 * which case the resulting items are floating and ephemeral).
129 * If we create a SecKeychainItemRefs, the only ref count held on
130 * return will be that held by outArray.
132 * Incoming CSP handle is required; by convention it must be derived from
133 * importKeychain if importKeychain is present.
136 SecKeychainRef importKeychain
, // optional
137 CSSM_CSP_HANDLE cspHand
, // required
138 SecItemImportExportFlags flags
,
139 const SecKeyImportExportParameters
*keyParams
, // optional
140 ImpPrivKeyImportState
&keyImportState
, // IN/OUT
141 CFMutableArrayRef outArray
); // optional, append here
144 /* implemented in SecWrappedKeys.cpp */
145 OSStatus
importWrappedKeyOpenssl(
146 SecKeychainRef importKeychain
, // optional
147 CSSM_CSP_HANDLE cspHand
, // required
148 SecItemImportExportFlags flags
,
149 const SecKeyImportExportParameters
*keyParams
, // optional
150 CFMutableArrayRef outArray
); // optional, append here
152 /* optional inferred PrintName attribute */
156 /* Just keep these public, it simplifies things */
158 SecExternalItemType mExternType
;
159 SecExternalFormat mExternFormat
;
160 CSSM_ALGORITHMS mKeyAlg
;
161 CFArrayRef mPemParamLines
; // optional PEM header strings
164 } // end namespace KeychainCore
166 } // end namespace Security
170 /* implemented in SecWrappedKeys.cpp */
171 OSStatus
impExpWrappedKeyOpenSslExport(
173 SecItemImportExportFlags flags
,
174 const SecKeyImportExportParameters
*keyParams
, // optional
175 CFMutableDataRef outData
, // output appended here
176 const char **pemHeader
, // RETURNED
177 CFArrayRef
*pemParamLines
);// RETURNED
181 #endif /* _SECURITY_SEC_IMPORT_EXPORT_H_ */
projects / apple / security.git / blob