]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/lib/Certificate.h
projects / apple / security.git / blob
? search:


7731b45578e043d9bba8e3ee5a697be012542f0e
[apple/security.git] / libsecurity_keychain / lib / Certificate.h
1 /*
2 * Copyright (c) 2002-2007,2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // Certificate.h - Certificate objects
26 //
27 #ifndef _SECURITY_CERTIFICATE_H_
28 #define _SECURITY_CERTIFICATE_H_
29
30 #include <security_keychain/Item.h>
31
32 #include <security_keychain/StorageManager.h>
33 // @@@ This should not be here.
34 #include <Security/SecBase.h>
35 #include <security_cdsa_client/clclient.h>
36
37 namespace Security
38 {
39
40 namespace KeychainCore
41 {
42
43 class KeyItem;
44
45 class Certificate : public ItemImpl
46 {
47 NOCOPY(Certificate)
48 public:
49 SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)
50
51 static CL clForType(CSSM_CERT_TYPE type);
52
53 // new item constructor
54 Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);
55
56 private:
57 // db item constructor
58 Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
59
60 // PrimaryKey item constructor
61 Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);
62
63 public:
64 static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
65 static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);
66
67 Certificate(Certificate &certificate);
68 virtual ~Certificate();
69
70 virtual void update();
71 virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
72 virtual void didModify(); // Forget any attributes and data we just wrote to the db
73
74 const CssmData &data();
75 CSSM_CERT_TYPE type();
76 CSSM_CERT_ENCODING encoding();
77 CFDataRef sha1Hash();
78 CFStringRef commonName();
79 CFStringRef distinguishedName(const CSSM_OID *sourceOid, const CSSM_OID *componentOid);
80 CFStringRef copyFirstEmailAddress();
81 CFArrayRef copyEmailAddresses();
82 const CSSM_X509_NAME_PTR subjectName();
83 const CSSM_X509_NAME_PTR issuerName();
84 const CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
85 CSSM_CL_HANDLE clHandle();
86 void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
87 SecPointer<KeyItem> publicKey();
88 const CssmData &publicKeyHash();
89 const CssmData &subjectKeyIdentifier();
90
91 static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
92 static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
93 static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
94 static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);
95
96 SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
97 static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
98 static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
99 static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
100
101 static void normalizeEmailAddress(CSSM_DATA &emailAddress);
102 static void getEmailAddresses(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, std::vector<CssmData> &emailAddresses);
103
104 bool operator < (Certificate &other);
105 bool operator == (Certificate &other);
106
107 virtual CFHashCode hash();
108
109 public:
110 CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
111 void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);
112
113 CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
114 void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
115 Boolean isSelfSigned();
116
117 protected:
118 virtual void willRead();
119 virtual PrimaryKey add(Keychain &keychain);
120 CSSM_HANDLE certHandle();
121
122 void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);
123
124 void addSubjectKeyIdentifier();
125 void populateAttributes();
126
127 private:
128 bool mHaveTypeAndEncoding;
129 bool mPopulated;
130 CSSM_CERT_TYPE mType;
131 CSSM_CERT_ENCODING mEncoding;
132 CssmClient::CL mCL;
133 CSSM_HANDLE mCertHandle;
134 CssmData mPublicKeyHash;
135 uint8 mPublicKeyHashBytes[20];
136 CssmData mSubjectKeyID;
137 uint8 mSubjectKeyIDBytes[20];
138 CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
139 CSSM_DATA_PTR mV1SubjectNameCStructValue;
140 CSSM_DATA_PTR mV1IssuerNameCStructValue;
141 CFDataRef mSha1Hash;
142 };
143
144 } // end namespace KeychainCore
145
146 } // end namespace Security
147
148 #endif // !_SECURITY_CERTIFICATE_H_
mirror of Security