]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_x509_tp/lib/AppleTPSession.cpp
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / AppleTPSession.cpp
1 /*
2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AppleTPSession.cpp - general session support and (mostly) unimplemented functions
21 */
22
23 #include "AppleTPSession.h"
24 #include "TPCertInfo.h"
25 #include "TPCrlInfo.h"
26 #include "tpCrlVerify.h"
27 #include "tpdebugging.h"
28 #include <Security/oidsalg.h>
29
30 AppleTPSession::AppleTPSession(
31 CSSM_MODULE_HANDLE theHandle,
32 CssmPlugin &plug,
33 const CSSM_VERSION &version,
34 uint32 subserviceId,
35 CSSM_SERVICE_TYPE subserviceType,
36 CSSM_ATTACH_FLAGS attachFlags,
37 const CSSM_UPCALLS &upcalls)
38 : TPPluginSession(theHandle, plug, version, subserviceId,
39 subserviceType,attachFlags, upcalls)
40 {
41 }
42
43 AppleTPSession::~AppleTPSession()
44 {
45 }
46
47 void AppleTPSession::CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
48 uint32 NumberOfFields,
49 const CSSM_FIELD CertFields[],
50 CssmData &CertTemplate)
51 {
52 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
53 }
54
55 void AppleTPSession::CrlVerify(CSSM_CL_HANDLE CLHandle,
56 CSSM_CSP_HANDLE CSPHandle,
57 const CSSM_ENCODED_CRL &CrlToBeVerified,
58 const CSSM_CERTGROUP &SignerCertGroup,
59 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
60 CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult)
61 {
62 /* verify input args */
63 if(RevokerVerifyResult != NULL) {
64 /* not yet, but probably someday */
65 CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
66 }
67 switch(CrlToBeVerified.CrlType) {
68 case CSSM_CRL_TYPE_X_509v1:
69 case CSSM_CRL_TYPE_X_509v2:
70 break;
71 default:
72 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_TYPE);
73 }
74 switch(CrlToBeVerified.CrlEncoding) {
75 case CSSM_CRL_ENCODING_BER:
76 case CSSM_CRL_ENCODING_DER:
77 break;
78 default:
79 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_ENCODING);
80 }
81
82 /* optional arguments */
83 CSSM_TIMESTRING cssmTimeStr = NULL;
84 const CSSM_TP_CALLERAUTH_CONTEXT *cred = NULL;
85 uint32 NumberOfAnchorCerts = 0;
86 CSSM_DATA_PTR AnchorCerts = NULL;
87 CSSM_DL_DB_LIST_PTR DBList = NULL;
88 CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0;
89 CSSM_APPLE_TP_ACTION_DATA *actionData = NULL;
90
91 if(VerifyContext != NULL) {
92 cred = VerifyContext->Cred;
93 actionData =
94 (CSSM_APPLE_TP_ACTION_DATA *)VerifyContext->ActionData.Data;
95 if(actionData != NULL) {
96 switch(actionData->Version) {
97 case CSSM_APPLE_TP_ACTION_VERSION:
98 if(VerifyContext->ActionData.Length !=
99 sizeof(CSSM_APPLE_TP_ACTION_DATA)) {
100 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
101 }
102 break;
103 /* handle backwards versions here if we ever go
104 * beyond version 0 */
105 default:
106 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
107 }
108 actionFlags = actionData->ActionFlags;
109 }
110 }
111 if(cred != NULL) {
112 cssmTimeStr = cred->VerifyTime;
113 NumberOfAnchorCerts = cred->NumberOfAnchorCerts;
114 AnchorCerts = cred->AnchorCerts;
115 DBList = cred->DBList;
116 }
117
118 /* this must be parseable, throw immediately if not */
119 TPCrlInfo crlToVerify(CLHandle, CSPHandle, &CrlToBeVerified.CrlBlob,
120 TIC_NoCopy, cssmTimeStr);
121
122 /* Both required at the API but in fact may be empty */
123 TPCertGroup inCertGroup(SignerCertGroup, CLHandle, CSPHandle, *this,
124 cssmTimeStr, // optional 'this' time
125 false, // firstCertMustBeValid
126 TGO_Group);
127 TPCertGroup gatheredCerts(*this, TGO_Group);
128
129 /* common CRL/OCSP verify parameters */
130 TPVerifyContext vfyCtx(*this,
131 CLHandle,
132 CSPHandle,
133 cssmTimeStr,
134 NumberOfAnchorCerts,
135 AnchorCerts,
136 &inCertGroup,
137 NULL, // no CRLs, we're on our own
138 gatheredCerts,
139 DBList,
140 kRevokeCrlBasic,
141 actionFlags,
142 NULL, // crlOpts
143 NULL, // OCSP opts
144 &CSSMOID_APPLE_TP_REVOCATION_CRL,
145 NULL, // UT policyString
146 0,
147 CSSM_KEYUSE_VERIFY);
148
149 /*
150 * We assert the doCrlVerify flag to ensure CRL verification
151 * if intermediate certs which verifyWithContext() gathers to
152 * verify this CRL.
153 */
154 CSSM_RETURN crtn = crlToVerify.verifyWithContext(vfyCtx, NULL, true);
155 if(crtn) {
156 tpCrlDebug("CrlVerify failure");
157 CssmError::throwMe(crtn);
158 }
159 }
160
161 void AppleTPSession::CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
162 uint32 CertIndex,
163 CSSM_LONG_HANDLE KeyCacheHandle,
164 CSSM_CSP_HANDLE CSPHandle,
165 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry)
166 {
167 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
168 }
169
170 /*** CertGroupVerify, CertGroupConstruct in TPCertGroup.cpp ***/
171
172 void AppleTPSession::CertSign(CSSM_CL_HANDLE CLHandle,
173 CSSM_CC_HANDLE CCHandle,
174 const CssmData &CertTemplateToBeSigned,
175 const CSSM_CERTGROUP &SignerCertGroup,
176 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
177 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
178 CssmData &SignedCert)
179 {
180 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
181 }
182
183 void AppleTPSession::TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
184 const CSSM_TUPLEGROUP &TupleGroup,
185 CSSM_CERTGROUP_PTR &CertTemplates)
186 {
187 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
188 }
189
190 void AppleTPSession::ReceiveConfirmation(const CssmData &ReferenceIdentifier,
191 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
192 sint32 &ElapsedTime)
193 {
194 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
195 }
196
197 void AppleTPSession::PassThrough(CSSM_CL_HANDLE CLHandle,
198 CSSM_CC_HANDLE CCHandle,
199 const CSSM_DL_DB_LIST *DBList,
200 uint32 PassThroughId,
201 const void *InputParams,
202 void **OutputParams)
203 {
204 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
205 }
206
207 void AppleTPSession::CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
208 CSSM_CSP_HANDLE CSPHandle,
209 const CssmData *OldCrlTemplate,
210 const CSSM_CERTGROUP &CertGroupToBeRemoved,
211 const CSSM_CERTGROUP &RevokerCertGroup,
212 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
213 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
214 CssmData &NewCrlTemplate)
215 {
216 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
217 }
218
219 void AppleTPSession::CertRevoke(CSSM_CL_HANDLE CLHandle,
220 CSSM_CSP_HANDLE CSPHandle,
221 const CssmData *OldCrlTemplate,
222 const CSSM_CERTGROUP &CertGroupToBeRevoked,
223 const CSSM_CERTGROUP &RevokerCertGroup,
224 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
225 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
226 CSSM_TP_CERTCHANGE_REASON Reason,
227 CssmData &NewCrlTemplate)
228 {
229 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
230 }
231
232 void AppleTPSession::CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle)
233 {
234 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
235 }
236
237 void AppleTPSession::CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
238 uint32 NumberOfFields,
239 const CSSM_FIELD CrlFields[],
240 CssmData &NewCrlTemplate)
241 {
242 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
243 }
244
245 void AppleTPSession::CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
246 const CSSM_CERTGROUP &CertGroup,
247 CSSM_TUPLEGROUP_PTR &TupleGroup)
248 {
249 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
250 }
251
252 void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
253 CSSM_TP_FORM_TYPE FormType,
254 CssmData &BlankForm)
255 {
256 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
257 }
258
259 void AppleTPSession::CrlSign(CSSM_CL_HANDLE CLHandle,
260 CSSM_CC_HANDLE CCHandle,
261 const CSSM_ENCODED_CRL &CrlToBeSigned,
262 const CSSM_CERTGROUP &SignerCertGroup,
263 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
264 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
265 CssmData &SignedCrl)
266 {
267 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
268 }
269
270 void AppleTPSession::CertGroupPrune(CSSM_CL_HANDLE CLHandle,
271 const CSSM_DL_DB_LIST &DBList,
272 const CSSM_CERTGROUP &OrderedCertGroup,
273 CSSM_CERTGROUP_PTR &PrunedCertGroup)
274 {
275 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
276 }
277
278 void AppleTPSession::ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
279 CSSM_CSP_HANDLE CSPHandle,
280 const CSSM_ENCODED_CRL &CrlToBeApplied,
281 const CSSM_CERTGROUP &SignerCertGroup,
282 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
283 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult)
284 {
285 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
286 }
287
288 void AppleTPSession::CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
289 const CssmData &CertTemplate,
290 uint32 &NumberOfFields,
291 CSSM_FIELD_PTR &CertFields)
292 {
293 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
294 }
295
296 void AppleTPSession::ConfirmCredResult(const CssmData &ReferenceIdentifier,
297 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
298 const CSSM_TP_CONFIRM_RESPONSE &Responses,
299 const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
300 {
301 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
302 }
303
304 void AppleTPSession::FormSubmit(CSSM_TP_FORM_TYPE FormType,
305 const CssmData &Form,
306 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
307 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
308 AccessCredentials *Credentials)
309 {
310 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
311 }
312