]> git.saurik.com Git - apple/security.git/blob - AppleX509TP/TPCrlInfo.h
projects / apple / security.git / blob
? search:


7dd91d095504b53a6a2bf0e18806c2c4ce1c6f0f
[apple/security.git] / AppleX509TP / TPCrlInfo.h
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * TPCrlInfo.h - TP's private CRL and CRL group classes
21 *
22 * Written 9/25/2001 by Doug Mitchell.
23 */
24
25 #ifndef _TP_CRL_INFO_H_
26 #define _TP_CRL_INFO_H_
27
28 #include <Security/cssmtype.h>
29 #include <Security/utilities.h>
30 #include <Security/cssmalloc.h>
31 #include <Security/threading.h>
32 #include <Security/globalizer.h>
33 #include "TPCertInfo.h"
34 #include "tpCrlVerify.h"
35
36 /*
37 * Verification state of a TPCrlInfo. Verification refers to the process
38 * of cert chain validation from the CRL to a trusted root. Since this
39 * is a rather heavyweight operation, this is done on demand, when a given
40 * CRL is "believed to be" the appropriate one for a given cert. It
41 * is separate from not before/after verification, which is performed
42 * on the fly as needed.
43 */
44 typedef enum {
45 CVS_Unknown, // initial default state
46 CVS_Good, // known good
47 CVS_Bad // known bad
48 } TPCrlVerifyState;
49
50 /*
51 * Indicates where a particular CRL came from. Currently only used
52 * in the tpCrlVerify module.
53 */
54 typedef enum {
55 CFW_Nowhere, // default, never returned
56 CFW_InGroup, // from incoming TPCrlGroup
57 CFW_DlDb, // verifyContext.dbList
58 CFW_LocalCache, // tpGlobalCrlCache
59 CFW_Net, // tpFetchCrlFromNet
60 /* probably others */
61 } TPCrlFromWhere;
62
63
64 /*
65 * Class representing one CRL. The raw CRL data usually comes from
66 * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we
67 * don't own the raw data and don't copy or free it. Caller can
68 * optionally specify that we copy (and own and eventually free) the raw cert data.
69 * Currently this is only done when we find a CRL in a DlDb. The constructor throws
70 * on any error (bad CRL data); subsequent to successful construction, no CSSM
71 * errors are thrown and it's guaranteed that the CRL is basically readable and
72 * successfully cached in the CL, and that we have a locally cached
73 * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format).
74 */
75 class TPCrlInfo : public TPClItemInfo
76 {
77 NOCOPY(TPCrlInfo)
78 public:
79 /*
80 * No default constructor - this is the only way.
81 */
82 TPCrlInfo(
83 CSSM_CL_HANDLE clHand,
84 CSSM_CSP_HANDLE cspHand,
85 const CSSM_DATA *crlData,
86 TPItemCopy copyCrlData,
87 const char *verifyTime); // NULL ==> time = right now
88
89 /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */
90 ~TPCrlInfo();
91
92 /*
93 * The heavyweight "perform full verification" op.
94 * If doCrlVerify is true, we'll do an eventually recursive
95 * CRL verification test on the cert group we construct
96 * here to verify the CRL in question. This recursive
97 * verifdy is also done if the CRL is an indirect CRL.
98 * Currently, the doCrlVerifyFlag will be set false in the
99 * normal case of verifying a cert chain; in that case the
100 * various certs needed to verify the CRL are assumed to
101 * be a subset of the cert chain being verified, and CRL
102 * verification of that cert chain is being performed
103 * elsewhere. The caller would set doCrlVerify true when
104 * the top-level op is simply a CRL verify.
105 */
106 CSSM_RETURN verifyWithContext(
107 TPCrlVerifyContext &tpVerifyContext,
108 TPCertInfo *forCert, // optional
109 bool doCrlVerify = false);
110
111 /*
112 * Do I have the same issuer as the specified subject cert?
113 * Returns true if so.
114 */
115 bool TPCrlInfo::hasSameIssuer(
116 const TPCertInfo &subject);
117
118 /*
119 * Determine if specified cert has been revoked. Assumes that
120 * the current CRL has been fully verified.
121 */
122 CSSM_RETURN isCertRevoked(
123 TPCertInfo &subjectCert);
124
125 /* accessors */
126 const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; }
127 TPCrlVerifyState verifyState() { return mVerifyState; }
128
129 const CSSM_DATA *uri() { return &mUri; }
130 void uri(const CSSM_DATA &uri);
131
132 /*
133 * Ref count info maintained by caller (currently only in
134 * tpCrlVfy.cpp's global cache module).
135 */
136 int mRefCount;
137 bool mToBeDeleted;
138
139 /* used only by tpCrlVerify */
140 TPCrlFromWhere mFromWhere;
141
142
143 private:
144 CSSM_X509_SIGNED_CRL *mX509Crl;
145 CSSM_DATA_PTR mCrlFieldToFree;
146 TPCrlVerifyState mVerifyState;
147 CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad
148 CSSM_DATA mUri; // if fetched from net
149
150 void releaseResources();
151 CSSM_RETURN parseExtensions(
152 TPCrlVerifyContext &tpVerifyContext,
153 bool isPerEntry,
154 uint32 entryIndex, // if isPerEntry
155 const CSSM_X509_EXTENSIONS &extens,
156 TPCertInfo *forCert, // optional
157 bool &isIndirectCrl);// RETURNED
158
159 };
160
161 /*
162 * TP's private CRL Group class.
163 */
164 class TPCrlGroup
165 {
166 NOCOPY(TPCrlGroup)
167 public:
168 /* construct empty CRL group */
169 TPCrlGroup(
170 CssmAllocator &alloc,
171 TPGroupOwner whoOwns); // if TGO_Group, we delete
172
173 /*
174 * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting
175 * TPCrlInfos are more or less in the same order as the incoming
176 * CRLs, though incoming CRLs are discarded if they don't parse.
177 * No verification of any sort is performed.
178 */
179 TPCrlGroup(
180 const CSSM_CRLGROUP *cssmCrlGroup, // optional
181 CSSM_CL_HANDLE clHand,
182 CSSM_CSP_HANDLE cspHand,
183 CssmAllocator &alloc,
184 const char *cssmTimeStr, // may be NULL
185 TPGroupOwner whoOwns);
186
187 /*
188 * Deletes all TPCrlInfo's.
189 */
190 ~TPCrlGroup();
191
192 /* add/remove/access TPCrlInfo's. */
193 void appendCrl(
194 TPCrlInfo &crlInfo); // appends to end of mCertInfo
195 TPCrlInfo *crlAtIndex(
196 unsigned index);
197 TPCrlInfo &removeCrlAtIndex(
198 unsigned index); // doesn't delete the cert, just
199 // removes it from our list
200 void removeCrl(
201 TPCrlInfo &crlInfo); // ditto
202
203 /*
204 * Convenience accessors for first and last CRL, only valid when we have
205 * at least one cert.
206 */
207 TPCrlInfo *firstCrl();
208 TPCrlInfo *lastCrl();
209
210 /*
211 * Find a CRL whose issuer matches specified subject cert.
212 * Returned CRL has not necessarily been verified.
213 */
214 TPCrlInfo *findCrlForCert(
215 TPCertInfo &subject);
216
217 CssmAllocator &alloc() { return mAlloc; }
218 unsigned numCrls() { return mNumCrls; }
219
220 private:
221 CssmAllocator &mAlloc;
222 TPCrlInfo **mCrlInfo; // just an array of pointers
223 unsigned mNumCrls; // valid certs in certInfo
224 unsigned mSizeofCrlInfo; // mallocd space in certInfo
225 TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs
226 // upon destruction
227 };
228 #endif /* _TP_CRL_INFO_H_ */
229
mirror of Security