Security-57031.10.10.tar.gz

[apple/security.git] / SecurityTests / clxutils / clAppUtils / CertParser.cpp

/*
 * Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please 
 * obtain a copy of the License at http://www.apple.com/publicsource and 
 * read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
 * Please see the License for the specific language governing rights and 
 * limitations under the License.
 */

/*
 * CertParser.h - cert parser with autorelease of fetched fields
 *
 * Created 24 October 2003 by Doug Mitchell
 */
 
#include "CertParser.h"
#import <AvailabilityMacros.h>

#define CP_DEBUG        1
#if             CP_DEBUG
#define dprintf(args...)  printf(args)
#else
#define dprintf(args...)
#endif

#pragma mark --- CP_FetchedField ---

class CP_FetchedField
{
public:
        /* construct one fetched field (which will be stored in CertParser's 
         * mFetchedFields) */
        CP_FetchedField(
                const CSSM_OID  &fieldOid,
                CSSM_DATA_PTR   fieldData,
                CSSM_CL_HANDLE  clHand);
        
        /* Free the field via CL */
        ~CP_FetchedField();
private:
        CSSM_OID                mFieldOid;
        CSSM_DATA_PTR   mFieldData;
        CSSM_CL_HANDLE  mClHand;
};

CP_FetchedField::CP_FetchedField(
        const CSSM_OID  &fieldOid,
        CSSM_DATA_PTR   fieldData,
        CSSM_CL_HANDLE  clHand)
        : mFieldOid(fieldOid), mFieldData(fieldData), mClHand(clHand)
{
}

/* Free the field via CL */
CP_FetchedField::~CP_FetchedField()
{
        CSSM_CL_FreeFieldValue(mClHand, &mFieldOid, mFieldData);
}

#pragma mark --- CertParser implementation ---

/* Construct with or without data - you can add the data later with 
 * initWithData() to parse without exceptions */
CertParser::CertParser()
{
        initFields();
}

CertParser::CertParser(
        CSSM_CL_HANDLE          clHand)
{
        initFields();
        mClHand = clHand;
}

CertParser::CertParser(
        CSSM_CL_HANDLE          clHand,
        const CSSM_DATA         &certData)
{
        initFields();
        mClHand = clHand;
        CSSM_RETURN crtn = initWithData(certData);
        if(crtn) {
                throw ((int)crtn);
        }
}

CertParser::CertParser(
        SecCertificateRef       secCert)
{
        initFields();
        OSStatus ortn = initWithSecCert(secCert);
        if(ortn) {
                throw ((int)ortn);
        }
}

/* frees all the fields we fetched */
CertParser::~CertParser()
{
        if(mClHand && mCacheHand) {
                CSSM_RETURN crtn = CSSM_CL_CertAbortCache(mClHand, mCacheHand);
                if(crtn) {
                        /* almost certainly a bug */
                        printf("Internal Error: CertParser error on free.");
                        cssmPerror("CSSM_CL_CertAbortCache", crtn);
                }
        }
        vector<CP_FetchedField *>::iterator iter;
        for(iter=mFetchedFields.begin(); iter!=mFetchedFields.end(); iter++) {
                delete *iter;
        }
}

/* common init for all constructors */
void CertParser::initFields()
{
        mClHand = 0;
        mCacheHand = 0;
}

/*** NO MORE EXCEPTIONS ***/

/*
 * No cert- or CDSA-related exceptions thrown by remainder.
 * This is the core initializer: have the CL parse and cache the cert. 
 */
CSSM_RETURN CertParser::initWithData(
        const CSSM_DATA         &certData)
{
        assert(mClHand != 0);
        CSSM_RETURN crtn = CSSM_CL_CertCache(mClHand, &certData, &mCacheHand);
        #if CP_DEBUG
        if(crtn) {
                cssmPerror("CSSM_CL_CertCache", crtn);
        }
        #endif
        return crtn;
}

OSStatus CertParser::initWithSecCert(
        SecCertificateRef       secCert)
{
        OSStatus ortn;
        CSSM_DATA certData;
        
        assert(mClHand == 0);
        ortn = SecCertificateGetCLHandle(secCert, &mClHand);
        if(ortn) {
                return ortn;
        }
        ortn = SecCertificateGetData(secCert, &certData);
        if(ortn) {
                return ortn;
        }
        return (OSStatus)initWithData(certData);
}

CSSM_RETURN CertParser::initWithCFData(
        CFDataRef                       cfData)
{
        CSSM_DATA   cdata;
        
        cdata.Data = (uint8 *)CFDataGetBytePtr(cfData);
        cdata.Length = CFDataGetLength(cfData);
        return initWithData(cdata);
}

/*
 * Obtain atrbitrary field from cached cert. This class takes care of freeing
 * the field in its destructor. 
 *
 * Returns NULL if field not found (not exception). 
 *
 * Caller optionally specifies field length to check - specifying zero means
 * "don't care, don't check". Actual field length always returned in fieldLength. 
 */
const void *CertParser::fieldForOid(
        const CSSM_OID          &oid,
        CSSM_SIZE                       &fieldLength)           // IN/OUT
{
        CSSM_RETURN crtn;
        
        uint32 NumberOfFields = 0;
        CSSM_HANDLE resultHand = 0;
        CSSM_DATA_PTR fieldData = NULL;

        assert(mClHand != 0);
        assert(mCacheHand != 0);
        crtn = CSSM_CL_CertGetFirstCachedFieldValue(
                mClHand,
                mCacheHand,
            &oid,
            &resultHand,
            &NumberOfFields,
                &fieldData);
        if(crtn) {
                /* not an error; just means that the cert doesn't have this field */
                return NULL;
        }
        assert(NumberOfFields == 1);
        CSSM_CL_CertAbortQuery(mClHand, resultHand);
        
        if(fieldLength) {
                if(fieldLength != fieldData->Length) {
                        /* FIXME what's a good way to log in this situation? */
                        printf("***CertParser::fieldForOid: field length mismatch\n");
                        return NULL;
                }
        }
        /* Store the OID and the field for autorelease */
        CP_FetchedField *cpField = new CP_FetchedField(oid, fieldData, mClHand);
        mFetchedFields.push_back(cpField);
        fieldLength = fieldData->Length;
        return fieldData->Data;
}

/*
 * Conveneince routine to fetch an extension we "know" the CL can parse.
 * The return value gets cast to one of the CE_Data types.
 */
const void *CertParser::extensionForOid(
        const CSSM_OID          &oid)
{
        CSSM_SIZE len = sizeof(CSSM_X509_EXTENSION);
        CSSM_X509_EXTENSION *cssmExt = 
                (CSSM_X509_EXTENSION *)fieldForOid(oid, len);
        if(cssmExt) {
                if(cssmExt->format != CSSM_X509_DATAFORMAT_PARSED) {
                        printf("***Badly formatted extension");
                        return NULL;
                }
                return cssmExt->value.parsedValue;
        }
        else {
                return NULL;
        }
}