]> git.saurik.com Git - apple/security.git/blob - AppleX509TP/AppleTPSession.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-54.1.5.tar.gz
[apple/security.git] / AppleX509TP / AppleTPSession.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AppleTPSession.h - TP session functions.
21 *
22 * Created 10/5/2000 by Doug Mitchell.
23 */
24
25 #ifndef _H_APPLE_TP_SESSION
26 #define _H_APPLE_TP_SESSION
27
28 #include <Security/TPsession.h>
29 #include "TPCertInfo.h"
30
31 #define REALLOC_WORKAROUND 0
32 #if REALLOC_WORKAROUND
33 #include <string.h>
34 #endif
35
36 class AppleTPSession : public TPPluginSession {
37
38 public:
39
40 AppleTPSession(
41 CSSM_MODULE_HANDLE theHandle,
42 CssmPlugin &plug,
43 const CSSM_VERSION &version,
44 uint32 subserviceId,
45 CSSM_SERVICE_TYPE subserviceType,
46 CSSM_ATTACH_FLAGS attachFlags,
47 const CSSM_UPCALLS &upcalls);
48
49 ~AppleTPSession();
50
51 #if REALLOC_WORKAROUND
52 void *realloc(void *oldp, size_t size) {
53 void *newp = malloc(size);
54 memmove(newp, oldp, size);
55 free(oldp);
56 return newp;
57 }
58 #endif /* REALLOC_WORKAROUND */
59
60 /* methods declared in TPabstractSession.h */
61 void CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
62 uint32 NumberOfFields,
63 const CSSM_FIELD CertFields[],
64 CssmData &CertTemplate);
65 void CrlVerify(CSSM_CL_HANDLE CLHandle,
66 CSSM_CSP_HANDLE CSPHandle,
67 const CSSM_ENCODED_CRL &CrlToBeVerified,
68 const CSSM_CERTGROUP &SignerCertGroup,
69 const CSSM_TP_VERIFY_CONTEXT &VerifyContext,
70 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult);
71 void CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
72 uint32 CertIndex,
73 CSSM_LONG_HANDLE KeyCacheHandle,
74 CSSM_CSP_HANDLE CSPHandle,
75 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry);
76 void CertGroupVerify(CSSM_CL_HANDLE CLHandle,
77 CSSM_CSP_HANDLE CSPHandle,
78 const CSSM_CERTGROUP &CertGroupToBeVerified,
79 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
80 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult);
81 void CertGroupConstruct(CSSM_CL_HANDLE CLHandle,
82 CSSM_CSP_HANDLE CSPHandle,
83 const CSSM_DL_DB_LIST &DBList,
84 const void *ConstructParams,
85 const CSSM_CERTGROUP &CertGroupFrag,
86 CSSM_CERTGROUP_PTR &CertGroup);
87 void CertSign(CSSM_CL_HANDLE CLHandle,
88 CSSM_CC_HANDLE CCHandle,
89 const CssmData &CertTemplateToBeSigned,
90 const CSSM_CERTGROUP &SignerCertGroup,
91 const CSSM_TP_VERIFY_CONTEXT &SignerVerifyContext,
92 CSSM_TP_VERIFY_CONTEXT_RESULT &SignerVerifyResult,
93 CssmData &SignedCert);
94 void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
95 const CSSM_TUPLEGROUP &TupleGroup,
96 CSSM_CERTGROUP_PTR &CertTemplates);
97 void ReceiveConfirmation(const CssmData &ReferenceIdentifier,
98 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
99 sint32 &ElapsedTime);
100 void PassThrough(CSSM_CL_HANDLE CLHandle,
101 CSSM_CC_HANDLE CCHandle,
102 const CSSM_DL_DB_LIST *DBList,
103 uint32 PassThroughId,
104 const void *InputParams,
105 void **OutputParams);
106 void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
107 CSSM_CSP_HANDLE CSPHandle,
108 const CssmData *OldCrlTemplate,
109 const CSSM_CERTGROUP &CertGroupToBeRemoved,
110 const CSSM_CERTGROUP &RevokerCertGroup,
111 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
112 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
113 CssmData &NewCrlTemplate);
114 void CertRevoke(CSSM_CL_HANDLE CLHandle,
115 CSSM_CSP_HANDLE CSPHandle,
116 const CssmData *OldCrlTemplate,
117 const CSSM_CERTGROUP &CertGroupToBeRevoked,
118 const CSSM_CERTGROUP &RevokerCertGroup,
119 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
120 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
121 CSSM_TP_CERTCHANGE_REASON Reason,
122 CssmData &NewCrlTemplate);
123 void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle);
124 void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
125 uint32 NumberOfFields,
126 const CSSM_FIELD CrlFields[],
127 CssmData &NewCrlTemplate);
128 void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
129 const CSSM_CERTGROUP &CertGroup,
130 CSSM_TUPLEGROUP_PTR &TupleGroup);
131 void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
132 CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
133 const CSSM_TP_REQUEST_SET &RequestInput,
134 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
135 sint32 &EstimatedTime,
136 CssmData &ReferenceIdentifier);
137 void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
138 CSSM_TP_FORM_TYPE FormType,
139 CssmData &BlankForm);
140 void CrlSign(CSSM_CL_HANDLE CLHandle,
141 CSSM_CC_HANDLE CCHandle,
142 const CSSM_ENCODED_CRL &CrlToBeSigned,
143 const CSSM_CERTGROUP &SignerCertGroup,
144 const CSSM_TP_VERIFY_CONTEXT &SignerVerifyContext,
145 CSSM_TP_VERIFY_CONTEXT_RESULT &SignerVerifyResult,
146 CssmData &SignedCrl);
147 void CertGroupPrune(CSSM_CL_HANDLE CLHandle,
148 const CSSM_DL_DB_LIST &DBList,
149 const CSSM_CERTGROUP &OrderedCertGroup,
150 CSSM_CERTGROUP_PTR &PrunedCertGroup);
151 void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
152 CSSM_CSP_HANDLE CSPHandle,
153 const CSSM_ENCODED_CRL &CrlToBeApplied,
154 const CSSM_CERTGROUP &SignerCertGroup,
155 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
156 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult);
157 void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
158 const CssmData &CertTemplate,
159 uint32 &NumberOfFields,
160 CSSM_FIELD_PTR &CertFields);
161 void ConfirmCredResult(const CssmData &ReferenceIdentifier,
162 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
163 const CSSM_TP_CONFIRM_RESPONSE &Responses,
164 const CSSM_TP_AUTHORITY_ID *PreferredAuthority);
165 void FormSubmit(CSSM_TP_FORM_TYPE FormType,
166 const CssmData &Form,
167 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
168 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
169 AccessCredentials *Credentials);
170 void RetrieveCredResult(const CssmData &ReferenceIdentifier,
171 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
172 sint32 &EstimatedTime,
173 CSSM_BOOL &ConfirmationRequired,
174 CSSM_TP_RESULT_SET_PTR &RetrieveOutput);
175
176 private:
177 void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
178 CSSM_CSP_HANDLE cspHand,
179 const CSSM_DL_DB_LIST &DBList,
180 const void *ConstructParams,
181 const CSSM_CERTGROUP &CertGroupFrag,
182 CSSM_BOOL ignoreExpired,
183 const char *cssmTimeStr, // May be NULL
184 TPCertGroup *&CertGroup);
185
186 /* in tpCredRequest.cp */
187 CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
188 unsigned numNames);
189 void freeX509Name(CSSM_X509_NAME *top);
190 CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
191 void freeX509Time(CSSM_X509_TIME *xtime);
192 void refKeyToRaw(
193 CSSM_CSP_HANDLE cspHand,
194 const CSSM_KEY *refKey,
195 CSSM_KEY_PTR rawKey);
196 void makeCertTemplate(
197 /* required */
198 CSSM_CL_HANDLE clHand,
199 CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
200 uint32 serialNumber,
201 const CSSM_X509_NAME *issuerName,
202 const CSSM_X509_NAME *subjectName,
203 const CSSM_X509_TIME *notBefore,
204 const CSSM_X509_TIME *notAfter,
205 const CSSM_KEY *subjectPubKey,
206 const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
207 /* optional */
208 const CSSM_DATA *subjectUniqueId,
209 const CSSM_DATA *issuerUniqueId,
210 CSSM_X509_EXTENSION *extensions,
211 unsigned numExtensions,
212 CSSM_DATA_PTR &rawCert);
213
214 void SubmitCsrRequest(
215 const CSSM_TP_REQUEST_SET &RequestInput,
216 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
217 sint32 &EstimatedTime,
218 CssmData &ReferenceIdentifier);
219
220 /*
221 * Per-session storage of SubmitCredRequest results.
222 *
223 * A TpCredHandle is just an address of a cert, cast to a uint32. It's
224 * what ReferenceIdentifier.Data points to.
225 */
226 typedef uint32 TpCredHandle;
227 typedef std::map<TpCredHandle,
228 const CSSM_DATA * /* the actual cert */ > credMap;
229 credMap tpCredMap;
230 Mutex tpCredMapLock;
231
232 /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
233 * add it and the cert to tpCredMap. */
234 void addCertToMap(
235 const CSSM_DATA *cert,
236 CSSM_DATA_PTR refId);
237
238 /* given a ReferenceIdentifier, obtain associated cert and remove from the map */
239 CSSM_DATA_PTR getCertFromMap(
240 const CSSM_DATA *refId);
241
242 };
243
244 #endif /* _H_APPLE_TP_SESSION */
mirror of Security