]> git.saurik.com Git - apple/security.git/blob - libsecurity_apple_x509_tp/lib/TPCrlInfo.h
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_apple_x509_tp / lib / TPCrlInfo.h
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * TPCrlInfo.h - TP's private CRL and CRL group classes
21 *
22 * Written 9/25/2001 by Doug Mitchell.
23 */
24
25 #ifndef _TP_CRL_INFO_H_
26 #define _TP_CRL_INFO_H_
27
28 #include <Security/cssmtype.h>
29 #include <security_utilities/alloc.h>
30 #include <security_utilities/threading.h>
31 #include <security_utilities/globalizer.h>
32 #include "TPCertInfo.h"
33 #include "tpCrlVerify.h"
34
35 /*
36 * Verification state of a TPCrlInfo. Verification refers to the process
37 * of cert chain validation from the CRL to a trusted root. Since this
38 * is a rather heavyweight operation, this is done on demand, when a given
39 * CRL is "believed to be" the appropriate one for a given cert. It
40 * is separate from not before/after verification, which is performed
41 * on the fly as needed.
42 */
43 typedef enum {
44 CVS_Unknown, // initial default state
45 CVS_Good, // known good
46 CVS_Bad // known bad
47 } TPCrlVerifyState;
48
49 /*
50 * Indicates where a particular CRL came from. Currently only used
51 * in the tpCrlVerify module.
52 */
53 typedef enum {
54 CFW_Nowhere, // default, never returned
55 CFW_InGroup, // from incoming TPCrlGroup
56 CFW_DlDb, // verifyContext.dbList
57 CFW_LocalCache, // tpGlobalCrlCache
58 CFW_Net, // tpFetchCrlFromNet
59 /* probably others */
60 } TPCrlFromWhere;
61
62
63 /*
64 * Class representing one CRL. The raw CRL data usually comes from
65 * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we
66 * don't own the raw data and don't copy or free it. Caller can
67 * optionally specify that we copy (and own and eventually free) the raw cert data.
68 * Currently this is only done when we find a CRL in a DlDb. The constructor throws
69 * on any error (bad CRL data); subsequent to successful construction, no CSSM
70 * errors are thrown and it's guaranteed that the CRL is basically readable and
71 * successfully cached in the CL, and that we have a locally cached
72 * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format).
73 */
74 class TPCrlInfo : public TPClItemInfo
75 {
76 NOCOPY(TPCrlInfo)
77 public:
78 /*
79 * No default constructor - this is the only way.
80 */
81 TPCrlInfo(
82 CSSM_CL_HANDLE clHand,
83 CSSM_CSP_HANDLE cspHand,
84 const CSSM_DATA *crlData,
85 TPItemCopy copyCrlData,
86 const char *verifyTime); // NULL ==> time = right now
87
88 /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */
89 ~TPCrlInfo();
90
91 /*
92 * The heavyweight "perform full verification" op.
93 * If doCrlVerify is true, we'll do an eventually recursive
94 * CRL verification test on the cert group we construct
95 * here to verify the CRL in question. This recursive
96 * verify is also done if the CRL is an indirect CRL.
97 * Currently, the doCrlVerifyFlag will be set false in the
98 * normal case of verifying a cert chain; in that case the
99 * various certs needed to verify the CRL are assumed to
100 * be a subset of the cert chain being verified, and CRL
101 * verification of that cert chain is being performed
102 * elsewhere. The caller would set doCrlVerify true when
103 * the top-level op is simply a CRL verify.
104 */
105 CSSM_RETURN verifyWithContext(
106 TPVerifyContext &tpVerifyContext,
107 TPCertInfo *forCert, // optional
108 bool doCrlVerify = false);
109
110 /*
111 * Wrapper for verifyWithContext for use when evaluating a CRL
112 * "now" instead of at the time in TPVerifyContext.verifyTime.
113 */
114 CSSM_RETURN verifyWithContextNow(
115 TPVerifyContext &tpVerifyContext,
116 TPCertInfo *forCert, // optional
117 bool doCrlVerify = false);
118
119 /*
120 * Do I have the same issuer as the specified subject cert?
121 * Returns true if so.
122 */
123 bool hasSameIssuer(
124 const TPCertInfo &subject);
125
126 /*
127 * Determine if specified cert has been revoked as of the
128 * provided time; a NULL timestring indicates "now".
129 * Assumes that the current CRL has been fully verified.
130 */
131 CSSM_RETURN isCertRevoked(
132 TPCertInfo &subjectCert,
133 CSSM_TIMESTRING verifyTime);
134
135 /* accessors */
136 const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; }
137 TPCrlVerifyState verifyState() { return mVerifyState; }
138
139 const CSSM_DATA *uri() { return &mUri; }
140 void uri(const CSSM_DATA &uri);
141
142 /*
143 * Ref count info maintained by caller (currently only in
144 * tpCrlVfy.cpp's global cache module).
145 */
146 int mRefCount;
147
148 /* used only by tpCrlVerify */
149 TPCrlFromWhere mFromWhere;
150
151
152 private:
153 CSSM_X509_SIGNED_CRL *mX509Crl;
154 CSSM_DATA_PTR mCrlFieldToFree;
155 TPCrlVerifyState mVerifyState;
156 CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad
157 CSSM_DATA mUri; // if fetched from net
158
159 void releaseResources();
160 CSSM_RETURN parseExtensions(
161 TPVerifyContext &tpVerifyContext,
162 bool isPerEntry,
163 uint32 entryIndex, // if isPerEntry
164 const CSSM_X509_EXTENSIONS &extens,
165 TPCertInfo *forCert, // optional
166 bool &isIndirectCrl);// RETURNED
167
168 };
169
170 /*
171 * TP's private CRL Group class.
172 */
173 class TPCrlGroup
174 {
175 NOCOPY(TPCrlGroup)
176 public:
177 /* construct empty CRL group */
178 TPCrlGroup(
179 Allocator &alloc,
180 TPGroupOwner whoOwns); // if TGO_Group, we delete
181
182 /*
183 * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting
184 * TPCrlInfos are more or less in the same order as the incoming
185 * CRLs, though incoming CRLs are discarded if they don't parse.
186 * No verification of any sort is performed.
187 */
188 TPCrlGroup(
189 const CSSM_CRLGROUP *cssmCrlGroup, // optional
190 CSSM_CL_HANDLE clHand,
191 CSSM_CSP_HANDLE cspHand,
192 Allocator &alloc,
193 const char *cssmTimeStr, // may be NULL
194 TPGroupOwner whoOwns);
195
196 /*
197 * Deletes all TPCrlInfo's.
198 */
199 ~TPCrlGroup();
200
201 /* add/remove/access TPCrlInfo's. */
202 void appendCrl(
203 TPCrlInfo &crlInfo); // appends to end of mCertInfo
204 TPCrlInfo *crlAtIndex(
205 unsigned index);
206 TPCrlInfo &removeCrlAtIndex(
207 unsigned index); // doesn't delete the cert, just
208 // removes it from our list
209 void removeCrl(
210 TPCrlInfo &crlInfo); // ditto
211
212 /*
213 * Convenience accessors for first and last CRL, only valid when we have
214 * at least one cert.
215 */
216 TPCrlInfo *firstCrl();
217 TPCrlInfo *lastCrl();
218
219 /*
220 * Find a CRL whose issuer matches specified subject cert.
221 * Returned CRL has not necessarily been verified.
222 */
223 TPCrlInfo *findCrlForCert(
224 TPCertInfo &subject);
225
226 Allocator &alloc() { return mAlloc; }
227 unsigned numCrls() { return mNumCrls; }
228
229 private:
230 Allocator &mAlloc;
231 TPCrlInfo **mCrlInfo; // just an array of pointers
232 unsigned mNumCrls; // valid certs in certInfo
233 unsigned mSizeofCrlInfo; // mallocd space in certInfo
234 TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs
235 // upon destruction
236 };
237 #endif /* _TP_CRL_INFO_H_ */
238