]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/lib/Certificate.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_keychain / lib / Certificate.h
1 /*
2 * Copyright (c) 2002-2007 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // Certificate.h - Certificate objects
26 //
27 #ifndef _SECURITY_CERTIFICATE_H_
28 #define _SECURITY_CERTIFICATE_H_
29
30 #include <security_keychain/Item.h>
31
32 #include <security_keychain/StorageManager.h>
33 // @@@ This should not be here.
34 #include <Security/SecBase.h>
35 #include <security_cdsa_client/clclient.h>
36
37 namespace Security
38 {
39
40 namespace KeychainCore
41 {
42
43 class KeyItem;
44
45 class Certificate : public ItemImpl
46 {
47 NOCOPY(Certificate)
48 public:
49 SECCFFUNCTIONS(Certificate, SecCertificateRef, errSecInvalidItemRef, gTypes().Certificate)
50
51 static CL clForType(CSSM_CERT_TYPE type);
52
53 // new item constructor
54 Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding);
55
56 private:
57 // db item constructor
58 Certificate(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
59
60 // PrimaryKey item constructor
61 Certificate(const Keychain &keychain, const PrimaryKey &primaryKey);
62
63 public:
64 static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
65 static Certificate* make(const Keychain &keychain, const PrimaryKey &primaryKey);
66
67 Certificate(Certificate &certificate);
68 virtual ~Certificate() throw();
69
70 virtual void update();
71 virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
72 virtual void didModify(); // Forget any attributes and data we just wrote to the db
73
74 const CssmData &data();
75 CSSM_CERT_TYPE type();
76 CSSM_CERT_ENCODING encoding();
77 CFStringRef commonName();
78 CFStringRef distinguishedName(const CSSM_OID *sourceOid, const CSSM_OID *componentOid);
79 CFStringRef copyFirstEmailAddress();
80 CFArrayRef copyEmailAddresses();
81 const CSSM_X509_NAME_PTR subjectName();
82 const CSSM_X509_NAME_PTR issuerName();
83 const CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID();
84 CSSM_CL_HANDLE clHandle();
85 void inferLabel(bool addLabel, CFStringRef *rtnString = NULL);
86 SecPointer<KeyItem> publicKey();
87 const CssmData &publicKeyHash();
88 const CssmData &subjectKeyIdentifier();
89
90 static KCCursor cursorForIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
91 static KCCursor cursorForSubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
92 static KCCursor cursorForEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
93 static KCCursor cursorForIssuerAndSN_CF(const StorageManager::KeychainList &keychains, CFDataRef issuer, CFDataRef serialNumber);
94
95 SecPointer<Certificate> findInKeychain(const StorageManager::KeychainList &keychains);
96 static SecPointer<Certificate> findByIssuerAndSN(const StorageManager::KeychainList &keychains, const CssmData &issuer, const CssmData &serialNumber);
97 static SecPointer<Certificate> findBySubjectKeyID(const StorageManager::KeychainList &keychains, const CssmData &subjectKeyID);
98 static SecPointer<Certificate> findByEmail(const StorageManager::KeychainList &keychains, const char *emailAddress);
99
100 static void normalizeEmailAddress(CSSM_DATA &emailAddress);
101 static void getEmailAddresses(CSSM_DATA_PTR *sanValues, CSSM_DATA_PTR snValue, std::vector<CssmData> &emailAddresses);
102
103 bool operator < (Certificate &other);
104 bool operator == (Certificate &other);
105
106 bool equal(SecCFObject &other);
107
108 public:
109 CSSM_DATA_PTR copyFirstFieldValue(const CSSM_OID &field);
110 void releaseFieldValue(const CSSM_OID &field, CSSM_DATA_PTR fieldValue);
111
112 CSSM_DATA_PTR *copyFieldValues(const CSSM_OID &field);
113 void releaseFieldValues(const CSSM_OID &field, CSSM_DATA_PTR *fieldValues);
114 Boolean isSelfSigned();
115
116 protected:
117 virtual void willRead();
118 virtual PrimaryKey add(Keychain &keychain);
119 CSSM_HANDLE certHandle();
120
121 void addParsedAttribute(const CSSM_DB_ATTRIBUTE_INFO &info, const CSSM_OID &field);
122
123 void addSubjectKeyIdentifier();
124 void populateAttributes();
125
126 private:
127 bool mHaveTypeAndEncoding;
128 bool mPopulated;
129 CSSM_CERT_TYPE mType;
130 CSSM_CERT_ENCODING mEncoding;
131 CssmClient::CL mCL;
132 CSSM_HANDLE mCertHandle;
133 CssmData mPublicKeyHash;
134 uint8 mPublicKeyHashBytes[20];
135 CssmData mSubjectKeyID;
136 uint8 mSubjectKeyIDBytes[20];
137 CSSM_DATA_PTR mV1SubjectPublicKeyCStructValue; // Hack to prevent algorithmID() from leaking.
138 CSSM_DATA_PTR mV1SubjectNameCStructValue;
139 CSSM_DATA_PTR mV1IssuerNameCStructValue;
140 };
141
142 } // end namespace KeychainCore
143
144 } // end namespace Security
145
146 #endif // !_SECURITY_CERTIFICATE_H_
mirror of Security