]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_x509_cl/lib/DecodedExtensions.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_cl / lib / DecodedExtensions.h
1 /*
2 * Copyright (c) 2000-2002,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * DecodedExtensions.h - Intermediate representation of extensions.
21 */
22
23 #ifndef _DECODED_EXTENSIONS_H_
24 #define _DECODED_EXTENSIONS_H_
25
26 #include <Security/cssmtype.h>
27 #include <security_cdsa_utilities/cssmdata.h>
28
29 #include <security_asn1/SecNssCoder.h>
30 #include <Security/X509Templates.h>
31 #include <Security/x509defs.h>
32
33 #include "cldebugging.h"
34
35 class DecodedExten
36 {
37 NOCOPY(DecodedExten)
38 public:
39
40 /* member variables only set on construct */
41 DecodedExten(
42 const CSSM_OID &extnId, // copied
43 bool critical,
44 void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints,
45 // etc. NOT COPIED, exists in same
46 // memory space as coder
47 bool berEncoded, // indicates unknown extension
48 // which we do not BER-decode
49 // when parsing a cert
50 const SecAsn1Template *templ, // to decode/encode if !berEncoded
51 SecNssCoder &coder, // all local allocs from here
52 const CSSM_DATA *rawExtn=NULL); // NSS_CertExtension.value, copied to
53 // mRawExtn, optional (not present
54 // during a SetField op)
55 ~DecodedExten();
56
57 /*
58 * Convert this extension to a CSSM_X509_EXTENSION, after its contents
59 * have been converted to a native CDSA object (CE_KeyUsage, etc.).
60 * This is the final step of a getField op involving an extension.
61 */
62 void convertToCdsa(
63 void *cdsaObj, // e.g. CE_KeyUsage
64 // CSSM_DATA_PTR for berEncoded
65 CSSM_X509_EXTENSION_PTR cssmExt, // contents mallocd in alloc's space
66 // and RETURNED
67 Allocator &alloc) const;
68
69 /*
70 * Convert a DecodedExten to a CSSM_X509_EXTENSION. This includes
71 * the mapping of the extnId to a known CDSA type and type and doing the
72 * actual NSS-to-CDSA conversion.
73 */
74 void parse(
75 CSSM_X509_EXTENSION_PTR cssmExt, // mallocd by caller, contents
76 // mallocd in alloc's space,
77 // RETURNED
78 Allocator &alloc) const;
79
80 const CSSM_OID &extnId() const { return mExtnId; }
81 bool critical() const { return mCritical; }
82 void *nssObj() const { return mNssObj; }
83 bool berEncoded() const { return mBerEncoded; }
84 const SecAsn1Template *templ() const { return mTempl; }
85 CSSM_DATA *rawExtn() const { return mRawExtn; }
86 private:
87 CSSM_X509EXT_TAGandVALUE *createTagAndValue(
88 const CSSM_DATA &berValue,
89 Allocator &alloc) const;
90
91 CSSM_OID mExtnId;
92 bool mCritical;
93 void *mNssObj; // NSS_KeyUsage, NSS_BasicConstraints, etc.
94 bool mBerEncoded; // indicates unknown extension which we
95 // do not BER-decode when parsing a cert
96 const SecAsn1Template *mTempl;
97 // used for decode/encode
98 SecNssCoder &mCoder;
99 CSSM_DATA *mRawExtn; // optional BER-encoded extension data, not
100 // present if created via SetField()
101 };
102
103 /*
104 * A variable-size array of DecodedExtens.
105 * Used for storing cert and CRL extensions as well as per-CRL-entry
106 * extensions.
107 */
108 class DecodedExtensions
109 {
110 NOCOPY(DecodedExtensions)
111 public:
112 DecodedExtensions(
113 SecNssCoder &coder, // for local allocs
114 Allocator &alloc); // for user space (copyout) allocs
115 ~DecodedExtensions();
116
117 /* Initialize by decoding an NSS-style NSS_CertExtension array */
118 void decodeFromNss(
119 NSS_CertExtension **extensions);
120
121 /* Encode into a NSS-style NSS_CertExtension array, allocating
122 * both the array pointers and the NSS_Extension elements themselves */
123 void encodeToNss(
124 NSS_CertExtension **&extensions);
125
126 /* add/retrieve entries */
127 void addExtension(
128 const CSSM_OID &extnId, // copied
129 bool critical,
130 void *nssObj, // NSS_BasicConstraints,
131 // etc. NOT COPIED, exists in same
132 // memory space as coder
133 bool berEncoded, // indicates unknown extension
134 // which we do not BER-decode
135 // when parsing a cert
136 const SecAsn1Template *templ, // required if !berEncoded
137 const CSSM_DATA *rawExtn=NULL); // NSS_CertExtension.value, copied,
138 // optional (not present during a
139 // SetField op)
140 const DecodedExten *getExtension(
141 unsigned extenDex) const;
142
143 /*
144 * Convert to CSSM_X509_EXTENSIONS, including conversion to
145 * native CDSA C structs. Only used on CRL side, on a getField
146 * returning the entire parsed CRL. */
147 void convertToCdsa(
148 CSSM_X509_EXTENSIONS &cssmExtens,
149 Allocator &alloc) const;
150
151 unsigned numExtensions() const { return mNumExtensions; }
152
153 private:
154 SecNssCoder &mCoder;
155 Allocator &mAlloc;
156 DecodedExten **mExtensions;
157 unsigned mNumExtensions; // # valid DecodedExtens
158 unsigned mSizeofExtensions; // mallocd size in mExtensions
159 };
160
161 #endif /* _DECODED_EXTENSIONS_H_ */
mirror of Security