]> git.saurik.com Git - apple/security.git/blob - AppleX509TP/AppleTPSession.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-177.tar.gz
[apple/security.git] / AppleX509TP / AppleTPSession.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AppleTPSession.cpp - general session support and (mostly) unimplemented functions
21 */
22
23 #include "AppleTPSession.h"
24 #include "TPCertInfo.h"
25 #include "TPCrlInfo.h"
26 #include "tpCrlVerify.h"
27 #include "tpdebugging.h"
28
29 AppleTPSession::AppleTPSession(
30 CSSM_MODULE_HANDLE theHandle,
31 CssmPlugin &plug,
32 const CSSM_VERSION &version,
33 uint32 subserviceId,
34 CSSM_SERVICE_TYPE subserviceType,
35 CSSM_ATTACH_FLAGS attachFlags,
36 const CSSM_UPCALLS &upcalls)
37 : TPPluginSession(theHandle, plug, version, subserviceId,
38 subserviceType,attachFlags, upcalls)
39 {
40 }
41
42 AppleTPSession::~AppleTPSession()
43 {
44 }
45
46 void AppleTPSession::CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
47 uint32 NumberOfFields,
48 const CSSM_FIELD CertFields[],
49 CssmData &CertTemplate)
50 {
51 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
52 }
53
54 void AppleTPSession::CrlVerify(CSSM_CL_HANDLE CLHandle,
55 CSSM_CSP_HANDLE CSPHandle,
56 const CSSM_ENCODED_CRL &CrlToBeVerified,
57 const CSSM_CERTGROUP &SignerCertGroup,
58 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
59 CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult)
60 {
61 /* verify input args */
62 if(RevokerVerifyResult != NULL) {
63 /* not yet, but probably someday */
64 CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS);
65 }
66 switch(CrlToBeVerified.CrlType) {
67 case CSSM_CRL_TYPE_X_509v1:
68 case CSSM_CRL_TYPE_X_509v2:
69 break;
70 default:
71 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_TYPE);
72 }
73 switch(CrlToBeVerified.CrlEncoding) {
74 case CSSM_CRL_ENCODING_BER:
75 case CSSM_CRL_ENCODING_DER:
76 break;
77 default:
78 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_ENCODING);
79 }
80
81 /* optional arguments */
82 CSSM_TIMESTRING cssmTimeStr = NULL;
83 const CSSM_TP_CALLERAUTH_CONTEXT *cred = NULL;
84 uint32 NumberOfAnchorCerts = 0;
85 CSSM_DATA_PTR AnchorCerts = NULL;
86 CSSM_DL_DB_LIST_PTR DBList = NULL;
87 CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0;
88 CSSM_APPLE_TP_ACTION_DATA *actionData = NULL;
89
90 if(VerifyContext != NULL) {
91 cred = VerifyContext->Cred;
92 actionData =
93 (CSSM_APPLE_TP_ACTION_DATA *)VerifyContext->ActionData.Data;
94 if(actionData != NULL) {
95 switch(actionData->Version) {
96 case CSSM_APPLE_TP_ACTION_VERSION:
97 if(VerifyContext->ActionData.Length !=
98 sizeof(CSSM_APPLE_TP_ACTION_DATA)) {
99 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
100 }
101 break;
102 /* handle backwards versions here if we ever go
103 * beyond version 0 */
104 default:
105 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA);
106 }
107 actionFlags = actionData->ActionFlags;
108 }
109 }
110 if(cred != NULL) {
111 cssmTimeStr = cred->VerifyTime;
112 NumberOfAnchorCerts = cred->NumberOfAnchorCerts;
113 AnchorCerts = cred->AnchorCerts;
114 DBList = cred->DBList;
115 }
116
117 /* this must be parseable, throw immediately if not */
118 TPCrlInfo crlToVerify(CLHandle, CSPHandle, &CrlToBeVerified.CrlBlob,
119 TIC_NoCopy, cssmTimeStr);
120
121 /* required at the API but in fact may be empty */
122 TPCertGroup inCertGroup(SignerCertGroup, CLHandle, CSPHandle, *this,
123 cssmTimeStr, // optional 'this' time
124 false, // firstCertMustBeValid
125 TGO_Group);
126
127 /* common CRL verify parameters */
128 TPCrlVerifyContext vfyCtx(*this,
129 CLHandle,
130 CSPHandle,
131 cssmTimeStr,
132 NumberOfAnchorCerts,
133 AnchorCerts,
134 &inCertGroup,
135 NULL, // no CRLs, we're on our own
136 NULL, // gatheredCerts, none so far
137 DBList,
138 kCrlNone, // policy, varies per policy
139 actionFlags,
140 0); // crlOptFlags, varies per policy
141
142 /*
143 * We assert the doCrlVerify flag to ensure CRL verification
144 * if intermediate certs which verifyWithContext() gathers to
145 * verify this CRL.
146 */
147 CSSM_RETURN crtn = crlToVerify.verifyWithContext(vfyCtx, NULL, true);
148 if(crtn) {
149 tpCrlDebug("CrlVerify failure");
150 CssmError::throwMe(crtn);
151 }
152 }
153
154 void AppleTPSession::CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
155 uint32 CertIndex,
156 CSSM_LONG_HANDLE KeyCacheHandle,
157 CSSM_CSP_HANDLE CSPHandle,
158 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry)
159 {
160 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
161 }
162
163 /*** CertGroupVerify, CertGroupConstruct in TPCertGroup.cpp ***/
164
165 void AppleTPSession::CertSign(CSSM_CL_HANDLE CLHandle,
166 CSSM_CC_HANDLE CCHandle,
167 const CssmData &CertTemplateToBeSigned,
168 const CSSM_CERTGROUP &SignerCertGroup,
169 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
170 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
171 CssmData &SignedCert)
172 {
173 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
174 }
175
176 void AppleTPSession::TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
177 const CSSM_TUPLEGROUP &TupleGroup,
178 CSSM_CERTGROUP_PTR &CertTemplates)
179 {
180 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
181 }
182
183 void AppleTPSession::ReceiveConfirmation(const CssmData &ReferenceIdentifier,
184 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
185 sint32 &ElapsedTime)
186 {
187 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
188 }
189
190 void AppleTPSession::PassThrough(CSSM_CL_HANDLE CLHandle,
191 CSSM_CC_HANDLE CCHandle,
192 const CSSM_DL_DB_LIST *DBList,
193 uint32 PassThroughId,
194 const void *InputParams,
195 void **OutputParams)
196 {
197 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
198 }
199
200 void AppleTPSession::CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
201 CSSM_CSP_HANDLE CSPHandle,
202 const CssmData *OldCrlTemplate,
203 const CSSM_CERTGROUP &CertGroupToBeRemoved,
204 const CSSM_CERTGROUP &RevokerCertGroup,
205 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
206 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
207 CssmData &NewCrlTemplate)
208 {
209 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
210 }
211
212 void AppleTPSession::CertRevoke(CSSM_CL_HANDLE CLHandle,
213 CSSM_CSP_HANDLE CSPHandle,
214 const CssmData *OldCrlTemplate,
215 const CSSM_CERTGROUP &CertGroupToBeRevoked,
216 const CSSM_CERTGROUP &RevokerCertGroup,
217 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
218 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
219 CSSM_TP_CERTCHANGE_REASON Reason,
220 CssmData &NewCrlTemplate)
221 {
222 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
223 }
224
225 void AppleTPSession::CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle)
226 {
227 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
228 }
229
230 void AppleTPSession::CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
231 uint32 NumberOfFields,
232 const CSSM_FIELD CrlFields[],
233 CssmData &NewCrlTemplate)
234 {
235 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
236 }
237
238 void AppleTPSession::CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
239 const CSSM_CERTGROUP &CertGroup,
240 CSSM_TUPLEGROUP_PTR &TupleGroup)
241 {
242 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
243 }
244
245 void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
246 CSSM_TP_FORM_TYPE FormType,
247 CssmData &BlankForm)
248 {
249 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
250 }
251
252 void AppleTPSession::CrlSign(CSSM_CL_HANDLE CLHandle,
253 CSSM_CC_HANDLE CCHandle,
254 const CSSM_ENCODED_CRL &CrlToBeSigned,
255 const CSSM_CERTGROUP &SignerCertGroup,
256 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
257 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
258 CssmData &SignedCrl)
259 {
260 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
261 }
262
263 void AppleTPSession::CertGroupPrune(CSSM_CL_HANDLE CLHandle,
264 const CSSM_DL_DB_LIST &DBList,
265 const CSSM_CERTGROUP &OrderedCertGroup,
266 CSSM_CERTGROUP_PTR &PrunedCertGroup)
267 {
268 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
269 }
270
271 void AppleTPSession::ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
272 CSSM_CSP_HANDLE CSPHandle,
273 const CSSM_ENCODED_CRL &CrlToBeApplied,
274 const CSSM_CERTGROUP &SignerCertGroup,
275 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
276 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult)
277 {
278 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
279 }
280
281 void AppleTPSession::CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
282 const CssmData &CertTemplate,
283 uint32 &NumberOfFields,
284 CSSM_FIELD_PTR &CertFields)
285 {
286 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
287 }
288
289 void AppleTPSession::ConfirmCredResult(const CssmData &ReferenceIdentifier,
290 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
291 const CSSM_TP_CONFIRM_RESPONSE &Responses,
292 const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
293 {
294 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
295 }
296
297 void AppleTPSession::FormSubmit(CSSM_TP_FORM_TYPE FormType,
298 const CssmData &Form,
299 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
300 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
301 AccessCredentials *Credentials)
302 {
303 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
304 }
305
mirror of Security