]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_cdsa_utilities/lib/cssmtrust.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmtrust.h
1 /*
2 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // cssmtrust - CSSM layer Trust (TP) related objects.
27 //
28 #ifndef _H_CSSMTRUST
29 #define _H_CSSMTRUST
30
31 #include <security_cdsa_utilities/cssmbridge.h>
32 #include <security_cdsa_utilities/cssmcert.h>
33 #include <security_cdsa_utilities/cssmcred.h>
34 #include <security_cdsa_utilities/cssmdb.h>
35
36
37 namespace Security {
38
39
40 //
41 // A TP "POLICYINFO" structure, essentially an OID/Data pair.
42 //
43 class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
44 public:
45 uint32 count() const { return NumberOfPolicyIds; }
46 uint32 &count() { return NumberOfPolicyIds; }
47 CssmField *policies() const { return CssmField::overlay(PolicyIds); }
48 CssmField * &policies() { return CssmField::overlayVar(PolicyIds); }
49 void *control() const { return PolicyControl; }
50
51 CssmField &operator [] (uint32 ix)
52 { assert(ix < count()); return policies()[ix]; }
53
54 void setPolicies(uint32 n, CSSM_FIELD *p)
55 { count() = n; policies() = CssmField::overlay(p); }
56 };
57
58
59 //
60 // TP caller authentication contexts
61 //
62 class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
63 public:
64 CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; }
65 void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
66
67 CSSM_TIMESTRING time() const { return VerifyTime; }
68 void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; }
69
70 PolicyInfo &policies() { return PolicyInfo::overlay(Policy); }
71 const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); }
72 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
73
74 AccessCredentials *creds() const
75 { return AccessCredentials::optional(CallerCredentials); }
76 void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; }
77
78 uint32 anchorCount() const { return NumberOfAnchorCerts; }
79 uint32 &anchorCount() { return NumberOfAnchorCerts; }
80 CssmData *anchors() const { return CssmData::overlay(AnchorCerts); }
81 CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); }
82
83 CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); }
84 CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); }
85 };
86
87
88 //
89 // TP Verify Contexts - a monster collection of possibly useful stuff
90 // when verifying a certificate against trust policies
91 //
92 class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
93 public:
94 CSSM_TP_ACTION action() const { return Action; }
95 CssmData &actionData() { return CssmData::overlay(ActionData); }
96 const CssmData &actionData() const { return CssmData::overlay(ActionData); }
97
98 // set and reference the CallerAuth component
99 TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); }
100 operator TPCallerAuth &() const { return callerAuth(); }
101 TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
102 void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
103
104 // forward CallerAuth operations
105
106 CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
107 void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
108 PolicyInfo &policies() const { return callerAuth().policies(); }
109 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
110 CSSM_TIMESTRING time() const { return callerAuth().time(); }
111 void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); }
112 AccessCredentials *creds() const { return callerAuth().creds(); }
113 void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
114 uint32 anchorCount() const { return callerAuth().anchorCount(); }
115 uint32 &anchorCount() { return callerAuth().anchorCount(); }
116 CssmData *anchors() const { return callerAuth().anchors(); }
117 CssmData * &anchors() { return callerAuth().anchors(); }
118 void anchors(uint32 count, CSSM_DATA *vector)
119 { anchorCount() = count; anchors() = CssmData::overlay(vector); }
120 void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
121 { callerAuth().dlDbList()->setDlDbList(n, list); }
122 };
123
124
125 //
126 // The result of a (raw) TP trust verification call
127 //
128 class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
129 public:
130 CSSM_EVIDENCE_FORM form() const { return EvidenceForm; }
131 void *data() const { return Evidence; }
132 operator void *() const { return data(); }
133
134 template <class T>
135 T *as() const { return reinterpret_cast<T *>(Evidence); }
136 };
137
138 class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
139 public:
140 uint32 count() const { return NumberOfEvidences; }
141 const TPEvidence &operator [] (uint32 ix) const
142 { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
143 };
144
145
146 //
147 // A PodWrapper for Apple's TP supporting-evidence structure
148 //
149 class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
150 public:
151 CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; }
152 CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
153 { return status() & flags; }
154
155 uint32 index() const { return Index; }
156 const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
157 CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
158
159 uint32 codes() const { return NumStatusCodes; }
160 CSSM_RETURN operator [] (uint32 ix)
161 { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
162
163 void destroy(Allocator &allocator);
164 };
165
166
167 //
168 // Walkers
169 //
170 namespace DataWalkers {
171
172
173
174
175 } // end namespace DataWalkers
176 } // end namespace Security
177
178 #endif //_H_CSSMTRUST
mirror of Security