2 * Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
24 * pkcs12SafeBag.h : internal representation of various kinds
28 #ifndef _PKCS12_SAFE_BAG_H_
29 #define _PKCS12_SAFE_BAG_H_
31 #include <Security/cssmtype.h>
32 #include <security_pkcs12/pkcs12BagAttrs.h>
33 #include <security_pkcs12/pkcs12Templates.h>
34 #include <security_asn1/SecNssCoder.h>
35 #include <CoreFoundation/CoreFoundation.h>
36 #include <Security/SecCertificate.h>
39 * Abstract superclass of all safe bags.
46 * While decoding, specified attr array includes friendlyName
47 * and localKeyId; we'll parse the array and snag those if
48 * present as "specially treated" attrs. The rest of the
49 * attrs - which we don't grok - get piled into mBagAttrs.
52 NSS_Attribute
**attrs
, // including friendlyName, etc.
56 * Constructor for encoding. The specified attr array only contains
57 * attrs other than friendlyName and localKeyId; those attrs
58 * are passed in explicitly.
60 * All arguments except for the coder are optional.
65 P12BagAttrs
*otherAttrs
,
70 /* getters in CF terms - result is created and returned */
71 CFStringRef CF_RETURNS_RETAINED
friendlyName();
72 CFDataRef CF_RETURNS_RETAINED
localKeyId();
74 /* getters in CSSM_DATA terms - result is just a reference */
75 CSSM_DATA
&friendlyNameCssm() { return mFriendlyName
; }
76 CSSM_DATA
&localKeyIdCssm() { return mLocalKeyId
; }
79 * Get all attrs, including friendlyName and localKeyId,
80 * in preparation for encoding.
82 NSS_Attribute
**getAllAttrs();
85 * Copy out all attrs in API form. All incoming ptrs
89 CFStringRef
*friendlyName
,
90 CFDataRef
*localKeyId
,
91 P12BagAttrs
**bagAttrs
);
95 * Setters in CF terms, used when constructing prior
104 * Create an NSS_Attribute * for friendlyName or keyId
106 NSS_Attribute
*makeAttr(
107 const CSSM_OID
&attrId
,
108 const CSSM_DATA
&attrValue
);
112 * The common contents of all safe bag types, all optional.
113 * FriendlyName is stored in P12-native form, just as it's
114 * stored in the PFX. This is the contents of a BMPString.
116 CSSM_DATA mFriendlyName
;
117 CSSM_DATA mLocalKeyId
;
118 P12BagAttrs mBagAttrs
;
119 SecNssCoder
&mCoder
; // all our data mallocd here
123 * Individual bag types
125 class P12CertBag
: public P12SafeBag
{
129 NSS_P12_CertBagType certType
, // CT_X509, CT_SDSI
131 NSS_Attribute
**attrs
, // optional
136 NSS_P12_CertBagType certType
, // CT_X509, CT_SDSI
140 P12BagAttrs
*otherAttrs
,// optional
145 /* getters - result is just a ref to our data */
146 NSS_P12_CertBagType
certType() { return mCertType
; }
147 CSSM_DATA
&certData() { return mCertData
; }
149 /* convert to P12CertBag to SecCertificateRef */
150 SecCertificateRef
getSecCert();
153 NSS_P12_CertBagType mCertType
;
155 SecCertificateRef mCertRef
; /* created lazily */
158 class P12CrlBag
: public P12SafeBag
{
162 NSS_P12_CrlBagType crlType
, // CRT_X509, only for now
164 NSS_Attribute
**attrs
, // optional
169 NSS_P12_CrlBagType crlType
, // CRT_X509, only for now
173 P12BagAttrs
*otherAttrs
,
178 /* getters - result is just a ref to our data */
179 NSS_P12_CrlBagType
crlType() { return mCrlType
; }
180 CSSM_DATA
&crlData() { return mCrlData
; }
184 NSS_P12_CrlBagType mCrlType
;
188 /* for both shrouded and plain */
189 class P12KeyBag
: public P12SafeBag
{
194 CSSM_CSP_HANDLE cspHand
,
195 NSS_Attribute
**attrs
, // optional
196 CSSM_DATA
&labelData
,
202 CSSM_CSP_HANDLE cspHand
,
205 P12BagAttrs
*otherAttrs
,
207 /* for SecPkcs12ExportKeychainItems() */
208 SecKeyRef keyRef
= NULL
);
213 const CSSM_DATA
&newLabel
);
215 /* reusable key setter */
217 CSSM_KEY_PTR cssmKey
);
220 * Keys are kind of special in that they can't easily be copied.
221 * On encode, the app owns the key. On decode, we own the
222 * reference key but caller (P12Coder) owns the actual
223 * memory associated with the CSSM_KEY.
225 CSSM_KEY_PTR
key() { return mKey
; }
226 CSSM_DATA
&label() { return mLabel
; }
227 const CSSM_ACCESS_CREDENTIALS
228 *privKeyCreds() { return mPrivKeyCreds
; }
229 bool dupKey() { return mDupKey
; }
230 void dupKey(bool b
) { mDupKey
= b
; }
234 CSSM_CSP_HANDLE mCspHand
;
237 * When constructed via SecPkcs12ExportKeychainItems(), we
238 * have to hold a reference to the SecKeyRef which was
239 * used to create this object.
244 * When false, app owns key. When true, we have to free
245 * key in our destructor.
247 * NOTE: mKeyRef and mWeOwnKey are mutually exclusive.
251 /* somewhat unique label when stored in DLDB */
254 /* for encode only, owned by app */
255 const CSSM_ACCESS_CREDENTIALS
*mPrivKeyCreds
;
257 /* indicates a key we looked up, not imported */
265 * Others we don't implement
267 class P12OpaqueBag
: public P12SafeBag
{
272 const CSSM_DATA
&blob
,
273 NSS_Attribute
**attrs
, // optional
282 P12BagAttrs
*otherAttrs
,
287 CSSM_OID
&oid() { return mOid
; }
288 CSSM_DATA
&blob() { return mBlob
; }
296 #endif /* _PKCS12_SAFE_BAG_H_ */
projects / apple / security.git / blob