]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_apple_x509_cl/lib/DecodedCert.h
Security-57031.1.35.tar.gz
[apple/security.git] / Security / libsecurity_apple_x509_cl / lib / DecodedCert.h
1 /*
2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * DecodedCert.h - object representing an NSS-decoded cert, with extensions
21 * parsed and decoded (still in NSS format).
22 *
23 * Copyright (c) 2000,2011,2014 Apple Inc.
24 *
25 * See DecodedItem.h for details on the care and feeding of this
26 * module.
27 */
28
29 #ifndef _DECODED_CERT_H_
30 #define _DECODED_CERT_H_
31
32 #include <Security/cssmtype.h>
33 #include <security_cdsa_utilities/cssmdata.h>
34
35 #include "DecodedItem.h"
36 #include <Security/X509Templates.h>
37 #include <security_asn1/SecNssCoder.h>
38
39 class DecodedCert : public DecodedItem
40 {
41 NOCOPY(DecodedCert)
42 public:
43 /* construct empty cert, no decoded extensions */
44 DecodedCert(
45 AppleX509CLSession &session);
46
47 /* one-shot constructor, decoding from DER-encoded data */
48 DecodedCert(
49 AppleX509CLSession &session,
50 const CssmData &encodedCert);
51
52 ~DecodedCert();
53
54 void encodeExtensions();
55
56 /* decode TBSCert and its extensions */
57 void decodeTbs(
58 const CssmData &encodedTbs);
59
60 /* encode TBSCert and its extensions */
61 void encodeTbs(
62 CssmOwnedData &encodedTbs);
63
64 /***
65 *** field accessors (in CertFields.cpp)
66 ***/
67
68 /*
69 * Obtain the index'th occurrence of field specified by fieldId.
70 * Format of the returned field depends on fieldId.
71 * Returns total number of fieldId fields in the cert if index is 0.
72 * Returns true if specified field was found, else returns false.
73 */
74 bool getCertFieldData(
75 const CssmOid &fieldId, // which field
76 unsigned index, // which occurrence (0 = first)
77 uint32 &numFields, // RETURNED
78 CssmOwnedData &fieldValue); // RETURNED
79
80 /*
81 * Set the field specified by fieldId in TBS.
82 * Note no index - individual field routines either append (for extensions)
83 * or throw if field already set (for all others)
84 */
85 void setCertField(
86 const CssmOid &fieldId, // which field
87 const CssmData &fieldValue);
88
89 /*
90 * Free the fieldId-specific data referred to by fieldValue.get().data().
91 */
92 static void freeCertFieldData(
93 const CssmOid &fieldId,
94 CssmOwnedData &fieldValue);
95
96 void getAllParsedCertFields(
97 uint32 &NumberOfFields, // RETURNED
98 CSSM_FIELD_PTR &CertFields); // RETURNED
99
100 static void describeFormat(
101 Allocator &alloc,
102 uint32 &NumberOfFields,
103 CSSM_OID_PTR &OidList);
104
105 /*
106 * Obtain a CSSM_KEY from a decoded cert, inferring as much as we can
107 * from required fields (subjectPublicKeyInfo) and extensions (for
108 * KeyUse).
109 */
110 CSSM_KEY_PTR extractCSSMKey(
111 Allocator &alloc) const;
112
113 CSSM_KEYUSE inferKeyUsage() const;
114
115 NSS_Certificate mCert;
116 };
117
118 #endif /* _DECODED_CERT_H_ */