]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_apple_x509_tp/lib/AppleTPSession.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / Security / libsecurity_apple_x509_tp / lib / AppleTPSession.h
1 /*
2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AppleTPSession.h - TP session functions.
21 *
22 */
23
24 #ifndef _H_APPLE_TP_SESSION
25 #define _H_APPLE_TP_SESSION
26
27 #include <security_cdsa_plugin/TPsession.h>
28 #include "TPCertInfo.h"
29
30 #define REALLOC_WORKAROUND 0
31 #if REALLOC_WORKAROUND
32 #include <string.h>
33 #endif
34
35 class AppleTPSession : public TPPluginSession {
36
37 public:
38
39 AppleTPSession(
40 CSSM_MODULE_HANDLE theHandle,
41 CssmPlugin &plug,
42 const CSSM_VERSION &version,
43 uint32 subserviceId,
44 CSSM_SERVICE_TYPE subserviceType,
45 CSSM_ATTACH_FLAGS attachFlags,
46 const CSSM_UPCALLS &upcalls);
47
48 ~AppleTPSession();
49
50 #if REALLOC_WORKAROUND
51 void *realloc(void *oldp, size_t size) {
52 void *newp = malloc(size);
53 memmove(newp, oldp, size);
54 free(oldp);
55 return newp;
56 }
57 #endif /* REALLOC_WORKAROUND */
58
59 /* methods declared in TPabstractSession.h */
60 void CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
61 uint32 NumberOfFields,
62 const CSSM_FIELD CertFields[],
63 CssmData &CertTemplate);
64 void CrlVerify(CSSM_CL_HANDLE CLHandle,
65 CSSM_CSP_HANDLE CSPHandle,
66 const CSSM_ENCODED_CRL &CrlToBeVerified,
67 const CSSM_CERTGROUP &SignerCertGroup,
68 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
69 CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult);
70 void CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
71 uint32 CertIndex,
72 CSSM_LONG_HANDLE KeyCacheHandle,
73 CSSM_CSP_HANDLE CSPHandle,
74 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry);
75 void CertGroupVerify(CSSM_CL_HANDLE CLHandle,
76 CSSM_CSP_HANDLE CSPHandle,
77 const CSSM_CERTGROUP &CertGroupToBeVerified,
78 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
79 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult);
80 void CertGroupConstruct(CSSM_CL_HANDLE CLHandle,
81 CSSM_CSP_HANDLE CSPHandle,
82 const CSSM_DL_DB_LIST &DBList,
83 const void *ConstructParams,
84 const CSSM_CERTGROUP &CertGroupFrag,
85 CSSM_CERTGROUP_PTR &CertGroup);
86 void CertSign(CSSM_CL_HANDLE CLHandle,
87 CSSM_CC_HANDLE CCHandle,
88 const CssmData &CertTemplateToBeSigned,
89 const CSSM_CERTGROUP &SignerCertGroup,
90 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
91 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
92 CssmData &SignedCert);
93 void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
94 const CSSM_TUPLEGROUP &TupleGroup,
95 CSSM_CERTGROUP_PTR &CertTemplates);
96 void ReceiveConfirmation(const CssmData &ReferenceIdentifier,
97 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
98 sint32 &ElapsedTime);
99 void PassThrough(CSSM_CL_HANDLE CLHandle,
100 CSSM_CC_HANDLE CCHandle,
101 const CSSM_DL_DB_LIST *DBList,
102 uint32 PassThroughId,
103 const void *InputParams,
104 void **OutputParams);
105 void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
106 CSSM_CSP_HANDLE CSPHandle,
107 const CssmData *OldCrlTemplate,
108 const CSSM_CERTGROUP &CertGroupToBeRemoved,
109 const CSSM_CERTGROUP &RevokerCertGroup,
110 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
111 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
112 CssmData &NewCrlTemplate);
113 void CertRevoke(CSSM_CL_HANDLE CLHandle,
114 CSSM_CSP_HANDLE CSPHandle,
115 const CssmData *OldCrlTemplate,
116 const CSSM_CERTGROUP &CertGroupToBeRevoked,
117 const CSSM_CERTGROUP &RevokerCertGroup,
118 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
119 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
120 CSSM_TP_CERTCHANGE_REASON Reason,
121 CssmData &NewCrlTemplate);
122 void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle);
123 void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
124 uint32 NumberOfFields,
125 const CSSM_FIELD CrlFields[],
126 CssmData &NewCrlTemplate);
127 void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
128 const CSSM_CERTGROUP &CertGroup,
129 CSSM_TUPLEGROUP_PTR &TupleGroup);
130 void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
131 CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
132 const CSSM_TP_REQUEST_SET &RequestInput,
133 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
134 sint32 &EstimatedTime,
135 CssmData &ReferenceIdentifier);
136 void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
137 CSSM_TP_FORM_TYPE FormType,
138 CssmData &BlankForm);
139 void CrlSign(CSSM_CL_HANDLE CLHandle,
140 CSSM_CC_HANDLE CCHandle,
141 const CSSM_ENCODED_CRL &CrlToBeSigned,
142 const CSSM_CERTGROUP &SignerCertGroup,
143 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
144 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
145 CssmData &SignedCrl);
146 void CertGroupPrune(CSSM_CL_HANDLE CLHandle,
147 const CSSM_DL_DB_LIST &DBList,
148 const CSSM_CERTGROUP &OrderedCertGroup,
149 CSSM_CERTGROUP_PTR &PrunedCertGroup);
150 void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
151 CSSM_CSP_HANDLE CSPHandle,
152 const CSSM_ENCODED_CRL &CrlToBeApplied,
153 const CSSM_CERTGROUP &SignerCertGroup,
154 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
155 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult);
156 void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
157 const CssmData &CertTemplate,
158 uint32 &NumberOfFields,
159 CSSM_FIELD_PTR &CertFields);
160 void ConfirmCredResult(const CssmData &ReferenceIdentifier,
161 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
162 const CSSM_TP_CONFIRM_RESPONSE &Responses,
163 const CSSM_TP_AUTHORITY_ID *PreferredAuthority);
164 void FormSubmit(CSSM_TP_FORM_TYPE FormType,
165 const CssmData &Form,
166 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
167 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
168 AccessCredentials *Credentials);
169 void RetrieveCredResult(const CssmData &ReferenceIdentifier,
170 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
171 sint32 &EstimatedTime,
172 CSSM_BOOL &ConfirmationRequired,
173 CSSM_TP_RESULT_SET_PTR &RetrieveOutput);
174
175 private:
176 void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
177 CSSM_CSP_HANDLE cspHand,
178 TPCertGroup &inCertGroup,
179 const CSSM_DL_DB_LIST *DBList, // optional here
180 const char *cssmTimeStr, // optional
181 uint32 numAnchorCerts, // optional
182 const CSSM_DATA *anchorCerts,
183
184 /* CSSM_TP_ACTION_FETCH_CERT_FROM_NET, CSSM_TP_ACTION_TRUST_SETTINGS */
185 CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
186
187 /* optional user trust parameters */
188 const CSSM_OID *policyOid,
189 const char *policyStr,
190 uint32 policyStrLen,
191 CSSM_KEYUSE keyUse,
192
193 /*
194 * Certs to be freed by caller (i.e., TPCertInfo which we allocate
195 * as a result of using a cert from anchorCerts of dbList) are added
196 * to this group.
197 */
198 TPCertGroup &certsToBeFreed,
199
200 /* returned */
201 CSSM_BOOL &verifiedToRoot, // end of chain self-verifies
202 CSSM_BOOL &verifiedToAnchor, // end of chain in anchors
203 CSSM_BOOL &verifiedViaTrustSetting, // chain ends per Trust Setting
204 TPCertGroup &outCertGroup); // RETURNED
205
206 /* in tpCredRequest.cp */
207 CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
208 unsigned numNames);
209 void freeX509Name(CSSM_X509_NAME *top);
210 CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
211 void freeX509Time(CSSM_X509_TIME *xtime);
212 void refKeyToRaw(
213 CSSM_CSP_HANDLE cspHand,
214 const CSSM_KEY *refKey,
215 CSSM_KEY_PTR rawKey);
216 void makeCertTemplate(
217 /* required */
218 CSSM_CL_HANDLE clHand,
219 CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
220 uint32 serialNumber,
221 const CSSM_X509_NAME *issuerName,
222 const CSSM_X509_NAME *subjectName,
223 const CSSM_X509_TIME *notBefore,
224 const CSSM_X509_TIME *notAfter,
225 const CSSM_KEY *subjectPubKey,
226 const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
227 /* optional */
228 const CSSM_DATA *subjectUniqueId,
229 const CSSM_DATA *issuerUniqueId,
230 CSSM_X509_EXTENSION *extensions,
231 unsigned numExtensions,
232 CSSM_DATA_PTR &rawCert);
233
234 void SubmitCsrRequest(
235 const CSSM_TP_REQUEST_SET &RequestInput,
236 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
237 sint32 &EstimatedTime,
238 CssmData &ReferenceIdentifier);
239
240 /*
241 * Per-session storage of SubmitCredRequest results.
242 *
243 * A TpCredHandle is just an address of a cert, cast to a CSSM_INTPTR. It's
244 * what ReferenceIdentifier.Data points to.
245 */
246 typedef CSSM_INTPTR TpCredHandle;
247 typedef std::map<TpCredHandle,
248 const CSSM_DATA * /* the actual cert */ > credMap;
249 credMap tpCredMap;
250 Mutex tpCredMapLock;
251
252 /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
253 * add it and the cert to tpCredMap. */
254 void addCertToMap(
255 const CSSM_DATA *cert,
256 CSSM_DATA_PTR refId);
257
258 /* given a ReferenceIdentifier, obtain associated cert and remove from the map */
259 CSSM_DATA_PTR getCertFromMap(
260 const CSSM_DATA *refId);
261
262 };
263
264 #endif /* _H_APPLE_TP_SESSION */
mirror of Security