OSX/libsecurity_cdsa_utilities/lib/cssmcred.h

   1 /*
   2  * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // cssmcred - enhanced PodWrappers and construction aids for ACL credentials
  27 //
  28 #ifndef _CSSMCRED
  29 #define _CSSMCRED
  30
  31 #include <security_utilities/utilities.h>
  32 #include <security_cdsa_utilities/cssmlist.h>
  33 #include <security_cdsa_utilities/cssmalloc.h>
  34 #include <list>
  35
  36 namespace Security {
  37
  38
  39 //
  40 // PodWrappers for samples and sample groups
  41 //
  42 class CssmSample : public PodWrapper<CssmSample, CSSM_SAMPLE> {
  43 public:
  44         CssmSample(const TypedList &list)
  45         { TypedSample = list; Verifier = NULL; }
  46         CssmSample(const TypedList &list, const CssmSubserviceUid &ver)
  47         { TypedSample = list; Verifier = &ver; }
  48
  49         TypedList &value() { return TypedList::overlay(TypedSample); }
  50         const TypedList &value() const { return TypedList::overlay(TypedSample); }
  51         operator TypedList & () { return value(); }
  52
  53         const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); }
  54         CssmSubserviceUid * &verifier()
  55         { return const_cast<CssmSubserviceUid * &>(CssmSubserviceUid::overlayVar(Verifier)); }
  56 };
  57
  58 class SampleGroup : public PodWrapper<SampleGroup, CSSM_SAMPLEGROUP> {
  59 public:
  60         SampleGroup() { clearPod(); }
  61         SampleGroup(CssmSample &single) { NumberOfSamples = 1; Samples = &single; }
  62
  63         uint32 size() const { return NumberOfSamples; }
  64         uint32 length() const { return size(); }        // legacy; prefer size()
  65         CssmSample *&samples() { return CssmSample::overlayVar(const_cast<CSSM_SAMPLE *&>(Samples)); }
  66         CssmSample *samples() const { return CssmSample::overlay(const_cast<CSSM_SAMPLE *>(Samples)); }
  67
  68         CssmSample &operator [] (uint32 ix) const
  69         { assert(ix < size()); return samples()[ix]; }
  70
  71 public:
  72         // extract all samples of a given sample type. return true if any found
  73         // note that you get a shallow copy of the sample structures for temporary use ONLY
  74         bool collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &samples) const;
  75 };
  76
  77
  78 //
  79 // The PodWrapper for the top-level CSSM credentials structure
  80 //
  81 class AccessCredentials : public PodWrapper<AccessCredentials, CSSM_ACCESS_CREDENTIALS> {
  82 public:
  83         AccessCredentials() { clearPod(); }
  84         explicit AccessCredentials(const SampleGroup &samples, const char *tag = NULL)
  85         { this->samples() = samples; this->tag(tag); }
  86         explicit AccessCredentials(const SampleGroup &samples, const std::string &tag)
  87         { this->samples() = samples; this->tag(tag); }
  88
  89         const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
  90         std::string s_tag() const { return EntryTag; }
  91         void tag(const char *tagString);
  92         void tag(const std::string &tagString) { return tag(tagString.c_str()); }
  93
  94         SampleGroup &samples() { return SampleGroup::overlay(Samples); }
  95         const SampleGroup &samples() const { return SampleGroup::overlay(Samples); }
  96
  97         // pass-throughs to our SampleGroup
  98         uint32 size() const { return samples().size(); }
  99         CssmSample &operator [] (uint32 ix) const { return samples()[ix]; }
 100
 101     // Do these access credentials allow you to pop ui?
 102     bool authorizesUI() const;
 103
 104 public:
 105     static const AccessCredentials& null_credential();
 106
 107         // turn NULL into a null credential if needed
 108         static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred)
 109         { return cred ? overlay(cred) : &null_credential(); }
 110 };
 111
 112
 113 //
 114 // An AccessCredentials object with some construction help.
 115 // Note that this is NOT a PodWrapper.
 116 //
 117 class AutoCredentials : public AccessCredentials {
 118 public:
 119         AutoCredentials(Allocator &alloc);
 120         AutoCredentials(Allocator &alloc, uint32 nSamples);
 121
 122         Allocator &allocator;
 123
 124         CssmSample &sample(uint32 n) { return getSample(n); }
 125
 126         CssmSample &append(const CssmSample &sample)
 127         { return getSample(samples().length()) = sample; }
 128         TypedList &append(const TypedList &exhibit)
 129         { return (getSample(samples().length()) = exhibit).value(); }
 130
 131         CssmSample &operator += (const CssmSample &sample)      { return append(sample); }
 132         TypedList &operator += (const TypedList &exhibit)       { return append(exhibit); }
 133
 134 private:
 135         void init();
 136         CssmSample &getSample(uint32 n);
 137
 138         CssmSample *sampleArray;
 139         uint32 nSamples;
 140 };
 141
 142
 143 //
 144 // Walkers for the CSSM API structure types.
 145 // Note that there are irrational "const"s strewn about the credential sub-structures.
 146 // They make it essentially impossible to incrementally construction them without
 147 // violating them. Since we know what we're doing, we do.
 148 //
 149 namespace DataWalkers
 150 {
 151
 152 // CssmSample (with const override)
 153 template <class Action>
 154 void walk(Action &operate, CssmSample &sample)
 155 {
 156         operate(sample);
 157         walk(operate, sample.value());
 158         if (sample.verifier())
 159                 walk(operate, sample.verifier());
 160 }
 161
 162 // SampleGroup
 163 template <class Action>
 164 void walk(Action &operate, SampleGroup &samples)
 165 {
 166         operate(samples);
 167         enumerateArray(operate, samples, &SampleGroup::samples);
 168 }
 169
 170 // AccessCredentials
 171 template <class Action>
 172 AccessCredentials *walk(Action &operate, AccessCredentials * &cred)
 173 {
 174         operate(cred);
 175         //@@@ ignoring BaseCerts
 176         walk(operate, cred->samples());
 177         //@@@ ignoring challenge callback
 178         return cred;
 179 }
 180
 181 template <class Action>
 182 CSSM_ACCESS_CREDENTIALS *walk(Action &operate, CSSM_ACCESS_CREDENTIALS * &cred)
 183 { return walk(operate, AccessCredentials::overlayVar(cred)); }
 184
 185 template <class Action>
 186 AutoCredentials *walk(Action &operate, AutoCredentials * &cred)
 187 { return (AutoCredentials *)walk(operate, (AccessCredentials * &)cred); }
 188
 189
 190 } // end namespace DataWalkers
 191 } // end namespace Security
 192
 193
 194 #endif //_CSSMCRED