]> git.saurik.com Git - apple/security.git/blob - AppleX509TP/TPCertInfo.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-29.tar.gz
[apple/security.git] / AppleX509TP / TPCertInfo.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * TPCertInfo.h - TP's private certificate info and cert group classes
21 *
22 * Written 10/23/2000 by Doug Mitchell.
23 */
24
25 #ifndef _TP_CERT_INFO_H_
26 #define _TP_CERT_INFO_H_
27
28 #include <Security/cssmtype.h>
29 #include <Security/utilities.h>
30 #include <Security/cssmalloc.h>
31
32 /*
33 * Class representing one certificate. The raw cert data usually comes from
34 * a client (via incoming cert groups in CertGroupConstruct() and CertGroupVerify());
35 * In this case, we don't own the raw data and don't copy or free it. Caller can
36 * optionally specify that we copy (and own and eventnually free) the raw cert data.
37 * The constructor throws on any error (bad cert data); subsequent to successful
38 * construction, no CSSM errors are thrown and it's guaranteed that the cert is
39 * basically good and successfully cached in the CL, and that we have a locally
40 * cached subject and issuer name (in normalized encoded format).
41 */
42 class TPCertInfo
43 {
44 public:
45 /*
46 * No default constructor - this is the only way.
47 * This caches the cert and fetches subjectName and issuerName
48 * to ensure the incoming certData is well-constructed.
49 */
50 TPCertInfo(
51 const CSSM_DATA *certData,
52 CSSM_CL_HANDLE clHand,
53 bool copyCertData = false); // true: we copy, we free
54 // false - caller owns
55
56 /* frees mSubjectName, mIssuerName, mCacheHand via mClHand */
57 ~TPCertInfo();
58
59 /*
60 * Fetch arbitrary field from cached cert.
61 * Only should be used when caller is sure there is either zero or one
62 * of the requested fields present in the cert.
63 */
64 CSSM_RETURN fetchField(
65 const CSSM_OID *fieldOid,
66 CSSM_DATA_PTR *fieldData); // mallocd by CL and RETURNED
67
68 /* free arbitrary field obtained from fetchField() */
69 CSSM_RETURN freeField(
70 const CSSM_OID *fieldOid,
71 CSSM_DATA_PTR fieldData);
72
73 /* accessors */
74 CSSM_CL_HANDLE clHand();
75 CSSM_HANDLE cacheHand();
76 const CSSM_DATA *certData();
77 const CSSM_DATA *subjectName();
78 const CSSM_DATA *issuerName();
79
80 bool isSelfSigned(); // i.e., subject == issuer
81
82 /*
83 * Verify validity (not before/after). Returns
84 * CSSMERR_TP_CERT_NOT_VALID_YET
85 * CSSMERR_TP_CERT_EXPIRED
86 * CSSM_OK
87 * CSSMERR_TP_INVALID_CERT_POINTER, other "bogus cert" errors
88 */
89 CSSM_RETURN isCurrent(
90 CSSM_BOOL allowExpired = CSSM_FALSE);
91
92 private:
93 CSSM_DATA *mCertData; // always valid
94 bool mWeOwnTheData; // if true, we have to free mCertData
95 CSSM_CL_HANDLE mClHand; // always valid
96 CSSM_HANDLE mCacheHand; // always valid
97 CSSM_DATA_PTR mSubjectName; // always valid
98 CSSM_DATA_PTR mIssuerName; // always valid
99
100 void releaseResources();
101
102 /* other field accessors here */
103 };
104
105 /*
106 * TP's private Cert Group class. Provides a list of TPCertInfo pointers, to which
107 * caller can append additional elements, access an element at an arbitrary position,
108 * and remover an element at an arbitrrary position.
109 */
110 class TPCertGroup
111 {
112 public:
113 /*
114 * No default constructor - use this to cook up an instance with
115 * space for numCerts TPCertInfos.
116 */
117 TPCertGroup(
118 CssmAllocator &alloc,
119 unsigned numCerts);
120
121 /*
122 * Deletes all TPCertInfo's.
123 */
124 ~TPCertGroup();
125
126 /* add/remove/access TPTCertInfo's. */
127 void appendCert(
128 TPCertInfo *certInfo); // appends to end of mCertInfo
129 TPCertInfo *certAtIndex(
130 unsigned index);
131 TPCertInfo *removeCertAtIndex(
132 unsigned index); // doesn't delete the cert, just
133 // removes it from our list
134 unsigned numCerts(); // how many do we have?
135
136 /*
137 * Convenience accessors for first and last cert, only valid when we have
138 * at least one cert.
139 */
140 TPCertInfo
141 *firstCert();
142 TPCertInfo
143 *lastCert();
144
145 /* build a CSSM_CERTGROUP corresponding with our mCertInfo */
146 CSSM_CERTGROUP_PTR
147 buildCssmCertGroup();
148
149 private:
150 CssmAllocator &mAlloc;
151 TPCertInfo **mCertInfo; // just an array of pointers
152 unsigned mNumCerts; // valid certs in certInfo
153 unsigned mSizeofCertInfo; // mallocd space in certInfo
154 };
155 #endif /* _TP_CERT_INFO_H_ */
mirror of Security