]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/CertificateRequest.h
Security-57337.40.85.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / CertificateRequest.h
1 /*
2 * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // CertificateRequest.h
26 //
27 #ifndef _SECURITY_CERTIFICATEREQUEST_H_
28 #define _SECURITY_CERTIFICATEREQUEST_H_
29
30 #include <Security/SecCertificateRequest.h>
31 #include <security_utilities/seccfobject.h>
32 #include "SecCFTypes.h"
33 #include <security_utilities/alloc.h>
34 #include <security_cdsa_utilities/cssmdata.h>
35 #include <security_cdsa_client/tpclient.h>
36 #include <security_cdsa_client/clclient.h>
37 #include <security_utilities/debugging.h>
38 #include <CoreFoundation/CoreFoundation.h>
39
40 #define certReqDbg(args...) secdebug("certReq", ## args)
41
42 namespace Security
43 {
44
45 namespace KeychainCore
46 {
47
48 class CertificateRequest : public SecCFObject
49 {
50 NOCOPY(CertificateRequest)
51 public:
52 SECCFFUNCTIONS(CertificateRequest, SecCertificateRequestRef, errSecInvalidItemRef, gTypes().CertificateRequest)
53
54 CertificateRequest(const CSSM_OID &policy,
55 CSSM_CERT_TYPE certificateType,
56 CSSM_TP_AUTHORITY_REQUEST_TYPE requestType,
57 SecKeyRef privateKeyItemRef, // optional
58 SecKeyRef publicKeyItemRef, // optional
59 const SecCertificateRequestAttributeList *attributeList,
60 /*
61 * true when called from SecCertificateRequestCreate, cooking up a new
62 * request from scratch
63 * false when called from SecCertificateFindRequest, recomnstructing
64 * a request in progress
65 */
66 bool isNew = true);
67
68 virtual ~CertificateRequest() throw();
69
70 void submit(
71 sint32 *estimatedTime);
72 void getResult(
73 sint32 *estimatedTime, // optional
74 CssmData &certData);
75
76 /*
77 * Obtain policy/error specific return data blob. We own the data, it's
78 * not copied.
79 */
80 void getReturnData(
81 CssmData &rtnData);
82
83 CSSM_CERT_TYPE certType() { return mCertType; }
84 CSSM_TP_AUTHORITY_REQUEST_TYPE reqType() { return mReqType; }
85
86 private:
87 void submitDotMac(
88 sint32 *estimatedTime);
89 void getResultDotMac(
90 sint32 *estimatedTime, // optional
91 CssmData &certData);
92 void postPendingRequest();
93
94 /* preferences support */
95 CFStringRef createUserKey();
96 CFStringRef createPolicyKey();
97 CFDictionaryRef getPolicyDictionary(
98 CFDictionaryRef prefsDict);
99 CFDictionaryRef getUserDictionary(
100 CFDictionaryRef policyDict);
101
102 /*
103 * Preferences storage and retrieval.
104 * Both assume valid mPolicy and mUserName. storeResults stores the
105 * specified data; retrieveResults retrieves whatever is found in the
106 * prefs dictionary and restores to mRefId or mCert as appropriate.
107 */
108 OSStatus storeResults(
109 const CSSM_DATA *refId, // optional, for queued requests
110 const CSSM_DATA *certDat); // optional, for immediate completion
111 void retrieveResults();
112 void removeResults();
113
114 typedef enum {
115 CRS_New = 0, // created via SecCertificateRequestCreate
116 CRS_Reconstructed, // created via SecCertificateFindRequest
117 CRS_HaveCert, // completed request one way or another, have a good cert
118 CRS_HaveRefId, // submitted request, have RefId for later retrieval
119 CRS_HaveOtherData // submitted request, have other data in mRefId
120 } CertReqState;
121
122 Allocator &mAlloc;
123 CssmClient::TP mTP;
124 CssmClient::CL mCL;
125 CssmAutoData mPolicy; /* i.e., "CssmAutoOid" */
126 CSSM_CERT_TYPE mCertType;
127 CSSM_TP_AUTHORITY_REQUEST_TYPE mReqType;
128 SecKeyRef mPrivKey;
129 SecKeyRef mPubKey;
130 sint32 mEstTime;
131 CssmAutoData mRefId; /* returned from SubmitCredRequest() */
132 CertReqState mCertState;
133 CssmAutoData mCertData;
134
135 /*
136 * The incoming SecCertificateRequestAttributeList oid/value pairs
137 * map to these:
138 */
139 CssmAutoData mUserName;
140 CssmAutoData mPassword; /* optional (lookup doesn't use it) */
141 CssmAutoData mHostName; /* optional */
142 CssmAutoData mDomain; /* optional */
143 bool mDoRenew;
144 bool mIsAsync; /* true means no persistent state
145 * stored in user prefs; default
146 * is false */
147 Mutex mMutex;
148 };
149
150 } // end namespace KeychainCore
151
152 } // end namespace Security
153
154 #endif // !_SECURITY_CERTIFICATEREQUEST_H_