]> git.saurik.com Git - apple/security.git/blob - AppleX509TP/AppleTPSession.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-179.tar.gz
[apple/security.git] / AppleX509TP / AppleTPSession.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AppleTPSession.h - TP session functions.
21 *
22 * Created 10/5/2000 by Doug Mitchell.
23 */
24
25 #ifndef _H_APPLE_TP_SESSION
26 #define _H_APPLE_TP_SESSION
27
28 #include <Security/TPsession.h>
29 #include "TPCertInfo.h"
30
31 #define REALLOC_WORKAROUND 0
32 #if REALLOC_WORKAROUND
33 #include <string.h>
34 #endif
35
36 class AppleTPSession : public TPPluginSession {
37
38 public:
39
40 AppleTPSession(
41 CSSM_MODULE_HANDLE theHandle,
42 CssmPlugin &plug,
43 const CSSM_VERSION &version,
44 uint32 subserviceId,
45 CSSM_SERVICE_TYPE subserviceType,
46 CSSM_ATTACH_FLAGS attachFlags,
47 const CSSM_UPCALLS &upcalls);
48
49 ~AppleTPSession();
50
51 #if REALLOC_WORKAROUND
52 void *realloc(void *oldp, size_t size) {
53 void *newp = malloc(size);
54 memmove(newp, oldp, size);
55 free(oldp);
56 return newp;
57 }
58 #endif /* REALLOC_WORKAROUND */
59
60 /* methods declared in TPabstractSession.h */
61 void CertCreateTemplate(CSSM_CL_HANDLE CLHandle,
62 uint32 NumberOfFields,
63 const CSSM_FIELD CertFields[],
64 CssmData &CertTemplate);
65 void CrlVerify(CSSM_CL_HANDLE CLHandle,
66 CSSM_CSP_HANDLE CSPHandle,
67 const CSSM_ENCODED_CRL &CrlToBeVerified,
68 const CSSM_CERTGROUP &SignerCertGroup,
69 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
70 CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult);
71 void CertReclaimKey(const CSSM_CERTGROUP &CertGroup,
72 uint32 CertIndex,
73 CSSM_LONG_HANDLE KeyCacheHandle,
74 CSSM_CSP_HANDLE CSPHandle,
75 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry);
76 void CertGroupVerify(CSSM_CL_HANDLE CLHandle,
77 CSSM_CSP_HANDLE CSPHandle,
78 const CSSM_CERTGROUP &CertGroupToBeVerified,
79 const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
80 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR VerifyContextResult);
81 void CertGroupConstruct(CSSM_CL_HANDLE CLHandle,
82 CSSM_CSP_HANDLE CSPHandle,
83 const CSSM_DL_DB_LIST &DBList,
84 const void *ConstructParams,
85 const CSSM_CERTGROUP &CertGroupFrag,
86 CSSM_CERTGROUP_PTR &CertGroup);
87 void CertSign(CSSM_CL_HANDLE CLHandle,
88 CSSM_CC_HANDLE CCHandle,
89 const CssmData &CertTemplateToBeSigned,
90 const CSSM_CERTGROUP &SignerCertGroup,
91 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
92 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
93 CssmData &SignedCert);
94 void TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle,
95 const CSSM_TUPLEGROUP &TupleGroup,
96 CSSM_CERTGROUP_PTR &CertTemplates);
97 void ReceiveConfirmation(const CssmData &ReferenceIdentifier,
98 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses,
99 sint32 &ElapsedTime);
100 void PassThrough(CSSM_CL_HANDLE CLHandle,
101 CSSM_CC_HANDLE CCHandle,
102 const CSSM_DL_DB_LIST *DBList,
103 uint32 PassThroughId,
104 const void *InputParams,
105 void **OutputParams);
106 void CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle,
107 CSSM_CSP_HANDLE CSPHandle,
108 const CssmData *OldCrlTemplate,
109 const CSSM_CERTGROUP &CertGroupToBeRemoved,
110 const CSSM_CERTGROUP &RevokerCertGroup,
111 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
112 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
113 CssmData &NewCrlTemplate);
114 void CertRevoke(CSSM_CL_HANDLE CLHandle,
115 CSSM_CSP_HANDLE CSPHandle,
116 const CssmData *OldCrlTemplate,
117 const CSSM_CERTGROUP &CertGroupToBeRevoked,
118 const CSSM_CERTGROUP &RevokerCertGroup,
119 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext,
120 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult,
121 CSSM_TP_CERTCHANGE_REASON Reason,
122 CssmData &NewCrlTemplate);
123 void CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle);
124 void CrlCreateTemplate(CSSM_CL_HANDLE CLHandle,
125 uint32 NumberOfFields,
126 const CSSM_FIELD CrlFields[],
127 CssmData &NewCrlTemplate);
128 void CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle,
129 const CSSM_CERTGROUP &CertGroup,
130 CSSM_TUPLEGROUP_PTR &TupleGroup);
131 void SubmitCredRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
132 CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,
133 const CSSM_TP_REQUEST_SET &RequestInput,
134 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,
135 sint32 &EstimatedTime,
136 CssmData &ReferenceIdentifier);
137 void FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority,
138 CSSM_TP_FORM_TYPE FormType,
139 CssmData &BlankForm);
140 void CrlSign(CSSM_CL_HANDLE CLHandle,
141 CSSM_CC_HANDLE CCHandle,
142 const CSSM_ENCODED_CRL &CrlToBeSigned,
143 const CSSM_CERTGROUP &SignerCertGroup,
144 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext,
145 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult,
146 CssmData &SignedCrl);
147 void CertGroupPrune(CSSM_CL_HANDLE CLHandle,
148 const CSSM_DL_DB_LIST &DBList,
149 const CSSM_CERTGROUP &OrderedCertGroup,
150 CSSM_CERTGROUP_PTR &PrunedCertGroup);
151 void ApplyCrlToDb(CSSM_CL_HANDLE CLHandle,
152 CSSM_CSP_HANDLE CSPHandle,
153 const CSSM_ENCODED_CRL &CrlToBeApplied,
154 const CSSM_CERTGROUP &SignerCertGroup,
155 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
156 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult);
157 void CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle,
158 const CssmData &CertTemplate,
159 uint32 &NumberOfFields,
160 CSSM_FIELD_PTR &CertFields);
161 void ConfirmCredResult(const CssmData &ReferenceIdentifier,
162 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
163 const CSSM_TP_CONFIRM_RESPONSE &Responses,
164 const CSSM_TP_AUTHORITY_ID *PreferredAuthority);
165 void FormSubmit(CSSM_TP_FORM_TYPE FormType,
166 const CssmData &Form,
167 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority,
168 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority,
169 AccessCredentials *Credentials);
170 void RetrieveCredResult(const CssmData &ReferenceIdentifier,
171 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
172 sint32 &EstimatedTime,
173 CSSM_BOOL &ConfirmationRequired,
174 CSSM_TP_RESULT_SET_PTR &RetrieveOutput);
175
176 private:
177 void CertGroupConstructPriv(CSSM_CL_HANDLE clHand,
178 CSSM_CSP_HANDLE cspHand,
179 TPCertGroup &inCertGroup,
180 const CSSM_DL_DB_LIST *DBList, // optional here
181 const char *cssmTimeStr, // optional
182 uint32 numAnchorCerts, // optional
183 const CSSM_DATA *anchorCerts,
184
185 /* currently, only CSSM_TP_ACTION_FETCH_CERT_FROM_NET is
186 * interesting */
187 CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
188 /*
189 * Certs to be freed by caller (i.e., TPCertInfo which we allocate
190 * as a result of using a cert from anchorCerts of dbList) are added
191 * to this group.
192 */
193 TPCertGroup &certsToBeFreed,
194
195 /* returned */
196 CSSM_BOOL &verifiedToRoot, // end of chain self-verifies
197 CSSM_BOOL &verifiedToAnchor, // end of chain in anchors
198 TPCertGroup &outCertGroup); // RETURNED
199
200 /* in tpCredRequest.cp */
201 CSSM_X509_NAME * buildX509Name(const CSSM_APPLE_TP_NAME_OID *nameArray,
202 unsigned numNames);
203 void freeX509Name(CSSM_X509_NAME *top);
204 CSSM_X509_TIME *buildX509Time(unsigned secondsFromNow);
205 void freeX509Time(CSSM_X509_TIME *xtime);
206 void refKeyToRaw(
207 CSSM_CSP_HANDLE cspHand,
208 const CSSM_KEY *refKey,
209 CSSM_KEY_PTR rawKey);
210 void makeCertTemplate(
211 /* required */
212 CSSM_CL_HANDLE clHand,
213 CSSM_CSP_HANDLE cspHand, // for converting ref to raw key
214 uint32 serialNumber,
215 const CSSM_X509_NAME *issuerName,
216 const CSSM_X509_NAME *subjectName,
217 const CSSM_X509_TIME *notBefore,
218 const CSSM_X509_TIME *notAfter,
219 const CSSM_KEY *subjectPubKey,
220 const CSSM_OID &sigOid, // e.g., CSSMOID_SHA1WithRSA
221 /* optional */
222 const CSSM_DATA *subjectUniqueId,
223 const CSSM_DATA *issuerUniqueId,
224 CSSM_X509_EXTENSION *extensions,
225 unsigned numExtensions,
226 CSSM_DATA_PTR &rawCert);
227
228 void SubmitCsrRequest(
229 const CSSM_TP_REQUEST_SET &RequestInput,
230 sint32 &EstimatedTime,
231 CssmData &ReferenceIdentifier);
232
233 /*
234 * Per-session storage of SubmitCredRequest results.
235 *
236 * A TpCredHandle is just an address of a cert, cast to a uint32. It's
237 * what ReferenceIdentifier.Data points to.
238 */
239 typedef uint32 TpCredHandle;
240 typedef std::map<TpCredHandle,
241 const CSSM_DATA * /* the actual cert */ > credMap;
242 credMap tpCredMap;
243 Mutex tpCredMapLock;
244
245 /* given a cert and a ReferenceIdentifier, fill in ReferenceIdentifier and
246 * add it and the cert to tpCredMap. */
247 void addCertToMap(
248 const CSSM_DATA *cert,
249 CSSM_DATA_PTR refId);
250
251 /* given a ReferenceIdentifier, obtain associated cert and remove from the map */
252 CSSM_DATA_PTR getCertFromMap(
253 const CSSM_DATA *refId);
254
255 };
256
257 #endif /* _H_APPLE_TP_SESSION */
mirror of Security