cdsa/cdsa_utilities/cssmtrust.h

   1 /*
   2  * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // cssmtrust - CSSM layer Trust (TP) related objects.
  21 //
  22 #ifndef _H_CSSMTRUST
  23 #define _H_CSSMTRUST
  24
  25 #include <Security/utilities.h>
  26 #include <Security/cssmcert.h>
  27 #include <Security/cssmcred.h>
  28
  29
  30 namespace Security {
  31
  32
  33 //
  34 // A TP "POLICYINFO" structure, essentially an OID/Data pair.
  35 //
  36 class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
  37 public:
  38     uint32 count() const                                { return NumberOfPolicyIds; }
  39     uint32 &count()                                             { return NumberOfPolicyIds; }
  40     CssmField *policies() const                 { return CssmField::overlay(PolicyIds); }
  41     CssmField * &policies()                             { return CssmField::overlayVar(PolicyIds); }
  42     void *control() const                               { return PolicyControl; }
  43
  44     CssmField &operator [] (uint32 ix)
  45     { assert(ix < count()); return policies()[ix]; }
  46
  47     void setPolicies(uint32 n, CSSM_FIELD *p)
  48     { count() = n; policies() = CssmField::overlay(p); }
  49 };
  50
  51
  52 //
  53 // A CSSM_DL_DB_LIST wrapper.
  54 // Note that there is a DLDBList class elsewhere that is quite
  55 // unrelated to this structure.
  56 //
  57 class CssmDlDbHandle : public PodWrapper<CssmDlDbHandle, CSSM_DL_DB_HANDLE> {
  58 public:
  59         CssmDlDbHandle(CSSM_DL_HANDLE dl, CSSM_DB_HANDLE db)
  60         { DLHandle = dl; DBHandle = db; }
  61
  62         CSSM_DL_HANDLE dl() const       { return DLHandle; }
  63         CSSM_DB_HANDLE db() const       { return DBHandle; }
  64
  65         operator bool() const           { return DLHandle && DBHandle; }
  66 };
  67
  68 inline bool operator < (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2)
  69 {
  70         return h1.DLHandle < h2.DLHandle
  71                 || (h1.DLHandle == h2.DLHandle && h1.DBHandle < h2.DBHandle);
  72 }
  73
  74 inline bool operator == (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2)
  75 {
  76         return h1.DLHandle == h2.DLHandle && h1.DBHandle == h2.DBHandle;
  77 }
  78
  79 inline bool operator != (const CSSM_DL_DB_HANDLE &h1, const CSSM_DL_DB_HANDLE &h2)
  80 {
  81         return h1.DLHandle != h2.DLHandle || h1.DBHandle != h2.DBHandle;
  82 }
  83
  84
  85 class CssmDlDbList : public PodWrapper<CssmDlDbList, CSSM_DL_DB_LIST> {
  86 public:
  87         uint32 count() const            { return NumHandles; }
  88         uint32 &count()                         { return NumHandles; }
  89         CssmDlDbHandle *handles() const { return CssmDlDbHandle::overlay(DLDBHandle); }
  90         CssmDlDbHandle * &handles()     { return CssmDlDbHandle::overlayVar(DLDBHandle); }
  91
  92         CssmDlDbHandle &operator [] (uint32 ix) const
  93         { assert(ix < count()); return CssmDlDbHandle::overlay(DLDBHandle[ix]); }
  94
  95         void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
  96         { count() = n; handles() = CssmDlDbHandle::overlay(list); }
  97 };
  98
  99
 100 //
 101 // TP caller authentication contexts
 102 //
 103 class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
 104 public:
 105     CSSM_TP_STOP_ON stopCriterion() const       { return VerificationAbortOn; }
 106     void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
 107
 108     CSSM_TIMESTRING time() const                        { return VerifyTime; }
 109     void time(CSSM_TIMESTRING newTime)          { VerifyTime = newTime; }
 110
 111     PolicyInfo &policies()                                      { return PolicyInfo::overlay(Policy); }
 112     const PolicyInfo &policies() const          { return PolicyInfo::overlay(Policy); }
 113     void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
 114
 115     AccessCredentials *creds() const
 116     { return AccessCredentials::optional(CallerCredentials); }
 117     void creds(AccessCredentials *newCreds)     { CallerCredentials = newCreds; }
 118
 119     uint32 anchorCount() const                          { return NumberOfAnchorCerts; }
 120     uint32 &anchorCount()                                       { return NumberOfAnchorCerts; }
 121     CssmData *anchors() const                           { return CssmData::overlay(AnchorCerts); }
 122     CssmData * &anchors()                                       { return CssmData::overlayVar(AnchorCerts); }
 123
 124         CssmDlDbList *dlDbList() const                  { return CssmDlDbList::overlay(DBList); }
 125         CssmDlDbList * &dlDbList()                              { return CssmDlDbList::overlayVar(DBList); }
 126 };
 127
 128
 129 //
 130 // TP Verify Contexts - a monster collection of possibly useful stuff
 131 // when verifying a certificate against trust policies
 132 //
 133 class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
 134 public:
 135     CSSM_TP_ACTION action() const               { return Action; }
 136     CssmData &actionData()                              { return CssmData::overlay(ActionData); }
 137     const CssmData &actionData() const  { return CssmData::overlay(ActionData); }
 138
 139     // set and reference the CallerAuth component
 140     TPCallerAuth &callerAuth() const    { return TPCallerAuth::required(Cred); }
 141     operator TPCallerAuth &() const             { return callerAuth(); }
 142     TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
 143     void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
 144
 145     // forward CallerAuth operations
 146
 147     CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
 148     void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
 149     PolicyInfo &policies() const                { return callerAuth().policies(); }
 150     void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
 151     CSSM_TIMESTRING time() const                { return callerAuth().time(); }
 152     void time(CSSM_TIMESTRING newTime)  { return callerAuth().time(newTime); }
 153     AccessCredentials *creds() const    { return callerAuth().creds(); }
 154     void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
 155     uint32 anchorCount() const                  { return callerAuth().anchorCount(); }
 156     uint32 &anchorCount()                               { return callerAuth().anchorCount(); }
 157     CssmData *anchors() const                   { return callerAuth().anchors(); }
 158     CssmData * &anchors()                               { return callerAuth().anchors(); }
 159     void anchors(uint32 count, CSSM_DATA *vector)
 160     { anchorCount() = count; anchors() = CssmData::overlay(vector); }
 161         void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
 162         { callerAuth().dlDbList()->setDlDbList(n, list); }
 163 };
 164
 165
 166 //
 167 // The result of a (raw) TP trust verification call
 168 //
 169 class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
 170 public:
 171     CSSM_EVIDENCE_FORM form() const             { return EvidenceForm; }
 172         void *data() const                                      { return Evidence; }
 173     operator void *() const                             { return data(); }
 174
 175     template <class T>
 176     T *as() const { return reinterpret_cast<T *>(Evidence); }
 177 };
 178
 179 class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
 180 public:
 181     uint32 count() const                                { return NumberOfEvidences; }
 182     const TPEvidence &operator [] (uint32 ix) const
 183     { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
 184 };
 185
 186
 187 //
 188 // A PodWrapper for Apple's TP supporting-evidence structure
 189 //
 190 class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
 191 public:
 192     CSSM_TP_APPLE_CERT_STATUS status() const    { return StatusBits; }
 193     CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
 194     { return status() & flags; }
 195
 196     uint32 index() const                { return Index; }
 197     const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
 198     CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
 199
 200     uint32 codes() const                { return NumStatusCodes; }
 201     CSSM_RETURN operator [] (uint32 ix)
 202     { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
 203
 204         void destroy(CssmAllocator &allocator);
 205 };
 206
 207
 208 //
 209 // Walkers
 210 //
 211 namespace DataWalkers {
 212
 213
 214
 215
 216 }       // end namespace DataWalkers
 217 }       // end namespace Security
 218
 219 #endif //_H_CSSMTRUST