+++ /dev/null
-/*
- * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * TPCrlInfo.h - TP's private CRL and CRL group classes
- *
- */
-
-#ifndef _TP_CRL_INFO_H_
-#define _TP_CRL_INFO_H_
-
-#include <Security/cssmtype.h>
-#include <security_utilities/alloc.h>
-#include <security_utilities/threading.h>
-#include <security_utilities/globalizer.h>
-#include "TPCertInfo.h"
-#include "tpCrlVerify.h"
-
-/*
- * Verification state of a TPCrlInfo. Verification refers to the process
- * of cert chain validation from the CRL to a trusted root. Since this
- * is a rather heavyweight operation, this is done on demand, when a given
- * CRL is "believed to be" the appropriate one for a given cert. It
- * is separate from not before/after verification, which is performed
- * on the fly as needed.
- */
-typedef enum {
- CVS_Unknown, // initial default state
- CVS_Good, // known good
- CVS_Bad // known bad
-} TPCrlVerifyState;
-
-/*
- * Indicates where a particular CRL came from. Currently only used
- * in the tpCrlVerify module.
- */
-typedef enum {
- CFW_Nowhere, // default, never returned
- CFW_InGroup, // from incoming TPCrlGroup
- CFW_DlDb, // verifyContext.dbList
- CFW_LocalCache, // tpGlobalCrlCache
- CFW_Net, // tpFetchCrlFromNet
- /* probably others */
-} TPCrlFromWhere;
-
-
-/*
- * Class representing one CRL. The raw CRL data usually comes from
- * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we
- * don't own the raw data and don't copy or free it. Caller can
- * optionally specify that we copy (and own and eventually free) the raw cert data.
- * Currently this is only done when we find a CRL in a DlDb. The constructor throws
- * on any error (bad CRL data); subsequent to successful construction, no CSSM
- * errors are thrown and it's guaranteed that the CRL is basically readable and
- * successfully cached in the CL, and that we have a locally cached
- * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format).
- */
-class TPCrlInfo : public TPClItemInfo
-{
- NOCOPY(TPCrlInfo)
-public:
- /*
- * No default constructor - this is the only way.
- */
- TPCrlInfo(
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- const CSSM_DATA *crlData,
- TPItemCopy copyCrlData,
- const char *verifyTime); // NULL ==> time = right now
-
- /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */
- ~TPCrlInfo();
-
- /*
- * The heavyweight "perform full verification" op.
- * If doCrlVerify is true, we'll do an eventually recursive
- * CRL verification test on the cert group we construct
- * here to verify the CRL in question. This recursive
- * verify is also done if the CRL is an indirect CRL.
- * Currently, the doCrlVerifyFlag will be set false in the
- * normal case of verifying a cert chain; in that case the
- * various certs needed to verify the CRL are assumed to
- * be a subset of the cert chain being verified, and CRL
- * verification of that cert chain is being performed
- * elsewhere. The caller would set doCrlVerify true when
- * the top-level op is simply a CRL verify.
- */
- CSSM_RETURN verifyWithContext(
- TPVerifyContext &tpVerifyContext,
- TPCertInfo *forCert, // optional
- bool doCrlVerify = false);
-
- /*
- * Wrapper for verifyWithContext for use when evaluating a CRL
- * "now" instead of at the time in TPVerifyContext.verifyTime.
- */
- CSSM_RETURN verifyWithContextNow(
- TPVerifyContext &tpVerifyContext,
- TPCertInfo *forCert, // optional
- bool doCrlVerify = false);
-
- /*
- * Do I have the same issuer as the specified subject cert?
- * Returns true if so.
- */
- bool hasSameIssuer(
- const TPCertInfo &subject);
-
- /*
- * Determine if specified cert has been revoked as of the
- * provided time; a NULL timestring indicates "now".
- * Assumes that the current CRL has been fully verified.
- */
- CSSM_RETURN isCertRevoked(
- TPCertInfo &subjectCert,
- CSSM_TIMESTRING verifyTime);
-
- /* accessors */
- const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; }
- TPCrlVerifyState verifyState() { return mVerifyState; }
-
- const CSSM_DATA *uri() { return &mUri; }
- void uri(const CSSM_DATA &uri);
-
- /*
- * Ref count info maintained by caller (currently only in
- * tpCrlVfy.cpp's global cache module).
- */
- int mRefCount;
-
- /* used only by tpCrlVerify */
- TPCrlFromWhere mFromWhere;
-
-
-private:
- CSSM_X509_SIGNED_CRL *mX509Crl;
- CSSM_DATA_PTR mCrlFieldToFree;
- TPCrlVerifyState mVerifyState;
- CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad
- CSSM_DATA mUri; // if fetched from net
-
- void releaseResources();
- CSSM_RETURN parseExtensions(
- TPVerifyContext &tpVerifyContext,
- bool isPerEntry,
- uint32 entryIndex, // if isPerEntry
- const CSSM_X509_EXTENSIONS &extens,
- TPCertInfo *forCert, // optional
- bool &isIndirectCrl);// RETURNED
-
-};
-
-/*
- * TP's private CRL Group class.
- */
-class TPCrlGroup
-{
- NOCOPY(TPCrlGroup)
-public:
- /* construct empty CRL group */
- TPCrlGroup(
- Allocator &alloc,
- TPGroupOwner whoOwns); // if TGO_Group, we delete
-
- /*
- * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting
- * TPCrlInfos are more or less in the same order as the incoming
- * CRLs, though incoming CRLs are discarded if they don't parse.
- * No verification of any sort is performed.
- */
- TPCrlGroup(
- const CSSM_CRLGROUP *cssmCrlGroup, // optional
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- Allocator &alloc,
- const char *cssmTimeStr, // may be NULL
- TPGroupOwner whoOwns);
-
- /*
- * Deletes all TPCrlInfo's.
- */
- ~TPCrlGroup();
-
- /* add/remove/access TPCrlInfo's. */
- void appendCrl(
- TPCrlInfo &crlInfo); // appends to end of mCertInfo
- TPCrlInfo *crlAtIndex(
- unsigned index);
- TPCrlInfo &removeCrlAtIndex(
- unsigned index); // doesn't delete the cert, just
- // removes it from our list
- void removeCrl(
- TPCrlInfo &crlInfo); // ditto
-
- /*
- * Convenience accessors for first and last CRL, only valid when we have
- * at least one cert.
- */
- TPCrlInfo *firstCrl();
- TPCrlInfo *lastCrl();
-
- /*
- * Find a CRL whose issuer matches specified subject cert.
- * Returned CRL has not necessarily been verified.
- */
- TPCrlInfo *findCrlForCert(
- TPCertInfo &subject);
-
- Allocator &alloc() { return mAlloc; }
- unsigned numCrls() { return mNumCrls; }
-
-private:
- Allocator &mAlloc;
- TPCrlInfo **mCrlInfo; // just an array of pointers
- unsigned mNumCrls; // valid certs in certInfo
- unsigned mSizeofCrlInfo; // mallocd space in certInfo
- TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs
- // upon destruction
-};
-#endif /* _TP_CRL_INFO_H_ */
-
projects / apple / security.git / blobdiff