--- /dev/null
+/*
+ * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// securestorage - client interface to CSP DLs and their operations
+//
+#ifndef _H_CDSA_CLIENT_SECURESTORAGE
+#define _H_CDSA_CLIENT_SECURESTORAGE 1
+
+#include <security_cdsa_client/cspclient.h>
+#include <security_cdsa_client/dlclient.h>
+#include <security_cdsa_client/keyclient.h>
+
+namespace Security
+{
+
+namespace CssmClient
+{
+
+//
+// A CSP and a DL attachment of the same subservice
+//
+// This gives us 2 Object instances, but we make sure that have the same
+// mImpl. Currently this class has no behaviour, but it will get some in
+// the future.
+//
+class CSPDLImpl : public CSPImpl, public DLImpl
+{
+public:
+ CSPDLImpl(const Guid &guid);
+ CSPDLImpl(const Module &module);
+ virtual ~CSPDLImpl();
+
+ // Object methods.
+ bool isActive() const { return CSPImpl::isActive() || DLImpl::isActive(); }
+
+ virtual Allocator &allocator() const;
+ virtual void allocator(Allocator &alloc);
+
+ virtual bool operator <(const CSPDLImpl &other) const;
+ virtual bool operator ==(const CSPDLImpl &other) const;
+
+ // Attachment methods.
+ virtual CSSM_SERVICE_MASK subserviceMask() const;
+ virtual void subserviceId(uint32 id);
+
+ uint32 subserviceId() const { return CSPImpl::subserviceId(); }
+ CSSM_ATTACH_FLAGS cspFlags() const { return CSPImpl::flags(); }
+ void cspFlags(CSSM_ATTACH_FLAGS f) { CSPImpl::flags(f); }
+ CSSM_ATTACH_FLAGS dlFlags() const { return DLImpl::flags(); }
+ void dlFlags(CSSM_ATTACH_FLAGS f) { DLImpl::flags(f); }
+
+ void attach() { CSPImpl::attach(); DLImpl::attach(); }
+ void detach() { CSPImpl::detach(); DLImpl::detach(); }
+ bool attached() const { return CSPImpl::attached() || DLImpl::attached(); }
+
+ Module module() const { return CSPImpl::module(); }
+ const Guid &guid() const { return CSPImpl::guid(); }
+ CSSM_MODULE_HANDLE cspHandle() { return CSPImpl::handle(); }
+ CSSM_MODULE_HANDLE dlHandle() { return DLImpl::handle(); }
+
+ CssmSubserviceUid subserviceUid() const
+ { return CSPImpl::subserviceUid(); }
+
+private:
+};
+
+
+class CSPDL : public CSP, public DL
+{
+public:
+ typedef CSPDLImpl Impl;
+
+ explicit CSPDL(Impl *impl) : CSP(impl), DL(impl) {}
+ CSPDL(const Guid &guid) : CSP(new Impl(guid)), DL(&CSP::impl<Impl>()) {}
+ CSPDL(const Module &module)
+ : CSP(new Impl(module)), DL(&CSP::impl<Impl>()) {}
+
+ //template <class _Impl> _Impl &impl() const
+ //{ return CSP::impl<_Impl>(); }
+
+ Impl *get() const { return &CSP::impl<Impl>(); }
+ Impl *operator ->() const { return &CSP::impl<Impl>(); }
+ Impl &operator *() const { return CSP::impl<Impl>(); }
+
+ // Conversion operators must be here
+ bool operator !() const { return !get(); }
+ operator bool() const { return get(); }
+
+ bool operator <(const CSPDL &other) const
+ { return *this && other ? **this < *other : get() < other.get(); }
+ bool operator ==(const CSPDL &other) const
+ { return *this && other ? **this == *other : get() == other.get(); }
+};
+
+
+//
+// SSCSPDL -- Secure storage class
+//
+class SSCSPDLImpl : public CSPDLImpl
+{
+public:
+ SSCSPDLImpl(const Guid &guid);
+ SSCSPDLImpl(const Module &module);
+ virtual ~SSCSPDLImpl();
+
+ // DbMaker
+ DbImpl *newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation);
+private:
+};
+
+class SSCSPDL : public CSPDL
+{
+public:
+ typedef SSCSPDLImpl Impl;
+
+ explicit SSCSPDL(Impl *impl) : CSPDL(impl) {}
+ SSCSPDL(const Guid &guid) : CSPDL(new Impl(guid)) {}
+ SSCSPDL(const Module &module) : CSPDL(new Impl(module)) {}
+
+ Impl *operator ->() const { return &CSP::impl<Impl>(); }
+ Impl &operator *() const { return CSP::impl<Impl>(); }
+};
+
+
+//
+// SSDbImpl -- A Security Storage Db object.
+//
+class SSGroup;
+class SSDbUniqueRecord;
+
+class SSDbImpl : public DbImpl
+{
+public:
+ SSDbImpl(const SSCSPDL &cspdl,
+ const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation);
+ virtual ~SSDbImpl();
+
+ void create();
+ void open();
+
+ SSDbUniqueRecord insert(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *rc = NULL);
+
+ SSDbUniqueRecord insert(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data, const SSGroup &group,
+ const CSSM_ACCESS_CREDENTIALS *cred);
+
+ // DbCursorMaker
+ DbCursorImpl *newDbCursor(const CSSM_QUERY &query,
+ Allocator &allocator);
+ DbCursorImpl *newDbCursor(uint32 capacity, Allocator &allocator);
+
+ // SSDbUniqueRecordMaker
+ DbUniqueRecordImpl *newDbUniqueRecord();
+
+ CSP csp() { return parent<CSP>(); }
+};
+
+class SSDb : public Db
+{
+public:
+ typedef SSDbImpl Impl;
+
+ explicit SSDb(Impl *impl) : Db(impl) {}
+ SSDb(const SSCSPDL &cspdl, const char *inDbName,
+ const CSSM_NET_ADDRESS *inDbLocation = NULL)
+ : Db(cspdl->newDb(inDbName, inDbLocation)) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+
+//
+// SSGroup -- Group key with acl, used to protect a group of items.
+//
+class SSGroupImpl : public KeyImpl
+{
+public:
+ SSGroupImpl(const SSDb &ssDb, const CSSM_DATA &dataBlob);
+ SSGroupImpl(const SSDb &ssDb,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry);
+
+ static bool isGroup(const CSSM_DATA &dataBlob);
+
+ const CssmData label() const;
+ void decodeDataBlob(const CSSM_DATA &dataBlob,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ Allocator &allocator, CSSM_DATA &data);
+ void encodeDataBlob(const CSSM_DATA *data,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ CssmDataContainer &dataBlob);
+
+private:
+ // Constants
+ enum
+ {
+ // Label prefix for a secure storage group
+ kGroupMagic = FOUR_CHAR_CODE('ssgp'),
+
+ // Size of label (including prefix)
+ kLabelSize = 20,
+
+ // Size of IV
+ kIVSize = 8
+ };
+
+ CSSM_DB_ATTR_DECL(kLabel);
+
+ CssmDataContainer mLabel;
+};
+
+class SSGroup : public Key
+{
+public:
+ typedef SSGroupImpl Impl;
+ explicit SSGroup(Impl *impl) : Key(impl) {}
+
+ SSGroup() : Key(NULL) {}
+
+ // Create a new group.
+ SSGroup(const SSDb &ssDb,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry)
+ : Key(new Impl(ssDb, credAndAclEntry)) {}
+
+ // Lookup an existing group based on a dataBlob.
+ SSGroup(const SSDb &ssDb, const CSSM_DATA &dataBlob)
+ : Key(new Impl(ssDb, dataBlob)) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+
+//
+// SSDbCursor -- Cursor for iterating over Securely Stored records (or keys)
+//
+class SSDbCursorImpl : public DbDbCursorImpl
+{
+public:
+ SSDbCursorImpl(const Db &db, const CSSM_QUERY &query,
+ Allocator &allocator);
+ SSDbCursorImpl(const Db &db, uint32 capacity,
+ Allocator &allocator);
+
+ bool next(DbAttributes *attributes, ::CssmDataContainer *data,
+ DbUniqueRecord &uniqueId);
+ bool next(DbAttributes *attributes, ::CssmDataContainer *data,
+ DbUniqueRecord &uniqueId, const CSSM_ACCESS_CREDENTIALS *cred);
+ bool nextKey(DbAttributes *attributes, Key &key, DbUniqueRecord &uniqueId);
+ //bool nextGroup(DbAttributes *attributes, SSGroup &group, DbUniqueRecord &uniqueId);
+
+ SSDb database() { return parent<SSDb>(); }
+protected:
+ void activate();
+ void deactivate();
+};
+
+class SSDbCursor : public DbCursor
+{
+public:
+ typedef SSDbCursorImpl Impl;
+
+ explicit SSDbCursor(Impl *impl) : DbCursor(impl) {}
+ SSDbCursor(const SSDb &ssDb, const CSSM_QUERY &query,
+ Allocator &allocator = Allocator::standard())
+ : DbCursor(ssDb->newDbCursor(query, allocator)) {}
+ SSDbCursor(const SSDb &ssDb, const uint32 capacity = 0,
+ Allocator &allocator = Allocator::standard())
+ : DbCursor(ssDb->newDbCursor(capacity, allocator)) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+
+//
+// SSDbUniqueRecord
+//
+class SSDbUniqueRecordImpl : public DbUniqueRecordImpl
+{
+public:
+ SSDbUniqueRecordImpl(const Db &db);
+ virtual ~SSDbUniqueRecordImpl();
+
+ void deleteRecord();
+ void deleteRecord(const CSSM_ACCESS_CREDENTIALS *cred);
+ void modify(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ CSSM_DB_MODIFY_MODE modifyMode);
+ void modify(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ CSSM_DB_MODIFY_MODE modifyMode,
+ const CSSM_ACCESS_CREDENTIALS *cred);
+ void get(DbAttributes *attributes, ::CssmDataContainer *data);
+ void get(DbAttributes *attributes, ::CssmDataContainer *data,
+ const CSSM_ACCESS_CREDENTIALS *cred);
+
+ SSDb database() { return parent<SSDb>(); }
+
+ // Return the group that this record is in.
+ SSGroup group();
+};
+
+class SSDbUniqueRecord : public DbUniqueRecord
+{
+public:
+ typedef SSDbUniqueRecordImpl Impl;
+
+ explicit SSDbUniqueRecord(Impl *impl) : DbUniqueRecord(impl) {}
+ SSDbUniqueRecord(const SSDb &ssDb)
+ : DbUniqueRecord(ssDb->newDbUniqueRecord()) {}
+
+ Impl *operator ->() const { return &impl<Impl>(); }
+ Impl &operator *() const { return impl<Impl>(); }
+};
+
+}; // end namespace CssmClient
+
+} // end namespace Security
+
+#endif //_H_CDSA_CLIENT_SECURESTORAGE
projects / apple / security.git / blobdiff