--- /dev/null
+/*
+ * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// cssmcred - enhanced PodWrappers and construction aids for ACL credentials
+//
+#ifndef _CSSMCRED
+#define _CSSMCRED
+
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmlist.h>
+#include <security_cdsa_utilities/cssmalloc.h>
+#include <list>
+
+namespace Security {
+
+
+//
+// PodWrappers for samples and sample groups
+//
+class CssmSample : public PodWrapper<CssmSample, CSSM_SAMPLE> {
+public:
+ CssmSample(const TypedList &list)
+ { TypedSample = list; Verifier = NULL; }
+ CssmSample(const TypedList &list, const CssmSubserviceUid &ver)
+ { TypedSample = list; Verifier = &ver; }
+
+ TypedList &value() { return TypedList::overlay(TypedSample); }
+ const TypedList &value() const { return TypedList::overlay(TypedSample); }
+ operator TypedList & () { return value(); }
+
+ const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); }
+ CssmSubserviceUid * &verifier()
+ { return const_cast<CssmSubserviceUid * &>(CssmSubserviceUid::overlayVar(Verifier)); }
+};
+
+class SampleGroup : public PodWrapper<SampleGroup, CSSM_SAMPLEGROUP> {
+public:
+ SampleGroup() { clearPod(); }
+ SampleGroup(CssmSample &single) { NumberOfSamples = 1; Samples = &single; }
+
+ uint32 size() const { return NumberOfSamples; }
+ uint32 length() const { return size(); } // legacy; prefer size()
+ CssmSample *&samples() { return CssmSample::overlayVar(const_cast<CSSM_SAMPLE *&>(Samples)); }
+ CssmSample *samples() const { return CssmSample::overlay(const_cast<CSSM_SAMPLE *>(Samples)); }
+
+ CssmSample &operator [] (uint32 ix) const
+ { assert(ix < size()); return samples()[ix]; }
+
+public:
+ // extract all samples of a given sample type. return true if any found
+ // note that you get a shallow copy of the sample structures for temporary use ONLY
+ bool collect(CSSM_SAMPLE_TYPE sampleType, list<CssmSample> &samples) const;
+};
+
+
+//
+// The PodWrapper for the top-level CSSM credentials structure
+//
+class AccessCredentials : public PodWrapper<AccessCredentials, CSSM_ACCESS_CREDENTIALS> {
+public:
+ AccessCredentials() { clearPod(); }
+ explicit AccessCredentials(const SampleGroup &samples, const char *tag = NULL)
+ { this->samples() = samples; this->tag(tag); }
+ explicit AccessCredentials(const SampleGroup &samples, const std::string &tag)
+ { this->samples() = samples; this->tag(tag); }
+
+ const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
+ std::string s_tag() const { return EntryTag; }
+ void tag(const char *tagString);
+ void tag(const std::string &tagString) { return tag(tagString.c_str()); }
+
+ SampleGroup &samples() { return SampleGroup::overlay(Samples); }
+ const SampleGroup &samples() const { return SampleGroup::overlay(Samples); }
+
+ // pass-throughs to our SampleGroup
+ uint32 size() const { return samples().size(); }
+ CssmSample &operator [] (uint32 ix) const { return samples()[ix]; }
+
+public:
+ static const AccessCredentials &null; // all null credential
+
+ // turn NULL into a null credential if needed
+ static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred)
+ { return cred ? overlay(cred) : &null; }
+};
+
+
+//
+// An AccessCredentials object with some construction help.
+// Note that this is NOT a PodWrapper.
+//
+class AutoCredentials : public AccessCredentials {
+public:
+ AutoCredentials(Allocator &alloc);
+ AutoCredentials(Allocator &alloc, uint32 nSamples);
+
+ Allocator &allocator;
+
+ CssmSample &sample(uint32 n) { return getSample(n); }
+
+ CssmSample &append(const CssmSample &sample)
+ { return getSample(samples().length()) = sample; }
+ TypedList &append(const TypedList &exhibit)
+ { return (getSample(samples().length()) = exhibit).value(); }
+
+ CssmSample &operator += (const CssmSample &sample) { return append(sample); }
+ TypedList &operator += (const TypedList &exhibit) { return append(exhibit); }
+
+private:
+ void init();
+ CssmSample &getSample(uint32 n);
+
+ CssmSample *sampleArray;
+ uint32 nSamples;
+};
+
+
+//
+// Walkers for the CSSM API structure types.
+// Note that there are irrational "const"s strewn about the credential sub-structures.
+// They make it essentially impossible to incrementally construction them without
+// violating them. Since we know what we're doing, we do.
+//
+namespace DataWalkers
+{
+
+// CssmSample (with const override)
+template <class Action>
+void walk(Action &operate, CssmSample &sample)
+{
+ operate(sample);
+ walk(operate, sample.value());
+ if (sample.verifier())
+ walk(operate, sample.verifier());
+}
+
+// SampleGroup
+template <class Action>
+void walk(Action &operate, SampleGroup &samples)
+{
+ operate(samples);
+ enumerateArray(operate, samples, &SampleGroup::samples);
+}
+
+// AccessCredentials
+template <class Action>
+AccessCredentials *walk(Action &operate, AccessCredentials * &cred)
+{
+ operate(cred);
+ //@@@ ignoring BaseCerts
+ walk(operate, cred->samples());
+ //@@@ ignoring challenge callback
+ return cred;
+}
+
+template <class Action>
+CSSM_ACCESS_CREDENTIALS *walk(Action &operate, CSSM_ACCESS_CREDENTIALS * &cred)
+{ return walk(operate, AccessCredentials::overlayVar(cred)); }
+
+template <class Action>
+AutoCredentials *walk(Action &operate, AutoCredentials * &cred)
+{ return (AutoCredentials *)walk(operate, (AccessCredentials * &)cred); }
+
+
+} // end namespace DataWalkers
+} // end namespace Security
+
+
+#endif //_CSSMCRED
projects / apple / security.git / blobdiff