--- /dev/null
+/*
+ * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// cssmtrust - CSSM layer Trust (TP) related objects.
+//
+#ifndef _H_CSSMTRUST
+#define _H_CSSMTRUST
+
+#include <security_cdsa_utilities/cssmbridge.h>
+#include <security_cdsa_utilities/cssmcert.h>
+#include <security_cdsa_utilities/cssmcred.h>
+#include <security_cdsa_utilities/cssmdb.h>
+
+
+namespace Security {
+
+
+//
+// A TP "POLICYINFO" structure, essentially an OID/Data pair.
+//
+class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> {
+public:
+ uint32 count() const { return NumberOfPolicyIds; }
+ uint32 &count() { return NumberOfPolicyIds; }
+ CssmField *policies() const { return CssmField::overlay(PolicyIds); }
+ CssmField * &policies() { return CssmField::overlayVar(PolicyIds); }
+ void *control() const { return PolicyControl; }
+
+ CssmField &operator [] (uint32 ix)
+ { assert(ix < count()); return policies()[ix]; }
+
+ void setPolicies(uint32 n, CSSM_FIELD *p)
+ { count() = n; policies() = CssmField::overlay(p); }
+};
+
+
+//
+// TP caller authentication contexts
+//
+class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> {
+public:
+ CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; }
+ void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; }
+
+ CSSM_TIMESTRING time() const { return VerifyTime; }
+ void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; }
+
+ PolicyInfo &policies() { return PolicyInfo::overlay(Policy); }
+ const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); }
+ void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
+
+ AccessCredentials *creds() const
+ { return AccessCredentials::optional(CallerCredentials); }
+ void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; }
+
+ uint32 anchorCount() const { return NumberOfAnchorCerts; }
+ uint32 &anchorCount() { return NumberOfAnchorCerts; }
+ CssmData *anchors() const { return CssmData::overlay(AnchorCerts); }
+ CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); }
+
+ CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); }
+ CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); }
+};
+
+
+//
+// TP Verify Contexts - a monster collection of possibly useful stuff
+// when verifying a certificate against trust policies
+//
+class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> {
+public:
+ CSSM_TP_ACTION action() const { return Action; }
+ CssmData &actionData() { return CssmData::overlay(ActionData); }
+ const CssmData &actionData() const { return CssmData::overlay(ActionData); }
+
+ // set and reference the CallerAuth component
+ TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); }
+ operator TPCallerAuth &() const { return callerAuth(); }
+ TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); }
+ void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; }
+
+ // forward CallerAuth operations
+
+ CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); }
+ void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); }
+ PolicyInfo &policies() const { return callerAuth().policies(); }
+ void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); }
+ CSSM_TIMESTRING time() const { return callerAuth().time(); }
+ void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); }
+ AccessCredentials *creds() const { return callerAuth().creds(); }
+ void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); }
+ uint32 anchorCount() const { return callerAuth().anchorCount(); }
+ uint32 &anchorCount() { return callerAuth().anchorCount(); }
+ CssmData *anchors() const { return callerAuth().anchors(); }
+ CssmData * &anchors() { return callerAuth().anchors(); }
+ void anchors(uint32 count, CSSM_DATA *vector)
+ { anchorCount() = count; anchors() = CssmData::overlay(vector); }
+ void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list)
+ { callerAuth().dlDbList()->setDlDbList(n, list); }
+};
+
+
+//
+// The result of a (raw) TP trust verification call
+//
+class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> {
+public:
+ CSSM_EVIDENCE_FORM form() const { return EvidenceForm; }
+ void *data() const { return Evidence; }
+ operator void *() const { return data(); }
+
+ template <class T>
+ T *as() const { return reinterpret_cast<T *>(Evidence); }
+};
+
+class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> {
+public:
+ uint32 count() const { return NumberOfEvidences; }
+ const TPEvidence &operator [] (uint32 ix) const
+ { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); }
+};
+
+
+//
+// A PodWrapper for Apple's TP supporting-evidence structure
+//
+class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> {
+public:
+ CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; }
+ CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const
+ { return status() & flags; }
+
+ uint32 index() const { return Index; }
+ const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); }
+ CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; }
+
+ uint32 codes() const { return NumStatusCodes; }
+ CSSM_RETURN operator [] (uint32 ix)
+ { assert(ix < NumStatusCodes); return StatusCodes[ix]; }
+
+ void destroy(Allocator &allocator);
+};
+
+
+//
+// Walkers
+//
+namespace DataWalkers {
+
+
+
+
+} // end namespace DataWalkers
+} // end namespace Security
+
+#endif //_H_CSSMTRUST
projects / apple / security.git / blobdiff