+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// Session_Cert.cpp - cert-related session functions.
-//
-
-#include "AppleX509CLSession.h"
-#include "DecodedCert.h"
-#include "DecodedCrl.h"
-#include "CLCachedEntry.h"
-#include "cldebugging.h"
-#include <Security/oidscert.h>
-
-void
-AppleX509CLSession::CertDescribeFormat(
- uint32 &NumberOfFields,
- CSSM_OID_PTR &OidList)
-{
- DecodedCert::describeFormat(*this, NumberOfFields, OidList);
-}
-
-void
-AppleX509CLSession::CertGetAllFields(
- const CssmData &Cert,
- uint32 &NumberOfFields,
- CSSM_FIELD_PTR &CertFields)
-{
- DecodedCert decodedCert(*this, Cert);
- decodedCert.getAllParsedCertFields(NumberOfFields, CertFields);
-}
-
-
-CSSM_HANDLE
-AppleX509CLSession::CertGetFirstFieldValue(
- const CssmData &EncodedCert,
- const CssmData &CertField,
- uint32 &NumberOfMatchedFields,
- CSSM_DATA_PTR &Value)
-{
- NumberOfMatchedFields = 0;
- Value = NULL;
- CssmAutoData aData(*this);
-
- DecodedCert *decodedCert = new DecodedCert(*this, EncodedCert);
- uint32 numMatches;
-
- /* this returns false if field not there, throws on bad OID */
- bool brtn;
- try {
- brtn = decodedCert->getCertFieldData(CertField,
- 0, // index
- numMatches,
- aData);
- }
- catch (...) {
- delete decodedCert;
- throw;
- }
- if(!brtn) {
- delete decodedCert;
- return CSSM_INVALID_HANDLE;
- }
-
- /* cook up a CLCachedCert, stash it in cache */
- CLCachedCert *cachedCert = new CLCachedCert(*decodedCert);
- cacheMap.addEntry(*cachedCert, cachedCert->handle());
-
- /* cook up a CLQuery, stash it */
- CLQuery *query = new CLQuery(
- CLQ_Cert,
- CertField,
- numMatches,
- false, // isFromCache
- cachedCert->handle());
- queryMap.addEntry(*query, query->handle());
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- NumberOfMatchedFields = numMatches;
- return query->handle();
-}
-
-
-bool
-AppleX509CLSession::CertGetNextFieldValue(
- CSSM_HANDLE ResultsHandle,
- CSSM_DATA_PTR &Value)
-{
- /* fetch & validate the query */
- CLQuery *query = queryMap.lookupEntry(ResultsHandle);
- if(query == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->queryType() != CLQ_Cert) {
- clErrorLog("CertGetNextFieldValue: bad queryType (%d)", (int)query->queryType());
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->nextIndex() >= query->numFields()) {
- return false;
- }
-
- /* fetch the associated cached cert */
- CLCachedCert *cachedCert = lookupCachedCert(query->cachedObject());
- uint32 dummy;
- CssmAutoData aData(*this);
- if(!cachedCert->cert().getCertFieldData(query->fieldId(),
- query->nextIndex(),
- dummy,
- aData)) {
- return false;
- }
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- query->incrementIndex();
- return true;
-}
-
-void
-AppleX509CLSession::CertCache(
- const CssmData &EncodedCert,
- CSSM_HANDLE &CertHandle)
-{
- DecodedCert *decodedCert = new DecodedCert(*this, EncodedCert);
-
- /* cook up a CLCachedCert, stash it in cache */
- CLCachedCert *cachedCert = new CLCachedCert(*decodedCert);
- cacheMap.addEntry(*cachedCert, cachedCert->handle());
- CertHandle = cachedCert->handle();
-}
-
-CSSM_HANDLE
-AppleX509CLSession::CertGetFirstCachedFieldValue(
- CSSM_HANDLE CertHandle,
- const CssmData &CertField,
- uint32 &NumberOfMatchedFields,
- CSSM_DATA_PTR &Value)
-{
- /* fetch the associated cached cert */
- CLCachedCert *cachedCert = lookupCachedCert(CertHandle);
- if(cachedCert == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE);
- }
-
- CssmAutoData aData(*this);
- uint32 numMatches;
-
- /* this returns false if field not there, throws on bad OID */
- if(!cachedCert->cert().getCertFieldData(CertField,
- 0, // index
- numMatches,
- aData)) {
- return CSSM_INVALID_HANDLE;
- }
-
- /* cook up a CLQuery, stash it */
- CLQuery *query = new CLQuery(
- CLQ_Cert,
- CertField,
- numMatches,
- true, // isFromCache
- cachedCert->handle());
- queryMap.addEntry(*query, query->handle());
-
- /* success - copy field data to outgoing Value */
- Value = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA));
- *Value = aData.release();
- NumberOfMatchedFields = numMatches;
- return query->handle();
-}
-
-
-bool
-AppleX509CLSession::CertGetNextCachedFieldValue(
- CSSM_HANDLE ResultsHandle,
- CSSM_DATA_PTR &Value)
-{
- /* Identical to, so just call... */
- return CertGetNextFieldValue(ResultsHandle, Value);
-}
-
-void
-AppleX509CLSession::CertAbortCache(
- CSSM_HANDLE CertHandle)
-{
- /* fetch the associated cached cert, remove from map, delete it */
- CLCachedCert *cachedCert = lookupCachedCert(CertHandle);
- if(cachedCert == NULL) {
- clErrorLog("CertAbortCache: cachedCert not found");
- CssmError::throwMe(CSSMERR_CL_INVALID_CACHE_HANDLE);
- }
- cacheMap.removeEntry(cachedCert->handle());
- delete cachedCert;
-}
-
-/*
- * Abort either type of cert field query (cache based or non-cache based)
- */
-void
-AppleX509CLSession::CertAbortQuery(
- CSSM_HANDLE ResultsHandle)
-{
- /* fetch & validate the query */
- CLQuery *query = queryMap.lookupEntry(ResultsHandle);
- if(query == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
- if(query->queryType() != CLQ_Cert) {
- clErrorLog("CertAbortQuery: bad queryType (%d)", (int)query->queryType());
- CssmError::throwMe(CSSMERR_CL_INVALID_RESULTS_HANDLE);
- }
-
- if(!query->fromCache()) {
- /* the associated cached cert was created just for this query; dispose */
- CLCachedCert *cachedCert = lookupCachedCert(query->cachedObject());
- if(cachedCert == NULL) {
- /* should never happen */
- clErrorLog("CertAbortQuery: cachedCert not found");
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- cacheMap.removeEntry(cachedCert->handle());
- delete cachedCert;
- }
- queryMap.removeEntry(query->handle());
- delete query;
-}
-
-void
-AppleX509CLSession::CertCreateTemplate(
- uint32 NumberOfFields,
- const CSSM_FIELD CertFields[],
- CssmData &CertTemplate)
-{
- /* cook up an empty Cert */
- DecodedCert cert(*this);
-
- /* grind thru specified fields; exceptions are fatal */
- for(uint32 dex=0; dex<NumberOfFields; dex++) {
- cert.setCertField(
- CssmOid::overlay(CertFields[dex].FieldOid),
- CssmData::overlay(CertFields[dex].FieldValue));
- }
-
- /* TBD - ensure all required fields are set? We do this
- * when we sign the cert; maybe we should do it here. */
-
- /*
- * We have the CertificateToSign in NSS format. Encode.
- */
- CertTemplate.Data = NULL;
- CertTemplate.Length = 0;
- CssmRemoteData rData(*this, CertTemplate);
- cert.encodeTbs(rData);
- rData.release();
-}
-
-
-void
-AppleX509CLSession::CertGetAllTemplateFields(
- const CssmData &CertTemplate,
- uint32 &NumberOfFields,
- CSSM_FIELD_PTR &CertFields)
-{
- DecodedCert cert(*this); // empty
- cert.decodeTbs(CertTemplate);
- cert.getAllParsedCertFields(NumberOfFields, CertFields);
-}
-
-void
-AppleX509CLSession::FreeFields(
- uint32 NumberOfFields,
- CSSM_FIELD_PTR &FieldArray)
-{
- unsigned i;
- CSSM_FIELD_PTR thisField;
- CSSM_OID_PTR thisOid;
-
- for(i=0; i<NumberOfFields; i++) {
- thisField = &FieldArray[i];
- thisOid = &thisField->FieldOid;
-
- /* oid-specific handling of value */
- /* BUG - the CssmRemoteData constructor clears the referent,
- * iff the referent is a CSSSM_DATA (as opposed to a CssmData).
- */
- CssmData &cData = CssmData::overlay(thisField->FieldValue);
- CssmRemoteData rData(*this, cData);
- try {
- DecodedCert::freeCertFieldData(CssmOid::overlay(*thisOid), rData);
- }
- catch(...) {
- /* CRL field? */
- DecodedCrl::freeCrlFieldData(CssmOid::overlay(*thisOid), rData);
- }
- /* and the oid itself */
- free(thisOid->Data);
- thisOid->Data = NULL;
- thisOid->Length = 0;
- }
- free(FieldArray);
-}
-
-void
-AppleX509CLSession::FreeFieldValue(
- const CssmData &CertOrCrlOid,
- CssmData &Value)
-{
- CssmRemoteData cd(*this, Value);
- try {
- DecodedCert::freeCertFieldData(CertOrCrlOid, cd);
- }
- catch(...) {
- /* CRL field? */
- DecodedCrl::freeCrlFieldData(CertOrCrlOid, cd);
- }
- free(&Value);
-}
-
-void
-AppleX509CLSession::CertGroupFromVerifiedBundle(
- CSSM_CC_HANDLE CCHandle,
- const CSSM_CERT_BUNDLE &CertBundle,
- const CssmData *SignerCert,
- CSSM_CERTGROUP_PTR &CertGroup)
-{
- unimplemented();
-}
-
-void
-AppleX509CLSession::CertGroupToSignedBundle(
- CSSM_CC_HANDLE CCHandle,
- const CSSM_CERTGROUP &CertGroupToBundle,
- const CSSM_CERT_BUNDLE_HEADER *BundleInfo,
- CssmData &SignedBundle)
-{
- unimplemented();
-}
-
-void
-AppleX509CLSession::PassThrough(
- CSSM_CC_HANDLE CCHandle,
- uint32 PassThroughId,
- const void *InputParams,
- void **OutputParams)
-{
- switch(PassThroughId) {
- case CSSM_APPLEX509CL_OBTAIN_CSR:
- {
- /*
- * Create a Cert Signing Request (CSR).
- * Input is a CSSM_APPLE_CL_CSR_REQUEST.
- * Output is a PEM-encoded CertSigningRequest (NSS type
- * NSS_SignedCertRequest from pkcs10).
- */
- if(InputParams == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
- }
- if(OutputParams == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_OUTPUT_POINTER);
- }
- CSSM_APPLE_CL_CSR_REQUEST *csrReq =
- (CSSM_APPLE_CL_CSR_REQUEST *)InputParams;
- if((csrReq->subjectNameX509 == NULL) ||
- (csrReq->signatureOid.Data == NULL) ||
- (csrReq->subjectPublicKey == NULL) ||
- (csrReq->subjectPrivateKey == NULL)) {
- CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
- }
- CSSM_DATA_PTR csrPtr = NULL;
- generateCsr(CCHandle, csrReq, csrPtr);
- *OutputParams = csrPtr;
- break;
- }
- case CSSM_APPLEX509CL_VERIFY_CSR:
- {
- /*
- * Perform signature verify of a CSR.
- * Input: CSSM_DATA referring to a DER-encoded CSR.
- * Output: Nothing, throws CSSMERR_CL_VERIFICATION_FAILURE
- * on failure.
- */
- if(InputParams == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_INPUT_POINTER);
- }
- const CSSM_DATA *csrPtr = (const CSSM_DATA *)InputParams;
- verifyCsr(csrPtr);
- break;
- }
- default:
- CssmError::throwMe(CSSMERR_CL_INVALID_PASSTHROUGH_ID);
- }
-}
-
projects / apple / security.git / blobdiff