+++ /dev/null
-/*
- * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-/*
- * pkcs12SafeBag.h : internal representation of various kinds
- * of P12 SafeBags
- */
-
-#ifndef _PKCS12_SAFE_BAG_H_
-#define _PKCS12_SAFE_BAG_H_
-
-#include <Security/cssmtype.h>
-#include <security_pkcs12/pkcs12BagAttrs.h>
-#include <security_pkcs12/pkcs12Templates.h>
-#include <security_asn1/SecNssCoder.h>
-#include <CoreFoundation/CoreFoundation.h>
-#include <Security/SecCertificate.h>
-
-/*
- * Abstract superclass of all safe bags.
- */
-class P12SafeBag {
-public:
- /*
- * Constructors:
- *
- * While decoding, specified attr array includes friendlyName
- * and localKeyId; we'll parse the array and snag those if
- * present as "specially treated" attrs. The rest of the
- * attrs - which we don't grok - get piled into mBagAttrs.
- */
- P12SafeBag(
- NSS_Attribute **attrs, // including friendlyName, etc.
- SecNssCoder &coder);
-
- /*
- * Constructor for encoding. The specified attr array only contains
- * attrs other than friendlyName and localKeyId; those attrs
- * are passed in explicitly.
- *
- * All arguments except for the coder are optional.
- */
- P12SafeBag(
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder);
-
- ~P12SafeBag();
-
- /* getters in CF terms - result is created and returned */
- CFStringRef friendlyName();
- CFDataRef localKeyId();
-
- /* getters in CSSM_DATA terms - result is just a reference */
- CSSM_DATA &friendlyNameCssm() { return mFriendlyName; }
- CSSM_DATA &localKeyIdCssm() { return mLocalKeyId; }
-
- /*
- * Get all attrs, including friendlyName and localKeyId,
- * in preparation for encoding.
- */
- NSS_Attribute **getAllAttrs();
-
- /*
- * Copy out all attrs in API form. All incoming ptrs
- * are optional.
- */
- void copyAllAttrs(
- CFStringRef *friendlyName,
- CFDataRef *localKeyId,
- P12BagAttrs **bagAttrs);
-
-private:
- /*
- * Setters in CF terms, used when constructing prior
- * to encoding.
- */
- void friendlyName(
- CFStringRef fname);
- void localKeyId(
- CFDataRef keyId);
-
- /*
- * Create an NSS_Attribute * for friendlyName or keyId
- */
- NSS_Attribute *makeAttr(
- const CSSM_OID &attrId,
- const CSSM_DATA &attrValue);
-
-protected:
- /*
- * The common contents of all safe bag types, all optional.
- * FriendlyName is stored in P12-native form, just as it's
- * stored in the PFX. This is the contents of a BMPString.
- */
- CSSM_DATA mFriendlyName;
- CSSM_DATA mLocalKeyId;
- P12BagAttrs mBagAttrs;
- SecNssCoder &mCoder; // all our data mallocd here
-};
-
-/*
- * Individual bag types
- */
-class P12CertBag : public P12SafeBag {
-public:
- /* for decode */
- P12CertBag(
- NSS_P12_CertBagType certType, // CT_X509, CT_SDSI
- CSSM_DATA &certData,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder);
-
- /* for encode */
- P12CertBag(
- NSS_P12_CertBagType certType, // CT_X509, CT_SDSI
- CSSM_DATA &certData,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,// optional
- SecNssCoder &coder);
-
- ~P12CertBag();
-
- /* getters - result is just a ref to our data */
- NSS_P12_CertBagType certType() { return mCertType; }
- CSSM_DATA &certData() { return mCertData; }
-
- /* convert to P12CertBag to SecCertificateRef */
- SecCertificateRef getSecCert();
-
-private:
- NSS_P12_CertBagType mCertType;
- CSSM_DATA mCertData;
- SecCertificateRef mCertRef; /* created lazily */
-};
-
-class P12CrlBag : public P12SafeBag {
-public:
- /* decode */
- P12CrlBag(
- NSS_P12_CrlBagType crlType, // CRT_X509, only for now
- CSSM_DATA &crlData,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder);
-
- /* encode */
- P12CrlBag(
- NSS_P12_CrlBagType crlType, // CRT_X509, only for now
- CFDataRef crlData,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder);
-
- ~P12CrlBag();
-
- /* getters - result is just a ref to our data */
- NSS_P12_CrlBagType crlType() { return mCrlType; }
- CSSM_DATA &crlData() { return mCrlData; }
-
-
-private:
- NSS_P12_CrlBagType mCrlType;
- CSSM_DATA mCrlData;
-};
-
-/* for both shrouded and plain */
-class P12KeyBag : public P12SafeBag {
-public:
- /* decode */
- P12KeyBag(
- CSSM_KEY_PTR key,
- CSSM_CSP_HANDLE cspHand,
- NSS_Attribute **attrs, // optional
- CSSM_DATA &labelData,
- SecNssCoder &coder);
-
- /* encode */
- P12KeyBag(
- const CSSM_KEY *key,
- CSSM_CSP_HANDLE cspHand,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder,
- /* for SecPkcs12ExportKeychainItems() */
- SecKeyRef keyRef = NULL);
-
- ~P12KeyBag();
-
- void setLabel(
- const CSSM_DATA &newLabel);
-
- /* reusable key setter */
- void setKey(
- CSSM_KEY_PTR cssmKey);
-
- /*
- * Keys are kind of special in that they can't easily be copied.
- * On encode, the app owns the key. On decode, we own the
- * reference key but caller (P12Coder) owns the actual
- * memory associated with the CSSM_KEY.
- */
- CSSM_KEY_PTR key() { return mKey; }
- CSSM_DATA &label() { return mLabel; }
- const CSSM_ACCESS_CREDENTIALS
- *privKeyCreds() { return mPrivKeyCreds; }
- bool dupKey() { return mDupKey; }
- void dupKey(bool b) { mDupKey = b; }
-
-private:
- CSSM_KEY_PTR mKey;
- CSSM_CSP_HANDLE mCspHand;
-
- /*
- * When constructed via SecPkcs12ExportKeychainItems(), we
- * have to hold a reference to the SecKeyRef which was
- * used to create this object.
- */
- SecKeyRef mKeyRef;
-
- /*
- * When false, app owns key. When true, we have to free
- * key in our destructor.
- *
- * NOTE: mKeyRef and mWeOwnKey are mutually exclusive.
- */
- bool mWeOwnKey;
-
- /* somewhat unique label when stored in DLDB */
- CSSM_DATA mLabel;
-
- /* for encode only, owned by app */
- const CSSM_ACCESS_CREDENTIALS *mPrivKeyCreds;
-
- /* indicates a key we looked up, not imported */
- bool mDupKey;
-
- void freeKey();
-
-};
-
-/*
- * Others we don't implement
- */
-class P12OpaqueBag : public P12SafeBag {
-public:
- /* decode */
- P12OpaqueBag(
- const CSSM_OID &oid,
- const CSSM_DATA &blob,
- NSS_Attribute **attrs, // optional
- SecNssCoder &coder);
-
- /* encode */
- P12OpaqueBag(
- CFDataRef oid,
- CFDataRef blob,
- CFStringRef fname,
- CFDataRef keyId,
- P12BagAttrs *otherAttrs,
- SecNssCoder &coder);
-
- ~P12OpaqueBag();
-
- CSSM_OID &oid() { return mOid; }
- CSSM_DATA &blob() { return mBlob; }
-
-private:
- CSSM_OID mOid;
- CSSM_DATA mBlob;
-};
-
-
-#endif /* _PKCS12_SAFE_BAG_H_ */
-
projects / apple / security.git / blobdiff