X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cdsa_utilities/lib/cssmcred.h?ds=inline diff --git a/Security/libsecurity_cdsa_utilities/lib/cssmcred.h b/Security/libsecurity_cdsa_utilities/lib/cssmcred.h new file mode 100644 index 00000000..e0e8aae3 --- /dev/null +++ b/Security/libsecurity_cdsa_utilities/lib/cssmcred.h @@ -0,0 +1,191 @@ +/* + * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +// +// cssmcred - enhanced PodWrappers and construction aids for ACL credentials +// +#ifndef _CSSMCRED +#define _CSSMCRED + +#include +#include +#include +#include + +namespace Security { + + +// +// PodWrappers for samples and sample groups +// +class CssmSample : public PodWrapper { +public: + CssmSample(const TypedList &list) + { TypedSample = list; Verifier = NULL; } + CssmSample(const TypedList &list, const CssmSubserviceUid &ver) + { TypedSample = list; Verifier = &ver; } + + TypedList &value() { return TypedList::overlay(TypedSample); } + const TypedList &value() const { return TypedList::overlay(TypedSample); } + operator TypedList & () { return value(); } + + const CssmSubserviceUid *verifier() const { return CssmSubserviceUid::overlay(Verifier); } + CssmSubserviceUid * &verifier() + { return const_cast(CssmSubserviceUid::overlayVar(Verifier)); } +}; + +class SampleGroup : public PodWrapper { +public: + SampleGroup() { clearPod(); } + SampleGroup(CssmSample &single) { NumberOfSamples = 1; Samples = &single; } + + uint32 size() const { return NumberOfSamples; } + uint32 length() const { return size(); } // legacy; prefer size() + CssmSample *&samples() { return CssmSample::overlayVar(const_cast(Samples)); } + CssmSample *samples() const { return CssmSample::overlay(const_cast(Samples)); } + + CssmSample &operator [] (uint32 ix) const + { assert(ix < size()); return samples()[ix]; } + +public: + // extract all samples of a given sample type. return true if any found + // note that you get a shallow copy of the sample structures for temporary use ONLY + bool collect(CSSM_SAMPLE_TYPE sampleType, list &samples) const; +}; + + +// +// The PodWrapper for the top-level CSSM credentials structure +// +class AccessCredentials : public PodWrapper { +public: + AccessCredentials() { clearPod(); } + explicit AccessCredentials(const SampleGroup &samples, const char *tag = NULL) + { this->samples() = samples; this->tag(tag); } + explicit AccessCredentials(const SampleGroup &samples, const std::string &tag) + { this->samples() = samples; this->tag(tag); } + + const char *tag() const { return EntryTag[0] ? EntryTag : NULL; } + std::string s_tag() const { return EntryTag; } + void tag(const char *tagString); + void tag(const std::string &tagString) { return tag(tagString.c_str()); } + + SampleGroup &samples() { return SampleGroup::overlay(Samples); } + const SampleGroup &samples() const { return SampleGroup::overlay(Samples); } + + // pass-throughs to our SampleGroup + uint32 size() const { return samples().size(); } + CssmSample &operator [] (uint32 ix) const { return samples()[ix]; } + +public: + static const AccessCredentials &null; // all null credential + + // turn NULL into a null credential if needed + static const AccessCredentials *needed(const CSSM_ACCESS_CREDENTIALS *cred) + { return cred ? overlay(cred) : &null; } +}; + + +// +// An AccessCredentials object with some construction help. +// Note that this is NOT a PodWrapper. +// +class AutoCredentials : public AccessCredentials { +public: + AutoCredentials(Allocator &alloc); + AutoCredentials(Allocator &alloc, uint32 nSamples); + + Allocator &allocator; + + CssmSample &sample(uint32 n) { return getSample(n); } + + CssmSample &append(const CssmSample &sample) + { return getSample(samples().length()) = sample; } + TypedList &append(const TypedList &exhibit) + { return (getSample(samples().length()) = exhibit).value(); } + + CssmSample &operator += (const CssmSample &sample) { return append(sample); } + TypedList &operator += (const TypedList &exhibit) { return append(exhibit); } + +private: + void init(); + CssmSample &getSample(uint32 n); + + CssmSample *sampleArray; + uint32 nSamples; +}; + + +// +// Walkers for the CSSM API structure types. +// Note that there are irrational "const"s strewn about the credential sub-structures. +// They make it essentially impossible to incrementally construction them without +// violating them. Since we know what we're doing, we do. +// +namespace DataWalkers +{ + +// CssmSample (with const override) +template +void walk(Action &operate, CssmSample &sample) +{ + operate(sample); + walk(operate, sample.value()); + if (sample.verifier()) + walk(operate, sample.verifier()); +} + +// SampleGroup +template +void walk(Action &operate, SampleGroup &samples) +{ + operate(samples); + enumerateArray(operate, samples, &SampleGroup::samples); +} + +// AccessCredentials +template +AccessCredentials *walk(Action &operate, AccessCredentials * &cred) +{ + operate(cred); + //@@@ ignoring BaseCerts + walk(operate, cred->samples()); + //@@@ ignoring challenge callback + return cred; +} + +template +CSSM_ACCESS_CREDENTIALS *walk(Action &operate, CSSM_ACCESS_CREDENTIALS * &cred) +{ return walk(operate, AccessCredentials::overlayVar(cred)); } + +template +AutoCredentials *walk(Action &operate, AutoCredentials * &cred) +{ return (AutoCredentials *)walk(operate, (AccessCredentials * &)cred); } + + +} // end namespace DataWalkers +} // end namespace Security + + +#endif //_CSSMCRED