X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cdsa_utilities/lib/cssmtrust.h?ds=inline diff --git a/Security/libsecurity_cdsa_utilities/lib/cssmtrust.h b/Security/libsecurity_cdsa_utilities/lib/cssmtrust.h new file mode 100644 index 00000000..7dcc79f7 --- /dev/null +++ b/Security/libsecurity_cdsa_utilities/lib/cssmtrust.h @@ -0,0 +1,178 @@ +/* + * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +// +// cssmtrust - CSSM layer Trust (TP) related objects. +// +#ifndef _H_CSSMTRUST +#define _H_CSSMTRUST + +#include +#include +#include +#include + + +namespace Security { + + +// +// A TP "POLICYINFO" structure, essentially an OID/Data pair. +// +class PolicyInfo : public PodWrapper { +public: + uint32 count() const { return NumberOfPolicyIds; } + uint32 &count() { return NumberOfPolicyIds; } + CssmField *policies() const { return CssmField::overlay(PolicyIds); } + CssmField * &policies() { return CssmField::overlayVar(PolicyIds); } + void *control() const { return PolicyControl; } + + CssmField &operator [] (uint32 ix) + { assert(ix < count()); return policies()[ix]; } + + void setPolicies(uint32 n, CSSM_FIELD *p) + { count() = n; policies() = CssmField::overlay(p); } +}; + + +// +// TP caller authentication contexts +// +class TPCallerAuth : public PodWrapper { +public: + CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; } + void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; } + + CSSM_TIMESTRING time() const { return VerifyTime; } + void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; } + + PolicyInfo &policies() { return PolicyInfo::overlay(Policy); } + const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); } + void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } + + AccessCredentials *creds() const + { return AccessCredentials::optional(CallerCredentials); } + void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; } + + uint32 anchorCount() const { return NumberOfAnchorCerts; } + uint32 &anchorCount() { return NumberOfAnchorCerts; } + CssmData *anchors() const { return CssmData::overlay(AnchorCerts); } + CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); } + + CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); } + CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); } +}; + + +// +// TP Verify Contexts - a monster collection of possibly useful stuff +// when verifying a certificate against trust policies +// +class TPVerifyContext : public PodWrapper { +public: + CSSM_TP_ACTION action() const { return Action; } + CssmData &actionData() { return CssmData::overlay(ActionData); } + const CssmData &actionData() const { return CssmData::overlay(ActionData); } + + // set and reference the CallerAuth component + TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); } + operator TPCallerAuth &() const { return callerAuth(); } + TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); } + void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; } + + // forward CallerAuth operations + + CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); } + void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); } + PolicyInfo &policies() const { return callerAuth().policies(); } + void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } + CSSM_TIMESTRING time() const { return callerAuth().time(); } + void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); } + AccessCredentials *creds() const { return callerAuth().creds(); } + void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); } + uint32 anchorCount() const { return callerAuth().anchorCount(); } + uint32 &anchorCount() { return callerAuth().anchorCount(); } + CssmData *anchors() const { return callerAuth().anchors(); } + CssmData * &anchors() { return callerAuth().anchors(); } + void anchors(uint32 count, CSSM_DATA *vector) + { anchorCount() = count; anchors() = CssmData::overlay(vector); } + void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list) + { callerAuth().dlDbList()->setDlDbList(n, list); } +}; + + +// +// The result of a (raw) TP trust verification call +// +class TPEvidence : public PodWrapper { +public: + CSSM_EVIDENCE_FORM form() const { return EvidenceForm; } + void *data() const { return Evidence; } + operator void *() const { return data(); } + + template + T *as() const { return reinterpret_cast(Evidence); } +}; + +class TPVerifyResult : public PodWrapper { +public: + uint32 count() const { return NumberOfEvidences; } + const TPEvidence &operator [] (uint32 ix) const + { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); } +}; + + +// +// A PodWrapper for Apple's TP supporting-evidence structure +// +class TPEvidenceInfo : public PodWrapper { +public: + CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; } + CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const + { return status() & flags; } + + uint32 index() const { return Index; } + const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); } + CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; } + + uint32 codes() const { return NumStatusCodes; } + CSSM_RETURN operator [] (uint32 ix) + { assert(ix < NumStatusCodes); return StatusCodes[ix]; } + + void destroy(Allocator &allocator); +}; + + +// +// Walkers +// +namespace DataWalkers { + + + + +} // end namespace DataWalkers +} // end namespace Security + +#endif //_H_CSSMTRUST