X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_keychain/lib/PolicyCursor.cpp?ds=sidebyside diff --git a/Security/libsecurity_keychain/lib/PolicyCursor.cpp b/Security/libsecurity_keychain/lib/PolicyCursor.cpp new file mode 100644 index 00000000..aa12338f --- /dev/null +++ b/Security/libsecurity_keychain/lib/PolicyCursor.cpp @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2002-2004,2011-2012,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// PolicyCursor.cpp +// +#include +#include +#include +#include + +using namespace KeychainCore; +using namespace CssmClient; + + +// +// This preliminary implementation bypasses MDS and uses +// a fixed set of policies known to exist in the one known TP. +// +struct TheOneTP : public TP { + TheOneTP() : TP(gGuidAppleX509TP) { } +}; + +static ModuleNexus theOneTP; +static const CssmOid *theOidList[] = { + static_cast(&CSSMOID_APPLE_ISIGN), + static_cast(&CSSMOID_APPLE_X509_BASIC), + static_cast(&CSSMOID_APPLE_TP_SSL), + static_cast(&CSSMOID_APPLE_TP_SMIME), + static_cast(&CSSMOID_APPLE_TP_EAP), + static_cast(&CSSMOID_APPLE_TP_SW_UPDATE_SIGNING), + static_cast(&CSSMOID_APPLE_TP_IP_SEC), + static_cast(&CSSMOID_APPLE_TP_ICHAT), + static_cast(&CSSMOID_APPLE_TP_RESOURCE_SIGN), + static_cast(&CSSMOID_APPLE_TP_PKINIT_CLIENT), + static_cast(&CSSMOID_APPLE_TP_PKINIT_SERVER), + static_cast(&CSSMOID_APPLE_TP_CODE_SIGNING), + static_cast(&CSSMOID_APPLE_TP_PACKAGE_SIGNING), + static_cast(&CSSMOID_APPLE_TP_REVOCATION_CRL), + static_cast(&CSSMOID_APPLE_TP_REVOCATION_OCSP), + static_cast(&CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT), + static_cast(&CSSMOID_APPLE_TP_APPLEID_SHARING), + static_cast(&CSSMOID_APPLE_TP_TIMESTAMPING), + NULL // sentinel +}; + + +// +// Canonical Construction +// +PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value) + : mOid(Allocator::standard()), mOidGiven(false), mMutex(Mutex::recursive) +{ + if (oid) { + mOid = CssmOid::required(oid); + mOidGiven = true; + } + mSearchPos = 0; +} + + +// +// Destroy +// +PolicyCursor::~PolicyCursor() throw() +{ +} + + +// +// Crank the iterator +// +bool PolicyCursor::next(SecPointer &policy) +{ + StLock_(mMutex); + + while (theOidList[mSearchPos]) { + if (mOidGiven && mOid != *theOidList[mSearchPos]) { + mSearchPos++; + continue; // no oid match + } + // ignoring mValue - not used by current TP + policy = new Policy(theOneTP(), *theOidList[mSearchPos]); + mSearchPos++; // advance cursor + return true; // return next match + } + return false; // end of table, no more matches +} + +// +// Return a new policy instance for an OID, outside of cursor iteration +// +void PolicyCursor::policy(const CSSM_OID* oid, SecPointer &policy) +{ + const CssmOid *policyOid = static_cast(oid); + policy = new Policy(theOneTP(), *policyOid); +} +