X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_keychain/lib/TrustStore.h diff --git a/Security/libsecurity_keychain/lib/TrustStore.h b/Security/libsecurity_keychain/lib/TrustStore.h new file mode 100644 index 00000000..535917a4 --- /dev/null +++ b/Security/libsecurity_keychain/lib/TrustStore.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// TrustStore.h - Abstract interface to permanent user trust assignments +// +#ifndef _SECURITY_TRUSTSTORE_H_ +#define _SECURITY_TRUSTSTORE_H_ + +#include +#include +#include +#include + + +namespace Security { +namespace KeychainCore { + + +// +// A TrustStore object mediates access to "user trust" information stored +// for a user (usually in her keychains). +// For lack of a better home, access to the default anchor certificate +// list is also provided here. +// +class TrustStore { + NOCOPY(TrustStore) +public: + TrustStore(Allocator &alloc = Allocator::standard()); + virtual ~TrustStore(); + + Allocator &allocator; + + // set/get user trust for a certificate and policy + SecTrustUserSetting find(Certificate *cert, Policy *policy, + StorageManager::KeychainList &keychainList); + void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment); + + void getCssmRootCertificates(CertGroup &roots); + + typedef UserTrustItem::TrustData TrustData; + +protected: + Item findItem(Certificate *cert, Policy *policy, + StorageManager::KeychainList &keychainList); + void loadRootCertificates(); + +private: + bool mRootsValid; // roots have been loaded from disk + vector mRoots; // array of CssmDatas to certificate datas + CssmAutoData mRootBytes; // certificate data blobs (bunched up) + CFRef mCFRoots; // mRoots as CFArray + Mutex mMutex; +}; + +} // end namespace KeychainCore +} // end namespace Security + +#endif // !_SECURITY_TRUSTSTORE_H_