X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_keychain/lib/Trust.h

diff --git a/libsecurity_keychain/lib/Trust.h b/libsecurity_keychain/lib/Trust.h
deleted file mode 100644
index 77f8aac1..00000000
--- a/libsecurity_keychain/lib/Trust.h
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Copyright (c) 2002-2010,2012 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// Trust.h - Trust control wrappers
-//
-#ifndef _SECURITY_TRUST_H_
-#define _SECURITY_TRUST_H_
-
-#include <CoreFoundation/CoreFoundation.h>
-#include <security_keychain/StorageManager.h>
-#include <security_cdsa_client/tpclient.h>
-#include <security_utilities/cfutilities.h>
-#include <Security/SecTrust.h>
-#include <security_keychain/Certificate.h>
-#include <security_keychain/Policies.h>
-#include <security_keychain/TrustStore.h>
-#include <vector>
-
-using namespace CssmClient;
-
-namespace Security {
-namespace KeychainCore {
-
-
-//
-// The Trust object manages trust-verification workflow.
-// As such, it represents a somewhat more complex concept than
-// a single "object".
-//
-class Trust : public SecCFObject
-{
-	NOCOPY(Trust)
-public:
-	SECCFFUNCTIONS(Trust, SecTrustRef, errSecInvalidItemRef, gTypes().Trust)
-
-    Trust(CFTypeRef certificates, CFTypeRef policies);
-    virtual ~Trust();
-
-	enum AnchorPolicy {
-		useAnchorsDefault,		// default policy: trust built-in unless passed-in
-		useAnchorsAndBuiltIns,	// SetTrustAnchorCertificatesOnly value = false
-		useAnchorsOnly			// SetTrustAnchorCertificatesOnly value = true
-	};
-
-	enum NetworkPolicy {
-		useNetworkDefault,		// default policy: network fetch enabled only for SSL
-		useNetworkDisabled,		// explicitly disable network use for any policy
-		useNetworkEnabled		// explicitly enable network use for any policy
-	};
-
-	// set (or reset) more input parameters
-	void policies(CFTypeRef policies)			{ mPolicies.take(cfArrayize(policies)); }
-	void action(CSSM_TP_ACTION action)			{ mAction = action; }
-	void actionData(CFDataRef data)				{ mActionData = data; }
-	void time(CFDateRef verifyTime)				{ mVerifyTime = verifyTime; }
-	void anchors(CFArrayRef anchorList)			{ mAnchors.take(cfArrayize(anchorList)); }
-	void anchorPolicy(AnchorPolicy policy)		{ mAnchorPolicy = policy; }
-	void networkPolicy(NetworkPolicy policy)	{ mNetworkPolicy = policy; }
-	void exceptions(CFArrayRef exceptions)		{ mExceptions.take(cfArrayize(exceptions)); }
-	void responses(CFTypeRef responseData)		{ mResponses.take(cfArrayize(responseData)); }
-
-	StorageManager::KeychainList &searchLibs(bool init=true);
-	void searchLibs(StorageManager::KeychainList &libs);
-
-	// perform evaluation
-	void evaluate(bool disableEV=false);
-
-	// update evaluation results
-	void setResult(SecTrustResultType result)	{ mResult = result; }
-
-	// get at evaluation results
-	void buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain);
-	CSSM_TP_VERIFY_CONTEXT_RESULT_PTR cssmResult();
-	void extendedResult(CFDictionaryRef &extendedResult);
-	CFArrayRef properties();
-	CFDictionaryRef results();
-
-	SecTrustResultType result() const			{ return mResult; }
-	OSStatus cssmResultCode() const				{ return mTpReturn; }
-	TP getTPHandle() const						{ return mTP; }
-	CFArrayRef evidence() const					{ return mEvidenceReturned; }
-	CFArrayRef policies() const					{ return mPolicies; }
-	CFArrayRef anchors() const					{ return mAnchors; }
-	CFArrayRef certificates() const				{ return mCerts; }
-	CFDateRef time() const						{ return mVerifyTime; }
-	AnchorPolicy anchorPolicy() const			{ return mAnchorPolicy; }
-	NetworkPolicy networkPolicy() const			{ return mNetworkPolicy; }
-	CFArrayRef exceptions() const				{ return mExceptions; }
-
-	// an independent release function for TP evidence results
-	// (yes, we could hand this out to the C layer if desired)
-	static void releaseTPEvidence(TPVerifyResult &result, Allocator &allocator);
-
-private:
-	SecTrustResultType diagnoseOutcome();
-	void evaluateUserTrust(const CertGroup &certs,
-			const CSSM_TP_APPLE_EVIDENCE_INFO *info,
-		CFCopyRef<CFArrayRef> anchors);
-	void clearResults();
-
-	Keychain keychainByDLDb(const CSSM_DL_DB_HANDLE &handle);
-
-	/* revocation policy support */
-	CFMutableArrayRef	addPreferenceRevocationPolicies(uint32 &numAdded,
-							Allocator &alloc);
-	void				freeAddedRevocationPolicyData(CFArrayRef policies,
-							uint32 numAdded,
-							Allocator &alloc);
-	CFDictionaryRef     defaultRevocationSettings();
-
-public:
-	bool				policySpecified(CFArrayRef policies, const CSSM_OID &inOid);
-	bool				revocationPolicySpecified(CFArrayRef policies);
-	void				orderRevocationPolicies(CFMutableArrayRef policies);
-	CFMutableArrayRef	convertRevocationPolicy(uint32 &numAdded, Allocator &alloc);
-	CFMutableArrayRef	forceRevocationPolicies(uint32 &numAdded,
-							Allocator &alloc,
-							bool requirePerCert=false);
-
-private:
-	TP mTP;							// our TP
-
-	// input arguments: set up before evaluate()
-	CSSM_TP_ACTION mAction;			// TP action to verify
-	CFRef<CFDataRef> mActionData;	// action data
-	CFRef<CFArrayRef> mExceptions;	// trust exceptions
-	CFRef<CFArrayRef> mResponses;	// array of OCSP response data (optional)
-	CFRef<CFDateRef> mVerifyTime;	// verification "now"
-	CFRef<CFArrayRef> mCerts;		// certificates to verify (item 1 is subject)
-	CFRef<CFArrayRef> mPolicies;	// array of policy objects to control verification
-	CFRef<CFArrayRef> mAnchors;		// array of anchor certs
-	StorageManager::KeychainList *mSearchLibs; // array of databases to search
-	bool mSearchLibsSet;			// true if mSearchLibs has been initialized
-
-	// evaluation results: set as a result of evaluate()
-	SecTrustResultType mResult;		// result classification
-	uint32 mResultIndex;			// which result cert made the decision?
-	OSStatus mTpReturn;				// return code from TP Verify
-	TPVerifyResult mTpResult;		// result of latest TP verify
-
-	vector< SecPointer<Certificate> > mCertChain; // distilled certificate chain
-
-	// information returned to caller but owned by us
-	CFRef<CFArrayRef> mEvidenceReturned;	// evidence chain returned
-	CFRef<CFArrayRef> mAllowedAnchors;		// array of permitted anchor certificates
-	CFRef<CFArrayRef> mFilteredCerts;		// array of certificates to verify, post-filtering
-	CFRef<CFDictionaryRef> mExtendedResult;	// dictionary of extended results
-
-	bool mUsingTrustSettings;	// true if built-in anchors will be trusted
-	AnchorPolicy mAnchorPolicy;	// policy for trusting passed-in and/or built-in anchors
-	NetworkPolicy mNetworkPolicy;	// policy for allowing network use during evaluation
-
-public:
-	static ModuleNexus<TrustStore> gStore;
-
-private:
-	Mutex mMutex;
-};
-
-} // end namespace KeychainCore
-
-} // end namespace Security
-
-#endif // !_SECURITY_TRUST_H_