src/kckey.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26
  27 //
  28 // key - representation of SecurityServer key objects
  29 //
  30 #ifndef _H_KCKEY
  31 #define _H_KCKEY
  32
  33 #include "localkey.h"
  34 #include <security_cdsa_utilities/handleobject.h>
  35 #include <security_cdsa_client/keyclient.h>
  36
  37
  38 class KeychainDatabase;
  39
  40
  41 //
  42 // A Key object represents a CSSM_KEY known to the SecurityServer.
  43 // We give each Key a handle that allows our clients to access it, while we use
  44 // the Key's ACL to control such accesses.
  45 // A Key can be used by multiple Connections. Whether more than one Key can represent
  46 // the same actual key object is up to the CSP we use, so let's be tolerant about that.
  47 //
  48 // A note on key attributes: We keep two sets of attribute bits. The internal bits are used
  49 // when talking to our CSP; the external bits are used when negotiating with our client(s).
  50 // The difference is the bits in managedAttributes, which relate to persistent key storage
  51 // and are not digestible by our CSP. The internal attributes are kept in mKey. The external
  52 // ones are kept in mAttributes.
  53 //
  54 class KeychainKey : public LocalKey {
  55 public:
  56         KeychainKey(Database &db, const KeyBlob *blob);
  57         KeychainKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  58                 const AclEntryPrototype *owner = NULL);
  59         virtual ~KeychainKey();
  60
  61         KeychainDatabase &database() const;
  62
  63     // we can also yield an encoded KeyBlob *if* we belong to a database
  64         KeyBlob *blob();
  65
  66     // ACL state management hooks
  67         void instantiateAcl();
  68         void changedAcl();
  69     const Database *relatedDatabase() const;
  70         CSSM_KEYATTR_FLAGS attributes() { return mAttributes; }
  71
  72 private:
  73     void decode();
  74         void getKey();
  75         virtual void getHeader(CssmKey::Header &hdr); // get header (only) without mKey
  76
  77 private:
  78         CssmKey::Header mHeaderCache; // cached, cleaned blob header cache
  79
  80         KeyBlob *mBlob;                 // key blob encoded by mDatabase
  81         bool mValidBlob;                // mBlob is valid key encoding
  82 };
  83
  84
  85 #endif //_H_KCKEY