src/localkey.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26
  27 //
  28 // localkey - Key objects that store a local CSSM key object
  29 //
  30 #ifndef _H_LOCALKEY
  31 #define _H_LOCALKEY
  32
  33 #include "key.h"
  34 #include <security_cdsa_utilities/handleobject.h>
  35 #include <security_cdsa_client/keyclient.h>
  36
  37
  38 class LocalDatabase;
  39
  40
  41 //
  42 // A Key object represents a CSSM_KEY known to the SecurityServer.
  43 // We give each Key a handle that allows our clients to access it, while we use
  44 // the Key's ACL to control such accesses.
  45 // A Key can be used by multiple Connections. Whether more than one Key can represent
  46 // the same actual key object is up to the CSP we use, so let's be tolerant about that.
  47 //
  48 // A note on key attributes: We keep two sets of attribute bits. The internal bits are used
  49 // when talking to our CSP; the external bits are used when negotiating with our client(s).
  50 // The difference is the bits in managedAttributes, which relate to persistent key storage
  51 // and are not digestible by our CSP. The internal attributes are kept in mKey. The external
  52 // ones are kept in mAttributes.
  53 //
  54 class LocalKey : public Key {
  55 public:
  56         LocalKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  57                 const AclEntryPrototype *owner = NULL);
  58         virtual ~LocalKey();
  59
  60         LocalDatabase &database() const;
  61
  62     // yield the decoded internal key -- internal attributes
  63         CssmClient::Key key()           { return keyValue(); }
  64         const CssmKey &cssmKey()        { return keyValue(); }
  65         operator CssmClient::Key ()     { return keyValue(); }
  66         operator const CssmKey &()      { return keyValue(); }
  67     operator const CSSM_KEY & () { return keyValue(); }
  68
  69     // yield the approximate external key header -- external attributes
  70     void returnKey(Handle &h, CssmKey::Header &hdr);
  71
  72         // generate the canonical key digest
  73         const CssmData &canonicalDigest();
  74
  75         CSSM_KEYATTR_FLAGS attributes() { return mAttributes; }
  76
  77 private:
  78         void setup(const CssmKey &newKey, uint32 attrs);
  79         CssmClient::Key keyValue();
  80
  81 protected:
  82         LocalKey(Database &db);
  83
  84         virtual void getKey();                          // decode into mKey or throw
  85         virtual void getHeader(CssmKey::Header &hdr); // get header (only) without mKey
  86
  87 protected:
  88         bool mValidKey;                 // CssmKey form is valid
  89         CssmClient::Key mKey;   // clear form CssmKey (attributes modified)
  90
  91     CSSM_KEYATTR_FLAGS mAttributes; // full attributes (external form)
  92         CssmAutoData mDigest;   // computed key digest (cached)
  93 };
  94
  95
  96 #endif //_H_LOCALKEY