1/* 2 * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// cssmtrust - CSSM layer Trust (TP) related objects. 27// 28#ifndef _H_CSSMTRUST 29#define _H_CSSMTRUST 30 31#include <security_cdsa_utilities/cssmbridge.h> 32#include <security_cdsa_utilities/cssmcert.h> 33#include <security_cdsa_utilities/cssmcred.h> 34#include <security_cdsa_utilities/cssmdb.h> 35 36 37namespace Security { 38 39 40// 41// A TP "POLICYINFO" structure, essentially an OID/Data pair. 42// 43class PolicyInfo : public PodWrapper<PolicyInfo, CSSM_TP_POLICYINFO> { 44public: 45 uint32 count() const { return NumberOfPolicyIds; } 46 uint32 &count() { return NumberOfPolicyIds; } 47 CssmField *policies() const { return CssmField::overlay(PolicyIds); } 48 CssmField * &policies() { return CssmField::overlayVar(PolicyIds); } 49 void *control() const { return PolicyControl; } 50 51 CssmField &operator [] (uint32 ix) 52 { assert(ix < count()); return policies()[ix]; } 53 54 void setPolicies(uint32 n, CSSM_FIELD *p) 55 { count() = n; policies() = CssmField::overlay(p); } 56}; 57 58 59// 60// TP caller authentication contexts 61// 62class TPCallerAuth : public PodWrapper<TPCallerAuth, CSSM_TP_CALLERAUTH_CONTEXT> { 63public: 64 CSSM_TP_STOP_ON stopCriterion() const { return VerificationAbortOn; } 65 void stopCriterion(CSSM_TP_STOP_ON stop) { VerificationAbortOn = stop; } 66 67 CSSM_TIMESTRING time() const { return VerifyTime; } 68 void time(CSSM_TIMESTRING newTime) { VerifyTime = newTime; } 69 70 PolicyInfo &policies() { return PolicyInfo::overlay(Policy); } 71 const PolicyInfo &policies() const { return PolicyInfo::overlay(Policy); } 72 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } 73 74 AccessCredentials *creds() const 75 { return AccessCredentials::optional(CallerCredentials); } 76 void creds(AccessCredentials *newCreds) { CallerCredentials = newCreds; } 77 78 uint32 anchorCount() const { return NumberOfAnchorCerts; } 79 uint32 &anchorCount() { return NumberOfAnchorCerts; } 80 CssmData *anchors() const { return CssmData::overlay(AnchorCerts); } 81 CssmData * &anchors() { return CssmData::overlayVar(AnchorCerts); } 82 83 CssmDlDbList *dlDbList() const { return CssmDlDbList::overlay(DBList); } 84 CssmDlDbList * &dlDbList() { return CssmDlDbList::overlayVar(DBList); } 85}; 86 87 88// 89// TP Verify Contexts - a monster collection of possibly useful stuff 90// when verifying a certificate against trust policies 91// 92class TPVerifyContext : public PodWrapper<TPVerifyContext, CSSM_TP_VERIFY_CONTEXT> { 93public: 94 CSSM_TP_ACTION action() const { return Action; } 95 CssmData &actionData() { return CssmData::overlay(ActionData); } 96 const CssmData &actionData() const { return CssmData::overlay(ActionData); } 97 98 // set and reference the CallerAuth component 99 TPCallerAuth &callerAuth() const { return TPCallerAuth::required(Cred); } 100 operator TPCallerAuth &() const { return callerAuth(); } 101 TPCallerAuth *callerAuthPtr() const { return TPCallerAuth::optional(Cred); } 102 void callerAuthPtr(CSSM_TP_CALLERAUTH_CONTEXT *p) { Cred = p; } 103 104 // forward CallerAuth operations 105 106 CSSM_TP_STOP_ON stopCriterion() const { return callerAuth().stopCriterion(); } 107 void stopCriterion(CSSM_TP_STOP_ON stop) { return callerAuth().stopCriterion(stop); } 108 PolicyInfo &policies() const { return callerAuth().policies(); } 109 void setPolicies(uint32 n, CSSM_FIELD *p) { policies().setPolicies(n, p); } 110 CSSM_TIMESTRING time() const { return callerAuth().time(); } 111 void time(CSSM_TIMESTRING newTime) { return callerAuth().time(newTime); } 112 AccessCredentials *creds() const { return callerAuth().creds(); } 113 void creds(AccessCredentials *newCreds) const { return callerAuth().creds(newCreds); } 114 uint32 anchorCount() const { return callerAuth().anchorCount(); } 115 uint32 &anchorCount() { return callerAuth().anchorCount(); } 116 CssmData *anchors() const { return callerAuth().anchors(); } 117 CssmData * &anchors() { return callerAuth().anchors(); } 118 void anchors(uint32 count, CSSM_DATA *vector) 119 { anchorCount() = count; anchors() = CssmData::overlay(vector); } 120 void setDlDbList(uint32 n, CSSM_DL_DB_HANDLE *list) 121 { callerAuth().dlDbList()->setDlDbList(n, list); } 122}; 123 124 125// 126// The result of a (raw) TP trust verification call 127// 128class TPEvidence : public PodWrapper<TPEvidence, CSSM_EVIDENCE> { 129public: 130 CSSM_EVIDENCE_FORM form() const { return EvidenceForm; } 131 void *data() const { return Evidence; } 132 operator void *() const { return data(); } 133 134 template <class T> 135 T *as() const { return reinterpret_cast<T *>(Evidence); } 136}; 137 138class TPVerifyResult : public PodWrapper<TPVerifyResult, CSSM_TP_VERIFY_CONTEXT_RESULT> { 139public: 140 uint32 count() const { return NumberOfEvidences; } 141 const TPEvidence &operator [] (uint32 ix) const 142 { assert(ix < count()); return TPEvidence::overlay(Evidence[ix]); } 143}; 144 145 146// 147// A PodWrapper for Apple's TP supporting-evidence structure 148// 149class TPEvidenceInfo : public PodWrapper<TPEvidenceInfo, CSSM_TP_APPLE_EVIDENCE_INFO> { 150public: 151 CSSM_TP_APPLE_CERT_STATUS status() const { return StatusBits; } 152 CSSM_TP_APPLE_CERT_STATUS status(CSSM_TP_APPLE_CERT_STATUS flags) const 153 { return status() & flags; } 154 155 uint32 index() const { return Index; } 156 const CssmDlDbHandle &dldb() const { return CssmDlDbHandle::overlay(DlDbHandle); } 157 CSSM_DB_UNIQUE_RECORD_PTR recordId() const { return UniqueRecord; } 158 159 uint32 codes() const { return NumStatusCodes; } 160 CSSM_RETURN operator [] (uint32 ix) 161 { assert(ix < NumStatusCodes); return StatusCodes[ix]; } 162 163 void destroy(Allocator &allocator); 164}; 165 166 167// 168// Walkers 169// 170namespace DataWalkers { 171 172 173 174 175} // end namespace DataWalkers 176} // end namespace Security 177 178#endif //_H_CSSMTRUST 179