1/*
2 * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// CertificateRequest.h
26//
27#ifndef _SECURITY_CERTIFICATEREQUEST_H_
28#define _SECURITY_CERTIFICATEREQUEST_H_
29
30#include <Security/SecCertificateRequest.h>
31#include <security_utilities/seccfobject.h>
32#include "SecCFTypes.h"
33#include <security_utilities/alloc.h>
34#include <security_cdsa_utilities/cssmdata.h>
35#include <security_cdsa_client/tpclient.h>
36#include <security_cdsa_client/clclient.h>
37#include <security_utilities/debugging.h>
38#include <CoreFoundation/CoreFoundation.h>
39
40#define certReqDbg(args...) secdebug("certReq", ## args)
41
42namespace Security
43{
44
45namespace KeychainCore
46{
47
48class CertificateRequest : public SecCFObject
49{
50	NOCOPY(CertificateRequest)
51public:
52	SECCFFUNCTIONS(CertificateRequest, SecCertificateRequestRef, errSecInvalidItemRef, gTypes().CertificateRequest)
53
54    CertificateRequest(const CSSM_OID &policy,
55		CSSM_CERT_TYPE certificateType,
56		CSSM_TP_AUTHORITY_REQUEST_TYPE requestType,
57		SecKeyRef privateKeyItemRef,		// optional
58		SecKeyRef publicKeyItemRef,			// optional
59		const SecCertificateRequestAttributeList *attributeList,
60		/*
61		 * true when called from SecCertificateRequestCreate, cooking up a new
62		 *      request from scratch
63		 * false when called from SecCertificateFindRequest, recomnstructing
64		 *      a request in progress
65		 */
66		bool isNew = true);
67
68    virtual ~CertificateRequest() throw();
69
70	void submit(
71		sint32 *estimatedTime);
72	void getResult(
73		sint32			*estimatedTime,		// optional
74		CssmData		&certData);
75
76	/*
77	 * Obtain policy/error specific return data blob. We own the data, it's
78	 * not copied.
79	 */
80	void getReturnData(
81		CssmData		&rtnData);
82
83	CSSM_CERT_TYPE					certType()	{ return mCertType; }
84	CSSM_TP_AUTHORITY_REQUEST_TYPE	reqType()	{ return mReqType; }
85
86private:
87	void submitDotMac(
88		sint32			*estimatedTime);
89	void getResultDotMac(
90		sint32			*estimatedTime,		// optional
91		CssmData		&certData);
92	void postPendingRequest();
93
94	/* preferences support */
95	CFStringRef createUserKey();
96	CFStringRef createPolicyKey();
97	CFDictionaryRef getPolicyDictionary(
98		CFDictionaryRef			prefsDict);
99	CFDictionaryRef getUserDictionary(
100		CFDictionaryRef			policyDict);
101
102	/*
103	 * Preferences storage and retrieval.
104	 * Both assume valid mPolicy and mUserName. storeResults stores the
105	 * specified data; retrieveResults retrieves whatever is found in the
106	 * prefs dictionary and restores to mRefId or mCert as appropriate.
107	 */
108	OSStatus storeResults(
109		const CSSM_DATA		*refId,			// optional, for queued requests
110		const CSSM_DATA		*certDat);		// optional, for immediate completion
111	void retrieveResults();
112	void removeResults();
113
114	typedef enum {
115		CRS_New = 0,		// created via SecCertificateRequestCreate
116		CRS_Reconstructed,	// created via SecCertificateFindRequest
117		CRS_HaveCert,		// completed request one way or another, have a good cert
118		CRS_HaveRefId,		// submitted request, have RefId for later retrieval
119		CRS_HaveOtherData	// submitted request, have other data in mRefId
120	} CertReqState;
121
122	Allocator						&mAlloc;
123	CssmClient::TP					mTP;
124	CssmClient::CL					mCL;
125	CssmAutoData					mPolicy;	/* i.e., "CssmAutoOid" */
126	CSSM_CERT_TYPE					mCertType;
127	CSSM_TP_AUTHORITY_REQUEST_TYPE	mReqType;
128	SecKeyRef						mPrivKey;
129	SecKeyRef						mPubKey;
130	sint32							mEstTime;
131	CssmAutoData					mRefId;		/* returned from SubmitCredRequest() */
132	CertReqState					mCertState;
133	CssmAutoData					mCertData;
134
135	/*
136	 * The incoming SecCertificateRequestAttributeList oid/value pairs
137	 * map to these:
138	 */
139	CssmAutoData					mUserName;
140	CssmAutoData					mPassword;	/* optional (lookup doesn't use it) */
141	CssmAutoData					mHostName;	/* optional */
142	CssmAutoData					mDomain;	/* optional */
143	bool							mDoRenew;
144	bool							mIsAsync;	/* true means no persistent state
145												 * stored in user prefs; default
146												 * is false */
147	Mutex							mMutex;
148};
149
150} // end namespace KeychainCore
151
152} // end namespace Security
153
154#endif // !_SECURITY_CERTIFICATEREQUEST_H_
155