1/* 2 * Copyright (c) 2002-2004,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// CertificateRequest.h 26// 27#ifndef _SECURITY_CERTIFICATEREQUEST_H_ 28#define _SECURITY_CERTIFICATEREQUEST_H_ 29 30#include <Security/SecCertificateRequest.h> 31#include <security_utilities/seccfobject.h> 32#include "SecCFTypes.h" 33#include <security_utilities/alloc.h> 34#include <security_cdsa_utilities/cssmdata.h> 35#include <security_cdsa_client/tpclient.h> 36#include <security_cdsa_client/clclient.h> 37#include <security_utilities/debugging.h> 38#include <CoreFoundation/CoreFoundation.h> 39 40#define certReqDbg(args...) secdebug("certReq", ## args) 41 42namespace Security 43{ 44 45namespace KeychainCore 46{ 47 48class CertificateRequest : public SecCFObject 49{ 50 NOCOPY(CertificateRequest) 51public: 52 SECCFFUNCTIONS(CertificateRequest, SecCertificateRequestRef, errSecInvalidItemRef, gTypes().CertificateRequest) 53 54 CertificateRequest(const CSSM_OID &policy, 55 CSSM_CERT_TYPE certificateType, 56 CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, 57 SecKeyRef privateKeyItemRef, // optional 58 SecKeyRef publicKeyItemRef, // optional 59 const SecCertificateRequestAttributeList *attributeList, 60 /* 61 * true when called from SecCertificateRequestCreate, cooking up a new 62 * request from scratch 63 * false when called from SecCertificateFindRequest, recomnstructing 64 * a request in progress 65 */ 66 bool isNew = true); 67 68 virtual ~CertificateRequest() throw(); 69 70 void submit( 71 sint32 *estimatedTime); 72 void getResult( 73 sint32 *estimatedTime, // optional 74 CssmData &certData); 75 76 /* 77 * Obtain policy/error specific return data blob. We own the data, it's 78 * not copied. 79 */ 80 void getReturnData( 81 CssmData &rtnData); 82 83 CSSM_CERT_TYPE certType() { return mCertType; } 84 CSSM_TP_AUTHORITY_REQUEST_TYPE reqType() { return mReqType; } 85 86private: 87 void submitDotMac( 88 sint32 *estimatedTime); 89 void getResultDotMac( 90 sint32 *estimatedTime, // optional 91 CssmData &certData); 92 void postPendingRequest(); 93 94 /* preferences support */ 95 CFStringRef createUserKey(); 96 CFStringRef createPolicyKey(); 97 CFDictionaryRef getPolicyDictionary( 98 CFDictionaryRef prefsDict); 99 CFDictionaryRef getUserDictionary( 100 CFDictionaryRef policyDict); 101 102 /* 103 * Preferences storage and retrieval. 104 * Both assume valid mPolicy and mUserName. storeResults stores the 105 * specified data; retrieveResults retrieves whatever is found in the 106 * prefs dictionary and restores to mRefId or mCert as appropriate. 107 */ 108 OSStatus storeResults( 109 const CSSM_DATA *refId, // optional, for queued requests 110 const CSSM_DATA *certDat); // optional, for immediate completion 111 void retrieveResults(); 112 void removeResults(); 113 114 typedef enum { 115 CRS_New = 0, // created via SecCertificateRequestCreate 116 CRS_Reconstructed, // created via SecCertificateFindRequest 117 CRS_HaveCert, // completed request one way or another, have a good cert 118 CRS_HaveRefId, // submitted request, have RefId for later retrieval 119 CRS_HaveOtherData // submitted request, have other data in mRefId 120 } CertReqState; 121 122 Allocator &mAlloc; 123 CssmClient::TP mTP; 124 CssmClient::CL mCL; 125 CssmAutoData mPolicy; /* i.e., "CssmAutoOid" */ 126 CSSM_CERT_TYPE mCertType; 127 CSSM_TP_AUTHORITY_REQUEST_TYPE mReqType; 128 SecKeyRef mPrivKey; 129 SecKeyRef mPubKey; 130 sint32 mEstTime; 131 CssmAutoData mRefId; /* returned from SubmitCredRequest() */ 132 CertReqState mCertState; 133 CssmAutoData mCertData; 134 135 /* 136 * The incoming SecCertificateRequestAttributeList oid/value pairs 137 * map to these: 138 */ 139 CssmAutoData mUserName; 140 CssmAutoData mPassword; /* optional (lookup doesn't use it) */ 141 CssmAutoData mHostName; /* optional */ 142 CssmAutoData mDomain; /* optional */ 143 bool mDoRenew; 144 bool mIsAsync; /* true means no persistent state 145 * stored in user prefs; default 146 * is false */ 147 Mutex mMutex; 148}; 149 150} // end namespace KeychainCore 151 152} // end namespace Security 153 154#endif // !_SECURITY_CERTIFICATEREQUEST_H_ 155