1/* 2 * Copyright (c) 2004,2008 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// tokenkey - remote reference key on an attached hardware token 27// 28#include "tokenkey.h" 29#include "tokendatabase.h" 30 31 32// 33// Construct a TokenKey from a reference handle and key header 34// 35TokenKey::TokenKey(TokenDatabase &db, KeyHandle tokenKey, const CssmKey::Header &hdr) 36 : Key(db), mKey(tokenKey), mHeader(hdr) 37{ 38 db.addReference(*this); 39} 40 41 42// 43// Destruction of a TokenKey releases the reference from tokend 44// 45TokenKey::~TokenKey() 46{ 47 try { 48 database().token().tokend().releaseKey(mKey); 49 } catch (...) { 50 secdebug("tokendb", "%p release key handle %u threw (ignored)", 51 this, mKey); 52 } 53} 54 55 56// 57// Links through the object mesh 58// 59TokenDatabase &TokenKey::database() const 60{ 61 return referent<TokenDatabase>(); 62} 63 64Token &TokenKey::token() 65{ 66 return database().token(); 67} 68 69GenericHandle TokenKey::tokenHandle() const 70{ 71 return mKey; // tokend-side handle 72} 73 74 75// 76// Canonical external attributes (taken directly from the key header) 77// 78CSSM_KEYATTR_FLAGS TokenKey::attributes() 79{ 80 return mHeader.attributes(); 81} 82 83 84// 85// Return-to-caller processing (trivial in this case) 86// 87void TokenKey::returnKey(Handle &h, CssmKey::Header &hdr) 88{ 89 h = this->handle(); 90 hdr = mHeader; 91} 92 93 94// 95// We're a key (duh) 96// 97AclKind TokenKey::aclKind() const 98{ 99 return keyAcl; 100} 101 102 103// 104// Right now, key ACLs are at the process level 105// 106SecurityServerAcl &TokenKey::acl() 107{ 108 return *this; 109} 110 111 112// 113// The related database is, naturally enough, the TokenDatabase we're in 114// 115Database *TokenKey::relatedDatabase() 116{ 117 return &database(); 118} 119 120 121// 122// Generate the canonical key digest. 123// This is not currently supported through tokend. If we need it, 124// we'll have to force unlock and fake it (in tokend, most likely). 125// 126const CssmData &TokenKey::canonicalDigest() 127{ 128 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 129} 130