1/* 2 * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19/* 20 * TPCrlInfo.h - TP's private CRL and CRL group classes 21 * 22 */ 23 24#ifndef _TP_CRL_INFO_H_ 25#define _TP_CRL_INFO_H_ 26 27#include <Security/cssmtype.h> 28#include <security_utilities/alloc.h> 29#include <security_utilities/threading.h> 30#include <security_utilities/globalizer.h> 31#include "TPCertInfo.h" 32#include "tpCrlVerify.h" 33 34/* 35 * Verification state of a TPCrlInfo. Verification refers to the process 36 * of cert chain validation from the CRL to a trusted root. Since this 37 * is a rather heavyweight operation, this is done on demand, when a given 38 * CRL is "believed to be" the appropriate one for a given cert. It 39 * is separate from not before/after verification, which is performed 40 * on the fly as needed. 41 */ 42typedef enum { 43 CVS_Unknown, // initial default state 44 CVS_Good, // known good 45 CVS_Bad // known bad 46} TPCrlVerifyState; 47 48/* 49 * Indicates where a particular CRL came from. Currently only used 50 * in the tpCrlVerify module. 51 */ 52typedef enum { 53 CFW_Nowhere, // default, never returned 54 CFW_InGroup, // from incoming TPCrlGroup 55 CFW_DlDb, // verifyContext.dbList 56 CFW_LocalCache, // tpGlobalCrlCache 57 CFW_Net, // tpFetchCrlFromNet 58 /* probably others */ 59} TPCrlFromWhere; 60 61 62/* 63 * Class representing one CRL. The raw CRL data usually comes from 64 * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we 65 * don't own the raw data and don't copy or free it. Caller can 66 * optionally specify that we copy (and own and eventually free) the raw cert data. 67 * Currently this is only done when we find a CRL in a DlDb. The constructor throws 68 * on any error (bad CRL data); subsequent to successful construction, no CSSM 69 * errors are thrown and it's guaranteed that the CRL is basically readable and 70 * successfully cached in the CL, and that we have a locally cached 71 * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format). 72 */ 73class TPCrlInfo : public TPClItemInfo 74{ 75 NOCOPY(TPCrlInfo) 76public: 77 /* 78 * No default constructor - this is the only way. 79 */ 80 TPCrlInfo( 81 CSSM_CL_HANDLE clHand, 82 CSSM_CSP_HANDLE cspHand, 83 const CSSM_DATA *crlData, 84 TPItemCopy copyCrlData, 85 const char *verifyTime); // NULL ==> time = right now 86 87 /* frees mIssuerName, mCacheHand, mX509Crl via mClHand */ 88 ~TPCrlInfo(); 89 90 /* 91 * The heavyweight "perform full verification" op. 92 * If doCrlVerify is true, we'll do an eventually recursive 93 * CRL verification test on the cert group we construct 94 * here to verify the CRL in question. This recursive 95 * verify is also done if the CRL is an indirect CRL. 96 * Currently, the doCrlVerifyFlag will be set false in the 97 * normal case of verifying a cert chain; in that case the 98 * various certs needed to verify the CRL are assumed to 99 * be a subset of the cert chain being verified, and CRL 100 * verification of that cert chain is being performed 101 * elsewhere. The caller would set doCrlVerify true when 102 * the top-level op is simply a CRL verify. 103 */ 104 CSSM_RETURN verifyWithContext( 105 TPVerifyContext &tpVerifyContext, 106 TPCertInfo *forCert, // optional 107 bool doCrlVerify = false); 108 109 /* 110 * Wrapper for verifyWithContext for use when evaluating a CRL 111 * "now" instead of at the time in TPVerifyContext.verifyTime. 112 */ 113 CSSM_RETURN verifyWithContextNow( 114 TPVerifyContext &tpVerifyContext, 115 TPCertInfo *forCert, // optional 116 bool doCrlVerify = false); 117 118 /* 119 * Do I have the same issuer as the specified subject cert? 120 * Returns true if so. 121 */ 122 bool hasSameIssuer( 123 const TPCertInfo &subject); 124 125 /* 126 * Determine if specified cert has been revoked as of the 127 * provided time; a NULL timestring indicates "now". 128 * Assumes that the current CRL has been fully verified. 129 */ 130 CSSM_RETURN isCertRevoked( 131 TPCertInfo &subjectCert, 132 CSSM_TIMESTRING verifyTime); 133 134 /* accessors */ 135 const CSSM_X509_SIGNED_CRL *x509Crl() { return mX509Crl; } 136 TPCrlVerifyState verifyState() { return mVerifyState; } 137 138 const CSSM_DATA *uri() { return &mUri; } 139 void uri(const CSSM_DATA &uri); 140 141 /* 142 * Ref count info maintained by caller (currently only in 143 * tpCrlVfy.cpp's global cache module). 144 */ 145 int mRefCount; 146 147 /* used only by tpCrlVerify */ 148 TPCrlFromWhere mFromWhere; 149 150 151private: 152 CSSM_X509_SIGNED_CRL *mX509Crl; 153 CSSM_DATA_PTR mCrlFieldToFree; 154 TPCrlVerifyState mVerifyState; 155 CSSM_RETURN mVerifyError; // only if mVerifyState = CVS_Bad 156 CSSM_DATA mUri; // if fetched from net 157 158 void releaseResources(); 159 CSSM_RETURN parseExtensions( 160 TPVerifyContext &tpVerifyContext, 161 bool isPerEntry, 162 uint32 entryIndex, // if isPerEntry 163 const CSSM_X509_EXTENSIONS &extens, 164 TPCertInfo *forCert, // optional 165 bool &isIndirectCrl);// RETURNED 166 167}; 168 169/* 170 * TP's private CRL Group class. 171 */ 172class TPCrlGroup 173{ 174 NOCOPY(TPCrlGroup) 175public: 176 /* construct empty CRL group */ 177 TPCrlGroup( 178 Allocator &alloc, 179 TPGroupOwner whoOwns); // if TGO_Group, we delete 180 181 /* 182 * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting 183 * TPCrlInfos are more or less in the same order as the incoming 184 * CRLs, though incoming CRLs are discarded if they don't parse. 185 * No verification of any sort is performed. 186 */ 187 TPCrlGroup( 188 const CSSM_CRLGROUP *cssmCrlGroup, // optional 189 CSSM_CL_HANDLE clHand, 190 CSSM_CSP_HANDLE cspHand, 191 Allocator &alloc, 192 const char *cssmTimeStr, // may be NULL 193 TPGroupOwner whoOwns); 194 195 /* 196 * Deletes all TPCrlInfo's. 197 */ 198 ~TPCrlGroup(); 199 200 /* add/remove/access TPCrlInfo's. */ 201 void appendCrl( 202 TPCrlInfo &crlInfo); // appends to end of mCertInfo 203 TPCrlInfo *crlAtIndex( 204 unsigned index); 205 TPCrlInfo &removeCrlAtIndex( 206 unsigned index); // doesn't delete the cert, just 207 // removes it from our list 208 void removeCrl( 209 TPCrlInfo &crlInfo); // ditto 210 211 /* 212 * Convenience accessors for first and last CRL, only valid when we have 213 * at least one cert. 214 */ 215 TPCrlInfo *firstCrl(); 216 TPCrlInfo *lastCrl(); 217 218 /* 219 * Find a CRL whose issuer matches specified subject cert. 220 * Returned CRL has not necessarily been verified. 221 */ 222 TPCrlInfo *findCrlForCert( 223 TPCertInfo &subject); 224 225 Allocator &alloc() { return mAlloc; } 226 unsigned numCrls() { return mNumCrls; } 227 228private: 229 Allocator &mAlloc; 230 TPCrlInfo **mCrlInfo; // just an array of pointers 231 unsigned mNumCrls; // valid certs in certInfo 232 unsigned mSizeofCrlInfo; // mallocd space in certInfo 233 TPGroupOwner mWhoOwns; // if TGO_Group, we delete CRLs 234 // upon destruction 235}; 236#endif /* _TP_CRL_INFO_H_ */ 237 238