1/*
2 * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19/*
20 * TPCrlInfo.h - TP's private CRL and CRL group classes
21 *
22 */
23
24#ifndef	_TP_CRL_INFO_H_
25#define _TP_CRL_INFO_H_
26
27#include <Security/cssmtype.h>
28#include <security_utilities/alloc.h>
29#include <security_utilities/threading.h>
30#include <security_utilities/globalizer.h>
31#include "TPCertInfo.h"
32#include "tpCrlVerify.h"
33
34/*
35 * Verification state of a TPCrlInfo. Verification refers to the process
36 * of cert chain validation from the CRL to a trusted root. Since this
37 * is a rather heavyweight operation, this is done on demand, when a given
38 * CRL is "believed to be" the appropriate one for a given cert. It
39 * is separate from not before/after verification, which is performed
40 * on the fly as needed.
41 */
42typedef enum {
43	CVS_Unknown,		// initial default state
44	CVS_Good,			// known good
45	CVS_Bad				// known bad
46} TPCrlVerifyState;
47
48/*
49 * Indicates where a particular CRL came from. Currently only used
50 * in the tpCrlVerify module.
51 */
52typedef enum {
53	CFW_Nowhere,		// default, never returned
54	CFW_InGroup,		// from incoming TPCrlGroup
55	CFW_DlDb,			// verifyContext.dbList
56	CFW_LocalCache,		// tpGlobalCrlCache
57	CFW_Net,			// tpFetchCrlFromNet
58	/* probably others */
59} TPCrlFromWhere;
60
61
62/*
63 * Class representing one CRL. The raw CRL data usually comes from
64 * a client (via incoming CSSM_TP_VERIFY_CONTEXT.Crls); in this case, we
65 * don't own the raw data and don't copy or free it. Caller can
66 * optionally specify that we copy (and own and eventually free) the raw cert data.
67 * Currently this is only done when we find a CRL in a DlDb. The constructor throws
68 * on any error (bad CRL data); subsequent to successful construction, no CSSM
69 * errors are thrown and it's guaranteed that the CRL is basically readable and
70 * successfully cached in the CL, and that we have a locally cached
71 * CSSM_X509_SIGNED_CRL and issuer name (in normalized encoded format).
72 */
73class TPCrlInfo : public TPClItemInfo
74{
75	NOCOPY(TPCrlInfo)
76public:
77	/*
78	 * No default constructor - this is the only way.
79	 */
80	TPCrlInfo(
81		CSSM_CL_HANDLE		clHand,
82		CSSM_CSP_HANDLE		cspHand,
83		const CSSM_DATA		*crlData,
84		TPItemCopy			copyCrlData,
85		const char 			*verifyTime);	// NULL ==> time = right now
86
87	/* frees mIssuerName, mCacheHand, mX509Crl via mClHand */
88	~TPCrlInfo();
89
90	/*
91	 * The heavyweight "perform full verification" op.
92	 * If doCrlVerify is true, we'll do an eventually recursive
93	 * CRL verification test on the cert group we construct
94	 * here to verify the CRL in question. This recursive
95	 * verify is also done if the CRL is an indirect CRL.
96	 * Currently, the doCrlVerifyFlag will be set false in the
97	 * normal case of verifying a cert chain; in that case the
98	 * various certs needed to verify the CRL are assumed to
99	 * be a subset of the cert chain being verified, and CRL
100	 * verification of that cert chain is being performed
101	 * elsewhere. The caller would set doCrlVerify true when
102	 * the top-level op is simply a CRL verify.
103	 */
104	CSSM_RETURN verifyWithContext(
105		TPVerifyContext		&tpVerifyContext,
106		TPCertInfo			*forCert,			// optional
107		bool				doCrlVerify = false);
108
109	/*
110 	 * Wrapper for verifyWithContext for use when evaluating a CRL
111  	 * "now" instead of at the time in TPVerifyContext.verifyTime.
112	 */
113	CSSM_RETURN verifyWithContextNow(
114		TPVerifyContext		&tpVerifyContext,
115		TPCertInfo			*forCert,			// optional
116		bool				doCrlVerify = false);
117
118	/*
119	 * Do I have the same issuer as the specified subject cert?
120	 * Returns true if so.
121	 */
122	bool hasSameIssuer(
123		const TPCertInfo		&subject);
124
125	/*
126	 * Determine if specified cert has been revoked as of the
127	 * provided time; a NULL timestring indicates "now".
128	 * Assumes that the current CRL has been fully verified.
129	 */
130	CSSM_RETURN isCertRevoked(
131		TPCertInfo 				&subjectCert,
132		CSSM_TIMESTRING 		verifyTime);
133
134	/* accessors */
135	const CSSM_X509_SIGNED_CRL *x509Crl()		{ return mX509Crl; }
136	TPCrlVerifyState			verifyState() 	{ return mVerifyState; }
137
138	const CSSM_DATA				*uri()			{ return &mUri; }
139	void 						uri(const CSSM_DATA &uri);
140
141	/*
142	 * Ref count info maintained by caller (currently only in
143	 * tpCrlVfy.cpp's global cache module).
144	 */
145	int 					mRefCount;
146
147	/* used only by tpCrlVerify */
148	TPCrlFromWhere			mFromWhere;
149
150
151private:
152	CSSM_X509_SIGNED_CRL	*mX509Crl;
153	CSSM_DATA_PTR			mCrlFieldToFree;
154	TPCrlVerifyState		mVerifyState;
155	CSSM_RETURN				mVerifyError;		// only if mVerifyState = CVS_Bad
156	CSSM_DATA				mUri;				// if fetched from net
157
158	void releaseResources();
159	CSSM_RETURN parseExtensions(
160		TPVerifyContext				&tpVerifyContext,
161		bool						isPerEntry,
162		uint32						entryIndex,		// if isPerEntry
163		const CSSM_X509_EXTENSIONS	&extens,
164		TPCertInfo					*forCert,		// optional
165		bool						&isIndirectCrl);// RETURNED
166
167};
168
169/*
170 * TP's private CRL Group class.
171 */
172class TPCrlGroup
173{
174	NOCOPY(TPCrlGroup)
175public:
176	/* construct empty CRL group */
177	TPCrlGroup(
178		Allocator				&alloc,
179		TPGroupOwner			whoOwns);		// if TGO_Group, we delete
180
181	/*
182	 * Construct from unordered, untrusted CSSM_CRLGROUP. Resulting
183	 * TPCrlInfos are more or less in the same order as the incoming
184	 * CRLs, though incoming CRLs are discarded if they don't parse.
185	 * No verification of any sort is performed.
186	 */
187	TPCrlGroup(
188		const CSSM_CRLGROUP 	*cssmCrlGroup,		// optional
189		CSSM_CL_HANDLE 			clHand,
190		CSSM_CSP_HANDLE 		cspHand,
191		Allocator				&alloc,
192		const char				*cssmTimeStr,		// may be NULL
193		TPGroupOwner			whoOwns);
194
195	/*
196	 * Deletes all TPCrlInfo's.
197	 */
198	~TPCrlGroup();
199
200	/* add/remove/access TPCrlInfo's. */
201	void appendCrl(
202		TPCrlInfo			&crlInfo);			// appends to end of mCertInfo
203	TPCrlInfo *crlAtIndex(
204		unsigned			index);
205	TPCrlInfo &removeCrlAtIndex(
206		unsigned			index);				// doesn't delete the cert, just
207												// removes it from our list
208	void removeCrl(
209		TPCrlInfo			&crlInfo);			// ditto
210
211	/*
212	 * Convenience accessors for first and last CRL, only valid when we have
213	 * at least one cert.
214	 */
215	TPCrlInfo *firstCrl();
216	TPCrlInfo *lastCrl();
217
218	/*
219	 * Find a CRL whose issuer matches specified subject cert.
220	 * Returned CRL has not necessarily been verified.
221	 */
222	TPCrlInfo *findCrlForCert(
223		TPCertInfo			&subject);
224
225	Allocator &alloc() 							{ return mAlloc; }
226	unsigned numCrls()								{ return mNumCrls; }
227
228private:
229	Allocator				&mAlloc;
230	TPCrlInfo				**mCrlInfo;			// just an array of pointers
231	unsigned				mNumCrls;			// valid certs in certInfo
232	unsigned				mSizeofCrlInfo;		// mallocd space in certInfo
233	TPGroupOwner			mWhoOwns;			// if TGO_Group, we delete CRLs
234												//    upon destruction
235};
236#endif	/* _TP_CRL_INFO_H_ */
237
238