1/* 2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19// 20// AppleX509CLSession.h - general CL session functions. 21// 22#ifndef _H_APPLEX509CLSESSION 23#define _H_APPLEX509CLSESSION 24 25#include <security_cdsa_plugin/CLsession.h> 26#include "CLCachedEntry.h" 27#include "DecodedCert.h" 28#include "LockedMap.h" 29#include <security_utilities/threading.h> 30#include <Security/cssmapple.h> 31 32class AppleX509CLSession : public CLPluginSession { 33 34public: 35 36 AppleX509CLSession( 37 CSSM_MODULE_HANDLE theHandle, 38 CssmPlugin &plug, 39 const CSSM_VERSION &version, 40 uint32 subserviceId, 41 CSSM_SERVICE_TYPE subserviceType, 42 CSSM_ATTACH_FLAGS attachFlags, 43 const CSSM_UPCALLS &upcalls); 44 45 ~AppleX509CLSession(); 46 47// ==================================================================== 48// Cert Interpretation 49// ==================================================================== 50 51 void CertDescribeFormat( 52 uint32 &NumberOfFields, 53 CSSM_OID_PTR &OidList); 54 55// Non-cached 56 57 void CertGetAllFields( 58 const CssmData &Cert, 59 uint32 &NumberOfFields, 60 CSSM_FIELD_PTR &CertFields); 61 62 CSSM_HANDLE CertGetFirstFieldValue( 63 const CssmData &Cert, 64 const CssmData &CertField, 65 uint32 &NumberOfMatchedFields, 66 CSSM_DATA_PTR &Value); 67 68 bool CertGetNextFieldValue( 69 CSSM_HANDLE ResultsHandle, 70 CSSM_DATA_PTR &Value); 71 72 73// Cached 74 75 void CertCache( 76 const CssmData &Cert, 77 CSSM_HANDLE &CertHandle); 78 79 CSSM_HANDLE CertGetFirstCachedFieldValue( 80 CSSM_HANDLE CertHandle, 81 const CssmData &CertField, 82 uint32 &NumberOfMatchedFields, 83 CSSM_DATA_PTR &Value); 84 85 bool CertGetNextCachedFieldValue( 86 CSSM_HANDLE ResultsHandle, 87 CSSM_DATA_PTR &Value); 88 89 void CertAbortCache( 90 CSSM_HANDLE CertHandle); 91 92 void CertAbortQuery( 93 CSSM_HANDLE ResultsHandle); 94 95 96 97// Templates 98 99 void CertCreateTemplate( 100 uint32 NumberOfFields, 101 const CSSM_FIELD CertFields[], 102 CssmData &CertTemplate); 103 104 void CertGetAllTemplateFields( 105 const CssmData &CertTemplate, 106 uint32 &NumberOfFields, 107 CSSM_FIELD_PTR &CertFields); 108 109 110// Memory 111 112 void FreeFields( 113 uint32 NumberOfFields, 114 CSSM_FIELD_PTR &FieldArray); 115 void FreeFieldValue( 116 const CssmData &CertOrCrlOid, 117 CssmData &Value); 118 119// Key 120 121 void CertGetKeyInfo( 122 const CssmData &Cert, 123 CSSM_KEY_PTR &Key); 124 125// ==================================================================== 126// CRL Interpretation 127// ==================================================================== 128 129// Non-cached 130 131 void CrlDescribeFormat( 132 uint32 &NumberOfFields, 133 CSSM_OID_PTR &OidList); 134 135 void CrlGetAllFields( 136 const CssmData &Crl, 137 uint32 &NumberOfCrlFields, 138 CSSM_FIELD_PTR &CrlFields); 139 140 CSSM_HANDLE CrlGetFirstFieldValue( 141 const CssmData &Crl, 142 const CssmData &CrlField, 143 uint32 &NumberOfMatchedFields, 144 CSSM_DATA_PTR &Value); 145 146 bool CrlGetNextFieldValue( 147 CSSM_HANDLE ResultsHandle, 148 CSSM_DATA_PTR &Value); 149 150 void IsCertInCrl( 151 const CssmData &Cert, 152 const CssmData &Crl, 153 CSSM_BOOL &CertFound); 154 155 156// Cached 157 158 void CrlCache( 159 const CssmData &Crl, 160 CSSM_HANDLE &CrlHandle); 161 162 void CrlGetAllCachedRecordFields(CSSM_HANDLE CrlHandle, 163 const CssmData &CrlRecordIndex, 164 uint32 &NumberOfFields, 165 CSSM_FIELD_PTR &CrlFields); 166 167 CSSM_HANDLE CrlGetFirstCachedFieldValue( 168 CSSM_HANDLE CrlHandle, 169 const CssmData *CrlRecordIndex, 170 const CssmData &CrlField, 171 uint32 &NumberOfMatchedFields, 172 CSSM_DATA_PTR &Value); 173 174 bool CrlGetNextCachedFieldValue( 175 CSSM_HANDLE ResultsHandle, 176 CSSM_DATA_PTR &Value); 177 178 void IsCertInCachedCrl( 179 const CssmData &Cert, 180 CSSM_HANDLE CrlHandle, 181 CSSM_BOOL &CertFound, 182 CssmData &CrlRecordIndex); 183 184 void CrlAbortCache( 185 CSSM_HANDLE CrlHandle); 186 187 void CrlAbortQuery( 188 CSSM_HANDLE ResultsHandle); 189 190 191// Template 192 193 void CrlCreateTemplate( 194 uint32 NumberOfFields, 195 const CSSM_FIELD *CrlTemplate, 196 CssmData &NewCrl); 197 198 void CrlSetFields( 199 uint32 NumberOfFields, 200 const CSSM_FIELD *CrlTemplate, 201 const CssmData &OldCrl, 202 CssmData &ModifiedCrl); 203 204 void CrlAddCert( 205 CSSM_CC_HANDLE CCHandle, 206 const CssmData &Cert, 207 uint32 NumberOfFields, 208 const CSSM_FIELD CrlEntryFields[], 209 const CssmData &OldCrl, 210 CssmData &NewCrl); 211 212 void CrlRemoveCert( 213 const CssmData &Cert, 214 const CssmData &OldCrl, 215 CssmData &NewCrl); 216 217// ==================================================================== 218// Verify/Sign 219// ==================================================================== 220 221// Certs 222 223 void CertVerifyWithKey( 224 CSSM_CC_HANDLE CCHandle, 225 const CssmData &CertToBeVerified); 226 227 void CertVerify( 228 CSSM_CC_HANDLE CCHandle, 229 const CssmData &CertToBeVerified, 230 const CssmData *SignerCert, 231 const CSSM_FIELD *VerifyScope, 232 uint32 ScopeSize); 233 234 void CertSign( 235 CSSM_CC_HANDLE CCHandle, 236 const CssmData &CertTemplate, 237 const CSSM_FIELD *SignScope, 238 uint32 ScopeSize, 239 CssmData &SignedCert); 240 241// Cert Groups 242 243 void CertGroupFromVerifiedBundle( 244 CSSM_CC_HANDLE CCHandle, 245 const CSSM_CERT_BUNDLE &CertBundle, 246 const CssmData *SignerCert, 247 CSSM_CERTGROUP_PTR &CertGroup); 248 249 void CertGroupToSignedBundle( 250 CSSM_CC_HANDLE CCHandle, 251 const CSSM_CERTGROUP &CertGroupToBundle, 252 const CSSM_CERT_BUNDLE_HEADER *BundleInfo, 253 CssmData &SignedBundle); 254 255// CRLs 256 257 void CrlVerifyWithKey( 258 CSSM_CC_HANDLE CCHandle, 259 const CssmData &CrlToBeVerified); 260 261 void CrlVerify( 262 CSSM_CC_HANDLE CCHandle, 263 const CssmData &CrlToBeVerified, 264 const CssmData *SignerCert, 265 const CSSM_FIELD *VerifyScope, 266 uint32 ScopeSize); 267 268 void CrlSign( 269 CSSM_CC_HANDLE CCHandle, 270 const CssmData &UnsignedCrl, 271 const CSSM_FIELD *SignScope, 272 uint32 ScopeSize, 273 CssmData &SignedCrl); 274 275// ==================================================================== 276// Module Specific Pass-Through 277// ==================================================================== 278 279 void PassThrough( 280 CSSM_CC_HANDLE CCHandle, 281 uint32 PassThroughId, 282 const void *InputParams, 283 void **OutputParams); 284 285private: 286 /* routines in Session_Cert.cpp */ 287 void getAllParsedCertFields( 288 const DecodedCert &cert, 289 uint32 &NumberOfFields, // RETURNED 290 CSSM_FIELD_PTR &CertFields); // RETURNED 291 292 /* routines in Session_Crypto.cpp */ 293 void signData( 294 CSSM_CC_HANDLE ccHand, 295 const CssmData &tbs, 296 CssmOwnedData &sig); // mallocd and returned 297 void verifyData( 298 CSSM_CC_HANDLE ccHand, 299 const CssmData &tbs, 300 const CssmData &sig); 301 302 /* routines in Session_CSR.cpp */ 303 void generateCsr( 304 CSSM_CC_HANDLE CCHandle, 305 const CSSM_APPLE_CL_CSR_REQUEST *csrReq, 306 CSSM_DATA_PTR &csrPtr); 307 void verifyCsr( 308 const CSSM_DATA *csrPtr); 309 310 /* 311 * Maps of cached certs, CRLs, and active queries 312 * This one holds cached certs and CRLs. 313 */ 314 LockedMap<CSSM_HANDLE, CLCachedEntry> cacheMap; 315 LockedMap<CSSM_HANDLE, CLQuery> queryMap; 316 317 CLCachedCert *lookupCachedCert(CSSM_HANDLE handle); 318 CLCachedCRL *lookupCachedCRL(CSSM_HANDLE handle); 319}; 320 321#endif //_H_APPLEX509CLSESSION 322