libsecurity_apple_x509_cl/lib/AppleX509CLSession.h

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 *
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 *
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// AppleX509CLSession.h - general CL session functions.
//
#ifndef _H_APPLEX509CLSESSION
#define _H_APPLEX509CLSESSION

#include <security_cdsa_plugin/CLsession.h>
#include "CLCachedEntry.h"
#include "DecodedCert.h"
#include "LockedMap.h"
#include <security_utilities/threading.h>
#include <Security/cssmapple.h>

class AppleX509CLSession : public CLPluginSession {

public:

	AppleX509CLSession(
		CSSM_MODULE_HANDLE theHandle,
		CssmPlugin &plug,
		const CSSM_VERSION &version,
		uint32 subserviceId,
		CSSM_SERVICE_TYPE subserviceType,
		CSSM_ATTACH_FLAGS attachFlags,
		const CSSM_UPCALLS &upcalls);

	~AppleX509CLSession();

// ====================================================================
// Cert Interpretation
// ====================================================================

	void CertDescribeFormat(
		uint32 &NumberOfFields,
		CSSM_OID_PTR &OidList);

// Non-cached

	void CertGetAllFields(
		const CssmData &Cert,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CertFields);

	CSSM_HANDLE CertGetFirstFieldValue(
		const CssmData &Cert,
		const CssmData &CertField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CertGetNextFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);


// Cached

	void CertCache(
		const CssmData &Cert,
		CSSM_HANDLE &CertHandle);

	CSSM_HANDLE CertGetFirstCachedFieldValue(
		CSSM_HANDLE CertHandle,
		const CssmData &CertField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CertGetNextCachedFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void CertAbortCache(
		CSSM_HANDLE CertHandle);

	void CertAbortQuery(
		CSSM_HANDLE ResultsHandle);


// Templates

	void CertCreateTemplate(
		uint32 NumberOfFields,
		const CSSM_FIELD CertFields[],
		CssmData &CertTemplate);

	void CertGetAllTemplateFields(
		const CssmData &CertTemplate,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CertFields);


// Memory

	void FreeFields(
		uint32 NumberOfFields,
		CSSM_FIELD_PTR &FieldArray);
	void FreeFieldValue(
		const CssmData &CertOrCrlOid,
		CssmData &Value);

// Key

	void CertGetKeyInfo(
		const CssmData &Cert,
		CSSM_KEY_PTR &Key);

// ====================================================================
// CRL Interpretation
// ====================================================================

// Non-cached

	void CrlDescribeFormat(
		uint32 &NumberOfFields,
		CSSM_OID_PTR &OidList);

	void CrlGetAllFields(
		const CssmData &Crl,
		uint32 &NumberOfCrlFields,
		CSSM_FIELD_PTR &CrlFields);

	CSSM_HANDLE CrlGetFirstFieldValue(
		const CssmData &Crl,
		const CssmData &CrlField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CrlGetNextFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void IsCertInCrl(
		const CssmData &Cert,
		const CssmData &Crl,
		CSSM_BOOL &CertFound);


// Cached

	void CrlCache(
		const CssmData &Crl,
		CSSM_HANDLE &CrlHandle);

	void CrlGetAllCachedRecordFields(CSSM_HANDLE CrlHandle,
		const CssmData &CrlRecordIndex,
		uint32 &NumberOfFields,
		CSSM_FIELD_PTR &CrlFields);

	CSSM_HANDLE CrlGetFirstCachedFieldValue(
		CSSM_HANDLE CrlHandle,
		const CssmData *CrlRecordIndex,
		const CssmData &CrlField,
		uint32 &NumberOfMatchedFields,
		CSSM_DATA_PTR &Value);

	bool CrlGetNextCachedFieldValue(
		CSSM_HANDLE ResultsHandle,
		CSSM_DATA_PTR &Value);

	void IsCertInCachedCrl(
		const CssmData &Cert,
		CSSM_HANDLE CrlHandle,
		CSSM_BOOL &CertFound,
		CssmData &CrlRecordIndex);

	void CrlAbortCache(
		CSSM_HANDLE CrlHandle);

	void CrlAbortQuery(
		CSSM_HANDLE ResultsHandle);


// Template

	void CrlCreateTemplate(
		uint32 NumberOfFields,
		const CSSM_FIELD *CrlTemplate,
		CssmData &NewCrl);

	void CrlSetFields(
		uint32 NumberOfFields,
		const CSSM_FIELD *CrlTemplate,
		const CssmData &OldCrl,
		CssmData &ModifiedCrl);

	void CrlAddCert(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &Cert,
		uint32 NumberOfFields,
		const CSSM_FIELD CrlEntryFields[],
		const CssmData &OldCrl,
		CssmData &NewCrl);

	void CrlRemoveCert(
		const CssmData &Cert,
		const CssmData &OldCrl,
		CssmData &NewCrl);

// ====================================================================
// Verify/Sign
// ====================================================================

// Certs

	void CertVerifyWithKey(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertToBeVerified);

	void CertVerify(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertToBeVerified,
		const CssmData *SignerCert,
		const CSSM_FIELD *VerifyScope,
		uint32 ScopeSize);

	void CertSign(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CertTemplate,
		const CSSM_FIELD *SignScope,
		uint32 ScopeSize,
		CssmData &SignedCert);

// Cert Groups

	void CertGroupFromVerifiedBundle(
		CSSM_CC_HANDLE CCHandle,
		const CSSM_CERT_BUNDLE &CertBundle,
		const CssmData *SignerCert,
		CSSM_CERTGROUP_PTR &CertGroup);

	void CertGroupToSignedBundle(
		CSSM_CC_HANDLE CCHandle,
		const CSSM_CERTGROUP &CertGroupToBundle,
		const CSSM_CERT_BUNDLE_HEADER *BundleInfo,
		CssmData &SignedBundle);

// CRLs

	void CrlVerifyWithKey(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CrlToBeVerified);

	void CrlVerify(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &CrlToBeVerified,
		const CssmData *SignerCert,
		const CSSM_FIELD *VerifyScope,
		uint32 ScopeSize);

	void CrlSign(
		CSSM_CC_HANDLE CCHandle,
		const CssmData &UnsignedCrl,
		const CSSM_FIELD *SignScope,
		uint32 ScopeSize,
		CssmData &SignedCrl);

// ====================================================================
// Module Specific Pass-Through
// ====================================================================

	void PassThrough(
		CSSM_CC_HANDLE CCHandle,
		uint32 PassThroughId,
		const void *InputParams,
		void **OutputParams);

private:
	/* routines in Session_Cert.cpp */
	void getAllParsedCertFields(
		const DecodedCert	&cert,
		uint32 				&NumberOfFields,		// RETURNED
		CSSM_FIELD_PTR 		&CertFields);			// RETURNED

	/* routines in Session_Crypto.cpp */
	void signData(
		CSSM_CC_HANDLE		ccHand,
		const CssmData		&tbs,
		CssmOwnedData		&sig);			// mallocd and returned
	void verifyData(
		CSSM_CC_HANDLE		ccHand,
		const CssmData		&tbs,
		const CssmData		&sig);

	/* routines in Session_CSR.cpp */
	void generateCsr(
		CSSM_CC_HANDLE 		CCHandle,
		const CSSM_APPLE_CL_CSR_REQUEST *csrReq,
		CSSM_DATA_PTR		&csrPtr);
	void verifyCsr(
		const CSSM_DATA		*csrPtr);

	/*
	 * Maps of cached certs, CRLs, and active queries
	 * This one holds cached certs and CRLs.
	 */
	LockedMap<CSSM_HANDLE, CLCachedEntry>	cacheMap;
	LockedMap<CSSM_HANDLE, CLQuery>			queryMap;

	CLCachedCert *lookupCachedCert(CSSM_HANDLE handle);
	CLCachedCRL	 *lookupCachedCRL(CSSM_HANDLE handle);
};

#endif //_H_APPLEX509CLSESSION