1/*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19/*
20 * DecodedCert.h - object representing an NSS-decoded cert, with extensions
21 * parsed and decoded (still in NSS format).
22 *
23 * Created 9/1/2000 by Doug Mitchell.
24 * Copyright (c) 2000 by Apple Computer.
25 *
26 * See DecodedItem.h for details on the care and feeding of this
27 * module.
28 */
29
30#ifndef	_DECODED_CERT_H_
31#define _DECODED_CERT_H_
32
33#include <Security/cssmtype.h>
34#include <security_cdsa_utilities/cssmdata.h>
35
36#include "DecodedItem.h"
37#include <Security/X509Templates.h>
38#include <security_asn1/SecNssCoder.h>
39
40class DecodedCert : public DecodedItem
41{
42	NOCOPY(DecodedCert)
43public:
44	/* construct empty cert, no decoded extensions */
45	DecodedCert(
46		AppleX509CLSession	&session);
47
48	/* one-shot constructor, decoding from DER-encoded data */
49	DecodedCert(
50		AppleX509CLSession	&session,
51		const CssmData 		&encodedCert);
52
53	~DecodedCert();
54
55	void encodeExtensions();
56
57	/* decode TBSCert and its extensions */
58	void decodeTbs(
59		const CssmData	&encodedTbs);
60
61	/* encode TBSCert and its extensions */
62	void encodeTbs(
63		CssmOwnedData	&encodedTbs);
64
65	/***
66	 *** field accessors (in CertFields.cpp)
67	 ***/
68
69	/*
70	 * Obtain the index'th occurrence of field specified by fieldId.
71	 * Format of the returned field depends on fieldId.
72	 * Returns total number of fieldId fields in the cert if index is 0.
73	 * Returns true if specified field was found, else returns false.
74	 */
75	bool getCertFieldData(
76		const CssmOid		&fieldId,			// which field
77		unsigned			index,				// which occurrence (0 = first)
78		uint32				&numFields,			// RETURNED
79		CssmOwnedData		&fieldValue);		// RETURNED
80
81	/*
82	 * Set the field specified by fieldId in TBS.
83	 * Note no index - individual field routines either append (for extensions)
84	 * or throw if field already set (for all others)
85	 */
86	void setCertField(
87		const CssmOid		&fieldId,		// which field
88		const CssmData		&fieldValue);
89
90	/*
91	 * Free the fieldId-specific data referred to by fieldValue.get().data().
92	 */
93	static void freeCertFieldData(
94		const CssmOid		&fieldId,
95		CssmOwnedData		&fieldValue);
96
97	void getAllParsedCertFields(
98		uint32 				&NumberOfFields,		// RETURNED
99		CSSM_FIELD_PTR 		&CertFields);			// RETURNED
100
101	static void describeFormat(
102		Allocator 		&alloc,
103		uint32 				&NumberOfFields,
104		CSSM_OID_PTR 		&OidList);
105
106	/*
107  	 * Obtain a CSSM_KEY from a decoded cert, inferring as much as we can
108	 * from required fields (subjectPublicKeyInfo) and extensions (for
109	 * KeyUse).
110	 */
111	CSSM_KEY_PTR extractCSSMKey(
112		Allocator		&alloc) const;
113
114	CSSM_KEYUSE inferKeyUsage() const;
115
116	NSS_Certificate			mCert;
117};
118
119#endif	/* _DECODED_CERT_H_ */
120