1/* 2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19/* 20 * AppleTPSession.cpp - general session support and (mostly) unimplemented functions 21 */ 22 23#include "AppleTPSession.h" 24#include "TPCertInfo.h" 25#include "TPCrlInfo.h" 26#include "tpCrlVerify.h" 27#include "tpdebugging.h" 28#include <Security/oidsalg.h> 29 30AppleTPSession::AppleTPSession( 31 CSSM_MODULE_HANDLE theHandle, 32 CssmPlugin &plug, 33 const CSSM_VERSION &version, 34 uint32 subserviceId, 35 CSSM_SERVICE_TYPE subserviceType, 36 CSSM_ATTACH_FLAGS attachFlags, 37 const CSSM_UPCALLS &upcalls) 38 : TPPluginSession(theHandle, plug, version, subserviceId, 39 subserviceType,attachFlags, upcalls) 40{ 41} 42 43AppleTPSession::~AppleTPSession() 44{ 45} 46 47void AppleTPSession::CertCreateTemplate(CSSM_CL_HANDLE CLHandle, 48 uint32 NumberOfFields, 49 const CSSM_FIELD CertFields[], 50 CssmData &CertTemplate) 51{ 52 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 53} 54 55void AppleTPSession::CrlVerify(CSSM_CL_HANDLE CLHandle, 56 CSSM_CSP_HANDLE CSPHandle, 57 const CSSM_ENCODED_CRL &CrlToBeVerified, 58 const CSSM_CERTGROUP &SignerCertGroup, 59 const CSSM_TP_VERIFY_CONTEXT *VerifyContext, 60 CSSM_TP_VERIFY_CONTEXT_RESULT *RevokerVerifyResult) 61{ 62 /* verify input args */ 63 if(RevokerVerifyResult != NULL) { 64 /* not yet, but probably someday */ 65 CssmError::throwMe(CSSMERR_TP_INVALID_REQUEST_INPUTS); 66 } 67 switch(CrlToBeVerified.CrlType) { 68 case CSSM_CRL_TYPE_X_509v1: 69 case CSSM_CRL_TYPE_X_509v2: 70 break; 71 default: 72 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_TYPE); 73 } 74 switch(CrlToBeVerified.CrlEncoding) { 75 case CSSM_CRL_ENCODING_BER: 76 case CSSM_CRL_ENCODING_DER: 77 break; 78 default: 79 CssmError::throwMe(CSSMERR_TP_INVALID_CRL_ENCODING); 80 } 81 82 /* optional arguments */ 83 CSSM_TIMESTRING cssmTimeStr = NULL; 84 const CSSM_TP_CALLERAUTH_CONTEXT *cred = NULL; 85 uint32 NumberOfAnchorCerts = 0; 86 CSSM_DATA_PTR AnchorCerts = NULL; 87 CSSM_DL_DB_LIST_PTR DBList = NULL; 88 CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0; 89 CSSM_APPLE_TP_ACTION_DATA *actionData = NULL; 90 91 if(VerifyContext != NULL) { 92 cred = VerifyContext->Cred; 93 actionData = 94 (CSSM_APPLE_TP_ACTION_DATA *)VerifyContext->ActionData.Data; 95 if(actionData != NULL) { 96 switch(actionData->Version) { 97 case CSSM_APPLE_TP_ACTION_VERSION: 98 if(VerifyContext->ActionData.Length != 99 sizeof(CSSM_APPLE_TP_ACTION_DATA)) { 100 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); 101 } 102 break; 103 /* handle backwards versions here if we ever go 104 * beyond version 0 */ 105 default: 106 CssmError::throwMe(CSSMERR_TP_INVALID_ACTION_DATA); 107 } 108 actionFlags = actionData->ActionFlags; 109 } 110 } 111 if(cred != NULL) { 112 cssmTimeStr = cred->VerifyTime; 113 NumberOfAnchorCerts = cred->NumberOfAnchorCerts; 114 AnchorCerts = cred->AnchorCerts; 115 DBList = cred->DBList; 116 } 117 118 /* this must be parseable, throw immediately if not */ 119 TPCrlInfo crlToVerify(CLHandle, CSPHandle, &CrlToBeVerified.CrlBlob, 120 TIC_NoCopy, cssmTimeStr); 121 122 /* Both required at the API but in fact may be empty */ 123 TPCertGroup inCertGroup(SignerCertGroup, CLHandle, CSPHandle, *this, 124 cssmTimeStr, // optional 'this' time 125 false, // firstCertMustBeValid 126 TGO_Group); 127 TPCertGroup gatheredCerts(*this, TGO_Group); 128 129 /* common CRL/OCSP verify parameters */ 130 TPVerifyContext vfyCtx(*this, 131 CLHandle, 132 CSPHandle, 133 cssmTimeStr, 134 NumberOfAnchorCerts, 135 AnchorCerts, 136 &inCertGroup, 137 NULL, // no CRLs, we're on our own 138 gatheredCerts, 139 DBList, 140 kRevokeCrlBasic, 141 actionFlags, 142 NULL, // crlOpts 143 NULL, // OCSP opts 144 &CSSMOID_APPLE_TP_REVOCATION_CRL, 145 NULL, // UT policyString 146 0, 147 CSSM_KEYUSE_VERIFY); 148 149 /* 150 * We assert the doCrlVerify flag to ensure CRL verification 151 * if intermediate certs which verifyWithContext() gathers to 152 * verify this CRL. 153 */ 154 CSSM_RETURN crtn = crlToVerify.verifyWithContext(vfyCtx, NULL, true); 155 if(crtn) { 156 tpCrlDebug("CrlVerify failure"); 157 CssmError::throwMe(crtn); 158 } 159} 160 161void AppleTPSession::CertReclaimKey(const CSSM_CERTGROUP &CertGroup, 162 uint32 CertIndex, 163 CSSM_LONG_HANDLE KeyCacheHandle, 164 CSSM_CSP_HANDLE CSPHandle, 165 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry) 166{ 167 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 168} 169 170/*** CertGroupVerify, CertGroupConstruct in TPCertGroup.cpp ***/ 171 172void AppleTPSession::CertSign(CSSM_CL_HANDLE CLHandle, 173 CSSM_CC_HANDLE CCHandle, 174 const CssmData &CertTemplateToBeSigned, 175 const CSSM_CERTGROUP &SignerCertGroup, 176 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, 177 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, 178 CssmData &SignedCert) 179{ 180 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 181} 182 183void AppleTPSession::TupleGroupToCertGroup(CSSM_CL_HANDLE CLHandle, 184 const CSSM_TUPLEGROUP &TupleGroup, 185 CSSM_CERTGROUP_PTR &CertTemplates) 186{ 187 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 188} 189 190void AppleTPSession::ReceiveConfirmation(const CssmData &ReferenceIdentifier, 191 CSSM_TP_CONFIRM_RESPONSE_PTR &Responses, 192 sint32 &ElapsedTime) 193{ 194 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 195} 196 197void AppleTPSession::PassThrough(CSSM_CL_HANDLE CLHandle, 198 CSSM_CC_HANDLE CCHandle, 199 const CSSM_DL_DB_LIST *DBList, 200 uint32 PassThroughId, 201 const void *InputParams, 202 void **OutputParams) 203{ 204 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 205} 206 207void AppleTPSession::CertRemoveFromCrlTemplate(CSSM_CL_HANDLE CLHandle, 208 CSSM_CSP_HANDLE CSPHandle, 209 const CssmData *OldCrlTemplate, 210 const CSSM_CERTGROUP &CertGroupToBeRemoved, 211 const CSSM_CERTGROUP &RevokerCertGroup, 212 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, 213 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, 214 CssmData &NewCrlTemplate) 215{ 216 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 217} 218 219void AppleTPSession::CertRevoke(CSSM_CL_HANDLE CLHandle, 220 CSSM_CSP_HANDLE CSPHandle, 221 const CssmData *OldCrlTemplate, 222 const CSSM_CERTGROUP &CertGroupToBeRevoked, 223 const CSSM_CERTGROUP &RevokerCertGroup, 224 const CSSM_TP_VERIFY_CONTEXT &RevokerVerifyContext, 225 CSSM_TP_VERIFY_CONTEXT_RESULT &RevokerVerifyResult, 226 CSSM_TP_CERTCHANGE_REASON Reason, 227 CssmData &NewCrlTemplate) 228{ 229 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 230} 231 232void AppleTPSession::CertReclaimAbort(CSSM_LONG_HANDLE KeyCacheHandle) 233{ 234 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 235} 236 237void AppleTPSession::CrlCreateTemplate(CSSM_CL_HANDLE CLHandle, 238 uint32 NumberOfFields, 239 const CSSM_FIELD CrlFields[], 240 CssmData &NewCrlTemplate) 241{ 242 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 243} 244 245void AppleTPSession::CertGroupToTupleGroup(CSSM_CL_HANDLE CLHandle, 246 const CSSM_CERTGROUP &CertGroup, 247 CSSM_TUPLEGROUP_PTR &TupleGroup) 248{ 249 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 250} 251 252void AppleTPSession::FormRequest(const CSSM_TP_AUTHORITY_ID *PreferredAuthority, 253 CSSM_TP_FORM_TYPE FormType, 254 CssmData &BlankForm) 255{ 256 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 257} 258 259void AppleTPSession::CrlSign(CSSM_CL_HANDLE CLHandle, 260 CSSM_CC_HANDLE CCHandle, 261 const CSSM_ENCODED_CRL &CrlToBeSigned, 262 const CSSM_CERTGROUP &SignerCertGroup, 263 const CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, 264 CSSM_TP_VERIFY_CONTEXT_RESULT *SignerVerifyResult, 265 CssmData &SignedCrl) 266{ 267 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 268} 269 270void AppleTPSession::CertGroupPrune(CSSM_CL_HANDLE CLHandle, 271 const CSSM_DL_DB_LIST &DBList, 272 const CSSM_CERTGROUP &OrderedCertGroup, 273 CSSM_CERTGROUP_PTR &PrunedCertGroup) 274{ 275 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 276} 277 278void AppleTPSession::ApplyCrlToDb(CSSM_CL_HANDLE CLHandle, 279 CSSM_CSP_HANDLE CSPHandle, 280 const CSSM_ENCODED_CRL &CrlToBeApplied, 281 const CSSM_CERTGROUP &SignerCertGroup, 282 const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext, 283 CSSM_TP_VERIFY_CONTEXT_RESULT &ApplyCrlVerifyResult) 284{ 285 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 286} 287 288void AppleTPSession::CertGetAllTemplateFields(CSSM_CL_HANDLE CLHandle, 289 const CssmData &CertTemplate, 290 uint32 &NumberOfFields, 291 CSSM_FIELD_PTR &CertFields) 292{ 293 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 294} 295 296void AppleTPSession::ConfirmCredResult(const CssmData &ReferenceIdentifier, 297 const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, 298 const CSSM_TP_CONFIRM_RESPONSE &Responses, 299 const CSSM_TP_AUTHORITY_ID *PreferredAuthority) 300{ 301 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 302} 303 304void AppleTPSession::FormSubmit(CSSM_TP_FORM_TYPE FormType, 305 const CssmData &Form, 306 const CSSM_TP_AUTHORITY_ID *ClearanceAuthority, 307 const CSSM_TP_AUTHORITY_ID *RepresentedAuthority, 308 AccessCredentials *Credentials) 309{ 310 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 311} 312 313