1/* 2 * Copyright (c) 2002-2004,2012 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// PolicyCursor.cpp 26// 27#include <security_keychain/PolicyCursor.h> 28#include <security_keychain/Policies.h> 29#include <Security/oidsalg.h> 30#include <security_cdsa_client/tpclient.h> 31 32using namespace KeychainCore; 33using namespace CssmClient; 34 35 36// 37// This preliminary implementation bypasses MDS and uses 38// a fixed set of policies known to exist in the one known TP. 39// 40struct TheOneTP : public TP { 41 TheOneTP() : TP(gGuidAppleX509TP) { } 42}; 43 44static ModuleNexus<TheOneTP> theOneTP; 45static const CssmOid *theOidList[] = { 46 static_cast<const CssmOid *>(&CSSMOID_APPLE_ISIGN), 47 static_cast<const CssmOid *>(&CSSMOID_APPLE_X509_BASIC), 48 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SSL), 49 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SMIME), 50 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_EAP), 51 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_SW_UPDATE_SIGNING), 52 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_IP_SEC), 53 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_ICHAT), 54 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_RESOURCE_SIGN), 55 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_CLIENT), 56 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PKINIT_SERVER), 57 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_CODE_SIGNING), 58 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_PACKAGE_SIGNING), 59 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_CRL), 60 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_REVOCATION_OCSP), 61 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT), 62 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_APPLEID_SHARING), 63 static_cast<const CssmOid *>(&CSSMOID_APPLE_TP_TIMESTAMPING), 64 NULL // sentinel 65}; 66 67 68// 69// Canonical Construction 70// 71PolicyCursor::PolicyCursor(const CSSM_OID* oid, const CSSM_DATA* value) 72 : mOid(Allocator::standard()), mOidGiven(false), mMutex(Mutex::recursive) 73{ 74 if (oid) { 75 mOid = CssmOid::required(oid); 76 mOidGiven = true; 77 } 78 mSearchPos = 0; 79} 80 81 82// 83// Destroy 84// 85PolicyCursor::~PolicyCursor() throw() 86{ 87} 88 89 90// 91// Crank the iterator 92// 93bool PolicyCursor::next(SecPointer<Policy> &policy) 94{ 95 StLock<Mutex>_(mMutex); 96 97 while (theOidList[mSearchPos]) { 98 if (mOidGiven && mOid != *theOidList[mSearchPos]) { 99 mSearchPos++; 100 continue; // no oid match 101 } 102 // ignoring mValue - not used by current TP 103 policy = new Policy(theOneTP(), *theOidList[mSearchPos]); 104 mSearchPos++; // advance cursor 105 return true; // return next match 106 } 107 return false; // end of table, no more matches 108} 109 110// 111// Return a new policy instance for an OID, outside of cursor iteration 112// 113void PolicyCursor::policy(const CSSM_OID* oid, SecPointer<Policy> &policy) 114{ 115 const CssmOid *policyOid = static_cast<const CssmOid *>(oid); 116 policy = new Policy(theOneTP(), *policyOid); 117} 118 119