1/* 2 * Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// TrustStore.h - Abstract interface to permanent user trust assignments 26// 27#ifndef _SECURITY_TRUSTSTORE_H_ 28#define _SECURITY_TRUSTSTORE_H_ 29 30#include <security_keychain/Certificate.h> 31#include <security_keychain/Policies.h> 32#include <Security/SecTrust.h> 33#include <security_keychain/TrustItem.h> 34 35 36namespace Security { 37namespace KeychainCore { 38 39 40// 41// A TrustStore object mediates access to "user trust" information stored 42// for a user (usually in her keychains). 43// For lack of a better home, access to the default anchor certificate 44// list is also provided here. 45// 46class TrustStore { 47 NOCOPY(TrustStore) 48public: 49 TrustStore(Allocator &alloc = Allocator::standard()); 50 virtual ~TrustStore(); 51 52 Allocator &allocator; 53 54 // set/get user trust for a certificate and policy 55 SecTrustUserSetting find(Certificate *cert, Policy *policy, 56 StorageManager::KeychainList &keychainList); 57 void assign(Certificate *cert, Policy *policy, SecTrustUserSetting assignment); 58 59 void getCssmRootCertificates(CertGroup &roots); 60 61 typedef UserTrustItem::TrustData TrustData; 62 63protected: 64 Item findItem(Certificate *cert, Policy *policy, 65 StorageManager::KeychainList &keychainList); 66 void loadRootCertificates(); 67 68private: 69 bool mRootsValid; // roots have been loaded from disk 70 vector<CssmData> mRoots; // array of CssmDatas to certificate datas 71 CssmAutoData mRootBytes; // certificate data blobs (bunched up) 72 CFRef<CFArrayRef> mCFRoots; // mRoots as CFArray<SecCertificate> 73 Mutex mMutex; 74}; 75 76} // end namespace KeychainCore 77} // end namespace Security 78 79#endif // !_SECURITY_TRUSTSTORE_H_ 80