#ifndef _SECURITY_TRUST_H_
#define _SECURITY_TRUST_H_
#include <Security/SecRuntime.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/StorageManager.h>
#include <Security/tpclient.h>
#include <Security/cfutilities.h>
#include <Security/SecTrust.h>
#include <Security/Certificate.h>
#include <Security/Policies.h>
#include <Security/TrustStore.h>
#include <vector>
using namespace CssmClient;
namespace Security {
namespace KeychainCore {
class Trust : public SecCFObject
{
NOCOPY(Trust)
public:
Trust(CFTypeRef certificates, CFTypeRef policies);
virtual ~Trust();
void action(CSSM_TP_ACTION action) { mAction = action; }
void actionData(CFDataRef data) { mActionData = data; }
void time(CFDateRef verifyTime) { mVerifyTime = verifyTime; }
void anchors(CFArrayRef anchorList) { mAnchors = cfArrayize(anchorList); }
StorageManager::KeychainList &searchLibs() { return mSearchLibs; }
void evaluate();
void buildEvidence(CFArrayRef &certChain, TPEvidenceInfo * &statusChain);
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR cssmResult();
SecTrustResultType result() const { return mResult; }
TP getTPHandle() const { return mTP; }
static void releaseTPEvidence(TPVerifyResult &result, CssmAllocator &allocator);
private:
SecTrustResultType diagnoseOutcome();
void evaluateUserTrust(const CertGroup &certs,
const CSSM_TP_APPLE_EVIDENCE_INFO *info);
void clearResults();
private:
TP mTP;
CSSM_TP_ACTION mAction; CFRef<CFDataRef> mActionData; CFRef<CFDateRef> mVerifyTime; CFRef<CFArrayRef> mCerts; CFRef<CFArrayRef> mPolicies; CFRef<CFArrayRef> mAnchors; StorageManager::KeychainList mSearchLibs;
SecTrustResultType mResult; uint32 mResultIndex; OSStatus mTpReturn; TPVerifyResult mTpResult;
vector< RefPointer<Certificate> > mCertChain;
CFRef<CFArrayRef> mEvidenceReturned;
public:
static ModuleNexus<TrustStore> Trust::gStore;
};
}
}
#endif // !_SECURITY_TRUST_H_