SSCSPDLSession.cpp [plain text]
#include "SSCSPDLSession.h"
#include "CSPDLPlugin.h"
#include "SSKey.h"
#ifndef SECURITYSERVER_ACL_EDITS
#include <security_cdsa_client/aclclient.h>
#include <security_keychain/Access.h>
#include <security_keychain/TrustedApplication.h>
#include <security_utilities/seccfobject.h>
class ClientSessionKey: public CssmClient::AclBearer
{
public:
ClientSessionKey(SecurityServer::ClientSession &clientSession, SecurityServer::KeyHandle keyHandle);
~ClientSessionKey();
virtual void getAcl(AutoAclEntryInfoList &aclInfos,
const char *selectionTag = NULL) const;
virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
const CSSM_ACCESS_CREDENTIALS *cred = NULL);
virtual void getOwner(AutoAclOwnerPrototype &owner) const;
virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
const CSSM_ACCESS_CREDENTIALS *cred = NULL);
private:
SecurityServer::ClientSession &mClientSession;
SecurityServer::KeyHandle mKeyHandle;
};
#endif //!SECURITYSERVER_ACL_EDITS
using namespace SecurityServer;
SSCSPDLSession::SSCSPDLSession()
{
}
void
SSCSPDLSession::makeReferenceKey(SSCSPSession &session, KeyHandle inKeyHandle,
CssmKey &outKey, SSDatabase &inSSDatabase,
uint32 inKeyAttr, const CssmData *inKeyLabel)
{
new SSKey(session, inKeyHandle, outKey, inSSDatabase, inKeyAttr,
inKeyLabel);
}
SSKey &
SSCSPDLSession::lookupKey(const CssmKey &inKey)
{
if(inKey.blobType() != CSSM_KEYBLOB_REFERENCE) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
}
SSKey &theKey = find<SSKey>(inKey);
#ifdef someday
CSSM_KEYHEADER localHdr = cssmKey.KeyHeader;
get binKey-like thing from SSKey, maybe SSKey should keep a copy of
hdr...but that's' not supersecure....;
localHdr.BlobType = binKey->mKeyHeader.BlobType;
localHdr.Format = binKey->mKeyHeader.Format;
if(memcmp(&localHdr, &binKey->mKeyHeader, sizeof(CSSM_KEYHEADER))) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
}
#endif
return theKey;
}
void
SSCSPDLSession::didChangeKeyAcl(SecurityServer::ClientSession &clientSession,
KeyHandle keyHandle, CSSM_ACL_AUTHORIZATION_TAG tag)
{
SSKey *theKey = NULL;
{
StLock<Mutex> _(mKeyMapLock);
KeyMap::const_iterator it;
KeyMap::const_iterator end = mKeyMap.end();
for (it = mKeyMap.begin(); it != end; ++it)
{
SSKey *aKey = dynamic_cast<SSKey *>(it->second);
if (aKey->optionalKeyHandle() == keyHandle)
{
theKey = aKey;
break;
}
}
}
if (theKey)
{
theKey->didChangeAcl();
}
else
{
secdebug("keyacl", "SSCSPDLSession::didChangeKeyAcl() keyHandle: %lu not found in map", keyHandle);
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
}
}
void
SSCSPDLSession::didChangeKeyAclCallback(void *context, SecurityServer::ClientSession &clientSession,
SecurityServer::KeyHandle key, CSSM_ACL_AUTHORIZATION_TAG tag)
{
reinterpret_cast<SSCSPDLSession *>(context)->didChangeKeyAcl(clientSession, key, tag);
}
#ifndef SECURITYSERVER_ACL_EDITS
ClientSessionKey::ClientSessionKey(ClientSession &clientSession, SecurityServer::KeyHandle keyHandle) :
mClientSession(clientSession),
mKeyHandle(keyHandle)
{
}
ClientSessionKey::~ClientSessionKey()
{
}
void
ClientSessionKey::getAcl(AutoAclEntryInfoList &aclInfos,
const char *selectionTag) const
{
secdebug("keyacl", "ClientSessionKey::getAcl() keyHandle: %u", mKeyHandle);
aclInfos.allocator(mClientSession.returnAllocator);
mClientSession.getKeyAcl(mKeyHandle, selectionTag,
*static_cast<uint32 *>(aclInfos),
*reinterpret_cast<AclEntryInfo **>(static_cast<CSSM_ACL_ENTRY_INFO_PTR *>(aclInfos)));
}
void
ClientSessionKey::changeAcl(const CSSM_ACL_EDIT &aclEdit,
const CSSM_ACCESS_CREDENTIALS *cred)
{
secdebug("keyacl", "ClientSessionKey::changeAcl() keyHandle: %u", mKeyHandle);
mClientSession.changeKeyAcl(mKeyHandle, AccessCredentials::overlay(*cred), AclEdit::overlay(aclEdit));
}
void
ClientSessionKey::getOwner(AutoAclOwnerPrototype &owner) const
{
secdebug("keyacl", "ClientSessionKey::getOwner() keyHandle: %u", mKeyHandle);
owner.allocator(mClientSession.returnAllocator);
mClientSession.getKeyOwner(mKeyHandle,
*reinterpret_cast<AclOwnerPrototype *>(static_cast<CSSM_ACL_OWNER_PROTOTYPE *>(owner)));
}
void
ClientSessionKey::changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
const CSSM_ACCESS_CREDENTIALS *cred)
{
secdebug("keyacl", "ClientSessionKey::changeOwner() keyHandle: %u", mKeyHandle);
mClientSession.changeKeyOwner(mKeyHandle, AccessCredentials::overlay(*cred), AclOwnerPrototype::overlay(newOwner));
}
#endif // !SECURITYSERVER_ACL_EDITS