#ifndef _H_CDSA_CLIENT_ACLCLIENT
#define _H_CDSA_CLIENT_ACLCLIENT 1
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/cssmacl.h>
#include <security_cdsa_utilities/cssmcred.h>
#include <security_utilities/refcount.h>
#include <security_utilities/globalizer.h>
namespace Security {
namespace CssmClient {
class CSP;
class AclBearer : public virtual RefCount {
public:
virtual ~AclBearer();
virtual void getAcl(AutoAclEntryInfoList &aclInfos,
const char *selectionTag = NULL) const = 0;
virtual void changeAcl(const CSSM_ACL_EDIT &aclEdit,
const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
void addAcl(const AclEntryInput &input, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
void changeAcl(CSSM_ACL_HANDLE handle, const AclEntryInput &input,
const CSSM_ACCESS_CREDENTIALS *cred = NULL);
void deleteAcl(CSSM_ACL_HANDLE handle, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
void deleteAcl(const char *tag = NULL, const CSSM_ACCESS_CREDENTIALS *cred = NULL);
virtual void getOwner(AutoAclOwnerPrototype &owner) const = 0;
virtual void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
const CSSM_ACCESS_CREDENTIALS *cred = NULL) = 0;
};
class KeyAclBearer : public AclBearer {
public:
KeyAclBearer(CSSM_CSP_HANDLE cspH, CSSM_KEY &theKey, Allocator &alloc)
: csp(cspH), key(theKey), allocator(alloc) { }
const CSSM_CSP_HANDLE csp;
CSSM_KEY &key;
Allocator &allocator;
protected:
void getAcl(AutoAclEntryInfoList &aclInfos,
const char *selectionTag = NULL) const;
void changeAcl(const CSSM_ACL_EDIT &aclEdit,
const CSSM_ACCESS_CREDENTIALS *cred = NULL);
void getOwner(AutoAclOwnerPrototype &owner) const;
void changeOwner(const CSSM_ACL_OWNER_PROTOTYPE &newOwner,
const CSSM_ACCESS_CREDENTIALS *cred = NULL);
};
class AclFactory {
public:
AclFactory();
virtual ~AclFactory();
const AccessCredentials *nullCred() const; const AccessCredentials *promptCred() const; const AccessCredentials *unlockCred() const;
const AccessCredentials *cancelCred() const;
const AccessCredentials *promptedPINCred() const;
const AccessCredentials *promptedPINItemCred() const;
const AclOwnerPrototype &anyOwner() const; const AclEntryInfo &anyAcl() const;
protected:
class KeychainCredentials {
public:
KeychainCredentials(Allocator &alloc)
: allocator(alloc), mCredentials(new AutoCredentials(alloc)) { }
virtual ~KeychainCredentials();
Allocator &allocator;
operator const AccessCredentials* () const { return mCredentials; }
protected:
AutoCredentials *mCredentials;
};
public:
class PassphraseUnlockCredentials : public KeychainCredentials {
public:
PassphraseUnlockCredentials (const CssmData& password, Allocator& allocator);
};
class PasswordChangeCredentials : public KeychainCredentials {
public:
PasswordChangeCredentials (const CssmData& password, Allocator& allocator);
};
public:
class AnyResourceContext : public ResourceControlContext {
public:
AnyResourceContext(const CSSM_ACCESS_CREDENTIALS *cred = NULL);
private:
ListElement mAny;
CSSM_ACL_AUTHORIZATION_TAG mTag;
};
public:
struct Subject : public TypedList {
Subject(Allocator &alloc, CSSM_ACL_SUBJECT_TYPE type);
};
struct AnySubject : public Subject {
AnySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY) { }
};
struct NobodySubject : public Subject {
NobodySubject(Allocator &alloc) : Subject(alloc, CSSM_ACL_SUBJECT_TYPE_COMMENT) { }
};
struct PWSubject : public Subject {
PWSubject(Allocator &alloc); PWSubject(Allocator &alloc, const CssmData &secret); };
struct PromptPWSubject : public Subject {
PromptPWSubject(Allocator &alloc, const CssmData &prompt);
PromptPWSubject(Allocator &alloc, const CssmData &prompt, const CssmData &secret);
};
struct ProtectedPWSubject : public Subject {
ProtectedPWSubject(Allocator &alloc);
};
struct PinSubject : public Subject {
PinSubject(Allocator &alloc, uint32 slot);
};
struct PinSourceSubject : public Subject {
PinSourceSubject(Allocator &alloc, const TypedList &form);
};
};
} }
#endif // _H_CDSA_CLIENT_ACLCLIENT