#ifndef _PKCS12_CODER_H_
#define _PKCS12_CODER_H_
#include <security_pkcs12/SecPkcs12.h>
#include <security_pkcs12/pkcs12SafeBag.h>
#include <vector>
class P12Coder {
public:
P12Coder();
~P12Coder();
void setMacPassPhrase(
CFStringRef passphrase);
void setEncrPassPhrase(
CFStringRef passphrase);
void setMacPassKey(
const CSSM_KEY *passKey);
void setEncrPassKey(
const CSSM_KEY *passKey);
void decode(
CFDataRef pfx);
void setKeychain(
SecKeychainRef keychain);
void setCsp(
CSSM_CSP_HANDLE cspHand) { mCspHand = cspHand; }
void setDlDb(
CSSM_DL_DB_HANDLE dlDbHand) { mDlDbHand = dlDbHand; }
CSSM_CSP_HANDLE cspHand() { return mCspHand; }
void setAccess(
SecAccessRef access);
void setKeyUsage(
CSSM_KEYUSE keyUsage) { mKeyUsage = keyUsage; }
void setKeyAttrs(
CSSM_KEYATTR_FLAGS keyAttrs);
void importFlags(
SecPkcs12ImportFlags flags) { mImportFlags = flags; }
SecPkcs12ImportFlags importFlags()
{ return mImportFlags; }
void exportKeychainItems(
CFArrayRef items);
unsigned numCerts();
unsigned numCrls();
unsigned numKeys();
unsigned numOpaqueBlobs();
P12CertBag *getCert(
unsigned dex);
P12CrlBag *getCrl(
unsigned dex);
P12KeyBag *getKey(
unsigned dex);
P12OpaqueBag *getOpaque(
unsigned dex);
void encode(
CFDataRef *pfx);
void addCert(
P12CertBag *cert);
void addCrl(
P12CrlBag *crl);
void addKey(
P12KeyBag *key);
void addOpaque(
P12OpaqueBag *opaque);
SecPkcs12Mode integrityMode() { return mIntegrityMode; }
SecPkcs12Mode privacyMode() { return mPrivacyMode; }
void integrityMode(
SecPkcs12Mode mode);
void privacyMode(
SecPkcs12Mode mode);
SecNssCoder &coder() { return mCoder; }
unsigned weakEncrIterCount() { return mWeakEncrIterCount; }
unsigned strongEncrIterCount() { return mStrongEncrIterCount; }
unsigned macEncrIterCount() { return mMacIterCount; }
void weakEncrIterCount(
unsigned ic) { mWeakEncrIterCount = ic; }
void strongEncrIterCount(
unsigned ic) { mStrongEncrIterCount = ic; }
void macEncrIterCount(
unsigned ic) { mMacIterCount = ic; }
CFDataRef weakEncrAlg();
CFDataRef strongEncrAlg();
void weakEncrAlg(
CFDataRef alg);
void strongEncrAlg(
CFDataRef alg);
void deleteDecodedItems();
void limitPrivKeyImport(
bool foundOneKey);
private:
void init();
const CSSM_DATA *getMacPassPhrase();
const CSSM_DATA *getEncrPassPhrase();
const CSSM_KEY *getMacPassKey();
const CSSM_KEY *getEncrPassKey();
void storeDecodeResults();
void setPrivateKeyHashes();
void notifyKeyImport();
P12CertBag *findCertForKey(
P12KeyBag *keyBag);
void addSecKey(
SecKeyRef keyRef);
void addSecCert(
SecCertificateRef certRef);
CSSM_CSP_HANDLE rawCspHand();
CSSM_CL_HANDLE clHand();
void encryptedDataDecrypt(
const NSS_P7_EncryptedData &edata,
SecNssCoder &localCdr,
NSS_P12_PBE_Params *pbep,
CSSM_DATA &ptext);
void algIdParse(
const CSSM_X509_ALGORITHM_IDENTIFIER &algId,
NSS_P12_PBE_Params *pbeParams,
SecNssCoder &localCdr);
void encryptedDataParse(
const NSS_P7_EncryptedData &edata,
SecNssCoder &localCdr,
NSS_P12_PBE_Params *pbep);
void shroudedKeyBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void keyBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void certBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void crlBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void secretBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void safeContentsBagParse(
const NSS_P12_SafeBag &safeBag,
SecNssCoder &localCdr);
void safeContentsParse(
const CSSM_DATA &contentsBlob,
SecNssCoder &localCdr);
void authSafeElementParse(
const NSS_P7_DecodedContentInfo *info,
SecNssCoder &localCdr);
void macParse(
const NSS_P12_MacData &macData,
SecNssCoder &localCdr);
void authSafeParse(
const CSSM_DATA &authSafeBlob,
SecNssCoder &localCdr);
NSS_P7_DecodedContentInfo *safeContentsBuild(
NSS_P12_SafeBag **bags,
NSS_P7_CI_Type type, CSSM_OID *encrOid, unsigned iterCount, SecNssCoder &localCdr);
void authSafeBuild(
NSS_P7_DecodedContentInfo &authSafe,
SecNssCoder &localCdr);
void encryptData(
const CSSM_DATA &ptext,
CSSM_OID &encrOid,
unsigned iterCount,
NSS_P7_EncryptedData &ed,
SecNssCoder &localCdr);
void algIdBuild(
CSSM_X509_ALGORITHM_IDENTIFIER &algId,
const CSSM_OID &algOid,
const CSSM_DATA &salt,
unsigned iterCount,
SecNssCoder &localCdr);
void macSignPfx(
NSS_P12_DecodedPFX &pfx,
SecNssCoder &localCdr);
NSS_P12_SafeBag *certBagBuild(
P12CertBag *cert,
SecNssCoder &localCdr);
NSS_P12_SafeBag *crlBagBuild(
P12CrlBag *crl,
SecNssCoder &localCdr);
NSS_P12_SafeBag *keyBagBuild(
P12KeyBag *key,
SecNssCoder &localCdr);
NSS_P12_SafeBag *opaqueBagBuild(
P12OpaqueBag *op,
SecNssCoder &localCdr);
SecPkcs12Mode mPrivacyMode;
SecPkcs12Mode mIntegrityMode;
CFStringRef mMacPassphrase;
CFStringRef mEncrPassPhrase;
CSSM_DATA mMacPassData;
CSSM_DATA mEncrPassData;
const CSSM_KEY *mMacPassKey;
const CSSM_KEY *mEncrPassKey;
SecKeychainRef mKeychain;
CSSM_CSP_HANDLE mCspHand;
CSSM_DL_DB_HANDLE mDlDbHand;
typedef enum {
PKIS_NoLimit, PKIS_AllowOne, PKIS_NoMore } p12PrivKeyImportState;
p12PrivKeyImportState mPrivKeyImportState;
CSSM_OID mWeakEncrAlg; CSSM_OID mStrongEncrAlg;
unsigned mWeakEncrIterCount;
unsigned mStrongEncrIterCount;
unsigned mMacIterCount;
SecPkcs12ImportFlags mImportFlags;
vector<P12CertBag *> mCerts;
vector<P12CrlBag *> mCrls;
vector<P12KeyBag *> mKeys;
vector<P12OpaqueBag *> mOpaques;
CSSM_CSP_HANDLE mRawCspHand;
CSSM_CL_HANDLE mClHand;
SecAccessRef mAccess;
bool mNoAcl;
CSSM_KEYUSE mKeyUsage;
CSSM_KEYATTR_FLAGS mKeyAttrs;
SecNssCoder mCoder;
};
#endif