#include <security_cdsa_utilities/acl_secret.h>
#include <security_utilities/trackingallocator.h>
#include <security_utilities/debugging.h>
#include <security_utilities/endian.h>
#include <algorithm>
SecretAclSubject::SecretAclSubject(Allocator &alloc,
CSSM_ACL_SUBJECT_TYPE type, const CssmData &password)
: SimpleAclSubject(type), allocator(alloc),
mSecret(alloc, password), mSecretValid(true), mCacheSecret(false)
{ }
SecretAclSubject::SecretAclSubject(Allocator &alloc,
CSSM_ACL_SUBJECT_TYPE type, CssmManagedData &password)
: SimpleAclSubject(type), allocator(alloc),
mSecret(alloc, password), mSecretValid(true), mCacheSecret(false)
{ }
SecretAclSubject::SecretAclSubject(Allocator &alloc,
CSSM_ACL_SUBJECT_TYPE type, bool doCache)
: SimpleAclSubject(type), allocator(alloc),
mSecret(alloc), mSecretValid(false), mCacheSecret(doCache)
{ }
void SecretAclSubject::secret(const CssmData &s) const
{
assert(!mSecretValid); if (mCacheSecret) {
mSecret = s;
mSecretValid = true;
secdebug("aclsecret", "%p secret stored", this);
} else
secdebug("aclsecret", "%p refused to store secret", this);
}
void SecretAclSubject::secret(CssmManagedData &s) const
{
assert(!mSecretValid); if (mCacheSecret) {
mSecret = s;
mSecretValid = true;
secdebug("aclsecret", "%p secret stored", this);
} else
secdebug("aclsecret", "%p refused to store secret", this);
}
bool SecretAclSubject::validate(const AclValidationContext &context,
const TypedList &sample) const
{
CssmAutoData secret(allocator);
if (!getSecret(context, sample, secret))
return false;
if (mSecretValid) {
return mSecret == secret;
} else if (Environment *env = context.environment<Environment>()) {
TrackingAllocator alloc(Allocator::standard());
TypedList data(alloc, type(), new(alloc) ListElement(secret.get()));
CssmSample sample(data);
AccessCredentials cred((SampleGroup(sample)), context.credTag());
return env->validateSecret(this, &cred);
} else {
return false;
}
}
#ifdef DEBUGDUMP
void SecretAclSubject::debugDump() const
{
if (mSecretValid) {
Debug::dump(" ");
Debug::dumpData(mSecret.data(), mSecret.length());
}
if (mCacheSecret)
Debug::dump("; CACHING");
}
#endif //DEBUGDUMP