#ifndef _CSSMACLPOD
#define _CSSMACLPOD
#include <security_utilities/utilities.h>
#include <security_cdsa_utilities/cssmlist.h>
#include <security_cdsa_utilities/cssmalloc.h>
namespace Security {
typedef CSSM_ACL_AUTHORIZATION_TAG AclAuthorization;
class AclAuthorizationSet : public std::set<AclAuthorization> {
public:
AclAuthorizationSet() { }
AclAuthorizationSet(AclAuthorization auth) { insert(auth); }
AclAuthorizationSet(AclAuthorization *authBegin, AclAuthorization *authEnd)
: set<AclAuthorization>(authBegin, authEnd) { }
AclAuthorizationSet(AclAuthorization a1, AclAuthorization a2, ...); };
class AuthorizationGroup : public PodWrapper<AuthorizationGroup, CSSM_AUTHORIZATIONGROUP> {
public:
AuthorizationGroup() { NumberOfAuthTags = 0; }
AuthorizationGroup(const AclAuthorizationSet &, Allocator &alloc);
AuthorizationGroup(AclAuthorization tag, Allocator &alloc);
void destroy(Allocator &alloc);
bool empty() const { return NumberOfAuthTags == 0; }
unsigned int size() const { return NumberOfAuthTags; }
unsigned int count() const { return NumberOfAuthTags; }
CSSM_ACL_AUTHORIZATION_TAG operator [] (unsigned ix) const
{ assert(ix < size()); return AuthTags[ix]; }
bool contains(CSSM_ACL_AUTHORIZATION_TAG tag) const;
operator AclAuthorizationSet () const;
};
class AclOwnerPrototype;
class AclEntryPrototype : public PodWrapper<AclEntryPrototype, CSSM_ACL_ENTRY_PROTOTYPE> {
public:
AclEntryPrototype() { clearPod(); }
explicit AclEntryPrototype(const AclOwnerPrototype &proto);
AclEntryPrototype(const CSSM_LIST &subj, bool delegate = false)
{ clearPod(); TypedSubject = subj; Delegate = delegate; }
TypedList &subject() { return TypedList::overlay(TypedSubject); }
const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
bool delegate() const { return Delegate; }
void delegate(bool d) { Delegate = d; }
char *tag() { return EntryTag[0] ? EntryTag : NULL; }
void tag(const char *tagString);
void tag(const std::string &tagString);
const char *tag() const { return EntryTag[0] ? EntryTag : NULL; }
std::string s_tag() const { return EntryTag; }
AuthorizationGroup &authorization() { return AuthorizationGroup::overlay(Authorization); }
const AuthorizationGroup &authorization() const
{ return AuthorizationGroup::overlay(Authorization); }
};
class AclOwnerPrototype : public PodWrapper<AclOwnerPrototype, CSSM_ACL_OWNER_PROTOTYPE> {
public:
AclOwnerPrototype() { clearPod(); }
explicit AclOwnerPrototype(const AclEntryPrototype &proto)
{ TypedSubject = proto.subject(); delegate(proto.delegate()); }
AclOwnerPrototype(const CSSM_LIST &subj, bool del = false)
{ TypedSubject = subj; delegate(del); }
TypedList &subject() { return TypedList::overlay(TypedSubject); }
const TypedList &subject() const { return TypedList::overlay(TypedSubject); }
bool delegate() const { return Delegate; }
void delegate(bool d) { Delegate = d; }
};
class AclEntryInfo : public PodWrapper<AclEntryInfo, CSSM_ACL_ENTRY_INFO> {
public:
AclEntryInfo() { clearPod(); }
AclEntryInfo(const AclEntryPrototype &prot, CSSM_ACL_HANDLE h = 0)
{ proto() = prot; handle() = h; }
AclEntryPrototype &proto() { return AclEntryPrototype::overlay(EntryPublicInfo); }
const AclEntryPrototype &proto() const
{ return AclEntryPrototype::overlay(EntryPublicInfo); }
operator AclEntryPrototype &() { return proto(); }
operator const AclEntryPrototype &() const { return proto(); }
CSSM_ACL_HANDLE &handle() { return EntryHandle; }
const CSSM_ACL_HANDLE &handle() const { return EntryHandle; }
void handle(CSSM_ACL_HANDLE h) { EntryHandle = h; }
};
class AclEntryInput : public PodWrapper<AclEntryInput, CSSM_ACL_ENTRY_INPUT> {
public:
AclEntryInput() { clearPod(); }
AclEntryInput(const CSSM_ACL_ENTRY_PROTOTYPE &prot)
{ Prototype = prot; Callback = NULL; CallerContext = NULL; }
AclEntryInput &operator = (const CSSM_ACL_ENTRY_PROTOTYPE &prot)
{ Prototype = prot; Callback = NULL; CallerContext = NULL; return *this; }
AclEntryPrototype &proto() { return AclEntryPrototype::overlay(Prototype); }
const AclEntryPrototype &proto() const { return AclEntryPrototype::overlay(Prototype); }
};
class AclEdit : public PodWrapper<AclEdit, CSSM_ACL_EDIT> {
public:
AclEdit(CSSM_ACL_EDIT_MODE m, CSSM_ACL_HANDLE h, const AclEntryInput *data)
{ EditMode = m; OldEntryHandle = h; NewEntry = data; }
AclEdit(const AclEntryInput &add)
{ EditMode = CSSM_ACL_EDIT_MODE_ADD; OldEntryHandle = CSSM_INVALID_HANDLE; NewEntry = &add; }
AclEdit(CSSM_ACL_HANDLE h, const AclEntryInput &modify)
{ EditMode = CSSM_ACL_EDIT_MODE_REPLACE; OldEntryHandle = h; NewEntry = &modify; }
AclEdit(CSSM_ACL_HANDLE h)
{ EditMode = CSSM_ACL_EDIT_MODE_DELETE; OldEntryHandle = h; NewEntry = NULL; }
CSSM_ACL_EDIT_MODE mode() const { return EditMode; }
CSSM_ACL_HANDLE handle() const { return OldEntryHandle; }
const AclEntryInput *newEntry() const { return AclEntryInput::overlay(NewEntry); }
};
class AutoAclOwnerPrototype {
NOCOPY(AutoAclOwnerPrototype)
public:
AutoAclOwnerPrototype(Allocator *allocator = NULL)
: mAclOwnerPrototype(NULL), mAllocator(allocator) { }
~AutoAclOwnerPrototype();
operator bool () const { return mAllocator; }
bool operator ! () const { return !mAllocator; }
operator AclOwnerPrototype * () { return make(); }
operator AclOwnerPrototype & () { return *make(); }
AclOwnerPrototype &operator * () { return *make(); }
TypedList &subject() { return make()->subject(); }
TypedList &subject() const
{ assert(mAclOwnerPrototype); return mAclOwnerPrototype->subject(); }
bool delegate() const
{ assert(mAclOwnerPrototype); return mAclOwnerPrototype->delegate(); }
void delegate(bool d) { make()->delegate(d); }
void allocator(Allocator &allocator);
Allocator &allocator() const { assert(mAllocator); return *mAllocator; }
AclOwnerPrototype &operator = (const TypedList &subj)
{ make()->subject() = subj; make()->delegate(false); return *mAclOwnerPrototype; }
const AclOwnerPrototype *release()
{ AclOwnerPrototype *r = mAclOwnerPrototype; mAclOwnerPrototype = NULL; return r; }
private:
AclOwnerPrototype *mAclOwnerPrototype;
Allocator *mAllocator;
AclOwnerPrototype *make();
};
class AutoAclEntryInfoList {
NOCOPY(AutoAclEntryInfoList)
public:
AutoAclEntryInfoList(Allocator *allocator = NULL)
: mEntries(NULL), mCount(0), mAllocator(allocator) { }
~AutoAclEntryInfoList() { clear(); }
operator bool () const { return mAllocator; }
bool operator ! () const { return !mAllocator; }
operator uint32 *() { return &mCount; }
operator CSSM_ACL_ENTRY_INFO ** () { return reinterpret_cast<CSSM_ACL_ENTRY_INFO **>(&mEntries); }
void allocator(Allocator &allocator);
Allocator &allocator() const { assert(mAllocator); return *mAllocator; }
const AclEntryInfo &at(uint32 ix) const
{ assert(ix < mCount); return mEntries[ix]; }
const AclEntryInfo &operator [] (uint32 ix) const { return at(ix); }
AclEntryInfo &at(uint32 ix);
AclEntryInfo &operator[] (uint32 ix) { return at(ix); }
uint32 size() const { return mCount; }
uint32 count() const { return mCount; }
AclEntryInfo *entries() const { return mEntries; }
void clear();
void size(uint32 newSize);
void add(const TypedList &subj, const AclAuthorizationSet &auths, const char *tag = NULL);
void addPin(const TypedList &subj, uint32 slot);
void addPinState(uint32 slot, uint32 state);
void addPinState(uint32 slot, uint32 state, uint32 count);
void release() { mAllocator = NULL; }
private:
AclEntryInfo *mEntries;
uint32 mCount;
Allocator *mAllocator;
};
uint32 pinFromAclTag(const char *tag, const char *suffix = NULL);
class AutoAuthorizationGroup : public AuthorizationGroup {
public:
AutoAuthorizationGroup(Allocator &alloc) : allocator(alloc) { }
explicit AutoAuthorizationGroup(const AclAuthorizationSet &set,
Allocator &alloc) : AuthorizationGroup(set, alloc), allocator(alloc) { }
~AutoAuthorizationGroup() { destroy(allocator); }
Allocator &allocator;
};
namespace DataWalkers {
template <class Action>
AclEntryInput *walk(Action &operate, AclEntryInput * &input)
{
operate(input);
walk(operate, input->proto());
return input;
}
template <class Action>
void walk(Action &operate, AclEntryInput &input)
{
operate(input);
walk(operate, input.proto());
}
template <class Action>
void walk(Action &operate, AclEntryInfo &info)
{
operate(info);
walk(operate, info.proto());
}
template <class Action>
void walk(Action &operate, AuthorizationGroup &auth)
{
operate(auth);
uint32 count = auth.count();
operate.blob(auth.AuthTags, count * sizeof(auth.AuthTags[0]));
for (uint32 n = 0; n < count; n++)
operate(auth.AuthTags[n]);
}
template <class Action>
void walk(Action &operate, CSSM_AUTHORIZATIONGROUP &auth)
{ walk(operate, static_cast<CSSM_AUTHORIZATIONGROUP &>(auth)); }
template <class Action>
void enumerate(Action &operate, AclEntryPrototype &proto)
{
walk(operate, proto.subject());
walk(operate, proto.authorization());
}
template <class Action>
void walk(Action &operate, AclEntryPrototype &proto)
{
operate(proto);
enumerate(operate, proto);
}
template <class Action>
AclEntryPrototype *walk(Action &operate, AclEntryPrototype * &proto)
{
operate(proto);
enumerate(operate, *proto);
return proto;
}
template <class Action>
void walk(Action &operate, AclOwnerPrototype &proto)
{
operate(proto);
walk(operate, proto.subject());
}
template <class Action>
AclOwnerPrototype *walk(Action &operate, AclOwnerPrototype * &proto)
{
operate(proto);
walk(operate, proto->subject());
return proto;
}
}
}
#endif //_CSSMACLPOD