1 files changed, 232 insertions, 0 deletions
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
new file mode 100644
index 0000000000..743d3d6770
--- /dev/null
+++ b/indra/newview/llsecapi.h
@@ -0,0 +1,232 @@
+/** 
+ * @file llsecapi.h
+ * @brief Security API for services such as certificate handling
+ * secure local storage, etc.
+ *
+ * $LicenseInfo:firstyear=2009&license=viewergpl$
+ * 
+ * Copyright (c) 2009, Linden Research, Inc.
+ * 
+ * Second Life Viewer Source Code
+ * The source code in this file ("Source Code") is provided by Linden Lab
+ * to you under the terms of the GNU General Public License, version 2.0
+ * ("GPL"), unless you have obtained a separate licensing agreement
+ * ("Other License"), formally executed by you and Linden Lab.  Terms of
+ * the GPL can be found in doc/GPL-license.txt in this distribution, or
+ * online at http://secondlife.com/developers/opensource/gplv2
+ * 
+ * There are special exceptions to the terms and conditions of the GPL as
+ * it is applied to this Source Code. View the full text of the exception
+ * in the file doc/FLOSS-exception.txt in this software distribution, or
+ * online at http://secondlife.com/developers/opensource/flossexception
+ * 
+ * By copying, modifying or distributing this software, you acknowledge
+ * that you have read and understood your obligations described above,
+ * and agree to abide by those obligations.
+ * 
+ * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
+ * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
+ * COMPLETENESS OR PERFORMANCE.
+ * $/LicenseInfo$
+ */
+
+#ifndef LLSECAPI_H
+#define LLSECAPI_H
+#include <vector>
+#include <openssl/x509.h>
+
+// All error handling is via exceptions.
+
+
+#define CERT_SUBJECT_NAME "subject_name"
+#define CERT_ISSUER_NAME "issuer_name"
+		
+#define  CERT_SUBJECT_NAME_STRING "subject_name_string"
+#define CERT_ISSUER_NAME_STRING "issuer_name_string"
+		
+#define CERT_SERIAL_NUMBER "serial_number"
+		
+#define CERT_VALID_FROM "valid_from"
+#define CERT_VALID_TO "valid_to"
+#define CERT_SHA1_DIGEST "sha1_digest"
+#define CERT_MD5_DIGEST "md5_digest"
+
+#define BASIC_SECHANDLER "BASIC_SECHANDLER"
+
+
+// All error handling is via exceptions.
+
+class LLCertException
+{
+public:
+	LLCertException(const char* msg)
+	{
+		llerrs << "Certificate Error: " << msg << llendl;
+		mMsg = std::string(msg);
+	}
+protected:
+	std::string mMsg;
+};
+
+class LLProtectedDataException
+{
+public:
+	LLProtectedDataException(const char *msg) 
+	{
+		llerrs << "Certificate Error: " << msg << llendl;
+		mMsg = std::string(msg);
+	}
+protected:
+	std::string mMsg;
+};
+
+// class LLCertificate
+// parent class providing an interface for certifiate.
+// LLCertificates are considered unmodifiable
+// Certificates are pulled out of stores, or created via
+// factory calls
+class LLCertificate : public LLRefCount
+{
+	LOG_CLASS(LLCertificate);
+public:
+	LLCertificate() {}
+	
+	virtual ~LLCertificate() {}
+	
+	// return a PEM encoded certificate.  The encoding
+	// includes the -----BEGIN CERTIFICATE----- and end certificate elements
+	virtual std::string getPem()=0; 
+	
+	// return a DER encoded certificate
+	virtual std::vector<U8> getBinary()=0;  
+	
+	// return an LLSD object containing information about the certificate
+	// such as its name, signature, expiry time, serial number
+	virtual LLSD getLLSD()=0; 
+	
+	// return an openSSL X509 struct for the certificate
+	virtual X509* getOpenSSLX509()=0;
+
+};
+
+
+// class LLCertificateChain
+// Class representing a chain of certificates in order, with the 
+// 0th element being the CA
+class LLCertificateChain : public LLRefCount
+{
+	LOG_CLASS(LLCertificateChain);
+	static const int VT_SSL = 0;
+	static const int VT_AGENT_DOMAIN = 1;
+	static const int VT_GRID_DOMAIN = 1;
+	
+public:
+	LLCertificateChain() {}
+	
+	virtual ~LLCertificateChain() {}
+	
+	virtual X509_STORE getOpenSSLX509Store()=0;  // return an openssl X509_STORE  
+	// for this store
+	
+	virtual void appendCert(const LLCertificate& cert)=0;  // append a cert to the end 
+	//of the chain
+	
+	virtual LLPointer<LLCertificate>& operator [](int index)=0; // retrieve a certificate 
+	// from the chain by index
+	// -1 == end of chain
+	
+	virtual int len() const =0;  // return number of certificates in the chain
+	
+	// validate a certificate chain given the params.
+	// validation type indicates whether it's simply an SSL cert, or 
+	// something more specific
+	virtual bool validate(int validation_type, 
+						  const LLSD& validation_params) const =0;
+};
+
+
+// class LLCertificateStore
+// represents a store of certificates, typically a store of root CA
+// certificates.  The store can be persisted, and can be used to validate
+// a cert chain
+//
+class LLCertificateStore : public LLRefCount
+{
+public:
+	LLCertificateStore() {}
+	virtual ~LLCertificateStore() {}
+	
+	virtual X509_STORE getOpenSSLX509Store()=0;  // return an openssl X509_STORE  
+	// for this store
+	
+	// add a copy of a cert to the store
+	virtual void  append(const LLCertificate& cert)=0;
+	
+	// add a copy of a cert to the store
+	virtual void insert(const int index, const LLCertificate& cert)=0;
+	
+	// remove a certificate from the store
+	virtual void remove(int index)=0;
+	
+	// return a certificate at the index
+	virtual LLPointer<LLCertificate>& operator[](int index)=0;
+	// return the number of certs in the store
+	virtual int len() const =0;
+	
+	// load the store from a persisted location
+	virtual void load(const std::string& store_id)=0;
+	
+	// persist the store
+	virtual void save()=0;
+	
+	// return the store id
+	virtual std::string storeId()=0;
+	
+	// validate a cert chain
+	virtual bool validate(const LLCertificateChain& cert_chain) const=0;
+};
+
+
+// LLSecAPIHandler Class
+// Interface handler class for the various security storage handlers.
+class LLSecAPIHandler : public LLRefCount
+{
+public:
+	
+	LLSecAPIHandler() {}
+	virtual ~LLSecAPIHandler() {}
+	
+	// instantiate a certificate from a pem string
+	virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert)=0;
+	
+	
+	// instiate a certificate from an openssl X509 structure
+	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
+	
+	// instantiate a chain from an X509_STORE_CTX
+	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0;
+	
+	// instantiate a cert store given it's id.  if a persisted version
+	// exists, it'll be loaded.  If not, one will be created (but not
+	// persisted)
+	virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id)=0;
+	
+	// persist data in a protected store
+	virtual void setProtectedData(const std::string& data_type,
+								  const std::string& data_id,
+								  const LLSD& data)=0;
+	
+	// retrieve protected data
+	virtual LLSD getProtectedData(const std::string& data_type,
+								  const std::string& data_id)=0;
+};
+
+void secHandlerInitialize();
+				
+// retrieve a security api depending on the api type
+LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type);
+
+void registerSecHandler(const std::string& handler_type, 
+						LLPointer<LLSecAPIHandler>& handler);
+
+#endif // LL_SECAPI_H