diff options
Diffstat (limited to 'indra/newview/llsecapi.h')
| -rw-r--r-- | indra/newview/llsecapi.h | 580 |
1 files changed, 290 insertions, 290 deletions
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index d8831fee93..5cc78d09dc 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -1,4 +1,4 @@ -/** +/** * @file llsecapi.h * @brief Security API for services such as certificate handling * secure local storage, etc. @@ -6,21 +6,21 @@ * $LicenseInfo:firstyear=2009&license=viewerlgpl$ * Second Life Viewer Source Code * Copyright (C) 2010, Linden Research, Inc. - * + * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; * version 2.1 of the License only. - * + * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. - * + * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * + * * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA * $/LicenseInfo$ */ @@ -44,12 +44,12 @@ #define CERT_SUBJECT_NAME "subject_name" #define CERT_ISSUER_NAME "issuer_name" #define CERT_NAME_CN "commonName" - + #define CERT_SUBJECT_NAME_STRING "subject_name_string" #define CERT_ISSUER_NAME_STRING "issuer_name_string" - + #define CERT_SERIAL_NUMBER "serial_number" - + #define CERT_VALID_FROM "valid_from" #define CERT_VALID_TO "valid_to" #define CERT_SHA1_DIGEST "sha1_digest" @@ -83,7 +83,7 @@ #define CERT_AUTHORITY_KEY_IDENTIFIER_NAME "authorityKeyIdentifierName" #define CERT_AUTHORITY_KEY_IDENTIFIER_SERIAL "authorityKeyIdentifierSerial" -// validate the current time lies within +// validate the current time lies within // the validation period of the cert #define VALIDATION_POLICY_TIME 1 @@ -120,11 +120,11 @@ struct LLProtectedDataException: public LLException { - LLProtectedDataException(const std::string& msg): - LLException(msg) - { - LL_WARNS("SECAPI") << "Protected Data Error: " << msg << LL_ENDL; - } + LLProtectedDataException(const std::string& msg): + LLException(msg) + { + LL_WARNS("SECAPI") << "Protected Data Error: " << msg << LL_ENDL; + } }; // class LLCertificate @@ -134,25 +134,25 @@ struct LLProtectedDataException: public LLException // factory calls class LLCertificate : public LLThreadSafeRefCount { - LOG_CLASS(LLCertificate); + LOG_CLASS(LLCertificate); public: - LLCertificate() {} - - virtual ~LLCertificate() {} - - // return a PEM encoded certificate. The encoding - // includes the -----BEGIN CERTIFICATE----- and end certificate elements - virtual std::string getPem() const=0; - - // return a DER encoded certificate - virtual std::vector<U8> getBinary() const=0; - - // return an LLSD object containing information about the certificate - // such as its name, signature, expiry time, serial number - virtual void getLLSD(LLSD& llsd)=0; - - // return an openSSL X509 struct for the certificate - virtual X509* getOpenSSLX509() const=0; + LLCertificate() {} + + virtual ~LLCertificate() {} + + // return a PEM encoded certificate. The encoding + // includes the -----BEGIN CERTIFICATE----- and end certificate elements + virtual std::string getPem() const=0; + + // return a DER encoded certificate + virtual std::vector<U8> getBinary() const=0; + + // return an LLSD object containing information about the certificate + // such as its name, signature, expiry time, serial number + virtual void getLLSD(LLSD& llsd)=0; + + // return an openSSL X509 struct for the certificate + virtual X509* getOpenSSLX509() const=0; }; @@ -162,81 +162,81 @@ public: class LLCertificateVector : public LLThreadSafeRefCount { - + public: - - LLCertificateVector() {}; - virtual ~LLCertificateVector() {}; - - // base iterator implementation class, providing - // the functionality needed for the iterator class. - class iterator_impl : public LLThreadSafeRefCount - { - public: - iterator_impl() {}; - virtual ~iterator_impl() {}; - virtual void seek(bool incr)=0; - virtual LLPointer<iterator_impl> clone() const=0; - virtual bool equals(const LLPointer<iterator_impl>& _iter) const=0; - virtual LLPointer<LLCertificate> get()=0; - }; - - // iterator class - class iterator - { - public: - iterator(LLPointer<iterator_impl> impl) : mImpl(impl) {} - iterator() : mImpl(NULL) {} - iterator(const iterator& _iter) {mImpl = _iter.mImpl->clone(); } - ~iterator() {} - iterator& operator++() { if(mImpl.notNull()) mImpl->seek(true); return *this;} - iterator& operator--() { if(mImpl.notNull()) mImpl->seek(false); return *this;} - - iterator operator++(int) { iterator result = *this; if(mImpl.notNull()) mImpl->seek(true); return result;} - iterator operator--(int) { iterator result = *this; if(mImpl.notNull()) mImpl->seek(false); return result;} - LLPointer<LLCertificate> operator*() { return mImpl->get(); } - - LLPointer<iterator_impl> mImpl; - protected: - friend bool operator==(const LLCertificateVector::iterator& _lhs, const LLCertificateVector::iterator& _rhs); - bool equals(const iterator& _iter) const { return mImpl->equals(_iter.mImpl); } - }; - - // numeric indexer - virtual LLPointer<LLCertificate> operator[](int)=0; - - // Iteration - virtual iterator begin()=0; - - virtual iterator end()=0; - - // find a cert given params - virtual iterator find(const LLSD& params) =0; - - // return the number of certs in the store - virtual int size() const = 0; - - // append the cert to the store. if a copy of the cert already exists in the store, it is removed first - virtual void add(LLPointer<LLCertificate> cert)=0; - - // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first - virtual void insert(iterator location, LLPointer<LLCertificate> cert)=0; - - // remove a certificate from the store - virtual LLPointer<LLCertificate> erase(iterator cert)=0; + + LLCertificateVector() {}; + virtual ~LLCertificateVector() {}; + + // base iterator implementation class, providing + // the functionality needed for the iterator class. + class iterator_impl : public LLThreadSafeRefCount + { + public: + iterator_impl() {}; + virtual ~iterator_impl() {}; + virtual void seek(bool incr)=0; + virtual LLPointer<iterator_impl> clone() const=0; + virtual bool equals(const LLPointer<iterator_impl>& _iter) const=0; + virtual LLPointer<LLCertificate> get()=0; + }; + + // iterator class + class iterator + { + public: + iterator(LLPointer<iterator_impl> impl) : mImpl(impl) {} + iterator() : mImpl(NULL) {} + iterator(const iterator& _iter) {mImpl = _iter.mImpl->clone(); } + ~iterator() {} + iterator& operator++() { if(mImpl.notNull()) mImpl->seek(true); return *this;} + iterator& operator--() { if(mImpl.notNull()) mImpl->seek(false); return *this;} + + iterator operator++(int) { iterator result = *this; if(mImpl.notNull()) mImpl->seek(true); return result;} + iterator operator--(int) { iterator result = *this; if(mImpl.notNull()) mImpl->seek(false); return result;} + LLPointer<LLCertificate> operator*() { return mImpl->get(); } + + LLPointer<iterator_impl> mImpl; + protected: + friend bool operator==(const LLCertificateVector::iterator& _lhs, const LLCertificateVector::iterator& _rhs); + bool equals(const iterator& _iter) const { return mImpl->equals(_iter.mImpl); } + }; + + // numeric indexer + virtual LLPointer<LLCertificate> operator[](int)=0; + + // Iteration + virtual iterator begin()=0; + + virtual iterator end()=0; + + // find a cert given params + virtual iterator find(const LLSD& params) =0; + + // return the number of certs in the store + virtual int size() const = 0; + + // append the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void add(LLPointer<LLCertificate> cert)=0; + + // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void insert(iterator location, LLPointer<LLCertificate> cert)=0; + + // remove a certificate from the store + virtual LLPointer<LLCertificate> erase(iterator cert)=0; }; // class LLCertificateChain -// Class representing a chain of certificates in order, with the +// Class representing a chain of certificates in order, with the // first element being the child cert. class LLCertificateChain : virtual public LLCertificateVector -{ - +{ + public: - LLCertificateChain() {} - - virtual ~LLCertificateChain() {} - + LLCertificateChain() {} + + virtual ~LLCertificateChain() {} + }; // class LLCertificateStore @@ -246,24 +246,24 @@ public: // class LLCertificateStore : virtual public LLCertificateVector { - + public: - - LLCertificateStore() {} - virtual ~LLCertificateStore() {} - - // persist the store - virtual void save()=0; - - // return the store id - virtual std::string storeId() const=0; - - // validate a certificate chain given the params. - // Will throw exceptions on error - - virtual void validate(int validation_policy, - LLPointer<LLCertificateChain> cert_chain, - const LLSD& validation_params) =0; + + LLCertificateStore() {} + virtual ~LLCertificateStore() {} + + // persist the store + virtual void save()=0; + + // return the store id + virtual std::string storeId() const=0; + + // validate a certificate chain given the params. + // Will throw exceptions on error + + virtual void validate(int validation_policy, + LLPointer<LLCertificateChain> cert_chain, + const LLSD& validation_params) =0; // Clear cache if any virtual void clearSertCache()=0; @@ -273,12 +273,12 @@ public: inline bool operator==(const LLCertificateVector::iterator& _lhs, const LLCertificateVector::iterator& _rhs) { - return _lhs.equals(_rhs); + return _lhs.equals(_rhs); } inline bool operator!=(const LLCertificateVector::iterator& _lhs, const LLCertificateVector::iterator& _rhs) { - return !(_lhs == _rhs); + return !(_lhs == _rhs); } @@ -290,43 +290,43 @@ bool operator!=(const LLCertificateVector::iterator& _lhs, const LLCertificateVe // LLCredential - interface for credentials providing the following functionality: // * Persistence of credential information based on grid (for saving username/password) // * Serialization to an OGP identifier/authenticator pair -// +// class LLCredential : public LLThreadSafeRefCount { public: - - LLCredential() {} - - LLCredential(const std::string& grid) - { - mGrid = grid; - mIdentifier = LLSD::emptyMap(); - mAuthenticator = LLSD::emptyMap(); - } - - virtual ~LLCredential() {} - - virtual void setCredentialData(const LLSD& identifier, const LLSD& authenticator) - { - mIdentifier = identifier; - mAuthenticator = authenticator; - } - virtual LLSD getIdentifier() { return mIdentifier; } - virtual void identifierType(std::string& idType); - virtual LLSD getAuthenticator() { return mAuthenticator; } - virtual void authenticatorType(std::string& authType); - virtual LLSD getLoginParams(); - virtual std::string getGrid() { return mGrid; } - - - virtual void clearAuthenticator() { mAuthenticator = LLSD(); } - virtual std::string userID() const { return std::string("unknown");} - virtual std::string asString() const { return std::string("unknown");} - operator std::string() const { return asString(); } + + LLCredential() {} + + LLCredential(const std::string& grid) + { + mGrid = grid; + mIdentifier = LLSD::emptyMap(); + mAuthenticator = LLSD::emptyMap(); + } + + virtual ~LLCredential() {} + + virtual void setCredentialData(const LLSD& identifier, const LLSD& authenticator) + { + mIdentifier = identifier; + mAuthenticator = authenticator; + } + virtual LLSD getIdentifier() { return mIdentifier; } + virtual void identifierType(std::string& idType); + virtual LLSD getAuthenticator() { return mAuthenticator; } + virtual void authenticatorType(std::string& authType); + virtual LLSD getLoginParams(); + virtual std::string getGrid() { return mGrid; } + + + virtual void clearAuthenticator() { mAuthenticator = LLSD(); } + virtual std::string userID() const { return std::string("unknown");} + virtual std::string asString() const { return std::string("unknown");} + operator std::string() const { return asString(); } protected: - LLSD mIdentifier; - LLSD mAuthenticator; - std::string mGrid; + LLSD mIdentifier; + LLSD mAuthenticator; + std::string mGrid; }; std::ostream& operator <<(std::ostream& s, const LLCredential& cred); @@ -338,10 +338,10 @@ class LLCertException: public LLException { public: LLCertException(const LLSD& cert_data, const std::string& msg); - virtual ~LLCertException() throw() {} - LLSD getCertData() const { return mCertData; } + virtual ~LLCertException() throw() {} + LLSD getCertData() const { return mCertData; } protected: - LLSD mCertData; + LLSD mCertData; }; class LLAllocationCertException : public LLCertException @@ -357,78 +357,78 @@ protected: class LLInvalidCertificate : public LLCertException { public: - LLInvalidCertificate(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalid") - { - } - virtual ~LLInvalidCertificate() throw() {} + LLInvalidCertificate(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalid") + { + } + virtual ~LLInvalidCertificate() throw() {} protected: }; class LLCertValidationTrustException : public LLCertException { public: - LLCertValidationTrustException(const LLSD& cert_data) : LLCertException(cert_data, "CertUntrusted") - { - } - virtual ~LLCertValidationTrustException() throw() {} + LLCertValidationTrustException(const LLSD& cert_data) : LLCertException(cert_data, "CertUntrusted") + { + } + virtual ~LLCertValidationTrustException() throw() {} protected: }; class LLCertValidationHostnameException : public LLCertException { public: - LLCertValidationHostnameException(std::string hostname, - const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidHostname") - { - mHostname = hostname; - } - virtual ~LLCertValidationHostnameException() throw() {} - std::string getHostname() { return mHostname; } + LLCertValidationHostnameException(std::string hostname, + const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidHostname") + { + mHostname = hostname; + } + virtual ~LLCertValidationHostnameException() throw() {} + std::string getHostname() { return mHostname; } protected: - std::string mHostname; + std::string mHostname; }; class LLCertValidationExpirationException : public LLCertException { public: - LLCertValidationExpirationException(const LLSD& cert_data, - LLDate current_time) : LLCertException(cert_data, "CertExpired") - { - mTime = current_time; - } - virtual ~LLCertValidationExpirationException() throw() {} - LLDate GetTime() { return mTime; } + LLCertValidationExpirationException(const LLSD& cert_data, + LLDate current_time) : LLCertException(cert_data, "CertExpired") + { + mTime = current_time; + } + virtual ~LLCertValidationExpirationException() throw() {} + LLDate GetTime() { return mTime; } protected: - LLDate mTime; + LLDate mTime; }; class LLCertKeyUsageValidationException : public LLCertException { public: - LLCertKeyUsageValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertKeyUsage") - { - } - virtual ~LLCertKeyUsageValidationException() throw() {} + LLCertKeyUsageValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertKeyUsage") + { + } + virtual ~LLCertKeyUsageValidationException() throw() {} protected: }; class LLCertBasicConstraintsValidationException : public LLCertException { public: - LLCertBasicConstraintsValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertBasicConstraints") - { - } - virtual ~LLCertBasicConstraintsValidationException() throw() {} + LLCertBasicConstraintsValidationException(const LLSD& cert_data) : LLCertException(cert_data, "CertBasicConstraints") + { + } + virtual ~LLCertBasicConstraintsValidationException() throw() {} protected: }; class LLCertValidationInvalidSignatureException : public LLCertException { public: - LLCertValidationInvalidSignatureException(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidSignature") - { - } - virtual ~LLCertValidationInvalidSignatureException() throw() {} + LLCertValidationInvalidSignatureException(const LLSD& cert_data) : LLCertException(cert_data, "CertInvalidSignature") + { + } + virtual ~LLCertValidationInvalidSignatureException() throw() {} protected: }; @@ -437,115 +437,115 @@ protected: class LLSecAPIHandler : public LLThreadSafeRefCount { public: - - - LLSecAPIHandler() {} - virtual ~LLSecAPIHandler() {} - - // initialize the SecAPIHandler - virtual void init() {}; - - // instantiate a certificate from a pem string - virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert)=0; - - - - // instiate a certificate from an openssl X509 structure - virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0; - - // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0; - - // instantiate a cert store given it's id. if a persisted version - // exists, it'll be loaded. If not, one will be created (but not - // persisted) - virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id)=0; - - // persist data in a protected store - virtual void setProtectedData(const std::string& data_type, - const std::string& data_id, - const LLSD& data)=0; - - // retrieve protected data - virtual LLSD getProtectedData(const std::string& data_type, - const std::string& data_id)=0; - - // delete a protected data item from the store - virtual void deleteProtectedData(const std::string& data_type, - const std::string& data_id)=0; - - // persist data in a protected store's map - virtual void addToProtectedMap(const std::string& data_type, - const std::string& data_id, - const std::string& map_elem, - const LLSD& data)=0; - - // remove data from protected store's map - virtual void removeFromProtectedMap(const std::string& data_type, - const std::string& data_id, - const std::string& map_elem)=0; - - // ensure protected store's map is written to storage - virtual void syncProtectedMap() = 0; + + + LLSecAPIHandler() {} + virtual ~LLSecAPIHandler() {} + + // initialize the SecAPIHandler + virtual void init() {}; + + // instantiate a certificate from a pem string + virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert)=0; + + + + // instiate a certificate from an openssl X509 structure + virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0; + + // instantiate a chain from an X509_STORE_CTX + virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0; + + // instantiate a cert store given it's id. if a persisted version + // exists, it'll be loaded. If not, one will be created (but not + // persisted) + virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id)=0; + + // persist data in a protected store + virtual void setProtectedData(const std::string& data_type, + const std::string& data_id, + const LLSD& data)=0; + + // retrieve protected data + virtual LLSD getProtectedData(const std::string& data_type, + const std::string& data_id)=0; + + // delete a protected data item from the store + virtual void deleteProtectedData(const std::string& data_type, + const std::string& data_id)=0; + + // persist data in a protected store's map + virtual void addToProtectedMap(const std::string& data_type, + const std::string& data_id, + const std::string& map_elem, + const LLSD& data)=0; + + // remove data from protected store's map + virtual void removeFromProtectedMap(const std::string& data_type, + const std::string& data_id, + const std::string& map_elem)=0; + + // ensure protected store's map is written to storage + virtual void syncProtectedMap() = 0; public: - virtual LLPointer<LLCredential> createCredential(const std::string& grid, - const LLSD& identifier, - const LLSD& authenticator)=0; - - virtual LLPointer<LLCredential> loadCredential(const std::string& grid)=0; - - virtual void saveCredential(LLPointer<LLCredential> cred, bool save_authenticator)=0; - - virtual void deleteCredential(LLPointer<LLCredential> cred)=0; - - // has map of credentials declared as specific storage - virtual bool hasCredentialMap(const std::string& storage, - const std::string& grid)=0; - - // returns true if map is empty or does not exist - virtual bool emptyCredentialMap(const std::string& storage, - const std::string& grid)=0; - - // load map of credentials from specific storage - typedef std::map<std::string, LLPointer<LLCredential> > credential_map_t; - virtual void loadCredentialMap(const std::string& storage, - const std::string& grid, - credential_map_t& credential_map)=0; - - // load single username from map of credentials from specific storage - virtual LLPointer<LLCredential> loadFromCredentialMap(const std::string& storage, - const std::string& grid, - const std::string& userid)=0; - - // add item to map of credentials from specific storage - virtual void addToCredentialMap(const std::string& storage, - LLPointer<LLCredential> cred, - bool save_authenticator)=0; - - // remove item from map of credentials from specific storage - virtual void removeFromCredentialMap(const std::string& storage, - LLPointer<LLCredential> cred)=0; - - // remove item from map of credentials from specific storage - virtual void removeFromCredentialMap(const std::string& storage, - const std::string& grid, - const std::string& userid)=0; - - virtual void removeCredentialMap(const std::string& storage, - const std::string& grid)=0; - + virtual LLPointer<LLCredential> createCredential(const std::string& grid, + const LLSD& identifier, + const LLSD& authenticator)=0; + + virtual LLPointer<LLCredential> loadCredential(const std::string& grid)=0; + + virtual void saveCredential(LLPointer<LLCredential> cred, bool save_authenticator)=0; + + virtual void deleteCredential(LLPointer<LLCredential> cred)=0; + + // has map of credentials declared as specific storage + virtual bool hasCredentialMap(const std::string& storage, + const std::string& grid)=0; + + // returns true if map is empty or does not exist + virtual bool emptyCredentialMap(const std::string& storage, + const std::string& grid)=0; + + // load map of credentials from specific storage + typedef std::map<std::string, LLPointer<LLCredential> > credential_map_t; + virtual void loadCredentialMap(const std::string& storage, + const std::string& grid, + credential_map_t& credential_map)=0; + + // load single username from map of credentials from specific storage + virtual LLPointer<LLCredential> loadFromCredentialMap(const std::string& storage, + const std::string& grid, + const std::string& userid)=0; + + // add item to map of credentials from specific storage + virtual void addToCredentialMap(const std::string& storage, + LLPointer<LLCredential> cred, + bool save_authenticator)=0; + + // remove item from map of credentials from specific storage + virtual void removeFromCredentialMap(const std::string& storage, + LLPointer<LLCredential> cred)=0; + + // remove item from map of credentials from specific storage + virtual void removeFromCredentialMap(const std::string& storage, + const std::string& grid, + const std::string& userid)=0; + + virtual void removeCredentialMap(const std::string& storage, + const std::string& grid)=0; + }; void initializeSecHandler(); void clearSecHandler(); - + // retrieve a security api depending on the api type LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type); -void registerSecHandler(const std::string& handler_type, - LLPointer<LLSecAPIHandler>& handler); +void registerSecHandler(const std::string& handler_type, + LLPointer<LLSecAPIHandler>& handler); extern LLPointer<LLSecAPIHandler> gSecAPIHandler; |