diff options
Diffstat (limited to 'indra/newview/llsechandler_basic.h')
| -rw-r--r-- | indra/newview/llsechandler_basic.h | 149 |
1 files changed, 120 insertions, 29 deletions
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 5d81b6e190..e041322260 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -57,59 +57,147 @@ public: virtual ~LLBasicCertificate(); - virtual std::string getPem(); - virtual std::vector<U8> getBinary(); - virtual LLSD getLLSD(); + virtual std::string getPem() const; + virtual std::vector<U8> getBinary() const; + virtual LLSD getLLSD() const; - virtual X509* getOpenSSLX509(); + virtual X509* getOpenSSLX509() const; + + // set llsd elements for testing + void setLLSD(const std::string name, const LLSD& value) { mLLSDInfo[name] = value; } protected: + // certificates are stored as X509 objects, as validation and // other functionality is via openssl X509* mCert; + + LLSD& _initLLSD(); + LLSD mLLSDInfo; }; -// class LLCertificateStore -// represents a store of certificates, typically a store of root CA -// certificates. The store can be persisted, and can be used to validate -// a cert chain -// -class LLBasicCertificateStore : public LLCertificateStore + +// class LLBasicCertificateVector +// Class representing a list of certificates +// This implementation uses a stl vector of certificates. +class LLBasicCertificateVector : virtual public LLCertificateVector { + public: - LLBasicCertificateStore(const std::string& filename); - LLBasicCertificateStore(const X509_STORE* store); - virtual ~LLBasicCertificateStore(); + LLBasicCertificateVector() {} - virtual X509_STORE* getOpenSSLX509Store(); // return an openssl X509_STORE - // for this store + virtual ~LLBasicCertificateVector() {} - // add a copy of a cert to the store - virtual void append(const LLCertificate& cert); + // Implementation of the basic iterator implementation. + // The implementation uses a vector iterator derived from + // the vector in the LLBasicCertificateVector class + class BasicIteratorImpl : public iterator_impl + { + public: + BasicIteratorImpl(std::vector<LLPointer<LLCertificate> >::iterator _iter) { mIter = _iter;} + virtual ~BasicIteratorImpl() {}; + // seek forward or back. Used by the operator++/operator-- implementations + virtual void seek(bool incr) + { + if(incr) + { + mIter++; + } + else + { + mIter--; + } + } + // create a copy of the iterator implementation class, used by the iterator copy constructor + virtual LLPointer<iterator_impl> clone() const + { + return new BasicIteratorImpl(mIter); + } + + virtual bool equals(const LLPointer<iterator_impl>& _iter) const + { + const BasicIteratorImpl *rhs_iter = dynamic_cast<const BasicIteratorImpl *>(_iter.get()); + return (mIter == rhs_iter->mIter); + } + virtual LLPointer<LLCertificate> get() + { + return *mIter; + } + protected: + friend class LLBasicCertificateVector; + std::vector<LLPointer<LLCertificate> >::iterator mIter; + }; - // add a copy of a cert to the store - virtual void insert(const int index, const LLCertificate& cert); + // numeric index of the vector + virtual LLPointer<LLCertificate> operator[](int _index) { return mCerts[_index];} - // remove a certificate from the store - virtual void remove(int index); + // Iteration + virtual iterator begin() { return iterator(new BasicIteratorImpl(mCerts.begin())); } + + virtual iterator end() { return iterator(new BasicIteratorImpl(mCerts.end())); } + + // find a cert given params + virtual iterator find(const LLSD& params); - // return a certificate at the index - virtual LLPointer<LLCertificate> operator[](int index); // return the number of certs in the store - virtual int len() const; + virtual int size() const { return mCerts.size(); } + + // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void add(LLPointer<LLCertificate> cert) { insert(end(), cert); } - // load the store from a persisted location - virtual void load(const std::string& store_id); + // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first + virtual void insert(iterator _iter, LLPointer<LLCertificate> cert); + + // remove a certificate from the store + virtual LLPointer<LLCertificate> erase(iterator _iter); + +protected: + std::vector<LLPointer<LLCertificate> >mCerts; +}; + +// class LLCertificateStore +// represents a store of certificates, typically a store of root CA +// certificates. The store can be persisted, and can be used to validate +// a cert chain +// +class LLBasicCertificateStore : virtual public LLBasicCertificateVector, public LLCertificateStore +{ +public: + LLBasicCertificateStore(const std::string& filename); + void load_from_file(const std::string& filename); + + virtual ~LLBasicCertificateStore(); // persist the store virtual void save(); // return the store id - virtual std::string storeId(); + virtual std::string storeId() const; - // validate a cert chain - virtual bool validate(const LLCertificateChain& cert_chain) const; +protected: + std::vector<LLPointer<LLCertificate> >mCerts; + std::string mFilename; }; +// class LLCertificateChain +// Class representing a chain of certificates in order, with the +// first element being the child cert. +class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public LLCertificateChain +{ + +public: + LLBasicCertificateChain(const X509_STORE_CTX * store); + + virtual ~LLBasicCertificateChain() {} + + // validate a certificate chain against a certificate store, using the + // given validation policy. + virtual void validate(int validation_policy, + LLPointer<LLCertificateStore> ca_store, + const LLSD& validation_params); +}; + + + // LLSecAPIBasicCredential class class LLSecAPIBasicCredential : public LLCredential { @@ -182,10 +270,13 @@ protected: std::string mProtectedDataFilename; LLSD mProtectedDataMap; + LLPointer<LLBasicCertificateStore> mStore; std::string mLegacyPasswordPath; }; +bool valueCompareLLSD(const LLSD& lhs, const LLSD& rhs); + #endif // LLSECHANDLER_BASIC |