PageRenderTime 302ms CodeModel.GetById 120ms app.highlight 20ms RepoModel.GetById 141ms app.codeStats 0ms

/indra/newview/llsechandler_basic.h

https://bitbucket.org/lindenlab/viewer-beta/
C++ Header | 291 lines | 145 code | 69 blank | 77 comment | 3 complexity | 2d9137462723aab07cfee75bd1324ac0 MD5 | raw file
  1/** 
  2 * @file llsechandler_basic.h
  3 * @brief Security API for services such as certificate handling
  4 * secure local storage, etc.
  5 *
  6 * $LicenseInfo:firstyear=2009&license=viewerlgpl$
  7 * Second Life Viewer Source Code
  8 * Copyright (C) 2010, Linden Research, Inc.
  9 * 
 10 * This library is free software; you can redistribute it and/or
 11 * modify it under the terms of the GNU Lesser General Public
 12 * License as published by the Free Software Foundation;
 13 * version 2.1 of the License only.
 14 * 
 15 * This library is distributed in the hope that it will be useful,
 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 18 * Lesser General Public License for more details.
 19 * 
 20 * You should have received a copy of the GNU Lesser General Public
 21 * License along with this library; if not, write to the Free Software
 22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 23 * 
 24 * Linden Research, Inc., 945 Battery Street, San Francisco, CA  94111  USA
 25 * $/LicenseInfo$
 26 */
 27
 28#ifndef LLSECHANDLER_BASIC
 29#define LLSECHANDLER_BASIC
 30
 31#include "llsecapi.h"
 32#include <vector>
 33#include <openssl/x509.h>
 34
 35// helpers
 36extern LLSD cert_name_from_X509_NAME(X509_NAME* name);
 37extern std::string cert_string_name_from_X509_NAME(X509_NAME* name);
 38extern std::string cert_string_from_asn1_integer(ASN1_INTEGER* value);
 39extern LLDate cert_date_from_asn1_time(ASN1_TIME* asn1_time);
 40extern std::string cert_get_digest(const std::string& digest_type, X509 *cert);
 41
 42
 43// class LLCertificate
 44// 
 45class LLBasicCertificate : public LLCertificate
 46{
 47public:		
 48	LOG_CLASS(LLBasicCertificate);
 49
 50	LLBasicCertificate(const std::string& pem_cert);
 51	LLBasicCertificate(X509* openSSLX509);
 52	
 53	virtual ~LLBasicCertificate();
 54	
 55	virtual std::string getPem() const;
 56	virtual std::vector<U8> getBinary() const;
 57	virtual void getLLSD(LLSD &llsd);
 58
 59	virtual X509* getOpenSSLX509() const;
 60	
 61	// set llsd elements for testing
 62	void setLLSD(const std::string name, const LLSD& value) { mLLSDInfo[name] = value; }
 63
 64protected:
 65
 66	// certificates are stored as X509 objects, as validation and
 67	// other functionality is via openssl
 68	X509* mCert;
 69	
 70	LLSD& _initLLSD();
 71	LLSD mLLSDInfo;
 72};
 73
 74
 75// class LLBasicCertificateVector
 76// Class representing a list of certificates
 77// This implementation uses a stl vector of certificates.
 78class LLBasicCertificateVector : virtual public LLCertificateVector
 79{
 80	
 81public:
 82	LLBasicCertificateVector() {}
 83	
 84	virtual ~LLBasicCertificateVector() {}
 85	
 86	// Implementation of the basic iterator implementation.
 87	// The implementation uses a vector iterator derived from 
 88	// the vector in the LLBasicCertificateVector class
 89	class BasicIteratorImpl : public iterator_impl
 90	{
 91	public:
 92		BasicIteratorImpl(std::vector<LLPointer<LLCertificate> >::iterator _iter) { mIter = _iter;}
 93		virtual ~BasicIteratorImpl() {};
 94		// seek forward or back.  Used by the operator++/operator-- implementations
 95		virtual void seek(bool incr)
 96		{
 97			if(incr)
 98			{
 99				mIter++;
100			}
101			else
102			{
103				mIter--;
104			}
105		}
106		// create a copy of the iterator implementation class, used by the iterator copy constructor
107		virtual LLPointer<iterator_impl> clone() const
108		{
109			return new BasicIteratorImpl(mIter);
110		}
111		
112		virtual bool equals(const LLPointer<iterator_impl>& _iter) const
113		{
114			const BasicIteratorImpl *rhs_iter = dynamic_cast<const BasicIteratorImpl *>(_iter.get());
115			llassert(rhs_iter);
116			if (!rhs_iter) return 0;
117			return (mIter == rhs_iter->mIter);
118		}
119		virtual LLPointer<LLCertificate> get()
120		{
121			return *mIter;
122		}
123	protected:
124		friend class LLBasicCertificateVector;
125		std::vector<LLPointer<LLCertificate> >::iterator mIter;
126	};
127	
128	// numeric index of the vector
129	virtual LLPointer<LLCertificate> operator[](int _index) { return mCerts[_index];}
130	
131	// Iteration
132	virtual iterator begin() { return iterator(new BasicIteratorImpl(mCerts.begin())); }
133	
134	virtual iterator end() {  return iterator(new BasicIteratorImpl(mCerts.end())); }
135	
136	// find a cert given params
137	virtual iterator find(const LLSD& params);
138	
139	// return the number of certs in the store
140	virtual int size() const { return mCerts.size(); }	
141	
142	// insert the cert to the store.  if a copy of the cert already exists in the store, it is removed first
143	virtual void  add(LLPointer<LLCertificate> cert) { insert(end(), cert); }
144	
145	// insert the cert to the store.  if a copy of the cert already exists in the store, it is removed first
146	virtual void  insert(iterator _iter, LLPointer<LLCertificate> cert);	
147	
148	// remove a certificate from the store
149	virtual LLPointer<LLCertificate> erase(iterator _iter);
150	
151protected:
152	std::vector<LLPointer<LLCertificate> >mCerts;	
153};
154
155// class LLCertificateStore
156// represents a store of certificates, typically a store of root CA
157// certificates.  The store can be persisted, and can be used to validate
158// a cert chain
159//
160class LLBasicCertificateStore : virtual public LLBasicCertificateVector, public LLCertificateStore
161{
162public:
163	LLBasicCertificateStore(const std::string& filename);
164	void load_from_file(const std::string& filename);
165	
166	virtual ~LLBasicCertificateStore();
167	
168	// persist the store
169	virtual void save();
170	
171	// return the store id
172	virtual std::string storeId() const;
173	
174	// validate a certificate chain against a certificate store, using the
175	// given validation policy.
176	virtual void validate(int validation_policy,
177						  LLPointer<LLCertificateChain> ca_chain,
178						  const LLSD& validation_params);
179	
180protected:
181	std::vector<LLPointer<LLCertificate> >            mCerts;
182	
183	// cache of cert sha1 hashes to from/to date pairs, to improve
184	// performance of cert trust.  Note, these are not the CA certs,
185	// but the certs that have been validated against this store.
186	typedef std::map<std::string, std::pair<LLDate, LLDate> > t_cert_cache;
187	t_cert_cache mTrustedCertCache;
188	
189	std::string mFilename;
190};
191
192// class LLCertificateChain
193// Class representing a chain of certificates in order, with the 
194// first element being the child cert.
195class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public LLCertificateChain
196{
197	
198public:
199	LLBasicCertificateChain(const X509_STORE_CTX * store);
200	
201	virtual ~LLBasicCertificateChain() {}
202	
203};
204
205
206
207// LLSecAPIBasicCredential class
208class LLSecAPIBasicCredential : public LLCredential
209{
210public:
211	LLSecAPIBasicCredential(const std::string& grid) : LLCredential(grid) {} 
212	virtual ~LLSecAPIBasicCredential() {}
213	// return a value representing the user id, (could be guid, name, whatever)
214	virtual std::string userID() const;	
215	
216	// printible string identifying the credential.
217	virtual std::string asString() const;
218};
219
220// LLSecAPIBasicHandler Class
221// Interface handler class for the various security storage handlers.
222class LLSecAPIBasicHandler : public LLSecAPIHandler
223{
224public:
225	
226	LLSecAPIBasicHandler(const std::string& protected_data_filename,
227						 const std::string& legacy_password_path);
228	LLSecAPIBasicHandler();
229	
230	void init();
231	
232	virtual ~LLSecAPIBasicHandler();
233	
234	// instantiate a certificate from a pem string
235	virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert);
236	
237	
238	// instiate a certificate from an openssl X509 structure
239	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
240	
241	// instantiate a chain from an X509_STORE_CTX
242	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
243	
244	// instantiate a cert store given it's id.  if a persisted version
245	// exists, it'll be loaded.  If not, one will be created (but not
246	// persisted)
247	virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id);
248	
249	// persist data in a protected store
250	virtual void setProtectedData(const std::string& data_type,
251								  const std::string& data_id,
252								  const LLSD& data);
253	
254	// retrieve protected data
255	virtual LLSD getProtectedData(const std::string& data_type,
256								  const std::string& data_id);
257	
258	// delete a protected data item from the store
259	virtual void deleteProtectedData(const std::string& data_type,
260									 const std::string& data_id);
261	
262	// credential management routines
263	
264	virtual LLPointer<LLCredential> createCredential(const std::string& grid,
265													 const LLSD& identifier, 
266													 const LLSD& authenticator);
267	
268	virtual LLPointer<LLCredential> loadCredential(const std::string& grid);
269
270	virtual void saveCredential(LLPointer<LLCredential> cred, bool save_authenticator);
271	
272	virtual void deleteCredential(LLPointer<LLCredential> cred);
273	
274protected:
275	void _readProtectedData();
276	void _writeProtectedData();
277	std::string _legacyLoadPassword();
278
279	std::string mProtectedDataFilename;
280	LLSD mProtectedDataMap;
281	LLPointer<LLBasicCertificateStore> mStore;
282	
283	std::string mLegacyPasswordPath;
284};
285
286bool valueCompareLLSD(const LLSD& lhs, const LLSD& rhs);
287
288#endif // LLSECHANDLER_BASIC
289
290
291