PageRenderTime 64ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 1ms

/indra/newview/llsechandler_basic.h

https://bitbucket.org/lindenlab/viewer-beta/
C Header | 291 lines | 145 code | 69 blank | 77 comment | 3 complexity | 2d9137462723aab07cfee75bd1324ac0 MD5 | raw file
Possible License(s): LGPL-2.1
  1. /**
  2. * @file llsechandler_basic.h
  3. * @brief Security API for services such as certificate handling
  4. * secure local storage, etc.
  5. *
  6. * $LicenseInfo:firstyear=2009&license=viewerlgpl$
  7. * Second Life Viewer Source Code
  8. * Copyright (C) 2010, Linden Research, Inc.
  9. *
  10. * This library is free software; you can redistribute it and/or
  11. * modify it under the terms of the GNU Lesser General Public
  12. * License as published by the Free Software Foundation;
  13. * version 2.1 of the License only.
  14. *
  15. * This library is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18. * Lesser General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Lesser General Public
  21. * License along with this library; if not, write to the Free Software
  22. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  23. *
  24. * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
  25. * $/LicenseInfo$
  26. */
  27. #ifndef LLSECHANDLER_BASIC
  28. #define LLSECHANDLER_BASIC
  29. #include "llsecapi.h"
  30. #include <vector>
  31. #include <openssl/x509.h>
  32. // helpers
  33. extern LLSD cert_name_from_X509_NAME(X509_NAME* name);
  34. extern std::string cert_string_name_from_X509_NAME(X509_NAME* name);
  35. extern std::string cert_string_from_asn1_integer(ASN1_INTEGER* value);
  36. extern LLDate cert_date_from_asn1_time(ASN1_TIME* asn1_time);
  37. extern std::string cert_get_digest(const std::string& digest_type, X509 *cert);
  38. // class LLCertificate
  39. //
  40. class LLBasicCertificate : public LLCertificate
  41. {
  42. public:
  43. LOG_CLASS(LLBasicCertificate);
  44. LLBasicCertificate(const std::string& pem_cert);
  45. LLBasicCertificate(X509* openSSLX509);
  46. virtual ~LLBasicCertificate();
  47. virtual std::string getPem() const;
  48. virtual std::vector<U8> getBinary() const;
  49. virtual void getLLSD(LLSD &llsd);
  50. virtual X509* getOpenSSLX509() const;
  51. // set llsd elements for testing
  52. void setLLSD(const std::string name, const LLSD& value) { mLLSDInfo[name] = value; }
  53. protected:
  54. // certificates are stored as X509 objects, as validation and
  55. // other functionality is via openssl
  56. X509* mCert;
  57. LLSD& _initLLSD();
  58. LLSD mLLSDInfo;
  59. };
  60. // class LLBasicCertificateVector
  61. // Class representing a list of certificates
  62. // This implementation uses a stl vector of certificates.
  63. class LLBasicCertificateVector : virtual public LLCertificateVector
  64. {
  65. public:
  66. LLBasicCertificateVector() {}
  67. virtual ~LLBasicCertificateVector() {}
  68. // Implementation of the basic iterator implementation.
  69. // The implementation uses a vector iterator derived from
  70. // the vector in the LLBasicCertificateVector class
  71. class BasicIteratorImpl : public iterator_impl
  72. {
  73. public:
  74. BasicIteratorImpl(std::vector<LLPointer<LLCertificate> >::iterator _iter) { mIter = _iter;}
  75. virtual ~BasicIteratorImpl() {};
  76. // seek forward or back. Used by the operator++/operator-- implementations
  77. virtual void seek(bool incr)
  78. {
  79. if(incr)
  80. {
  81. mIter++;
  82. }
  83. else
  84. {
  85. mIter--;
  86. }
  87. }
  88. // create a copy of the iterator implementation class, used by the iterator copy constructor
  89. virtual LLPointer<iterator_impl> clone() const
  90. {
  91. return new BasicIteratorImpl(mIter);
  92. }
  93. virtual bool equals(const LLPointer<iterator_impl>& _iter) const
  94. {
  95. const BasicIteratorImpl *rhs_iter = dynamic_cast<const BasicIteratorImpl *>(_iter.get());
  96. llassert(rhs_iter);
  97. if (!rhs_iter) return 0;
  98. return (mIter == rhs_iter->mIter);
  99. }
  100. virtual LLPointer<LLCertificate> get()
  101. {
  102. return *mIter;
  103. }
  104. protected:
  105. friend class LLBasicCertificateVector;
  106. std::vector<LLPointer<LLCertificate> >::iterator mIter;
  107. };
  108. // numeric index of the vector
  109. virtual LLPointer<LLCertificate> operator[](int _index) { return mCerts[_index];}
  110. // Iteration
  111. virtual iterator begin() { return iterator(new BasicIteratorImpl(mCerts.begin())); }
  112. virtual iterator end() { return iterator(new BasicIteratorImpl(mCerts.end())); }
  113. // find a cert given params
  114. virtual iterator find(const LLSD& params);
  115. // return the number of certs in the store
  116. virtual int size() const { return mCerts.size(); }
  117. // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first
  118. virtual void add(LLPointer<LLCertificate> cert) { insert(end(), cert); }
  119. // insert the cert to the store. if a copy of the cert already exists in the store, it is removed first
  120. virtual void insert(iterator _iter, LLPointer<LLCertificate> cert);
  121. // remove a certificate from the store
  122. virtual LLPointer<LLCertificate> erase(iterator _iter);
  123. protected:
  124. std::vector<LLPointer<LLCertificate> >mCerts;
  125. };
  126. // class LLCertificateStore
  127. // represents a store of certificates, typically a store of root CA
  128. // certificates. The store can be persisted, and can be used to validate
  129. // a cert chain
  130. //
  131. class LLBasicCertificateStore : virtual public LLBasicCertificateVector, public LLCertificateStore
  132. {
  133. public:
  134. LLBasicCertificateStore(const std::string& filename);
  135. void load_from_file(const std::string& filename);
  136. virtual ~LLBasicCertificateStore();
  137. // persist the store
  138. virtual void save();
  139. // return the store id
  140. virtual std::string storeId() const;
  141. // validate a certificate chain against a certificate store, using the
  142. // given validation policy.
  143. virtual void validate(int validation_policy,
  144. LLPointer<LLCertificateChain> ca_chain,
  145. const LLSD& validation_params);
  146. protected:
  147. std::vector<LLPointer<LLCertificate> > mCerts;
  148. // cache of cert sha1 hashes to from/to date pairs, to improve
  149. // performance of cert trust. Note, these are not the CA certs,
  150. // but the certs that have been validated against this store.
  151. typedef std::map<std::string, std::pair<LLDate, LLDate> > t_cert_cache;
  152. t_cert_cache mTrustedCertCache;
  153. std::string mFilename;
  154. };
  155. // class LLCertificateChain
  156. // Class representing a chain of certificates in order, with the
  157. // first element being the child cert.
  158. class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public LLCertificateChain
  159. {
  160. public:
  161. LLBasicCertificateChain(const X509_STORE_CTX * store);
  162. virtual ~LLBasicCertificateChain() {}
  163. };
  164. // LLSecAPIBasicCredential class
  165. class LLSecAPIBasicCredential : public LLCredential
  166. {
  167. public:
  168. LLSecAPIBasicCredential(const std::string& grid) : LLCredential(grid) {}
  169. virtual ~LLSecAPIBasicCredential() {}
  170. // return a value representing the user id, (could be guid, name, whatever)
  171. virtual std::string userID() const;
  172. // printible string identifying the credential.
  173. virtual std::string asString() const;
  174. };
  175. // LLSecAPIBasicHandler Class
  176. // Interface handler class for the various security storage handlers.
  177. class LLSecAPIBasicHandler : public LLSecAPIHandler
  178. {
  179. public:
  180. LLSecAPIBasicHandler(const std::string& protected_data_filename,
  181. const std::string& legacy_password_path);
  182. LLSecAPIBasicHandler();
  183. void init();
  184. virtual ~LLSecAPIBasicHandler();
  185. // instantiate a certificate from a pem string
  186. virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert);
  187. // instiate a certificate from an openssl X509 structure
  188. virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
  189. // instantiate a chain from an X509_STORE_CTX
  190. virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
  191. // instantiate a cert store given it's id. if a persisted version
  192. // exists, it'll be loaded. If not, one will be created (but not
  193. // persisted)
  194. virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id);
  195. // persist data in a protected store
  196. virtual void setProtectedData(const std::string& data_type,
  197. const std::string& data_id,
  198. const LLSD& data);
  199. // retrieve protected data
  200. virtual LLSD getProtectedData(const std::string& data_type,
  201. const std::string& data_id);
  202. // delete a protected data item from the store
  203. virtual void deleteProtectedData(const std::string& data_type,
  204. const std::string& data_id);
  205. // credential management routines
  206. virtual LLPointer<LLCredential> createCredential(const std::string& grid,
  207. const LLSD& identifier,
  208. const LLSD& authenticator);
  209. virtual LLPointer<LLCredential> loadCredential(const std::string& grid);
  210. virtual void saveCredential(LLPointer<LLCredential> cred, bool save_authenticator);
  211. virtual void deleteCredential(LLPointer<LLCredential> cred);
  212. protected:
  213. void _readProtectedData();
  214. void _writeProtectedData();
  215. std::string _legacyLoadPassword();
  216. std::string mProtectedDataFilename;
  217. LLSD mProtectedDataMap;
  218. LLPointer<LLBasicCertificateStore> mStore;
  219. std::string mLegacyPasswordPath;
  220. };
  221. bool valueCompareLLSD(const LLSD& lhs, const LLSD& rhs);
  222. #endif // LLSECHANDLER_BASIC