Cradicle Explorer
darling-security
/ securityd / src / tokenkey.cpp
tokenkey.cpp
  1  /*
  2   * Copyright (c) 2004,2008 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  
 25  //
 26  // tokenkey - remote reference key on an attached hardware token
 27  //
 28  #include "tokenkey.h"
 29  #include "tokendatabase.h"
 30  
 31  
 32  //
 33  // Construct a TokenKey from a reference handle and key header
 34  //
 35  TokenKey::TokenKey(TokenDatabase &db, KeyHandle tokenKey, const CssmKey::Header &hdr)
 36  	: Key(db), mKey(tokenKey), mHeader(hdr)
 37  {
 38  	db.addReference(*this);
 39  }
 40  
 41  
 42  //
 43  // Destruction of a TokenKey releases the reference from tokend
 44  //
 45  TokenKey::~TokenKey()
 46  {
 47  	try {
 48  		database().token().tokend().releaseKey(mKey);
 49  	} catch (...) {
 50  		secinfo("tokendb", "%p release key handle %u threw (ignored)",
 51  			this, mKey);
 52  	}
 53  }
 54  
 55  
 56  //
 57  // Links through the object mesh
 58  //
 59  TokenDatabase &TokenKey::database() const
 60  {
 61  	return referent<TokenDatabase>();
 62  }
 63  
 64  Token &TokenKey::token()
 65  {
 66  	return database().token();
 67  }
 68  
 69  GenericHandle TokenKey::tokenHandle() const
 70  {
 71  	return mKey;	// tokend-side handle
 72  }
 73  
 74  
 75  //
 76  // Canonical external attributes (taken directly from the key header)
 77  //
 78  CSSM_KEYATTR_FLAGS TokenKey::attributes()
 79  {
 80  	return mHeader.attributes();
 81  }
 82  
 83  
 84  //
 85  // Return-to-caller processing (trivial in this case)
 86  //
 87  void TokenKey::returnKey(Handle &h, CssmKey::Header &hdr)
 88  {
 89  	h = this->handle();
 90  	hdr = mHeader;
 91  }
 92  
 93  
 94  //
 95  // We're a key (duh)
 96  //
 97  AclKind TokenKey::aclKind() const
 98  {
 99  	return keyAcl;
100  }
101  
102  
103  //
104  // Right now, key ACLs are at the process level
105  //
106  SecurityServerAcl &TokenKey::acl()
107  {
108  	return *this;
109  }
110  
111  
112  //
113  // The related database is, naturally enough, the TokenDatabase we're in
114  //
115  Database *TokenKey::relatedDatabase()
116  {
117  	return &database();
118  }
119  
120  
121  //
122  // Generate the canonical key digest.
123  // This is not currently supported through tokend. If we need it,
124  // we'll have to force unlock and fake it (in tokend, most likely).
125  //
126  const CssmData &TokenKey::canonicalDigest()
127  {
128  	CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
129  }