[apple/security.git] / libsecurity_smime / lib / cert.h

/*
 *  cert.h
 *  security_smime
 *
 *  Created by john on Wed Mar 12 2003.
 *  Copyright (c) 2003 __MyCompanyName__. All rights reserved.
 *
 */

#ifndef _CERT_H_
#define _CERT_H_ 1

#include <Security/SecCmsBase.h>
#include <Security/nameTemplates.h>
#include <Security/SecCertificate.h>
#include <CoreFoundation/CFDate.h>
#include <Security/SecTrust.h>
#include "cmstpriv.h"
#include <security_asn1/seccomon.h>

/************************************************************************/
SEC_BEGIN_PROTOS

#if !USE_CDSA_CRYPTO
bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial);
#endif

typedef void CERTVerifyLog;

void CERT_NormalizeX509NameNSS(NSS_Name *nssName);

SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray,
			 char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win);

SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle,
			 char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win);

// Find a certificate in the database by a email address or nickname
// "name" is the email address or nickname to look up
SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name);

SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey);
void SECKEY_DestroyPublicKey(SecPublicKeyRef CF_CONSUMED pubKey);
SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey);
void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey);
void CERT_DestroyCertificate(SecCertificateRef cert);
SecCertificateRef CERT_DupCertificate(SecCertificateRef cert);

// from security/nss/lib/certdb/cert.h

/*
    Substitutions:
    CERTCertificate * 		->	SecCertificateRef
    SECKEYPublicKey *		-> 	SecPublicKeyRef
    CERTCertDBHandle *		->	SecKeychainRef
    CERT_GetDefaultCertDB	->	OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
    CERTCertificateList *	->	CFArrayRef
*/

// Generate a certificate chain from a certificate.

CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot, Boolean mustIncludeRoot);

CF_RETURNS_RETAINED CFArrayRef CERT_CertListFromCert(SecCertificateRef cert);

CFArrayRef CERT_DupCertList(CFArrayRef oldList);

// Extract a public key object from a SubjectPublicKeyInfo
SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert);

SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage);

// Find a certificate in the database by a email address
// "emailAddr" is the email address to look up
SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr);

// Find a certificate in the database by a DER encoded certificate
// "derCert" is the DER encoded certificate
SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SecAsn1Item *derCert);

// Generate a certificate key from the issuer and serialnumber, then look it up in the database.
// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);

SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);

SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);

SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
SecCertificateRef CERT_FindCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);

// find the smime symmetric capabilities profile for a given cert
SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert);

// Return the decoded value of the subjectKeyID extension. The caller should 
// free up the storage allocated in retItem->data.
SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SecAsn1Item *retItem);

// Extract the issuer and serial number from a certificate
SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert);

// import a collection of certs into the temporary or permanent cert database
SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts,
    SecAsn1Item **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname);

SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item *emailProfile,SecAsn1Item *profileTime);

// Check the hostname to make sure that it matches the shexp that
// is given in the common name of the certificate.
SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname);

#if USE_CDSA_CRYPTO
SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert,
			  CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
#else
SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert,
			  CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
#endif

CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage);

/************************************************************************/
SEC_END_PROTOS

#endif /* _CERT_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* cert.h
	3	* security_smime
	4	*
	5	* Created by john on Wed Mar 12 2003.
	6	* Copyright (c) 2003 __MyCompanyName__. All rights reserved.
	7	*
	8	*/
	9
	10	#ifndef _CERT_H_
	11	#define _CERT_H_ 1
	12
b54c578e	13	#include <Security/SecCmsBase.h>
b1ab9ed8 A	14	#include <Security/nameTemplates.h>
	15	#include <Security/SecCertificate.h>
	16	#include <CoreFoundation/CFDate.h>
	17	#include <Security/SecTrust.h>
	18	#include "cmstpriv.h"
d8f41ccd	19	#include <security_asn1/seccomon.h>
b1ab9ed8 A	20
	21	/************************************************************************/
	22	SEC_BEGIN_PROTOS
	23
866f8763	24	#if !USE_CDSA_CRYPTO
d8f41ccd	25	bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item issuer, SecAsn1Item serial);
866f8763	26	#endif
d8f41ccd	27
b1ab9ed8 A	28	typedef void CERTVerifyLog;
	29
	30	void CERT_NormalizeX509NameNSS(NSS_Name *nssName);
	31
	32	SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray,
	33	char nickname, SECCertUsage usage, Boolean validOnly, void proto_win);
	34
	35	SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle,
	36	char nickname,SECCertUsage usage,Boolean validOnly,void proto_win);
	37
	38	// Find a certificate in the database by a email address or nickname
	39	// "name" is the email address or nickname to look up
	40	SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name);
	41
	42	SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey);
b54c578e	43	void SECKEY_DestroyPublicKey(SecPublicKeyRef CF_CONSUMED pubKey);
b1ab9ed8 A	44	SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey);
	45	void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey);
	46	void CERT_DestroyCertificate(SecCertificateRef cert);
	47	SecCertificateRef CERT_DupCertificate(SecCertificateRef cert);
	48
	49	// from security/nss/lib/certdb/cert.h
	50
	51	/*
	52	Substitutions:
	53	CERTCertificate * -> SecCertificateRef
	54	SECKEYPublicKey * -> SecPublicKeyRef
	55	CERTCertDBHandle * -> SecKeychainRef
	56	CERT_GetDefaultCertDB -> OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
	57	CERTCertificateList * -> CFArrayRef
	58	*/
	59
	60	// Generate a certificate chain from a certificate.
	61
b54c578e	62	CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot, Boolean mustIncludeRoot);
b1ab9ed8	63
b54c578e	64	CF_RETURNS_RETAINED CFArrayRef CERT_CertListFromCert(SecCertificateRef cert);
b1ab9ed8 A	65
	66	CFArrayRef CERT_DupCertList(CFArrayRef oldList);
	67
	68	// Extract a public key object from a SubjectPublicKeyInfo
	69	SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert);
	70
	71	SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage);
	72
	73	// Find a certificate in the database by a email address
	74	// "emailAddr" is the email address to look up
	75	SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr);
	76
	77	// Find a certificate in the database by a DER encoded certificate
	78	// "derCert" is the DER encoded certificate
d8f41ccd	79	SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SecAsn1Item *derCert);
b1ab9ed8 A	80
	81	// Generate a certificate key from the issuer and serialnumber, then look it up in the database.
	82	// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
d8f41ccd	83	SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
b1ab9ed8	84
d8f41ccd	85	SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
b1ab9ed8 A	86
b1ab9ed8 A	87	SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
d8f41ccd	88	SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
b1ab9ed8	89
d8f41ccd	90	SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
866f8763	91	SecCertificateRef CERT_FindCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
b1ab9ed8 A	92
b1ab9ed8 A	93	// find the smime symmetric capabilities profile for a given cert
d8f41ccd	94	SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert);
b1ab9ed8 A	95
	96	// Return the decoded value of the subjectKeyID extension. The caller should
	97	// free up the storage allocated in retItem->data.
d8f41ccd	98	SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SecAsn1Item *retItem);
b1ab9ed8 A	99
	100	// Extract the issuer and serial number from a certificate
	101	SecCmsIssuerAndSN CERT_GetCertIssuerAndSN(PRArenaPool pl, SecCertificateRef cert);
	102
	103	// import a collection of certs into the temporary or permanent cert database
	104	SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts,
d8f41ccd	105	SecAsn1Item derCerts,SecCertificateRef retCerts, Boolean keepCerts,Boolean caOnly, char *nickname);
b1ab9ed8	106
d8f41ccd	107	SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item emailProfile,SecAsn1Item profileTime);
b1ab9ed8 A	108
	109	// Check the hostname to make sure that it matches the shexp that
	110	// is given in the common name of the certificate.
	111	SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname);
	112
866f8763 A	113	#if USE_CDSA_CRYPTO
	114	SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert,
	115	CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
	116	#else
d8f41ccd A	117	SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert,
d8f41ccd A	118	CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
866f8763	119	#endif
b1ab9ed8 A	120
	121	CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage);
	122
	123	/************************************************************************/
	124	SEC_END_PROTOS
	125
	126	#endif /* _CERT_H_ */