[apple/security.git] / libsecurity_keychain / lib / SecTrustSettings.h

/*
 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * SecTrustSettings.h - Public interface for manipulation of certificate 
 *						Trust Settings. 
 */
 
#ifndef	_SECURITY_SEC_TRUST_SETTINGS_H_
#define _SECURITY_SEC_TRUST_SETTINGS_H_

#include <CoreFoundation/CoreFoundation.h>
#include <Security/cssmtype.h>
#include <Security/SecKeychain.h>
#include <Security/SecPolicy.h>
#include <Security/SecCertificate.h>

#ifdef __cplusplus
extern "C" {
#endif

/*
 * Any certificate (cert) which resides in a keychain can have associated with 
 * it a set of Trust Settings. Trust Settings specify conditions in which a 
 * given cert can be trusted or explicitly distrusted. A "trusted" cert is
 * either a root (self-signed) cert that, when a cert chain verifies back to that
 * root, the entire cert chain is trusted; or a non-root cert that does not need 
 * to verify to a trusted root cert (which is normally the case when verifying a 
 * cert chain). An "explicitly distrusted" cert is one which will, when encountered 
 * during the evaluation of a cert chain, cause immediate and unconditional failure 
 * of the verify operation. 
 * 
 * Trust Settings are configurable by the user; they can apply on three levels
 * (called domains):
 *
 * -- Per-user.
 * -- Locally administered, system-wide. Administrator privileges are required
 *    to make changes to this domain.
 * -- System. These Trust Settings are immutable and comprise the set of trusted
 *    root certificates supplied in Mac OS X. 
 *
 * Per-user Trust Settings override locally administered Trust Settings, which 
 * in turn override the System Trust Settings. 
 *
 * Each cert's Trust Settings are expressed as a CFArray which includes any 
 * number (including zero) of CFDictionaries, each of which comprises one set of
 * Usage Constraints. Each Usage Constraints dictionary contains zero or one of 
 * each the following components:
 *
 * key = kSecTrustSettingsPolicy		value = SecPolicyRef
 * key = kSecTrustSettingsApplication	value = SecTrustedApplicationRef
 * key = kSecTrustSettingsPolicyString	value = CFString, policy-specific
 * key = kSecTrustSettingsKeyUsage		value = CFNumber, an SInt32 key usage
 * 
 * A given Usage Constraints dictionary applies to a given cert if *all* of the 
 * usage constraint components specified in the dictionary match the usage of 
 * the cert being evaluated; when this occurs, the value of the 
 * kSecTrustSettingsResult entry in the dictionary, shown below, is the effective
 * trust setting for the cert. 
 *
 * key = kSecTrustSettingsResult		value = CFNumber, an SInt32 SecTrustSettingsResult
 *
 * The overall Trust Settings of a given cert are the sum of all such Usage 
 * Constraints CFDictionaries: Trust Settings for a given usage apply if *any* 
 * of the CFDictionaries in the cert's Trust Settings array satisfies
 * the specified usage. Thus, when a cert has multiple Usage Constraints 
 * dictionaries in its Trust Settings array, the overall Trust Settings
 * for the cert are
 *
 * (Usage Constraint 0 component 0 AND Usage Constraint 0 component 1 ...)
 *     -- OR --
 * (Usage Constraint 1 component 0 AND Usage Constraint 1 component 1 ...)
 *     -- OR --
 * ...
 *
 * Notes on the various Usage Constraints components:
 *
 * kSecTrustSettingsPolicy			Specifies a cert verification policy, e.g., SSL, 
 *									SMIME, etc.
 * kSecTrustSettingsApplication 	Specifies the application performing the cert 
 *									verification.
 * kSecTrustSettingsPolicyString 	Policy-specific. For the SMIME policy, this is 
 *									an email address. 
 *									For the SSL policy, this is a host name.
 * kSecTrustSettingsKeyUsage		A bitfield indicating key operations (sign, 
 *									encrypt, etc.) for which this Usage Constraint 
 *									apply. Values are defined below as the 
 *									SecTrustSettingsKeyUsage enum. 
 * kSecTrustSettingsResult			The resulting trust value. If not present this has a
 *									default of kSecTrustSettingsResultTrustRoot, meaning 
 *								 	"trust this root cert". Other legal values are:
 *									kSecTrustSettingsResultTrustAsRoot : trust non-root
 *										cert as if it were a trusted root. 
 *									kSecTrustSettingsResultDeny : explicitly distrust this
 *										cert. 
 *									kSecTrustSettingsResultUnspecified : neither trust nor
 *										distrust; can be used to specify an "Allowed error" 
 *										(see below) without assigning trust to a specific 
 *										cert. 
 *
 * Another optional component in a Usage Constraints dictionary is a CSSM_RETURN
 * which, if encountered during certificate verification, is ignored for that
 * cert. These "allowed error" values are constrained by Usage Constraints as
 * described above; a Usage Constraint dictionary with no constraints but with
 * an Allowed Error value causes that error to always be allowed when the cert
 * is being evaluated.
 *
 * The "allowed error" entry in a Usage Constraints dictionary is formatted 
 * as follows:
 * 
 * key = kSecTrustSettingsAllowedError	value = CFNumber, an SInt32 CSSM_RETURN 
 *
 * Note that if kSecTrustSettingsResult value of kSecTrustSettingsResultUnspecified
 * is *not* present for a Usage Constraints dictionary with no Usage 
 * Constraints, the default of kSecTrustSettingsResultTrustRoot is assumed. To 
 * specify a kSecTrustSettingsAllowedError without explicitly trusting (or 
 * distrusting) the associated cert, specify kSecTrustSettingsResultUnspecified 
 * for the kSecTrustSettingsResult component. 
 *
 * Note that an empty Trust Settings array means "always trust this cert, 
 * with a resulting kSecTrustSettingsResult of kSecTrustSettingsResultTrustRoot". 
 * An empty Trust Settings array is definitely not the same as *no* Trust 
 * Settings, which means "this cert must be verified to a known trusted cert". 
 *
 * Note the distinction between kSecTrustSettingsResultTrustRoot and
 * kSecTrustSettingsResultTrustAsRoot; the former can only be applied to 
 * root (self-signed) certs; the latter can only be applied to non-root 
 * certs. This also means that an empty TrustSettings array for a non-root
 * cert is invalid, since the default value for kSecTrustSettingsResult is
 * kSecTrustSettingsResultTrustRoot, which is invalid for a non-root cert. 
 *
 * Authentication
 * --------------
 * 
 * When making changes to the per-user Trust Settings, the user will be 
 * prompted with an alert panel asking for authentication via user name a 
 * password (or other credentials normally used for login). This means 
 * that it is not possible to modify per-user Trust Settings when not 
 * running in a GUI environment (i.e. the user is not logged in via 
 * Loginwindow). 
 * 
 * When making changes to the system-wide Trust Settings, the user will be 
 * prompted with an alert panel asking for an administrator's name and 
 * password, unless the calling process is running as root in which case
 * no futher authentication is needed.
 */
 
/*
 * The keys in one Usage Constraints dictionary.
 */
#define kSecTrustSettingsPolicy			CFSTR("kSecTrustSettingsPolicy")
#define kSecTrustSettingsApplication	CFSTR("kSecTrustSettingsApplication")
#define kSecTrustSettingsPolicyString	CFSTR("kSecTrustSettingsPolicyString")
#define kSecTrustSettingsKeyUsage		CFSTR("kSecTrustSettingsKeyUsage")
#define kSecTrustSettingsAllowedError	CFSTR("kSecTrustSettingsAllowedError")
#define kSecTrustSettingsResult			CFSTR("kSecTrustSettingsResult")

/* 
 * Key usage bits, the value for Usage Constraints key kSecTrustSettingsKeyUsage.
 */ 
enum {
	/* sign/verify data */
	kSecTrustSettingsKeyUseSignature		= 0x00000001,	
	/* bulk encryption */
	kSecTrustSettingsKeyUseEnDecryptData	= 0x00000002,	
	/* key wrap/unwrap */
	kSecTrustSettingsKeyUseEnDecryptKey		= 0x00000004,	
	/* sign/verify cert */
	kSecTrustSettingsKeyUseSignCert			= 0x00000008,	
	/* sign/verify CRL and OCSP */
	kSecTrustSettingsKeyUseSignRevocation	= 0x00000010,	
	/* key exchange, e.g., Diffie-Hellman */
	kSecTrustSettingsKeyUseKeyExchange		= 0x00000020,	
	/* any usage (the default if this value is not specified) */
	kSecTrustSettingsKeyUseAny				= 0xffffffff	
};
typedef uint32 SecTrustSettingsKeyUsage;

/*
 * The effective Trust Setting result.
 */
enum {
	kSecTrustSettingsResultInvalid = 0,		/* Never valid in a Trust Settings array or 
											 * in an API call. */
	kSecTrustSettingsResultTrustRoot,		/* Root cert is explicitly trusted */
	kSecTrustSettingsResultTrustAsRoot,		/* Non-root cert is explicitly trusted */
	kSecTrustSettingsResultDeny,			/* Cert is explicitly distrusted */
	kSecTrustSettingsResultUnspecified		/* Neither trusted nor distrusted; evaluation
											 * proceeds as usual */
};
typedef uint32 SecTrustSettingsResult;

/* 
 * Specify user, local administrator, or system domain Trust Settings. 
 * Note that kSecTrustSettingsDomainSystem settings are read-only, even by
 * root.  
 */
enum {
	kSecTrustSettingsDomainUser = 0,
	kSecTrustSettingsDomainAdmin,
	kSecTrustSettingsDomainSystem
};
typedef uint32 SecTrustSettingsDomain;

/*
 * SecCertificateRef value indicating the default Root Certificate Trust Settings 
 * for a given domain. When evaluating Trust Settings for a root cert in 
 * a given domain, *and* no matching explicit Trust Settings exists for the 
 * root cert in questions, *and* default Root Cert Trust Settings exist
 * in that domain which matches the evaluation condition, then the 
 * SecTrustSettingsResult for that default Trust Setting (if not 
 * kSecTrustSettingsResultUnspecified) will apply. 
 *
 * This can be used e.g. by a system administrator to explicilty distrust all 
 * of the root certs in the (immutable) system domain for a specific policy. 
 *
 * This const is passed as the 'SecCertificateRef certRef' argument to 
 * SecTrustSettingsCopyTrustSettings(), SecTrustSettingsSetTrustSettings(),
 * and SecTrustSettingsRemoveTrustSettings(), and 
 * SecTrustSettingsCopyModificationDate(). 
 */
#define kSecTrustSettingsDefaultRootCertSetting		((SecCertificateRef)-1)

/* 
 * Obtain Trust Settings for specified cert.
 * Caller must CFRelease() the returned CFArray. 
 * Returns errSecItemNotFound if no Trust settings exist for the cert.
 */
OSStatus SecTrustSettingsCopyTrustSettings(
	SecCertificateRef		certRef, 
	SecTrustSettingsDomain	domain,	
	CFArrayRef				*trustSettings);	/* RETURNED */

/* 
 * Specify Trust Settings for specified cert. If specified cert
 * already has Trust Settings in the specified domain, they will 
 * be replaced.
 * The trustSettingsDictOrArray parameter is either a CFDictionary,
 * a CFArray of them, or NULL. NULL indicates "always trust this 
 * root cert regardless of usage". 
 */
OSStatus SecTrustSettingsSetTrustSettings(
	SecCertificateRef		certRef, 
	SecTrustSettingsDomain	domain,	
	CFTypeRef				trustSettingsDictOrArray);

/*
 * Delete Trust Settings for specified cert. 
 * Returns errSecItemNotFound if no Trust settings exist for the cert.
 */
OSStatus SecTrustSettingsRemoveTrustSettings(
	SecCertificateRef		certRef, 
	SecTrustSettingsDomain	domain);	

/* 
 * Obtain an array of all certs which have Trust Settings in the 
 * specified domain. Elements in the returned certArray are
 * SecCertificateRefs. 
 * Caller must CFRelease() the returned array.
 * Returns errSecNoTrustSettings if no trust settings exist
 * for the specified domain. 
 */
OSStatus SecTrustSettingsCopyCertificates(
	SecTrustSettingsDomain	domain,		
	CFArrayRef				*certArray);

/* 
 * Obtain the time at which a specified cert's Trust Settings
 * were last modified. Caller must CFRelease the result. 
 * Returns errSecItemNotFound if no Trust Settings exist for specified 
 * cert and domain. 
 */
OSStatus SecTrustSettingsCopyModificationDate(
	SecCertificateRef		certRef, 
	SecTrustSettingsDomain	domain,
	CFDateRef				*modificationDate);	/* RETURNED */

/*
 * Obtain an external, portable representation of the specified 
 * domain's TrustSettings. Caller must CFRelease the returned data. 
 * Returns errSecNoTrustSettings if no trust settings exist
 * for the specified domain. 
 */
OSStatus SecTrustSettingsCreateExternalRepresentation(
	SecTrustSettingsDomain	domain,
	CFDataRef				*trustSettings);

/*
 * Import trust settings, obtained via SecTrustSettingsCreateExternalRepresentation,
 * into the specified domain. 
 */
OSStatus SecTrustSettingsImportExternalRepresentation(
	SecTrustSettingsDomain	domain,
	CFDataRef				trustSettings);

#ifdef __cplusplus
}
#endif

#endif	/* _SECURITY_SEC_TRUST_SETTINGS_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* SecTrustSettings.h - Public interface for manipulation of certificate
	26	* Trust Settings.
	27	*/
	28
	29	#ifndef _SECURITY_SEC_TRUST_SETTINGS_H_
	30	#define _SECURITY_SEC_TRUST_SETTINGS_H_
	31
	32	#include <CoreFoundation/CoreFoundation.h>
	33	#include <Security/cssmtype.h>
	34	#include <Security/SecKeychain.h>
	35	#include <Security/SecPolicy.h>
	36	#include <Security/SecCertificate.h>
	37
	38	#ifdef __cplusplus
	39	extern "C" {
	40	#endif
	41
	42	/*
	43	* Any certificate (cert) which resides in a keychain can have associated with
	44	* it a set of Trust Settings. Trust Settings specify conditions in which a
	45	* given cert can be trusted or explicitly distrusted. A "trusted" cert is
	46	* either a root (self-signed) cert that, when a cert chain verifies back to that
	47	* root, the entire cert chain is trusted; or a non-root cert that does not need
	48	* to verify to a trusted root cert (which is normally the case when verifying a
	49	* cert chain). An "explicitly distrusted" cert is one which will, when encountered
	50	* during the evaluation of a cert chain, cause immediate and unconditional failure
	51	* of the verify operation.
	52	*
	53	* Trust Settings are configurable by the user; they can apply on three levels
	54	* (called domains):
	55	*
	56	* -- Per-user.
	57	* -- Locally administered, system-wide. Administrator privileges are required
	58	* to make changes to this domain.
	59	* -- System. These Trust Settings are immutable and comprise the set of trusted
	60	* root certificates supplied in Mac OS X.
	61	*
	62	* Per-user Trust Settings override locally administered Trust Settings, which
	63	* in turn override the System Trust Settings.
	64	*
65	* Each cert's Trust Settings are expressed as a CFArray which includes any
66	* number (including zero) of CFDictionaries, each of which comprises one set of
67	* Usage Constraints. Each Usage Constraints dictionary contains zero or one of
68	* each the following components:
69	*
70	* key = kSecTrustSettingsPolicy value = SecPolicyRef
71	* key = kSecTrustSettingsApplication value = SecTrustedApplicationRef
72	* key = kSecTrustSettingsPolicyString value = CFString, policy-specific
73	* key = kSecTrustSettingsKeyUsage value = CFNumber, an SInt32 key usage
74	*
75	* A given Usage Constraints dictionary applies to a given cert if all of the
76	* usage constraint components specified in the dictionary match the usage of
77	* the cert being evaluated; when this occurs, the value of the
78	* kSecTrustSettingsResult entry in the dictionary, shown below, is the effective
79	* trust setting for the cert.
80	*
81	* key = kSecTrustSettingsResult value = CFNumber, an SInt32 SecTrustSettingsResult
82	*
83	* The overall Trust Settings of a given cert are the sum of all such Usage
84	* Constraints CFDictionaries: Trust Settings for a given usage apply if any
85	* of the CFDictionaries in the cert's Trust Settings array satisfies
86	* the specified usage. Thus, when a cert has multiple Usage Constraints
87	* dictionaries in its Trust Settings array, the overall Trust Settings
88	* for the cert are
89	*
90	* (Usage Constraint 0 component 0 AND Usage Constraint 0 component 1 ...)
91	* -- OR --
92	* (Usage Constraint 1 component 0 AND Usage Constraint 1 component 1 ...)
93	* -- OR --
94	* ...
95	*
96	* Notes on the various Usage Constraints components:
97	*
98	* kSecTrustSettingsPolicy Specifies a cert verification policy, e.g., SSL,
99	* SMIME, etc.
100	* kSecTrustSettingsApplication Specifies the application performing the cert
101	* verification.
102	* kSecTrustSettingsPolicyString Policy-specific. For the SMIME policy, this is
103	* an email address.
104	* For the SSL policy, this is a host name.
105	* kSecTrustSettingsKeyUsage A bitfield indicating key operations (sign,
106	* encrypt, etc.) for which this Usage Constraint
107	* apply. Values are defined below as the
108	* SecTrustSettingsKeyUsage enum.
109	* kSecTrustSettingsResult The resulting trust value. If not present this has a
110	* default of kSecTrustSettingsResultTrustRoot, meaning
111	* "trust this root cert". Other legal values are:
112	* kSecTrustSettingsResultTrustAsRoot : trust non-root
113	* cert as if it were a trusted root.
114	* kSecTrustSettingsResultDeny : explicitly distrust this
115	* cert.
116	* kSecTrustSettingsResultUnspecified : neither trust nor
117	* distrust; can be used to specify an "Allowed error"
118	* (see below) without assigning trust to a specific
119	* cert.
120	*
121	* Another optional component in a Usage Constraints dictionary is a CSSM_RETURN
122	* which, if encountered during certificate verification, is ignored for that
123	* cert. These "allowed error" values are constrained by Usage Constraints as
124	* described above; a Usage Constraint dictionary with no constraints but with
125	* an Allowed Error value causes that error to always be allowed when the cert
126	* is being evaluated.
127	*
128	* The "allowed error" entry in a Usage Constraints dictionary is formatted
129	* as follows:
130	*
131	* key = kSecTrustSettingsAllowedError value = CFNumber, an SInt32 CSSM_RETURN
132	*
133	* Note that if kSecTrustSettingsResult value of kSecTrustSettingsResultUnspecified
134	* is not present for a Usage Constraints dictionary with no Usage
135	* Constraints, the default of kSecTrustSettingsResultTrustRoot is assumed. To
136	* specify a kSecTrustSettingsAllowedError without explicitly trusting (or
137	* distrusting) the associated cert, specify kSecTrustSettingsResultUnspecified
138	* for the kSecTrustSettingsResult component.
139	*
140	* Note that an empty Trust Settings array means "always trust this cert,
141	* with a resulting kSecTrustSettingsResult of kSecTrustSettingsResultTrustRoot".
142	* An empty Trust Settings array is definitely not the same as no Trust
143	* Settings, which means "this cert must be verified to a known trusted cert".
144	*
145	* Note the distinction between kSecTrustSettingsResultTrustRoot and
146	* kSecTrustSettingsResultTrustAsRoot; the former can only be applied to
147	* root (self-signed) certs; the latter can only be applied to non-root
148	* certs. This also means that an empty TrustSettings array for a non-root
149	* cert is invalid, since the default value for kSecTrustSettingsResult is
150	* kSecTrustSettingsResultTrustRoot, which is invalid for a non-root cert.
151	*
152	* Authentication
153	* --------------
154	*
155	* When making changes to the per-user Trust Settings, the user will be
156	* prompted with an alert panel asking for authentication via user name a
157	* password (or other credentials normally used for login). This means
158	* that it is not possible to modify per-user Trust Settings when not
159	* running in a GUI environment (i.e. the user is not logged in via
160	* Loginwindow).
161	*
162	* When making changes to the system-wide Trust Settings, the user will be
163	* prompted with an alert panel asking for an administrator's name and
164	* password, unless the calling process is running as root in which case
165	* no futher authentication is needed.
166	*/
167
168	/*
169	* The keys in one Usage Constraints dictionary.
170	*/
171	#define kSecTrustSettingsPolicy CFSTR("kSecTrustSettingsPolicy")
172	#define kSecTrustSettingsApplication CFSTR("kSecTrustSettingsApplication")
173	#define kSecTrustSettingsPolicyString CFSTR("kSecTrustSettingsPolicyString")
174	#define kSecTrustSettingsKeyUsage CFSTR("kSecTrustSettingsKeyUsage")
175	#define kSecTrustSettingsAllowedError CFSTR("kSecTrustSettingsAllowedError")
176	#define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult")
177
178	/*
179	* Key usage bits, the value for Usage Constraints key kSecTrustSettingsKeyUsage.
180	*/
181	enum {
182	/* sign/verify data */
183	kSecTrustSettingsKeyUseSignature = 0x00000001,
184	/* bulk encryption */
185	kSecTrustSettingsKeyUseEnDecryptData = 0x00000002,
186	/* key wrap/unwrap */
187	kSecTrustSettingsKeyUseEnDecryptKey = 0x00000004,
188	/* sign/verify cert */
189	kSecTrustSettingsKeyUseSignCert = 0x00000008,
190	/* sign/verify CRL and OCSP */
191	kSecTrustSettingsKeyUseSignRevocation = 0x00000010,
192	/* key exchange, e.g., Diffie-Hellman */
193	kSecTrustSettingsKeyUseKeyExchange = 0x00000020,
194	/* any usage (the default if this value is not specified) */
195	kSecTrustSettingsKeyUseAny = 0xffffffff
196	};
197	typedef uint32 SecTrustSettingsKeyUsage;
198
199	/*
200	* The effective Trust Setting result.
201	*/
202	enum {
203	kSecTrustSettingsResultInvalid = 0, /* Never valid in a Trust Settings array or
204	* in an API call. */
205	kSecTrustSettingsResultTrustRoot, /* Root cert is explicitly trusted */
206	kSecTrustSettingsResultTrustAsRoot, /* Non-root cert is explicitly trusted */
207	kSecTrustSettingsResultDeny, /* Cert is explicitly distrusted */
208	kSecTrustSettingsResultUnspecified /* Neither trusted nor distrusted; evaluation
209	* proceeds as usual */
210	};
211	typedef uint32 SecTrustSettingsResult;
212
213	/*
214	* Specify user, local administrator, or system domain Trust Settings.
215	* Note that kSecTrustSettingsDomainSystem settings are read-only, even by
216	* root.
217	*/
218	enum {
219	kSecTrustSettingsDomainUser = 0,
220	kSecTrustSettingsDomainAdmin,
221	kSecTrustSettingsDomainSystem
222	};
223	typedef uint32 SecTrustSettingsDomain;
224
225	/*
226	* SecCertificateRef value indicating the default Root Certificate Trust Settings
227	* for a given domain. When evaluating Trust Settings for a root cert in
228	* a given domain, and no matching explicit Trust Settings exists for the
229	* root cert in questions, and default Root Cert Trust Settings exist
230	* in that domain which matches the evaluation condition, then the
231	* SecTrustSettingsResult for that default Trust Setting (if not
232	* kSecTrustSettingsResultUnspecified) will apply.
233	*
234	* This can be used e.g. by a system administrator to explicilty distrust all
235	* of the root certs in the (immutable) system domain for a specific policy.
236	*
237	* This const is passed as the 'SecCertificateRef certRef' argument to
238	* SecTrustSettingsCopyTrustSettings(), SecTrustSettingsSetTrustSettings(),
239	* and SecTrustSettingsRemoveTrustSettings(), and
240	* SecTrustSettingsCopyModificationDate().
241	*/
242	#define kSecTrustSettingsDefaultRootCertSetting ((SecCertificateRef)-1)
243
244	/*
245	* Obtain Trust Settings for specified cert.
246	* Caller must CFRelease() the returned CFArray.
247	* Returns errSecItemNotFound if no Trust settings exist for the cert.
248	*/
249	OSStatus SecTrustSettingsCopyTrustSettings(
250	SecCertificateRef certRef,
251	SecTrustSettingsDomain domain,
252	CFArrayRef trustSettings); / RETURNED */
253
254	/*
255	* Specify Trust Settings for specified cert. If specified cert
256	* already has Trust Settings in the specified domain, they will
257	* be replaced.
258	* The trustSettingsDictOrArray parameter is either a CFDictionary,
259	* a CFArray of them, or NULL. NULL indicates "always trust this
260	* root cert regardless of usage".
261	*/
262	OSStatus SecTrustSettingsSetTrustSettings(
263	SecCertificateRef certRef,
264	SecTrustSettingsDomain domain,
265	CFTypeRef trustSettingsDictOrArray);
266
267	/*
268	* Delete Trust Settings for specified cert.
269	* Returns errSecItemNotFound if no Trust settings exist for the cert.
270	*/
271	OSStatus SecTrustSettingsRemoveTrustSettings(
272	SecCertificateRef certRef,
273	SecTrustSettingsDomain domain);
274
275	/*
276	* Obtain an array of all certs which have Trust Settings in the
277	* specified domain. Elements in the returned certArray are
278	* SecCertificateRefs.
279	* Caller must CFRelease() the returned array.
280	* Returns errSecNoTrustSettings if no trust settings exist
281	* for the specified domain.
282	*/
283	OSStatus SecTrustSettingsCopyCertificates(
284	SecTrustSettingsDomain domain,
285	CFArrayRef *certArray);
286
287	/*
288	* Obtain the time at which a specified cert's Trust Settings
289	* were last modified. Caller must CFRelease the result.
290	* Returns errSecItemNotFound if no Trust Settings exist for specified
291	* cert and domain.
292	*/
293	OSStatus SecTrustSettingsCopyModificationDate(
294	SecCertificateRef certRef,
295	SecTrustSettingsDomain domain,
296	CFDateRef modificationDate); / RETURNED */
297
298	/*
299	* Obtain an external, portable representation of the specified
300	* domain's TrustSettings. Caller must CFRelease the returned data.
301	* Returns errSecNoTrustSettings if no trust settings exist
302	* for the specified domain.
303	*/
304	OSStatus SecTrustSettingsCreateExternalRepresentation(
305	SecTrustSettingsDomain domain,
306	CFDataRef *trustSettings);
307
308	/*
309	* Import trust settings, obtained via SecTrustSettingsCreateExternalRepresentation,
310	* into the specified domain.
311	*/
312	OSStatus SecTrustSettingsImportExternalRepresentation(
313	SecTrustSettingsDomain domain,
314	CFDataRef trustSettings);
315
316	#ifdef __cplusplus
317	}
318	#endif
319
320	#endif /* _SECURITY_SEC_TRUST_SETTINGS_H_ */
321