[apple/security.git] / OSX / libsecurity_manifest / lib / SecureDownload.h

#ifndef __SECURE_DOWNLOAD__
#define __SECURE_DOWNLOAD__

#if defined(__cplusplus)
extern "C" {
#endif

/*
 * Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
	@header SecureDownload
	@abstract Used by clients to implement Apple's Verified Download System.

	          Please note that a succesful check does not guarantee anything about
			  the safety of the file being downloaded. Rather, it simply checks to make sure
			  that the contents of the file being downloaded exactly matches the contents
			  of the file when the ticket was originally generated.

			  To use, do the following:
				1:  Download the secure download ticket.
				2:  Pass the ticket to SecureDownloadCreateWithTicket.  On error, call
					SecureDownloadGetTrustRef to return data that will help you figure
					out why the ticket was bad.
				3:  If SecureDownloadCreateWithTicket returns errSecSuccess, call SecureDownloadCopyURLs
					to return a list of data download locations.  Begin downloading data from
					the first URL in the list.  If that download fails, try downloading from
					the second URL, and so forth.
				4:	Each time you receive data, call SecureDownloadReceivedData.
				5:  Once all data has been received, call SecureDownloadFinished.
				6:  Release the SecureDownloadRef by calling SecureDownloadRelease.
*/


#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecBase.h>


typedef struct OpaqueSecureDownload *SecureDownloadRef;

enum {
	errSecureDownloadInvalidTicket = -20052,
	errSecureDownloadInvalidDownload = -20053
};

/*!
	@enum _SecureDownloadSetupCallbackResult
	@discussion This type is used to indicate whether or not a
				signer should be evaluated.
	@constant kSecureDownloadDoNotEvaluateSigner Indicates that the signer should not be evaluated.
	@constant kSecureDownloadEvaluateSigner Indicates that the signer should be evaluated.
	@constant kSecureDownloadFailEvaluation Indicates that evaluation should fail immediately.
*/

typedef enum _SecureDownloadTrustCallbackResult 
{
	kSecureDownloadDoNotEvaluateSigner = 0,
	kSecureDownloadEvaluateSigner = 1,
	kSecureDownloadFailEvaluation = 2
} SecureDownloadTrustCallbackResult;

/*!
	@typedef SecureDownloadTrustSetupCallback
	@discussion This callback is used to determine whether trust for a particular
				signer should be evaluated.
	@param trustRef The trustRef for this evaluation
	@param setupContext user defined.
	@result A SecureDownloadTrustCallbackResult (see).
*/

typedef SecureDownloadTrustCallbackResult(*SecureDownloadTrustSetupCallback)
			(SecTrustRef trustRef, void* setupContext);

/*!
	@typedef SecureDownloadTrustEvaluateCallback
	@discussion This callback is used called after trust has been evaluated.
	@param trustRef The trustRef for this evaluation
	@param result The result of the evaluation (See the SecTrust documentation).
	@param evaluateContext user defined.
	@result A SecTrustResultType.  Return the value passed in result if you
			do not want to change the evaluation result.
*/

typedef SecTrustResultType(*SecureDownloadTrustEvaluateCallback)
			(SecTrustRef trustRef, SecTrustResultType result,
			 void *evaluateContext);

/*!
	@function SecureDownloadCreateWithTicket
	@abstract Create a SecureDownloadRef for use during the Secure Download process.
	@param ticket The download ticket.
	@param setupCallback Called before trust is verified for each signer of the ticket.
						 This allows the user to modify the SecTrustRef if needed
						 (see the SecTrust documentation).  Returns a SecureDownloadTrustCallbackResult (see).
	@param setupContext User defined.  Passed as a parameter to the setupCallback.
	@param evaluateCallback Called after SecTrustEvaluate has been called for a
							signer if the result was not trusted. This allows
							the developer to query the user as to whether or not
							to trust the signer.  Returns a SecTrustResultType
	@param evaluateContext User defined.  Passed as a parameter to the evaluate callback.
	@param downloadRef The returned reference.
	@result Returns errSecureDownloadInvalidTicket if the ticket was invalid.  Otherwise
			see "Security Error Codes" (SecBase.h).
.
*/

OSStatus SecureDownloadCreateWithTicket (CFDataRef ticket,
										 SecureDownloadTrustSetupCallback setup,
										 void* setupContext,
										 SecureDownloadTrustEvaluateCallback evaluate,
										 void* evaluateContext,
										 SecureDownloadRef* downloadRef);

/*!
	@function SecureDownloadCopyURLs
	@abstract Return a list of URL's from which the data can be downloaded.  The first
			  URL in the list is the preferred download location.  The other URL's are
			  backup locations in case earlier locations in the list could not be
			  accessed.
	@param downloadRef A SecureDownloadRef instance.
	@param urls On return, the list of URL's to download.  Format is a CFArray of CFURL's.
	@result A result code.  See "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadCopyURLs (SecureDownloadRef downloadRef, CFArrayRef* urls);

/*!
	@function SecureDownloadCopyName
	@abstract Return the printable name of this download ticket.
	@param downloadRef A SecureDownloadRef instance.
	@param name On output, the download name.
	@result A result code.  See "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadCopyName (SecureDownloadRef downloadRef, CFStringRef* name);

/*!
	@function SecureDownloadCopyCreationDate
	@abstract Return the date the downlooad ticket was created.
	@param downloadRef A SecureDownloadRef instance.
	@param name On output, the creation date.
	@result A result code.
*/

OSStatus SecureDownloadCopyCreationDate (SecureDownloadRef downloadRef, CFDateRef* date);

/*!
	@function SecureDownloadGetDownloadSize
	@abstract Return the size of the expected download.
	@param downloadRef A SecureDownloadRef instance.
	@param size On output, the size of the download.
	@result A result code.  See "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadGetDownloadSize (SecureDownloadRef downloadRef, SInt64 *downloadSize);

/*!
	@function SecureDownloadUpdateWithData
	@abstract Check data received during Secure Download for validity.
			  Call this function each time data is received.
	@param downloadRef A SecureDownloadRef instance.
	@param data The data to check.
	@result Returns errSecureDownloadInvalidDownload if data is invalid.  Otherwise
			see "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadUpdateWithData (SecureDownloadRef downloadRef, CFDataRef data);

/*!
	@function SecureDownloadFinished
	@abstract Concludes the secure download process.  Call this after all data has been received.
	@param downloadRef A SecureDownloadRef instance.
	@result Returns errSecureDownloadInvalidDownload if data is invalid.  Otherwise
			see "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadFinished (SecureDownloadRef downloadRef);

/*!
	@function SecureDownloadRelease
	@abstract Releases a SecureDownloadRef.
	@param downloadRef The SecureDownloadRef to release.
	@result A result code.  See "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadRelease (SecureDownloadRef downloadRef);

/*!
	@function SecureDownloadCopyTicketLocation
	@abstract Copies the ticket location from an x-securedownload URL.
	@param url The x-securedownload URL.
	@param ticketLocation On exit, the URL of the ticket.
	@result A result code.  See "Security Error Codes" (SecBase.h).
*/

OSStatus SecureDownloadCopyTicketLocation (CFURLRef url, CFURLRef *ticketLocation);

#if defined(__cplusplus)
};
#endif

#endif
Commit	Line	Data
b1ab9ed8 A	1	#ifndef __SECURE_DOWNLOAD__
	2	#define __SECURE_DOWNLOAD__
	3
	4	#if defined(__cplusplus)
	5	extern "C" {
	6	#endif
	7
	8	/*
d8f41ccd	9	* Copyright (c) 2006,2011,2013-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	10	*
	11	* @APPLE_LICENSE_HEADER_START@
	12	*
	13	* This file contains Original Code and/or Modifications of Original Code
	14	* as defined in and that are subject to the Apple Public Source License
	15	* Version 2.0 (the 'License'). You may not use this file except in
	16	* compliance with the License. Please obtain a copy of the License at
	17	* http://www.opensource.apple.com/apsl/ and read it before using this
	18	* file.
	19	*
	20	* The Original Code and all software distributed under the License are
	21	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	22	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	23	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	24	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	25	* Please see the License for the specific language governing rights and
	26	* limitations under the License.
	27	*
	28	* @APPLE_LICENSE_HEADER_END@
	29	*/
	30
	31	/*!
	32	@header SecureDownload
	33	@abstract Used by clients to implement Apple's Verified Download System.
	34
	35	Please note that a succesful check does not guarantee anything about
	36	the safety of the file being downloaded. Rather, it simply checks to make sure
	37	that the contents of the file being downloaded exactly matches the contents
	38	of the file when the ticket was originally generated.
	39
	40	To use, do the following:
	41	1: Download the secure download ticket.
	42	2: Pass the ticket to SecureDownloadCreateWithTicket. On error, call
	43	SecureDownloadGetTrustRef to return data that will help you figure
	44	out why the ticket was bad.
427c49bc	45	3: If SecureDownloadCreateWithTicket returns errSecSuccess, call SecureDownloadCopyURLs
b1ab9ed8 A	46	to return a list of data download locations. Begin downloading data from
	47	the first URL in the list. If that download fails, try downloading from
	48	the second URL, and so forth.
	49	4: Each time you receive data, call SecureDownloadReceivedData.
	50	5: Once all data has been received, call SecureDownloadFinished.
	51	6: Release the SecureDownloadRef by calling SecureDownloadRelease.
	52	*/
	53
	54
	55
	56	#include <CoreFoundation/CoreFoundation.h>
	57	#include <Security/SecBase.h>
	58
	59
	60
	61	typedef struct OpaqueSecureDownload *SecureDownloadRef;
	62
	63	enum {
	64	errSecureDownloadInvalidTicket = -20052,
	65	errSecureDownloadInvalidDownload = -20053
	66	};
	67
	68	/*!
	69	@enum _SecureDownloadSetupCallbackResult
	70	@discussion This type is used to indicate whether or not a
	71	signer should be evaluated.
	72	@constant kSecureDownloadDoNotEvaluateSigner Indicates that the signer should not be evaluated.
	73	@constant kSecureDownloadEvaluateSigner Indicates that the signer should be evaluated.
	74	@constant kSecureDownloadFailEvaluation Indicates that evaluation should fail immediately.
	75	*/
	76
	77	typedef enum _SecureDownloadTrustCallbackResult
	78	{
	79	kSecureDownloadDoNotEvaluateSigner = 0,
	80	kSecureDownloadEvaluateSigner = 1,
	81	kSecureDownloadFailEvaluation = 2
	82	} SecureDownloadTrustCallbackResult;
	83
	84	/*!
	85	@typedef SecureDownloadTrustSetupCallback
	86	@discussion This callback is used to determine whether trust for a particular
	87	signer should be evaluated.
	88	@param trustRef The trustRef for this evaluation
	89	@param setupContext user defined.
	90	@result A SecureDownloadTrustCallbackResult (see).
	91	*/
	92
	93	typedef SecureDownloadTrustCallbackResult(*SecureDownloadTrustSetupCallback)
	94	(SecTrustRef trustRef, void* setupContext);
	95
	96	/*!
	97	@typedef SecureDownloadTrustEvaluateCallback
	98	@discussion This callback is used called after trust has been evaluated.
	99	@param trustRef The trustRef for this evaluation
	100	@param result The result of the evaluation (See the SecTrust documentation).
	101	@param evaluateContext user defined.
	102	@result A SecTrustResultType. Return the value passed in result if you
	103	do not want to change the evaluation result.
	104	*/
	105
	106	typedef SecTrustResultType(*SecureDownloadTrustEvaluateCallback)
	107	(SecTrustRef trustRef, SecTrustResultType result,
	108	void *evaluateContext);
	109
110	/*!
111	@function SecureDownloadCreateWithTicket
112	@abstract Create a SecureDownloadRef for use during the Secure Download process.
113	@param ticket The download ticket.
114	@param setupCallback Called before trust is verified for each signer of the ticket.
115	This allows the user to modify the SecTrustRef if needed
116	(see the SecTrust documentation). Returns a SecureDownloadTrustCallbackResult (see).
117	@param setupContext User defined. Passed as a parameter to the setupCallback.
118	@param evaluateCallback Called after SecTrustEvaluate has been called for a
119	signer if the result was not trusted. This allows
120	the developer to query the user as to whether or not
121	to trust the signer. Returns a SecTrustResultType
122	@param evaluateContext User defined. Passed as a parameter to the evaluate callback.
123	@param downloadRef The returned reference.
124	@result Returns errSecureDownloadInvalidTicket if the ticket was invalid. Otherwise
125	see "Security Error Codes" (SecBase.h).
126	.
127	*/
128
129	OSStatus SecureDownloadCreateWithTicket (CFDataRef ticket,
130	SecureDownloadTrustSetupCallback setup,
131	void* setupContext,
132	SecureDownloadTrustEvaluateCallback evaluate,
133	void* evaluateContext,
134	SecureDownloadRef* downloadRef);
135
136	/*!
137	@function SecureDownloadCopyURLs
138	@abstract Return a list of URL's from which the data can be downloaded. The first
139	URL in the list is the preferred download location. The other URL's are
140	backup locations in case earlier locations in the list could not be
141	accessed.
142	@param downloadRef A SecureDownloadRef instance.
143	@param urls On return, the list of URL's to download. Format is a CFArray of CFURL's.
144	@result A result code. See "Security Error Codes" (SecBase.h).
145	*/
146
147	OSStatus SecureDownloadCopyURLs (SecureDownloadRef downloadRef, CFArrayRef* urls);
148
149	/*!
150	@function SecureDownloadCopyName
151	@abstract Return the printable name of this download ticket.
152	@param downloadRef A SecureDownloadRef instance.
153	@param name On output, the download name.
154	@result A result code. See "Security Error Codes" (SecBase.h).
155	*/
156
157	OSStatus SecureDownloadCopyName (SecureDownloadRef downloadRef, CFStringRef* name);
158
159	/*!
160	@function SecureDownloadCopyCreationDate
161	@abstract Return the date the downlooad ticket was created.
162	@param downloadRef A SecureDownloadRef instance.
163	@param name On output, the creation date.
164	@result A result code.
165	*/
166
167	OSStatus SecureDownloadCopyCreationDate (SecureDownloadRef downloadRef, CFDateRef* date);
168
169	/*!
170	@function SecureDownloadGetDownloadSize
171	@abstract Return the size of the expected download.
172	@param downloadRef A SecureDownloadRef instance.
173	@param size On output, the size of the download.
174	@result A result code. See "Security Error Codes" (SecBase.h).
175	*/
176
177	OSStatus SecureDownloadGetDownloadSize (SecureDownloadRef downloadRef, SInt64 *downloadSize);
178
179	/*!
180	@function SecureDownloadUpdateWithData
181	@abstract Check data received during Secure Download for validity.
182	Call this function each time data is received.
183	@param downloadRef A SecureDownloadRef instance.
184	@param data The data to check.
185	@result Returns errSecureDownloadInvalidDownload if data is invalid. Otherwise
186	see "Security Error Codes" (SecBase.h).
187	*/
188
189	OSStatus SecureDownloadUpdateWithData (SecureDownloadRef downloadRef, CFDataRef data);
190
191	/*!
192	@function SecureDownloadFinished
193	@abstract Concludes the secure download process. Call this after all data has been received.
194	@param downloadRef A SecureDownloadRef instance.
195	@result Returns errSecureDownloadInvalidDownload if data is invalid. Otherwise
196	see "Security Error Codes" (SecBase.h).
197	*/
198
199	OSStatus SecureDownloadFinished (SecureDownloadRef downloadRef);
200
201	/*!
202	@function SecureDownloadRelease
203	@abstract Releases a SecureDownloadRef.
204	@param downloadRef The SecureDownloadRef to release.
205	@result A result code. See "Security Error Codes" (SecBase.h).
206	*/
207
208	OSStatus SecureDownloadRelease (SecureDownloadRef downloadRef);
209
210	/*!
211	@function SecureDownloadCopyTicketLocation
212	@abstract Copies the ticket location from an x-securedownload URL.
213	@param url The x-securedownload URL.
214	@param ticketLocation On exit, the URL of the ticket.
215	@result A result code. See "Security Error Codes" (SecBase.h).
216	*/
217
218	OSStatus SecureDownloadCopyTicketLocation (CFURLRef url, CFURLRef *ticketLocation);
219
220	#if defined(__cplusplus)
221	};
222	#endif
223
224	#endif