SecureTransport/privateInc/sslKeychain.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           sslKeychain.h
  21
  22         Contains:       Apple Keychain routines
  23
  24         Written by:     Doug Mitchell, based on Netscape RSARef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _SSL_KEYCHAIN_H_
  31 #define _SSL_KEYCHAIN_H_
  32
  33
  34 #ifndef _SSLCTX_H_
  35 #include "sslctx.h"
  36 #endif
  37
  38 #include <CoreFoundation/CFData.h>
  39 #include <CoreFoundation/CFArray.h>
  40
  41 #if             ST_KEYCHAIN_ENABLE
  42 #include <MacTypes.h>
  43 #include <Keychain.h>
  44 #endif  /* ST_KEYCHAIN_ENABLE */
  45
  46 #ifdef __cplusplus
  47 extern "C" {
  48 #endif
  49
  50 #if     (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION)
  51 /*
  52  * Given an array of certs (as KCItemRefs) and a destination
  53  * SSLCertificate:
  54  *
  55  * -- free destCerts if we have any
  56  * -- Get raw cert data, convert to array of SSLCertificates in *destCert
  57  * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey
  58  * -- validate cert chain
  59  *
  60  */
  61 OSStatus
  62 parseIncomingCerts(
  63         SSLContext              *ctx,
  64         CFArrayRef              certs,
  65         SSLCertificate  **destCert,             /* &ctx->{localCert,encryptCert} */
  66         CSSM_KEY_PTR    *pubKey,                /* &ctx->signingPubKey, etc. */
  67         CSSM_KEY_PTR    *privKey,               /* &ctx->signingPrivKey, etc. */
  68         CSSM_CSP_HANDLE *cspHand,               /* &ctx->signingKeyCsp, etc. */
  69         KCItemRef               *privKeyRef);   /* &ctx->signingKeyRef, etc. */
  70 #endif  /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
  71
  72 /*
  73  * Add Apple built-in root certs to ctx->trustedCerts.
  74  */
  75 OSStatus
  76 addBuiltInCerts (
  77         SSLContextRef   ctx);
  78
  79 #if             ST_KEYCHAIN_ENABLE
  80 /*
  81  * Given an open Keychain:
  82  * -- Get raw cert data, add to array of CSSM_DATAs in
  83  *    ctx->trustedCerts
  84  * -- verify that each of these is a valid (self-verifying)
  85  *    root cert
  86  * -- add each subject name to acceptableDNList
  87  */
  88 OSStatus
  89 parseTrustedKeychain(
  90         SSLContextRef           ctx,
  91         KCRef                           keyChainRef);
  92
  93 /*
  94  * Given a newly encountered root cert (obtained from a peer's cert chain),
  95  * add it to newRootCertKc if the user so allows, and if so, add it to
  96  * trustedCerts.
  97  */
  98 SSLErr
  99 sslAddNewRoot(
 100         SSLContext                      *ctx,
 101         const CSSM_DATA_PTR     rootCert);
 102
 103 #endif  /* ST_KEYCHAIN_ENABLE */
 104
 105 #ifdef __cplusplus
 106 }
 107 #endif
 108
 109 #endif  /* _SSL_KEYCHAIN_H_ */