]> git.saurik.com Git - apple/security.git/blob - libsecurity_apple_x509_tp/lib/tpPolicies.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55471.tar.gz
[apple/security.git] / libsecurity_apple_x509_tp / lib / tpPolicies.h
1 /*
2 * Copyright (c) 2000-2013 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 tpPolicies.h - TP module policy implementation
21 */
22
23 #ifndef _TP_POLICIES_H_
24 #define _TP_POLICIES_H_
25
26 #include <Security/cssmtype.h>
27 #include <security_utilities/alloc.h>
28 #include <Security/cssmapple.h>
29 #include "TPCertInfo.h"
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif /* __cplusplus */
34
35 /*
36 * Enumerated certificate policies enforced by this module.
37 */
38 typedef enum {
39 kTPDefault, /* no extension parsing, just sig and expiration */
40 kTPx509Basic, /* basic X.509/RFC3280 */
41 kTPiSign, /* (obsolete) Apple code signing */
42 kTP_SSL, /* SecureTransport/SSL */
43 kCrlPolicy, /* cert chain verification via CRL */
44 kTP_SMIME, /* S/MIME */
45 kTP_EAP,
46 kTP_SWUpdateSign, /* Apple SW Update signing (was Apple Code Signing) */
47 kTP_ResourceSign, /* Apple Resource Signing */
48 kTP_IPSec, /* IPSEC */
49 kTP_iChat, /* iChat */
50 kTP_PKINIT_Client, /* PKINIT client cert */
51 kTP_PKINIT_Server, /* PKINIT server cert */
52 kTP_CodeSigning, /* new Apple Code Signing (Leopard/10.5) */
53 kTP_PackageSigning, /* Package Signing */
54 kTP_MacAppStoreRec, /* MacApp store receipt */
55 kTP_AppleIDSharing, /* AppleID Sharing */
56 kTP_TimeStamping, /* RFC3161 time stamping */
57 kTP_PassbookSigning, /* Passbook Signing */
58 kTP_MobileStore, /* Apple Mobile Store Signing */
59 kTP_TestMobileStore, /* Apple Test Mobile Store Signing */
60 kTP_EscrowService, /* Apple Escrow Service Signing */
61 kTP_ProfileSigning, /* Apple Configuration Profile Signing */
62 kTP_QAProfileSigning, /* Apple QA Configuration Profile Signing */
63 } TPPolicy;
64
65 /*
66 * Perform TP verification on a constructed (ordered) cert group.
67 */
68 CSSM_RETURN tp_policyVerify(
69 TPPolicy policy,
70 Allocator &alloc,
71 CSSM_CL_HANDLE clHand,
72 CSSM_CSP_HANDLE cspHand,
73 TPCertGroup *certGroup,
74 CSSM_BOOL verifiedToRoot, // last cert is good root
75 CSSM_BOOL verifiedViaTrustSetting,// last cert has valid user trust
76 CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
77 const CSSM_DATA *policyFieldData, // optional
78 void *policyControl); // future use
79
80 /*
81 * Obtain policy-specific User Trust parameters
82 */
83 void tp_policyTrustSettingParams(
84 TPPolicy policy,
85 const CSSM_DATA *policyFieldData, // optional
86 /* returned values - not mallocd */
87 const char **policyStr,
88 uint32 *policyStrLen,
89 SecTrustSettingsKeyUsage *keyUse);
90
91 #ifdef __cplusplus
92 }
93 #endif
94 #endif /* _TP_POLICIES_H_ */
mirror of Security