2 * Copyright (c) 2007-2015 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 SecCertificateInternal
28 #ifndef _SECURITY_SECCERTIFICATEINTERNAL_H_
29 #define _SECURITY_SECCERTIFICATEINTERNAL_H_
31 #include <Security/SecCertificatePriv.h>
32 #include <Security/certextensions.h>
33 #include <libDER/DER_Keys.h>
37 CFDataRef
SecCertificateGetAuthorityKeyID(SecCertificateRef certificate
);
38 CFDataRef
SecCertificateGetSubjectKeyID(SecCertificateRef certificate
);
40 /* Return an array of CFURLRefs each of which is an crl distribution point for
42 CFArrayRef
SecCertificateGetCRLDistributionPoints(SecCertificateRef certificate
);
44 /* Return an array of CFURLRefs each of which is an ocspResponder for this
46 CFArrayRef
SecCertificateGetOCSPResponders(SecCertificateRef certificate
);
48 /* Return an array of CFURLRefs each of which is an caIssuer for this
50 CFArrayRef
SecCertificateGetCAIssuers(SecCertificateRef certificate
);
52 /* Dump certificate for debugging. */
53 void SecCertificateShow(SecCertificateRef certificate
);
55 /* Return the normalized name or NULL if it fails to parse */
56 CFDataRef
SecDistinguishedNameCopyNormalizedContent(CFDataRef distinguished_name
);
58 /* Return true iff the certificate has a subject. */
59 bool SecCertificateHasSubject(SecCertificateRef certificate
);
60 /* Return true iff the certificate has a critical subject alt name. */
61 bool SecCertificateHasCriticalSubjectAltName(SecCertificateRef certificate
);
63 /* Return the contents of the SubjectAltName extension. */
64 const DERItem
* SecCertificateGetSubjectAltName(SecCertificateRef certificate
);
66 /* Return true if certificate contains one or more critical extensions we
67 are unable to parse. */
68 bool SecCertificateHasUnknownCriticalExtension(SecCertificateRef certificate
);
70 /* Return an attribute dictionary used to store this item in a keychain. */
71 CFDictionaryRef
SecCertificateCopyAttributeDictionary(
72 SecCertificateRef certificate
);
74 /* Return a certificate from the attribute dictionary that was used to store
75 this item in a keychain. */
76 SecCertificateRef
SecCertificateCreateFromAttributeDictionary(
77 CFDictionaryRef refAttributes
);
79 /* Return a SecKeyRef for the public key embedded in the cert. */
81 SecKeyRef
SecCertificateCopyPublicKey_ios(SecCertificateRef certificate
);
84 /* Return the SecCEBasicConstraints extension for this certificate if it
86 const SecCEBasicConstraints
*
87 SecCertificateGetBasicConstraints(SecCertificateRef certificate
);
89 /* Returns array of CFDataRefs containing the generalNames that are
90 Permitted Subtree Name Constraints for this certificate if it has
92 CFArrayRef
SecCertificateGetPermittedSubtrees(SecCertificateRef certificate
);
95 /* Returns array of CFDataRefs containing the generalNames that are
96 Excluded Subtree Name Constraints for this certificate if it has
98 CFArrayRef
SecCertificateGetExcludedSubtrees(SecCertificateRef certificate
);
100 /* Return the SecCEPolicyConstraints extension for this certificate if it
102 const SecCEPolicyConstraints
*
103 SecCertificateGetPolicyConstraints(SecCertificateRef certificate
);
105 /* Return a dictionary from CFDataRef to CFArrayRef of CFDataRef
106 representing the policyMapping extension of this certificate. */
107 const SecCEPolicyMappings
*
108 SecCertificateGetPolicyMappings(SecCertificateRef certificate
);
110 /* Return the SecCECertificatePolicies extension for this certificate if it
112 const SecCECertificatePolicies
*
113 SecCertificateGetCertificatePolicies(SecCertificateRef certificate
);
115 /* Returns UINT32_MAX if InhibitAnyPolicy extension is not present or invalid,
116 returns the value of the SkipCerts field of the InhibitAnyPolicy extension
118 const SecCEInhibitAnyPolicy
*
119 SecCertificateGetInhibitAnyPolicySkipCerts(SecCertificateRef certificate
);
121 /* Return the public key algorithm and parameters for certificate. */
122 const DERAlgorithmId
*SecCertificateGetPublicKeyAlgorithm(
123 SecCertificateRef certificate
);
125 /* Return the raw public key data for certificate. */
126 const DERItem
*SecCertificateGetPublicKeyData(SecCertificateRef certificate
);
129 // MARK: Certificate Operations
131 OSStatus
SecCertificateIsSignedBy(SecCertificateRef certificate
,
132 SecKeyRef issuerKey
);
134 void appendProperty(CFMutableArrayRef properties
, CFStringRef propertyType
,
135 CFStringRef label
, CFStringRef localizedLabel
, CFTypeRef value
);
137 /* Utility functions. */
138 CFStringRef
SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator
,
140 CFDataRef
createNormalizedX501Name(CFAllocatorRef allocator
,
141 const DERItem
*x501name
);
143 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
144 an absoluteTime if the date was valid and properly decoded. Return
145 NULL_TIME otherwise. */
146 CFAbsoluteTime
SecAbsoluteTimeFromDateContent(DERTag tag
, const uint8_t *bytes
,
149 bool SecCertificateHasMarkerExtension(SecCertificateRef certificate
, CFTypeRef oid
);
151 typedef OSStatus (*parseGeneralNameCallback
)(void *context
,
152 SecCEGeneralNameType type
, const DERItem
*value
);
153 OSStatus
SecCertificateParseGeneralNameContentProperty(DERTag tag
,
154 const DERItem
*generalNameContent
,
155 void *context
, parseGeneralNameCallback callback
);
157 OSStatus
SecCertificateParseGeneralNames(const DERItem
*generalNames
, void *context
,
158 parseGeneralNameCallback callback
);
160 bool SecCertificateIsWeakKey(SecCertificateRef certificate
);
161 bool SecCertificateIsAtLeastMinKeySize(SecCertificateRef certificate
,
162 CFDictionaryRef keySizes
);
163 bool SecCertificateIsStrongKey(SecCertificateRef certificate
);
165 extern const CFStringRef kSecSignatureDigestAlgorithmUnknown
;
166 extern const CFStringRef kSecSignatureDigestAlgorithmMD2
;
167 extern const CFStringRef kSecSignatureDigestAlgorithmMD4
;
168 extern const CFStringRef kSecSignatureDigestAlgorithmMD5
;
169 extern const CFStringRef kSecSignatureDigestAlgorithmSHA1
;
170 extern const CFStringRef kSecSignatureDigestAlgorithmSHA224
;
171 extern const CFStringRef kSecSignatureDigestAlgorithmSHA256
;
172 extern const CFStringRef kSecSignatureDigestAlgorithmSHA384
;
173 extern const CFStringRef kSecSignatureDigestAlgorithmSHA512
;
175 bool SecCertificateIsWeakHash(SecCertificateRef certificate
);
177 CFDataRef
SecCertificateCreateOidDataFromString(CFAllocatorRef allocator
, CFStringRef string
);
178 bool SecCertificateIsOidString(CFStringRef oid
);
180 DERItem
*SecCertificateGetExtensionValue(SecCertificateRef certificate
, CFTypeRef oid
);
184 #endif /* !_SECURITY_SECCERTIFICATEINTERNAL_H_ */
projects / apple / security.git / blob