SecureTransport/privateInc/sslKeychain.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           sslKeychain.h
  21
  22         Contains:       Apple Keychain routines
  23
  24         Written by:     Doug Mitchell
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _SSL_KEYCHAIN_H_
  31 #define _SSL_KEYCHAIN_H_
  32
  33
  34 #include "sslContext.h"
  35
  36 #ifdef __cplusplus
  37 extern "C" {
  38 #endif
  39
  40 /*
  41  * Given an array of certs (as KCItemRefs) and a destination
  42  * SSLCertificate:
  43  *
  44  * -- free destCerts if we have any
  45  * -- Get raw cert data, convert to array of SSLCertificates in *destCert
  46  * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey
  47  * -- validate cert chain
  48  *
  49  */
  50 OSStatus
  51 parseIncomingCerts(
  52         SSLContext              *ctx,
  53         CFArrayRef              certs,
  54         SSLCertificate  **destCert,             /* &ctx->{localCert,encryptCert} */
  55         CSSM_KEY_PTR    *pubKey,                /* &ctx->signingPubKey, etc. */
  56         CSSM_KEY_PTR    *privKey,               /* &ctx->signingPrivKey, etc. */
  57         CSSM_CSP_HANDLE *cspHand                /* &ctx->signingKeyCsp, etc. */
  58         #if                             ST_KC_KEYS_NEED_REF
  59         ,
  60         SecKeychainRef  *privKeyRef);   /* &ctx->signingKeyRef, etc. */
  61         #else
  62         );
  63         #endif                  ST_KC_KEYS_NEED_REF
  64
  65 /*
  66  * Add Apple built-in root certs to ctx->trustedCerts.
  67  */
  68 OSStatus
  69 addBuiltInCerts (
  70         SSLContextRef   ctx);
  71
  72 #if             ST_MANAGES_TRUSTED_ROOTS
  73
  74 /*
  75  * Given an open Keychain:
  76  * -- Get raw cert data, add to array of CSSM_DATAs in
  77  *    ctx->trustedCerts
  78  * -- verify that each of these is a valid (self-verifying)
  79  *    root cert
  80  * -- add each subject name to acceptableDNList
  81  */
  82 OSStatus
  83 parseTrustedKeychain(
  84         SSLContextRef           ctx,
  85         SecKeychainRef          keyChainRef);
  86
  87 /*
  88  * Given a newly encountered root cert (obtained from a peer's cert chain),
  89  * add it to newRootCertKc if the user so allows, and if so, add it to
  90  * trustedCerts.
  91  */
  92 OSStatus
  93 sslAddNewRoot(
  94         SSLContext                      *ctx,
  95         const CSSM_DATA_PTR     rootCert);
  96
  97 #endif  /* ST_MANAGES_TRUSTED_ROOTS */
  98
  99 #ifdef __cplusplus
 100 }
 101 #endif
 102
 103 #endif  /* _SSL_KEYCHAIN_H_ */