SecureTransport/privateInc/sslKeychain.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           sslKeychain.h
  21
  22         Contains:       Apple Keychain routines
  23
  24         Written by:     Doug Mitchell, based on Netscape SSLRef 3.0
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _SSL_KEYCHAIN_H_
  31 #define _SSL_KEYCHAIN_H_
  32
  33
  34 #ifndef _SSLCTX_H_
  35 #include "sslctx.h"
  36 #endif
  37
  38 #ifdef __cplusplus
  39 extern "C" {
  40 #endif
  41
  42 #if     (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION)
  43 /*
  44  * Given an array of certs (as KCItemRefs) and a destination
  45  * SSLCertificate:
  46  *
  47  * -- free destCerts if we have any
  48  * -- Get raw cert data, convert to array of SSLCertificates in *destCert
  49  * -- get pub, priv keys from certRef[0], store in *pubKey, *privKey
  50  * -- validate cert chain
  51  *
  52  */
  53 OSStatus
  54 parseIncomingCerts(
  55         SSLContext              *ctx,
  56         CFArrayRef              certs,
  57         SSLCertificate  **destCert,             /* &ctx->{localCert,encryptCert} */
  58         CSSM_KEY_PTR    *pubKey,                /* &ctx->signingPubKey, etc. */
  59         CSSM_KEY_PTR    *privKey,               /* &ctx->signingPrivKey, etc. */
  60         CSSM_CSP_HANDLE *cspHand                /* &ctx->signingKeyCsp, etc. */
  61         #if                             ST_KC_KEYS_NEED_REF
  62         ,
  63         SecKeychainRef  *privKeyRef);   /* &ctx->signingKeyRef, etc. */
  64         #else
  65         );
  66         #endif                  ST_KC_KEYS_NEED_REF
  67
  68 #endif  /* (ST_SERVER_MODE_ENABLE || ST_CLIENT_AUTHENTICATION) */
  69
  70 /*
  71  * Add Apple built-in root certs to ctx->trustedCerts.
  72  */
  73 OSStatus
  74 addBuiltInCerts (
  75         SSLContextRef   ctx);
  76
  77 #if             ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS
  78
  79 /*
  80  * Given an open Keychain:
  81  * -- Get raw cert data, add to array of CSSM_DATAs in
  82  *    ctx->trustedCerts
  83  * -- verify that each of these is a valid (self-verifying)
  84  *    root cert
  85  * -- add each subject name to acceptableDNList
  86  */
  87 OSStatus
  88 parseTrustedKeychain(
  89         SSLContextRef           ctx,
  90         SecKeychainRef          keyChainRef);
  91
  92 /*
  93  * Given a newly encountered root cert (obtained from a peer's cert chain),
  94  * add it to newRootCertKc if the user so allows, and if so, add it to
  95  * trustedCerts.
  96  */
  97 SSLErr
  98 sslAddNewRoot(
  99         SSLContext                      *ctx,
 100         const CSSM_DATA_PTR     rootCert);
 101
 102 #endif  /* ST_KEYCHAIN_ENABLE && ST_MANAGES_TRUSTED_ROOTS */
 103
 104 #ifdef __cplusplus
 105 }
 106 #endif
 107
 108 #endif  /* _SSL_KEYCHAIN_H_ */