OSX/libsecurity_keychain/lib/SecCertificatePrivP.h

   1 /*
   2  * Copyright (c) 2006-2015 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCertificatePriv
  26         The functions provided in SecCertificatePriv.h implement and manage a particular
  27         type of keychain item that represents a certificate.  You can store a
  28         certificate in a keychain, but a certificate can also be a transient
  29         object.
  30
  31         You can use a certificate as a keychain item in most functions.
  32         Certificates are able to compute their parent certificates, and much more.
  33 */
  34
  35 #ifndef _SECURITY_SECCERTIFICATEPRIVP_H_
  36 #define _SECURITY_SECCERTIFICATEPRIVP_H_
  37
  38 #include <Security/SecCertificate.h>
  39 #include "SecCertificateP.h"
  40 #include <CoreFoundation/CFArray.h>
  41 #include <CoreFoundation/CFData.h>
  42 #include <CoreFoundation/CFDate.h>
  43 #include <CoreFoundation/CFDictionary.h>
  44 #include <stdbool.h>
  45
  46 #if defined(__cplusplus)
  47 extern "C" {
  48 #endif
  49
  50 /* Return a certificate for the DER representation of this certificate.
  51    Return NULL if the passed-in data is not a valid DER-encoded X.509
  52    certificate. */
  53 SecCertificateRefP SecCertificateCreateWithBytesP(CFAllocatorRef allocator,
  54         const UInt8 *bytes, CFIndex length);
  55
  56 /* Return the length of the DER representation of this certificate. */
  57 CFIndex SecCertificateGetLengthP(SecCertificateRefP certificate);
  58
  59 /* Return the bytes of the DER representation of this certificate. */
  60 const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate);
  61
  62 #pragma mark -
  63 #pragma mark Certificate Accessors
  64
  65 CFDataRef SecCertificateGetSHA1DigestP(SecCertificateRefP certificate);
  66
  67 CFDataRef SecCertificateCopyIssuerSHA1DigestP(SecCertificateRefP certificate);
  68
  69 CFDataRef SecCertificateCopyPublicKeySHA1DigestP(SecCertificateRefP certificate);
  70
  71 CFStringRef SecCertificateCopyIssuerSummaryP(SecCertificateRefP certificate);
  72
  73 /*!
  74     @function SecCertificateCopyPropertiesP
  75     @abstract Return a property array for this trust certificate.
  76     @param certificate A reference to the certificate to evaluate.
  77     @result A property array. It is the caller's responsability to CFRelease
  78     the returned array when it is no longer needed.
  79     See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
  80     Unlike that function call this function returns a detailed description
  81     of the certificate in question.
  82 */
  83 CFArrayRef SecCertificateCopyPropertiesP(SecCertificateRefP certificate);
  84
  85 CFMutableArrayRef SecCertificateCopySummaryPropertiesP(
  86     SecCertificateRefP certificate, CFAbsoluteTime verifyTime);
  87
  88 /* Return the content of a DER-encoded integer (without the tag and length
  89    fields) for this certificate's serial number.   The caller must CFRelease
  90    the value returned.  */
  91 CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate);
  92
  93 /* Return an array of CFStringRefs representing the ip addresses in the
  94    certificate if any. */
  95 CFArrayRef SecCertificateCopyIPAddressesP(SecCertificateRefP certificate);
  96
  97 /* Return an array of CFStringRefs representing the dns addresses in the
  98    certificate if any. */
  99 CFArrayRef SecCertificateCopyDNSNamesP(SecCertificateRefP certificate);
 100
 101 /* Return an array of CFStringRefs representing the email addresses in the
 102    certificate if any. */
 103 CFArrayRef SecCertificateCopyRFC822NamesP(SecCertificateRefP certificate);
 104
 105 /* Return an array of CFStringRefs representing the common names in the
 106    certificates subject if any. */
 107 CFArrayRef SecCertificateCopyCommonNamesP(SecCertificateRefP certificate);
 108
 109 /* Return an array of CFStringRefs representing the organization in the
 110    certificate's subject if any. */
 111 CFArrayRef SecCertificateCopyOrganizationP(SecCertificateRefP certificate);
 112
 113 /* Return an array of CFStringRefs representing the NTPrincipalNames in the
 114    certificate if any. */
 115 CFArrayRef SecCertificateCopyNTPrincipalNamesP(SecCertificateRefP certificate);
 116
 117 /* Return a string formatted according to RFC 2253 representing the complete
 118    subject of certificate. */
 119 CFStringRef SecCertificateCopySubjectStringP(SecCertificateRefP certificate);
 120
 121 /* Return a string with the company name of an ev leaf certificate. */
 122 CFStringRef SecCertificateCopyCompanyNameP(SecCertificateRefP certificate);
 123
 124 /* X.509 Certificate Version: 1, 2 or 3. */
 125 CFIndex SecCertificateVersionP(SecCertificateRefP certificate);
 126
 127 CFAbsoluteTime SecCertificateNotValidBeforeP(SecCertificateRefP certificate);
 128 CFAbsoluteTime SecCertificateNotValidAfterP(SecCertificateRefP certificate);
 129
 130 /* Return true iff certificate is self signed and has a basic constraints
 131    extension indicating that it's a certificate authority. */
 132 bool SecCertificateIsSelfSignedCAP(SecCertificateRefP certificate);
 133
 134 SecKeyUsage SecCertificateGetKeyUsageP(SecCertificateRefP certificate);
 135
 136 /* Returns an array of CFDataRefs for all extended key usage oids or NULL */
 137 CFArrayRef SecCertificateCopyExtendedKeyUsageP(SecCertificateRefP certificate);
 138
 139 /* Returns a certificate from a pem blob */
 140 SecCertificateRefP SecCertificateCreateWithPEMP(CFAllocatorRef allocator,
 141         CFDataRef pem_certificate);
 142
 143 /* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
 144 CFArrayRef SecCertificateArrayCopyDataArrayP(CFArrayRef certificates);
 145
 146 /* Return an array of SecCertificateRefPs from an array of CFDataRefs. */
 147 CFArrayRef SecCertificateDataArrayCopyArrayP(CFArrayRef certificates);
 148
 149 CFDataRef SecCertificateGetNormalizedIssuerContentP(SecCertificateRefP certificate);
 150 CFDataRef SecCertificateGetNormalizedSubjectContentP(SecCertificateRefP certificate);
 151
 152 CFDataRef SecCertificateCopyNormalizedIssuerSequenceP(SecCertificateRefP certificate);
 153 CFDataRef SecCertificateCopyNormalizedSubjectSequenceP(SecCertificateRefP certificate);
 154
 155 #if defined(__cplusplus)
 156 }
 157 #endif
 158
 159 #endif /* !_SECURITY_SECCERTIFICATEPRIVP_H_ */