libsecurity_smime/lib/cert.h

   1 /*
   2  *  cert.h
   3  *  security_smime
   4  *
   5  *  Created by john on Wed Mar 12 2003.
   6  *  Copyright (c) 2003 __MyCompanyName__. All rights reserved.
   7  *
   8  */
   9
  10 #ifndef _CERT_H_
  11 #define _CERT_H_ 1
  12
  13 #include "SecCmsBase.h"
  14 #include <Security/nameTemplates.h>
  15 #include <Security/SecCertificate.h>
  16 #include <CoreFoundation/CFDate.h>
  17 #include <Security/SecTrust.h>
  18 #include "cmstpriv.h"
  19 #include <security_asn1/seccomon.h>
  20
  21 /************************************************************************/
  22 SEC_BEGIN_PROTOS
  23
  24 bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial);
  25
  26 typedef void CERTVerifyLog;
  27
  28 void CERT_NormalizeX509NameNSS(NSS_Name *nssName);
  29
  30 SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray,
  31                          char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win);
  32
  33 SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle,
  34                          char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win);
  35
  36 // Find a certificate in the database by a email address or nickname
  37 // "name" is the email address or nickname to look up
  38 SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name);
  39
  40 SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey);
  41 void SECKEY_DestroyPublicKey(SecPublicKeyRef pubKey);
  42 SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey);
  43 void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey);
  44 void CERT_DestroyCertificate(SecCertificateRef cert);
  45 SecCertificateRef CERT_DupCertificate(SecCertificateRef cert);
  46
  47 // from security/nss/lib/certdb/cert.h
  48
  49 /*
  50     Substitutions:
  51     CERTCertificate *           ->      SecCertificateRef
  52     SECKEYPublicKey *           ->      SecPublicKeyRef
  53     CERTCertDBHandle *          ->      SecKeychainRef
  54     CERT_GetDefaultCertDB       ->      OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
  55     CERTCertificateList *       ->      CFArrayRef
  56 */
  57
  58 // Generate a certificate chain from a certificate.
  59
  60 CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot);
  61
  62 CFArrayRef CERT_CertListFromCert(SecCertificateRef cert);
  63
  64 CFArrayRef CERT_DupCertList(CFArrayRef oldList);
  65
  66 // Extract a public key object from a SubjectPublicKeyInfo
  67 SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert);
  68
  69 SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage);
  70
  71 // Find a certificate in the database by a email address
  72 // "emailAddr" is the email address to look up
  73 SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr);
  74
  75 // Find a certificate in the database by a DER encoded certificate
  76 // "derCert" is the DER encoded certificate
  77 SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SecAsn1Item *derCert);
  78
  79 // Generate a certificate key from the issuer and serialnumber, then look it up in the database.
  80 // Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
  81 SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  82
  83 SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
  84
  85 SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  86 SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  87
  88 SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
  89
  90 // find the smime symmetric capabilities profile for a given cert
  91 SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert);
  92
  93 // Return the decoded value of the subjectKeyID extension. The caller should
  94 // free up the storage allocated in retItem->data.
  95 SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SecAsn1Item *retItem);
  96
  97 // Extract the issuer and serial number from a certificate
  98 SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert);
  99
 100 // import a collection of certs into the temporary or permanent cert database
 101 SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts,
 102     SecAsn1Item **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname);
 103
 104 SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item *emailProfile,SecAsn1Item *profileTime);
 105
 106 // Check the hostname to make sure that it matches the shexp that
 107 // is given in the common name of the certificate.
 108 SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname);
 109
 110 SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert,
 111                           CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
 112
 113 CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage);
 114
 115 /************************************************************************/
 116 SEC_END_PROTOS
 117
 118 #endif /* _CERT_H_ */