libsecurity_keychain/lib/SecCertificatePrivP.h

   1 /*
   2  * Copyright (c) 2006-2010,2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCertificatePriv
  26         The functions provided in SecCertificatePriv.h implement and manage a particular
  27         type of keychain item that represents a certificate.  You can store a
  28         certificate in a keychain, but a certificate can also be a transient
  29         object.
  30
  31         You can use a certificate as a keychain item in most functions.
  32         Certificates are able to compute their parent certificates, and much more.
  33 */
  34
  35 #ifndef _SECURITY_SECCERTIFICATEPRIVP_H_
  36 #define _SECURITY_SECCERTIFICATEPRIVP_H_
  37
  38 //#include <Security/SecCertificate.h>
  39 #include "SecCertificateP.h"
  40 #include <CoreFoundation/CFArray.h>
  41 #include <CoreFoundation/CFData.h>
  42 #include <CoreFoundation/CFDate.h>
  43 #include <CoreFoundation/CFDictionary.h>
  44 #include <stdbool.h>
  45
  46 #if defined(__cplusplus)
  47 extern "C" {
  48 #endif
  49
  50 typedef uint32_t SecKeyUsage;
  51 enum {
  52     kSecKeyUsageUnspecified      = 0,
  53     kSecKeyUsageDigitalSignature = 1 << 0,
  54     kSecKeyUsageNonRepudiation   = 1 << 1,
  55     kSecKeyUsageContentCommitment= 1 << 1,
  56     kSecKeyUsageKeyEncipherment  = 1 << 2,
  57     kSecKeyUsageDataEncipherment = 1 << 3,
  58     kSecKeyUsageKeyAgreement     = 1 << 4,
  59     kSecKeyUsageKeyCertSign      = 1 << 5,
  60     kSecKeyUsageCRLSign          = 1 << 6,
  61     kSecKeyUsageEncipherOnly     = 1 << 7,
  62     kSecKeyUsageDecipherOnly     = 1 << 8,
  63     kSecKeyUsageCritical         = 1 << 31,
  64     kSecKeyUsageAll              = 0x7FFFFFFF
  65 };
  66
  67 /* Return a certificate for the DER representation of this certificate.
  68    Return NULL if the passed-in data is not a valid DER-encoded X.509
  69    certificate. */
  70 SecCertificateRefP SecCertificateCreateWithBytesP(CFAllocatorRef allocator,
  71         const UInt8 *bytes, CFIndex length);
  72
  73 /* Return the length of the DER representation of this certificate. */
  74 CFIndex SecCertificateGetLengthP(SecCertificateRefP certificate);
  75
  76 /* Return the bytes of the DER representation of this certificate. */
  77 const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate);
  78
  79 #pragma mark -
  80 #pragma mark Certificate Accessors
  81
  82 CFDataRef SecCertificateGetSHA1DigestP(SecCertificateRefP certificate);
  83
  84 CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRefP certificate);
  85
  86 CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRefP certificate);
  87
  88 CFStringRef SecCertificateCopyIssuerSummaryP(SecCertificateRefP certificate);
  89
  90 /*!
  91     @function SecCertificateCopyProperties
  92     @abstract Return a property array for this trust certificate.
  93     @param certificate A reference to the certificate to evaluate.
  94     @result A property array. It is the caller's responsability to CFRelease
  95     the returned array when it is no longer needed.
  96     See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
  97     Unlike that function call this function returns a detailed description
  98     of the certificate in question.
  99 */
 100 CFArrayRef SecCertificateCopyProperties(SecCertificateRefP certificate);
 101
 102 CFMutableArrayRef SecCertificateCopySummaryProperties(
 103     SecCertificateRefP certificate, CFAbsoluteTime verifyTime);
 104
 105 /* Return the content of a DER-encoded integer (without the tag and length
 106    fields) for this certificate's serial number.   The caller must CFRelease
 107    the value returned.  */
 108 CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate);
 109
 110 /* Return an array of CFStringRefs representing the ip addresses in the
 111    certificate if any. */
 112 CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRefP certificate);
 113
 114 /* Return an array of CFStringRefs representing the dns addresses in the
 115    certificate if any. */
 116 CFArrayRef SecCertificateCopyDNSNamesP(SecCertificateRefP certificate);
 117
 118 /* Return an array of CFStringRefs representing the email addresses in the
 119    certificate if any. */
 120 CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRefP certificate);
 121
 122 /* Return an array of CFStringRefs representing the common names in the
 123    certificates subject if any. */
 124 CFArrayRef SecCertificateCopyCommonNames(SecCertificateRefP certificate);
 125
 126 /* Return an array of CFStringRefs representing the organization in the
 127    certificate's subject if any. */
 128 CFArrayRef SecCertificateCopyOrganization(SecCertificateRefP certificate);
 129
 130 /* Return an array of CFStringRefs representing the NTPrincipalNames in the
 131    certificate if any. */
 132 CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRefP certificate);
 133
 134 /* Return a string formatted according to RFC 2253 representing the complete
 135    subject of certificate. */
 136 CFStringRef SecCertificateCopySubjectString(SecCertificateRefP certificate);
 137
 138 /* Return a string with the company name of an ev leaf certificate. */
 139 CFStringRef SecCertificateCopyCompanyName(SecCertificateRefP certificate);
 140
 141 /* X.509 Certificate Version: 1, 2 or 3. */
 142 CFIndex SecCertificateVersion(SecCertificateRefP certificate);
 143
 144 CFAbsoluteTime SecCertificateNotValidBeforeP(SecCertificateRefP certificate);
 145 CFAbsoluteTime SecCertificateNotValidAfterP(SecCertificateRefP certificate);
 146
 147 /* Return true iff certificate is self signed and has a basic constraints
 148    extension indicating that it's a certificate authority. */
 149 bool SecCertificateIsSelfSignedCA(SecCertificateRefP certificate);
 150
 151 SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRefP certificate);
 152
 153 /* Returns an array of CFDataRefs for all extended key usage oids or NULL */
 154 CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRefP certificate);
 155
 156 /* Returns a certificate from a pem blob */
 157 SecCertificateRefP SecCertificateCreateWithPEM(CFAllocatorRef allocator,
 158         CFDataRef pem_certificate);
 159
 160 /* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
 161 CFArrayRef SecCertificateArrayCopyDataArray(CFArrayRef certificates);
 162
 163 /* Return an array of SecCertificateRefPs from an array of CFDataRefs. */
 164 CFArrayRef SecCertificateDataArrayCopyArray(CFArrayRef certificates);
 165
 166 CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRefP certificate);
 167 CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRefP certificate);
 168
 169 CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRefP certificate);
 170 CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRefP certificate);
 171
 172 #if defined(__cplusplus)
 173 }
 174 #endif
 175
 176 #endif /* !_SECURITY_SECCERTIFICATEPRIVP_H_ */