]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/SecPolicyPriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.20.44.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecPolicyPriv.h
1 /*
2 * Copyright (c) 2003-2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecPolicyPriv
26 Private part of SecPolicy.h
27 */
28
29 #ifndef _SECURITY_SECPOLICYPRIV_H_
30 #define _SECURITY_SECPOLICYPRIV_H_
31
32 #include <Security/SecPolicy.h>
33 #include <CoreFoundation/CFArray.h>
34
35
36 #if defined(__cplusplus)
37 extern "C" {
38 #endif
39
40 /*!
41 @enum Policy Constants (Private)
42 @discussion Predefined constants used to specify a policy.
43 @constant kSecPolicyAppleMobileStore
44 @constant kSecPolicyAppleTestMobileStore
45 @constant kSecPolicyAppleEscrowService
46 @constant kSecPolicyAppleProfileSigner
47 @constant kSecPolicyAppleQAProfileSigner
48 @constant kSecPolicyAppleServerAuthentication
49 @constant kSecPolicyAppleOTAPKISigner
50 @constant kSecPolicyAppleTestOTAPKISigner
51 @constant kSecPolicyAppleIDValidationRecordSigning
52 @constant kSecPolicyAppleSMPEncryption
53 @constant kSecPolicyAppleTestSMPEncryption
54 @constant kSecPolicyApplePCSEscrowService
55 @constant kSecPolicyApplePPQSigning
56 @constant kSecPolicyAppleTestPPQSigning
57 @constant kSecPolicyAppleSWUpdateSigning
58 @constant kSecPolicyAppleATVAppSigning
59 @constant kSecPolicyAppleTestATVAppSigning
60 @constant kSecPolicyAppleOSXProvisioningProfileSigning
61 @constant kSecPolicyAppleATVVPNProfileSigning
62
63 */
64 extern const CFStringRef kSecPolicyAppleMobileStore
65 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
66 extern const CFStringRef kSecPolicyAppleTestMobileStore
67 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
68 extern const CFStringRef kSecPolicyAppleEscrowService
69 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
70 extern const CFStringRef kSecPolicyAppleProfileSigner
71 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
72 extern const CFStringRef kSecPolicyAppleQAProfileSigner
73 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
74 extern const CFStringRef kSecPolicyAppleServerAuthentication
75 __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
76 #if TARGET_OS_IPHONE
77 extern const CFStringRef kSecPolicyAppleOTAPKISigner
78 __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
79 extern const CFStringRef kSecPolicyAppleTestOTAPKISigner
80 __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
81 extern const CFStringRef kSecPolicyAppleIDValidationRecordSigningPolicy
82 __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
83 extern const CFStringRef kSecPolicyAppleSMPEncryption
84 __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
85 extern const CFStringRef kSecPolicyAppleTestSMPEncryption
86 __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
87 #endif
88 extern const CFStringRef kSecPolicyApplePCSEscrowService
89 __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
90 extern const CFStringRef kSecPolicyApplePPQSigning
91 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
92 extern const CFStringRef kSecPolicyAppleTestPPQSigning
93 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
94 extern const CFStringRef kSecPolicyAppleSWUpdateSigning
95 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
96 extern const CFStringRef kSecPolicyAppleATVAppSigning
97 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
98 extern const CFStringRef kSecPolicyAppleTestATVAppSigning
99 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
100 extern const CFStringRef kSecPolicyAppleOSXProvisioningProfileSigning
101 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
102 extern const CFStringRef kSecPolicyAppleATVVPNProfileSigning
103 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
104
105 /*!
106 @function SecPolicyCopy
107 @abstract Returns a copy of a policy reference based on certificate type and OID.
108 @param certificateType A certificate type.
109 @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs.
110 @param policy The returned policy reference. This is a required parameter.
111 @result A result code. See "Security Error Codes" (SecBase.h).
112 @discussion This function is deprecated in Mac OS X 10.7 and later;
113 to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h.
114 */
115 OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy)
116 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
117
118 /*!
119 @function SecPolicyCopyAll
120 @abstract Returns an array of all known policies based on certificate type.
121 @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown.
122 @param policies The returned array of policies. This is a required parameter.
123 @result A result code. See "Security Error Codes" (SecBase.h).
124 @discussion This function is deprecated in Mac OS X 10.7 and later;
125 to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally
126 no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each
127 policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID
128 for each desired policy from the list of supported OID constants in SecPolicy.h.)
129 */
130 OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies)
131 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
132
133 /* Given a unified SecPolicyRef, return a copy with a legacy
134 C++ ItemImpl-based Policy instance. Only for internal use;
135 legacy references cannot be used by SecPolicy API functions. */
136 SecPolicyRef SecPolicyCreateItemImplInstance(SecPolicyRef policy);
137
138 /* Given a CSSM_OID pointer, return a string which can be passed
139 to SecPolicyCreateWithProperties. The return value can be NULL
140 if no supported policy was found for the OID argument. */
141 CFStringRef SecPolicyGetStringForOID(CSSM_OID* oid);
142
143 /*!
144 @function SecPolicyCreateAppleIDSService
145 @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
146 */
147 SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname);
148
149 /*!
150 @function SecPolicyCreateAppleIDSService
151 @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
152 */
153 SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef context);
154
155 /*!
156 @function SecPolicyCreateApplePushService
157 @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions)
158 */
159 SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef context);
160
161 /*!
162 @function SecPolicyCreateApplePushServiceLegacy
163 @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions)
164 */
165 SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname);
166
167 /*!
168 @function SecPolicyCreateAppleMMCSService
169 @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
170 */
171 SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef context);
172
173 /*!
174 @function SecPolicyCreateAppleGSService
175 @abstract Ensure we're appropriately pinned to the GS service (SSL + Apple restrictions)
176 */
177 SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef context)
178 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
179
180 /*!
181 @function SecPolicyCreateApplePPQService
182 @abstract Ensure we're appropriately pinned to the PPQ service (SSL + Apple restrictions)
183 */
184 SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef context);
185
186 /*!
187 @function SecPolicyCreateAppleSSLService
188 @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions)
189 */
190 SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname);
191
192 /*!
193 @function SecPolicyCreateAppleTimeStampingAndRevocationPolicies
194 @abstract Create timeStamping policy array from a given set of policies by applying identical revocation behavior
195 @param policyOrArray can be a SecPolicyRef or a CFArray of SecPolicyRef
196 */
197 CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray);
198
199 /*!
200 @function SecPolicyCreateAppleATVAppSigning
201 @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name,
202 and apple anchor.
203 Leaf cert must have Digital Signature usage.
204 Leaf cert must have Apple ATV App Signing marker OID (1.2.840.113635.100.6.1.24).
205 Leaf cert must have 'Apple TVOS Application Signing' common name.
206 */
207 SecPolicyRef SecPolicyCreateAppleATVAppSigning(void)
208 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
209
210 /*!
211 @function SecPolicyCreateTestAppleATVAppSigning
212 @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name,
213 and apple anchor.
214 Leaf cert must have Digital Signature usage.
215 Leaf cert must have Apple ATV App Signing Test marker OID (1.2.840.113635.100.6.1.24.1).
216 Leaf cert must have 'TEST Apple TVOS Application Signing TEST' common name.
217 */
218 SecPolicyRef SecPolicyCreateTestAppleATVAppSigning(void)
219 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
220
221 /*!
222 @function SecPolicyCreateApplePayIssuerEncryption
223 @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations CA - G2' by name,
224 and apple anchor.
225 Leaf cert must have Key Encipherment and Key Agreement usage.
226 Leaf cert must have Apple Pay Issuer Encryption marker OID (1.2.840.113635.100.6.39).
227 */
228 SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void)
229 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
230
231 /*!
232 @function SecPolicyCreateOSXProvisioningProfileSigning
233 @abstract Check for leaf marker OID 1.2.840.113635.100.4.11,
234 intermediate marker OID 1.2.840.113635.100.6.2.1,
235 chains to Apple Root CA
236 */
237 SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void)
238 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
239
240
241 /*!
242 @function SecPolicyCreateAppleATVVPNProfileSigning
243 @abstract Check for leaf marker OID 1.2.840.113635.100.6.43,
244 intermediate marker OID 1.2.840.113635.100.6.2.10,
245 chains to Apple Root CA, path length 3
246 */
247 SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void)
248 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
249
250 #if defined(__cplusplus)
251 }
252 #endif
253
254 #endif /* !_SECURITY_SECPOLICYPRIV_H_ */
mirror of Security