2 * Copyright (c) 2007-2016 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 SecCertificateInternal
28 #ifndef _SECURITY_SECCERTIFICATEINTERNAL_H_
29 #define _SECURITY_SECCERTIFICATEINTERNAL_H_
31 #include <Security/SecCertificatePriv.h>
32 #include <Security/certextensions.h>
33 #include <libDER/DER_Keys.h>
37 CFDataRef
SecCertificateGetAuthorityKeyID(SecCertificateRef certificate
);
38 CFDataRef
SecCertificateGetSubjectKeyID(SecCertificateRef certificate
);
40 /* Return an array of CFURLRefs each of which is an crl distribution point for
42 CFArrayRef
SecCertificateGetCRLDistributionPoints(SecCertificateRef certificate
);
44 /* Return an array of CFURLRefs each of which is an ocspResponder for this
46 CFArrayRef
SecCertificateGetOCSPResponders(SecCertificateRef certificate
);
48 /* Return an array of CFURLRefs each of which is an caIssuer for this
50 CFArrayRef
SecCertificateGetCAIssuers(SecCertificateRef certificate
);
52 /* Dump certificate for debugging. */
53 void SecCertificateShow(SecCertificateRef certificate
);
55 /* Return the normalized name or NULL if it fails to parse */
56 CFDataRef
SecDistinguishedNameCopyNormalizedContent(CFDataRef distinguished_name
);
58 /* Return true iff the certificate has a subject. */
59 bool SecCertificateHasSubject(SecCertificateRef certificate
);
60 /* Return true iff the certificate has a critical subject alt name. */
61 bool SecCertificateHasCriticalSubjectAltName(SecCertificateRef certificate
);
63 /* Return the contents of the SubjectAltName extension. */
64 const DERItem
* SecCertificateGetSubjectAltName(SecCertificateRef certificate
);
66 /* Return true if certificate contains one or more critical extensions we
67 are unable to parse. */
68 bool SecCertificateHasUnknownCriticalExtension(SecCertificateRef certificate
);
70 /* Return an attribute dictionary used to store this item in a keychain. */
71 CFDictionaryRef
SecCertificateCopyAttributeDictionary(
72 SecCertificateRef certificate
);
74 /* Return a certificate from the attribute dictionary that was used to store
75 this item in a keychain. */
76 SecCertificateRef
SecCertificateCreateFromAttributeDictionary(
77 CFDictionaryRef refAttributes
);
79 /* Return a SecKeyRef for the public key embedded in the cert. */
81 SecKeyRef
SecCertificateCopyPublicKey_ios(SecCertificateRef certificate
);
84 /* Return the SecCEBasicConstraints extension for this certificate if it
86 const SecCEBasicConstraints
*
87 SecCertificateGetBasicConstraints(SecCertificateRef certificate
);
89 /* Returns array of CFDataRefs containing the generalNames that are
90 Permitted Subtree Name Constraints for this certificate if it has
92 CFArrayRef
SecCertificateGetPermittedSubtrees(SecCertificateRef certificate
);
94 /* Returns array of CFDataRefs containing the generalNames that are
95 Excluded Subtree Name Constraints for this certificate if it has
97 CFArrayRef
SecCertificateGetExcludedSubtrees(SecCertificateRef certificate
);
99 /* Return the SecCEPolicyConstraints extension for this certificate if it
101 const SecCEPolicyConstraints
*
102 SecCertificateGetPolicyConstraints(SecCertificateRef certificate
);
104 /* Return a dictionary from CFDataRef to CFArrayRef of CFDataRef
105 representing the policyMapping extension of this certificate. */
106 const SecCEPolicyMappings
*
107 SecCertificateGetPolicyMappings(SecCertificateRef certificate
);
109 /* Return the SecCECertificatePolicies extension for this certificate if it
111 const SecCECertificatePolicies
*
112 SecCertificateGetCertificatePolicies(SecCertificateRef certificate
);
114 /* Returns UINT32_MAX if InhibitAnyPolicy extension is not present or invalid,
115 returns the value of the SkipCerts field of the InhibitAnyPolicy extension
117 const SecCEInhibitAnyPolicy
*
118 SecCertificateGetInhibitAnyPolicySkipCerts(SecCertificateRef certificate
);
120 /* Return the public key algorithm and parameters for certificate. */
121 const DERAlgorithmId
*SecCertificateGetPublicKeyAlgorithm(
122 SecCertificateRef certificate
);
124 /* Return the raw public key data for certificate. */
125 const DERItem
*SecCertificateGetPublicKeyData(SecCertificateRef certificate
);
127 /* Return legacy property values for use by SecCertificateCopyValues. */
128 CFArrayRef
SecCertificateCopyLegacyProperties(SecCertificateRef certificate
);
131 // MARK: Certificate Operations
133 OSStatus
SecCertificateIsSignedBy(SecCertificateRef certificate
,
134 SecKeyRef issuerKey
);
136 void appendProperty(CFMutableArrayRef properties
, CFStringRef propertyType
,
137 CFStringRef label
, CFStringRef localizedLabel
, CFTypeRef value
);
139 /* Utility functions. */
140 CFStringRef
SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator
,
142 CFDataRef
createNormalizedX501Name(CFAllocatorRef allocator
,
143 const DERItem
*x501name
);
145 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
146 an absoluteTime if the date was valid and properly decoded. Return
147 NULL_TIME otherwise. */
148 CFAbsoluteTime
SecAbsoluteTimeFromDateContent(DERTag tag
, const uint8_t *bytes
,
151 bool SecCertificateHasMarkerExtension(SecCertificateRef certificate
, CFTypeRef oid
);
153 typedef OSStatus (*parseGeneralNameCallback
)(void *context
,
154 SecCEGeneralNameType type
, const DERItem
*value
);
155 OSStatus
SecCertificateParseGeneralNameContentProperty(DERTag tag
,
156 const DERItem
*generalNameContent
,
157 void *context
, parseGeneralNameCallback callback
);
159 OSStatus
SecCertificateParseGeneralNames(const DERItem
*generalNames
, void *context
,
160 parseGeneralNameCallback callback
);
162 bool SecCertificateIsWeakKey(SecCertificateRef certificate
);
163 bool SecCertificateIsAtLeastMinKeySize(SecCertificateRef certificate
,
164 CFDictionaryRef keySizes
);
165 bool SecCertificateIsStrongKey(SecCertificateRef certificate
);
167 extern const CFStringRef kSecSignatureDigestAlgorithmUnknown
;
168 extern const CFStringRef kSecSignatureDigestAlgorithmMD2
;
169 extern const CFStringRef kSecSignatureDigestAlgorithmMD4
;
170 extern const CFStringRef kSecSignatureDigestAlgorithmMD5
;
171 extern const CFStringRef kSecSignatureDigestAlgorithmSHA1
;
172 extern const CFStringRef kSecSignatureDigestAlgorithmSHA224
;
173 extern const CFStringRef kSecSignatureDigestAlgorithmSHA256
;
174 extern const CFStringRef kSecSignatureDigestAlgorithmSHA384
;
175 extern const CFStringRef kSecSignatureDigestAlgorithmSHA512
;
177 bool SecCertificateIsWeakHash(SecCertificateRef certificate
);
179 CFDataRef
SecCertificateCreateOidDataFromString(CFAllocatorRef allocator
, CFStringRef string
);
180 bool SecCertificateIsOidString(CFStringRef oid
);
182 DERItem
*SecCertificateGetExtensionValue(SecCertificateRef certificate
, CFTypeRef oid
);
186 #endif /* !_SECURITY_SECCERTIFICATEINTERNAL_H_ */
projects / apple / security.git / blob