Security-57740.60.18.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / SecTrustedApplicationPriv.h

/*
 * Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
        @header SecTrustedApplicationPriv
        Not (yet?) public functions related to SecTrustedApplicationRef objects
*/

#ifndef _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_
#define _SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_

#include <Security/SecTrustedApplication.h>
#include <Security/SecRequirementPriv.h>


#if defined(__cplusplus)
extern "C" {
#endif


/*
 * Determine whether the application at path satisfies the trust expressed in appRef.
 */
OSStatus
SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path);

/*!
        @function SecTrustedApplicationCreateFromRequirement
        @abstract Creates a trusted application reference based on an application
                URI description and a SecRequirementRef describing how it should be verified.
        @param description A URI-formatted string describing the intended meaning of
                the requirement being provided. This is for information purposes only
                and does not affect any actual validation being performed as a result.
                It may affect how the SecTrustedApplication is displayed or edited.
                If NULL, a default generic description is used.
        @param requirement A SecRequirementRef indicating what conditions an application
                must satisfy to be considered a match for this SecTrustedApplicationRef.
        @param app On return, contains a SecTrustedApplicationRef representing any
                code that satisfies the requirement argument.
        @result A result code. See SecBase.h and CSCommon.h.
*/
OSStatus SecTrustedApplicationCreateFromRequirement(const char *description,
        SecRequirementRef requirement, SecTrustedApplicationRef *app);

/*!
        @function SecTrustedApplicationCopyRequirement
        @abstract If a SecTrustedApplicationRef contains a Code Signing requirement,
                it can be retrieved with this call. If no requirement is recorded, requirement
                is set to NULL and the call succeeds.
        @param appRef A trusted application reference to retrieve data from
        @param requirement Receives the SecRequirementRef contained in appRef, if any.
                If no Code Signing requirement is contained in appRef, *requirement is set
                to NULL and the call succeeds. This can happen if appRef was created from
                an unsigned application, or from sources that do not record code signing
                information such as keychain items made in version 10.4 or earlier of the
                system.
        @result A result code. See SecBase.h and CSCommon.h. It is not an error if
                no SecRequirementRef could be obtained.
 */
OSStatus SecTrustedApplicationCopyRequirement(SecTrustedApplicationRef appRef,
        SecRequirementRef *requirement);


/*!
        @function SecTrustedApplicationCreateApplicationGroup
        @abstract Create a SecTrustedApplication object that represents an application
                group reference. It will match any application that has been marked as
                a member of the named group and was signed by a particular authority (anchor).
                Note that application groups are open-ended and more applications can be
                signed as members (by holders of suitable signing authorities) at any time.
                There is no way to reliably enumerate all members of an application group.
        @param groupName The name of the application group. If you define your own
                application group, use reverse domain notation (com.yourapp.yourgroup).
        @param anchor The anchor certificate that is required to seal the group.
                An application will be recognized as a member of the group only if it
                was signed with an identity that draws to this group. If NULL, requires
                signing by Apple.
        @param app On return, contains a SecTrustedApplicationRef representing any
                code that has been signed and marked as a member of the named application
                group.
        @result A result code. See SecBase.h and CSCommon.h.
 */
OSStatus SecTrustedApplicationCreateApplicationGroup(const char *groupName,
        SecCertificateRef anchor, SecTrustedApplicationRef *app);


/*!
        @function SecTrustedApplicationCopyExternalRepresentation
        @abstract Create a pure-data form of a SecTrustedApplicationRef object suitable
                for persistent storage anywhere. This data can later be fed to
                SecTrustedApplicationCreateWithExternalRepresentation to create an equivalent
                SecTrustedApplicationRef. The data is variable size, and should be considered
                entirely opaque; its internal form is subject to change.
        @param appRef A valid SecTrustedApplicationRef of any kind.
        @param externalRef Upon successful return, contains a CFDataRef that can be
                stored as required.
        @result A result code. See SecBase.h and CSCommon.h.
 */
OSStatus SecTrustedApplicationCopyExternalRepresentation(
        SecTrustedApplicationRef appRef, 
        CFDataRef *externalRef);
        
/*!
        @function SecTrustedApplicationCreateWithExternalRepresentation
        @abstract Create a SecTrustedApplicationRef from an external data representation
                that was originally obtained with a call to SecTrustedApplicationCopyExternalRepresentation.
        @param externalRef A CFDataRef containing data produced by
                SecTrustedApplicationCopyExternalRepresentation. If this data was not obtained
                from that function, the behavior is undefined.
        @param appRef Upon successful return, a SecTrustedApplicationRef that is functionally
                equivalent to the original one used to obtain externalRef.
        @result A result code. See SecBase.h and CSCommon.h.
 */
OSStatus SecTrustedApplicationCreateWithExternalRepresentation(
        CFDataRef externalRef,
        SecTrustedApplicationRef *appRef);


/*
 * Administrative editing of the system's application equivalence database
 */
enum {
        kSecApplicationFlagSystemwide =                 0x1,
        kSecApplicationValidFlags =                             kSecApplicationFlagSystemwide
};

OSStatus
SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef,
        SecTrustedApplicationRef newRef, UInt32 flags);

OSStatus
SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags);


/*
 * Check to see if an application at a given path is a candidate for
 * pre-emptive code equivalency establishment
 */
OSStatus
SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path);


/*
 * Point the system at another system root for equivalence use.
 * This is for system update installers (only)!
 */
OSStatus
SecTrustedApplicationUseAlternateSystem(const char *systemRoot);


#if defined(__cplusplus)
}
#endif

#endif /* !_SECURITY_SECTRUSTEDAPPLICATIONPRIV_H_ */