]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecCertificateInternal.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.60.18.tar.gz
[apple/security.git] / OSX / sec / Security / SecCertificateInternal.h
1 /*
2 * Copyright (c) 2007-2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 SecCertificateInternal
26 */
27
28 #ifndef _SECURITY_SECCERTIFICATEINTERNAL_H_
29 #define _SECURITY_SECCERTIFICATEINTERNAL_H_
30
31 #include <Security/SecCertificatePriv.h>
32 #include <Security/certextensions.h>
33 #include <libDER/DER_Keys.h>
34
35 __BEGIN_DECLS
36
37 CFDataRef SecCertificateGetAuthorityKeyID(SecCertificateRef certificate);
38 CFDataRef SecCertificateGetSubjectKeyID(SecCertificateRef certificate);
39
40 /* Return an array of CFURLRefs each of which is an crl distribution point for
41 this certificate. */
42 CFArrayRef SecCertificateGetCRLDistributionPoints(SecCertificateRef certificate);
43
44 /* Return an array of CFURLRefs each of which is an ocspResponder for this
45 certificate. */
46 CFArrayRef SecCertificateGetOCSPResponders(SecCertificateRef certificate);
47
48 /* Return an array of CFURLRefs each of which is an caIssuer for this
49 certificate. */
50 CFArrayRef SecCertificateGetCAIssuers(SecCertificateRef certificate);
51
52 /* Dump certificate for debugging. */
53 void SecCertificateShow(SecCertificateRef certificate);
54
55 /* Return the normalized name or NULL if it fails to parse */
56 CFDataRef SecDistinguishedNameCopyNormalizedContent(CFDataRef distinguished_name);
57
58 /* Return true iff the certificate has a subject. */
59 bool SecCertificateHasSubject(SecCertificateRef certificate);
60 /* Return true iff the certificate has a critical subject alt name. */
61 bool SecCertificateHasCriticalSubjectAltName(SecCertificateRef certificate);
62
63 /* Return the contents of the SubjectAltName extension. */
64 const DERItem * SecCertificateGetSubjectAltName(SecCertificateRef certificate);
65
66 /* Return true if certificate contains one or more critical extensions we
67 are unable to parse. */
68 bool SecCertificateHasUnknownCriticalExtension(SecCertificateRef certificate);
69
70 /* Return an attribute dictionary used to store this item in a keychain. */
71 CFDictionaryRef SecCertificateCopyAttributeDictionary(
72 SecCertificateRef certificate);
73
74 /* Return a certificate from the attribute dictionary that was used to store
75 this item in a keychain. */
76 SecCertificateRef SecCertificateCreateFromAttributeDictionary(
77 CFDictionaryRef refAttributes);
78
79 /* Return a SecKeyRef for the public key embedded in the cert. */
80 #if TARGET_OS_OSX
81 SecKeyRef SecCertificateCopyPublicKey_ios(SecCertificateRef certificate);
82 #endif
83
84 /* Return the SecCEBasicConstraints extension for this certificate if it
85 has one. */
86 const SecCEBasicConstraints *
87 SecCertificateGetBasicConstraints(SecCertificateRef certificate);
88
89 /* Returns array of CFDataRefs containing the generalNames that are
90 Permitted Subtree Name Constraints for this certificate if it has
91 any. */
92 CFArrayRef SecCertificateGetPermittedSubtrees(SecCertificateRef certificate);
93
94
95 /* Returns array of CFDataRefs containing the generalNames that are
96 Excluded Subtree Name Constraints for this certificate if it has
97 any. */
98 CFArrayRef SecCertificateGetExcludedSubtrees(SecCertificateRef certificate);
99
100 /* Return the SecCEPolicyConstraints extension for this certificate if it
101 has one. */
102 const SecCEPolicyConstraints *
103 SecCertificateGetPolicyConstraints(SecCertificateRef certificate);
104
105 /* Return a dictionary from CFDataRef to CFArrayRef of CFDataRef
106 representing the policyMapping extension of this certificate. */
107 const SecCEPolicyMappings *
108 SecCertificateGetPolicyMappings(SecCertificateRef certificate);
109
110 /* Return the SecCECertificatePolicies extension for this certificate if it
111 has one. */
112 const SecCECertificatePolicies *
113 SecCertificateGetCertificatePolicies(SecCertificateRef certificate);
114
115 /* Returns UINT32_MAX if InhibitAnyPolicy extension is not present or invalid,
116 returns the value of the SkipCerts field of the InhibitAnyPolicy extension
117 otherwise. */
118 const SecCEInhibitAnyPolicy *
119 SecCertificateGetInhibitAnyPolicySkipCerts(SecCertificateRef certificate);
120
121 /* Return the public key algorithm and parameters for certificate. */
122 const DERAlgorithmId *SecCertificateGetPublicKeyAlgorithm(
123 SecCertificateRef certificate);
124
125 /* Return the raw public key data for certificate. */
126 const DERItem *SecCertificateGetPublicKeyData(SecCertificateRef certificate);
127
128 // MARK: -
129 // MARK: Certificate Operations
130
131 OSStatus SecCertificateIsSignedBy(SecCertificateRef certificate,
132 SecKeyRef issuerKey);
133
134 void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType,
135 CFStringRef label, CFStringRef localizedLabel, CFTypeRef value);
136
137 /* Utility functions. */
138 CFStringRef SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator,
139 const DERItem *oid);
140 CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
141 const DERItem *x501name);
142
143 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
144 an absoluteTime if the date was valid and properly decoded. Return
145 NULL_TIME otherwise. */
146 CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
147 size_t length);
148
149 bool SecCertificateHasMarkerExtension(SecCertificateRef certificate, CFTypeRef oid);
150
151 typedef OSStatus (*parseGeneralNameCallback)(void *context,
152 SecCEGeneralNameType type, const DERItem *value);
153 OSStatus SecCertificateParseGeneralNameContentProperty(DERTag tag,
154 const DERItem *generalNameContent,
155 void *context, parseGeneralNameCallback callback);
156
157 OSStatus SecCertificateParseGeneralNames(const DERItem *generalNames, void *context,
158 parseGeneralNameCallback callback);
159
160 bool SecCertificateIsWeakKey(SecCertificateRef certificate);
161 bool SecCertificateIsAtLeastMinKeySize(SecCertificateRef certificate,
162 CFDictionaryRef keySizes);
163
164 extern const CFStringRef kSecSignatureDigestAlgorithmUnknown;
165 extern const CFStringRef kSecSignatureDigestAlgorithmMD2;
166 extern const CFStringRef kSecSignatureDigestAlgorithmMD4;
167 extern const CFStringRef kSecSignatureDigestAlgorithmMD5;
168 extern const CFStringRef kSecSignatureDigestAlgorithmSHA1;
169 extern const CFStringRef kSecSignatureDigestAlgorithmSHA224;
170 extern const CFStringRef kSecSignatureDigestAlgorithmSHA256;
171 extern const CFStringRef kSecSignatureDigestAlgorithmSHA384;
172 extern const CFStringRef kSecSignatureDigestAlgorithmSHA512;
173
174 bool SecCertificateIsWeakHash(SecCertificateRef certificate);
175
176 CFDataRef SecCertificateCreateOidDataFromString(CFAllocatorRef allocator, CFStringRef string);
177 bool SecCertificateIsOidString(CFStringRef oid);
178
179 DERItem *SecCertificateGetExtensionValue(SecCertificateRef certificate, CFTypeRef oid);
180
181 __END_DECLS
182
183 #endif /* !_SECURITY_SECCERTIFICATEINTERNAL_H_ */
mirror of Security