OSX/sec/securityd/OTATrustUtilities.h

   1 /*
   2  * Copyright (c) 2003-2004,2006-2010,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  * OTATrustUtilities.h
  24  */
  25
  26 #ifndef _OTATRUSTUTILITIES_H_
  27 #define _OTATRUSTUTILITIES_H_  1
  28
  29 #include <CoreFoundation/CoreFoundation.h>
  30 #include <sys/types.h>
  31 #include <stdio.h>
  32
  33 __BEGIN_DECLS
  34
  35 // Opaque type that holds the data for a specific version of the OTA PKI assets
  36 typedef struct _OpaqueSecOTAPKI *SecOTAPKIRef;
  37
  38 // Get a reference to the current OTA PKI asset data
  39 // Caller is responsible for releasing the returned SecOTAPKIRef
  40 CF_EXPORT
  41 SecOTAPKIRef SecOTAPKICopyCurrentOTAPKIRef(void);
  42
  43 // Accessor to retrieve a copy of the current black listed key.
  44 // Caller is responsible for releasing the returned CFSetRef
  45 CF_EXPORT
  46 CFSetRef SecOTAPKICopyBlackListSet(SecOTAPKIRef otapkiRef);
  47
  48 // Accessor to retrieve a copy of the current gray listed key.
  49 // Caller is responsible for releasing the returned CFSetRef
  50 CF_EXPORT
  51 CFSetRef SecOTAPKICopyGrayList(SecOTAPKIRef otapkiRef);
  52
  53 // Accessor to retrieve a copy of the current allow list dictionary.
  54 // Caller is responsible for releasing the returned CFDictionaryRef
  55 CF_EXPORT
  56 CFDictionaryRef SecOTAPKICopyAllowList(SecOTAPKIRef otapkiRef);
  57
  58 // Accessor to retrieve a copy of the allow list for a specific authority key ID.
  59 // Caller is responsible for releasing the returned CFArrayRef
  60 CF_EXPORT
  61 CFArrayRef SecOTAPKICopyAllowListForAuthKeyID(SecOTAPKIRef otapkiRef, CFStringRef authKeyID);
  62
  63 // Accessor to retrieve a copy of the current trusted certificate transparency logs.
  64 // Caller is responsible for releasing the returned CFArrayRef
  65 CF_EXPORT
  66 CFArrayRef SecOTAPKICopyTrustedCTLogs(SecOTAPKIRef otapkiRef);
  67
  68 // Accessor to retrieve a copy of the current CT whitelist.
  69 // Caller is responsible for releasing the returned CFSetRef
  70 CF_EXPORT
  71 CFDataRef SecOTAPKICopyCTWhiteList(SecOTAPKIRef otapkiRef);
  72
  73 // Accessor to retrieve the array of Escrow certificates
  74 // Caller is responsible for releasing the returned CFArrayRef
  75 CF_EXPORT
  76 CFArrayRef SecOTAPKICopyEscrowCertificates(uint32_t escrowRootType, SecOTAPKIRef otapkiRef);
  77
  78 // Accessor to retrieve the dictionary of EV Policy OIDs to Anchor digest
  79 // Caller is responsible for releasing the returned CFDictionaryRef
  80 CF_EXPORT
  81 CFDictionaryRef SecOTAPKICopyEVPolicyToAnchorMapping(SecOTAPKIRef otapkiRef);
  82
  83 // Accessor to retrieve the dictionary of anchor digest to file offest
  84 // Caller is responsible for releasing the returned CFDictionaryRef
  85 CF_EXPORT
  86 CFDictionaryRef SecOTAPKICopyAnchorLookupTable(SecOTAPKIRef otapkiRef);
  87
  88 // Accessor to retrieve the ponter to the top of the anchor certs file
  89 // Caller should NOT free the returned pointer.  The caller should hold
  90 // a reference to the SecOTAPKIRef object until finishing processing with
  91 // the returned const char*
  92 CF_EXPORT
  93 const char*     SecOTAPKIGetAnchorTable(SecOTAPKIRef otapkiRef);
  94
  95 // Accessor to retrieve the current OTA PKI asset version number
  96 CF_EXPORT
  97 int SecOTAPKIGetAssetVersion(SecOTAPKIRef otapkiRef);
  98
  99 // Signal that a new OTA PKI asset version is available. This call
 100 // will update the current SecOTAPKIRef to now reference the latest
 101 // asset data
 102 CF_EXPORT
 103 void SecOTAPKIRefreshData(void);
 104
 105 // SPI to return the array of currently trusted Escrow certificates
 106 CF_EXPORT
 107 CFArrayRef SecOTAPKICopyCurrentEscrowCertificates(uint32_t escrowRootType, CFErrorRef* error);
 108
 109 // SPI to return the current OTA PKI asset version
 110 CF_EXPORT
 111 int SecOTAPKIGetCurrentAssetVersion(CFErrorRef* error);
 112
 113 // SPI to signal securityd to get a new set of trust data
 114 CF_EXPORT
 115 int SecOTAPKISignalNewAsset(CFErrorRef* error);
 116
 117 __END_DECLS
 118
 119 #endif /* _OTATRUSTUTILITIES_H_ */