Security/libsecurity_keychain/lib/SecPolicyPriv.h

   1 /*
   2  * Copyright (c) 2003-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecPolicyPriv
  26         Private part of SecPolicy.h
  27 */
  28
  29 #ifndef _SECURITY_SECPOLICYPRIV_H_
  30 #define _SECURITY_SECPOLICYPRIV_H_
  31
  32 #include <Security/SecPolicy.h>
  33 #include <CoreFoundation/CFArray.h>
  34
  35
  36 #if defined(__cplusplus)
  37 extern "C" {
  38 #endif
  39
  40 /*!
  41         @enum Policy Constants (Private)
  42         @discussion Predefined constants used to specify a policy.
  43         @constant kSecPolicyAppleMobileStore
  44         @constant kSecPolicyAppleTestMobileStore
  45         @constant kSecPolicyAppleEscrowService
  46         @constant kSecPolicyAppleProfileSigner
  47         @constant kSecPolicyAppleQAProfileSigner
  48         @constant kSecPolicyAppleServerAuthentication
  49         @constant kSecPolicyAppleOTAPKISigner
  50         @constant kSecPolicyAppleTestOTAPKISigner
  51         @constant kSecPolicyAppleIDValidationRecordSigning
  52         @constant kSecPolicyAppleSMPEncryption
  53         @constant kSecPolicyAppleTestSMPEncryption
  54         @constant kSecPolicyApplePCSEscrowService
  55
  56 */
  57 extern CFTypeRef kSecPolicyAppleMobileStore
  58     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
  59 extern CFTypeRef kSecPolicyAppleTestMobileStore
  60     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
  61 extern CFTypeRef kSecPolicyAppleEscrowService
  62     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
  63 extern CFTypeRef kSecPolicyAppleProfileSigner
  64     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
  65 extern CFTypeRef kSecPolicyAppleQAProfileSigner
  66     __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
  67 extern CFTypeRef kSecPolicyAppleServerAuthentication
  68     __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
  69 #if TARGET_OS_IPHONE
  70 extern CFTypeRef kSecPolicyAppleOTAPKISigner
  71     __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
  72 extern CFTypeRef kSecPolicyAppleTestOTAPKISigner
  73     __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
  74 extern CFTypeRef kSecPolicyAppleIDValidationRecordSigningPolicy
  75         __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
  76 extern CFTypeRef kSecPolicyAppleSMPEncryption
  77         __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
  78 extern CFTypeRef kSecPolicyAppleTestSMPEncryption
  79         __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
  80 #endif
  81 extern CFTypeRef kSecPolicyApplePCSEscrowService
  82     __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
  83
  84 /*!
  85         @function SecPolicyCopy
  86         @abstract Returns a copy of a policy reference based on certificate type and OID.
  87         @param certificateType A certificate type.
  88         @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs.
  89         @param policy The returned policy reference. This is a required parameter.
  90         @result A result code.  See "Security Error Codes" (SecBase.h).
  91         @discussion This function is deprecated in Mac OS X 10.7 and later;
  92         to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h.
  93 */
  94 OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy)
  95         __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
  96
  97 /*!
  98         @function SecPolicyCopyAll
  99         @abstract Returns an array of all known policies based on certificate type.
 100     @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown.
 101     @param policies The returned array of policies. This is a required parameter.
 102     @result A result code.  See "Security Error Codes" (SecBase.h).
 103         @discussion This function is deprecated in Mac OS X 10.7 and later;
 104         to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally
 105         no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each
 106         policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID
 107         for each desired policy from the list of supported OID constants in SecPolicy.h.)
 108 */
 109 OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies)
 110         __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
 111
 112 /*!
 113  @function SecPolicyCreateAppleIDSService
 114  @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
 115  */
 116 SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname);
 117
 118 /*!
 119  @function SecPolicyCreateApplePushService
 120  @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions)
 121  */
 122 SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname);
 123
 124 /*!
 125  @function SecPolicyCreateAppleMMCSService
 126  @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
 127  */
 128 SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname);
 129
 130 /*!
 131  @function SecPolicyCreateAppleSSLService
 132  @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions)
 133  */
 134 SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname);
 135
 136 /*!
 137  @function SecPolicyCreateAppleTimeStampingAndRevocationPolicies
 138  @abstract Create timeStamping policy array from a given set of policies by applying identical revocation behavior
 139  @param policyOrArray can be a SecPolicyRef or a CFArray of SecPolicyRef
 140  */
 141 CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray);
 142
 143 #if defined(__cplusplus)
 144 }
 145 #endif
 146
 147 #endif /* !_SECURITY_SECPOLICYPRIV_H_ */