libsecurity_smime/lib/cert.h

   1 /*
   2  *  cert.h
   3  *  security_smime
   4  *
   5  *  Created by john on Wed Mar 12 2003.
   6  *  Copyright (c) 2003 __MyCompanyName__. All rights reserved.
   7  *
   8  */
   9
  10 #ifndef _CERT_H_
  11 #define _CERT_H_ 1
  12
  13 #include <Security/SecCmsBase.h>
  14 #include <Security/nameTemplates.h>
  15 #include <Security/SecCertificate.h>
  16 #include <CoreFoundation/CFDate.h>
  17 #include <Security/SecTrust.h>
  18 #include "cmstpriv.h"
  19 #include <security_asn1/seccomon.h>
  20
  21 /************************************************************************/
  22 SEC_BEGIN_PROTOS
  23
  24 #if !USE_CDSA_CRYPTO
  25 bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial);
  26 #endif
  27
  28 typedef void CERTVerifyLog;
  29
  30 void CERT_NormalizeX509NameNSS(NSS_Name *nssName);
  31
  32 SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray,
  33                          char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win);
  34
  35 SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle,
  36                          char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win);
  37
  38 // Find a certificate in the database by a email address or nickname
  39 // "name" is the email address or nickname to look up
  40 SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name);
  41
  42 SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey);
  43 void SECKEY_DestroyPublicKey(SecPublicKeyRef CF_CONSUMED pubKey);
  44 SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey);
  45 void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey);
  46 void CERT_DestroyCertificate(SecCertificateRef cert);
  47 SecCertificateRef CERT_DupCertificate(SecCertificateRef cert);
  48
  49 // from security/nss/lib/certdb/cert.h
  50
  51 /*
  52     Substitutions:
  53     CERTCertificate *           ->      SecCertificateRef
  54     SECKEYPublicKey *           ->      SecPublicKeyRef
  55     CERTCertDBHandle *          ->      SecKeychainRef
  56     CERT_GetDefaultCertDB       ->      OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
  57     CERTCertificateList *       ->      CFArrayRef
  58 */
  59
  60 // Generate a certificate chain from a certificate.
  61
  62 CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot, Boolean mustIncludeRoot);
  63
  64 CF_RETURNS_RETAINED CFArrayRef CERT_CertListFromCert(SecCertificateRef cert);
  65
  66 CFArrayRef CERT_DupCertList(CFArrayRef oldList);
  67
  68 // Extract a public key object from a SubjectPublicKeyInfo
  69 SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert);
  70
  71 SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage);
  72
  73 // Find a certificate in the database by a email address
  74 // "emailAddr" is the email address to look up
  75 SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr);
  76
  77 // Find a certificate in the database by a DER encoded certificate
  78 // "derCert" is the DER encoded certificate
  79 SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SecAsn1Item *derCert);
  80
  81 // Generate a certificate key from the issuer and serialnumber, then look it up in the database.
  82 // Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
  83 SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  84
  85 SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
  86
  87 SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  88 SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  89
  90 SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
  91 SecCertificateRef CERT_FindCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID);
  92
  93 // find the smime symmetric capabilities profile for a given cert
  94 SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert);
  95
  96 // Return the decoded value of the subjectKeyID extension. The caller should
  97 // free up the storage allocated in retItem->data.
  98 SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SecAsn1Item *retItem);
  99
 100 // Extract the issuer and serial number from a certificate
 101 SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert);
 102
 103 // import a collection of certs into the temporary or permanent cert database
 104 SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts,
 105     SecAsn1Item **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname);
 106
 107 SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item *emailProfile,SecAsn1Item *profileTime);
 108
 109 // Check the hostname to make sure that it matches the shexp that
 110 // is given in the common name of the certificate.
 111 SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname);
 112
 113 #if USE_CDSA_CRYPTO
 114 SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert,
 115                           CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
 116 #else
 117 SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert,
 118                           CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
 119 #endif
 120
 121 CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage);
 122
 123 /************************************************************************/
 124 SEC_END_PROTOS
 125
 126 #endif /* _CERT_H_ */