AppleX509TP/tpPolicies.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         tpPolicies.h - TP module policy implementation
  21
  22         Created 10/9/2000 by Doug Mitchell.
  23 */
  24
  25 #ifndef _TP_POLICIES_H_
  26 #define _TP_POLICIES_H_
  27
  28 #include <Security/cssmtype.h>
  29 #include <Security/cssmalloc.h>
  30 #include <Security/cssmapple.h>
  31 #include "TPCertInfo.h"
  32
  33 #ifdef __cplusplus
  34 extern  "C" {
  35 #endif /* __cplusplus */
  36
  37 CSSM_BOOL tp_verifyWithSslRoots(
  38         CSSM_CL_HANDLE  clHand,
  39         CSSM_CSP_HANDLE cspHand,
  40         TPCertInfo              *certToVfy);            // last in chain, not root
  41
  42 /*
  43  * Enumerated policies enforced by this module.
  44  */
  45 typedef enum {
  46         kTPDefault,                     /* no extension parsing, just sig and expiration */
  47         kTPx509Basic,           /* basic X.509/RFC2459 */
  48         kTPiSign,                       /* Apple code signing */
  49         kTP_SSL                         /* SecureTransport/SSL */
  50 } TPPolicy;
  51
  52 /*
  53  * Perform TP verification on a constructed (ordered) cert group.
  54  * Returns CSSM_TRUE on success.
  55  */
  56 CSSM_RETURN tp_policyVerify(
  57         TPPolicy                                                policy,
  58         CssmAllocator                                   &alloc,
  59         CSSM_CL_HANDLE                                  clHand,
  60         CSSM_CSP_HANDLE                                 cspHand,
  61         TPCertGroup                                     *certGroup,
  62         CSSM_BOOL                                               verifiedToRoot,         // last cert is good root
  63         const CSSM_APPLE_TP_ACTION_DATA *actionData,
  64         const CSSM_APPLE_TP_SSL_OPTIONS *sslOpts,
  65         void                                                    *policyOpts);   // future options
  66
  67 #ifdef __cplusplus
  68 }
  69 #endif
  70 #endif  /* _TP_POLICIES_H_ */