2 * Copyright (c) 2008-2010,2012-2017 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 @header SecPolicyServer
26 The functions provided in SecPolicyServer.h provide an interface to
27 trust policies dealing with certificate revocation.
30 #ifndef _SECURITY_SECPOLICYSERVER_H_
31 #define _SECURITY_SECPOLICYSERVER_H_
33 #include <Security/SecTrust.h>
34 #include <Security/SecPolicyInternal.h>
35 #include <Security/SecTrustSettings.h>
37 #include <securityd/SecTrustServer.h>
38 #include <securityd/SecCertificateServer.h>
42 #define kSecPolicySHA256Size 32
44 void SecPVCInit(SecPVCRef pvc
, SecPathBuilderRef builder
, CFArrayRef policies
);
45 void SecPVCDelete(SecPVCRef pvc
);
46 void SecPVCSetPath(SecPVCRef pvc
, SecCertificatePathVCRef path
);
47 SecPolicyRef
SecPVCGetPolicy(SecPVCRef pv
);
49 /* Set the string result as the reason for the sub policy check key
50 failing. The policy check function should continue processing if
51 this function returns true. */
52 bool SecPVCSetResult(SecPVCRef pv
, CFStringRef key
, CFIndex ix
,
54 bool SecPVCSetResultForced(SecPVCRef pvc
,
55 CFStringRef key
, CFIndex ix
, CFTypeRef result
, bool force
);
56 bool SecPVCIsOkResult(SecPVCRef pvc
);
58 /* Is the current result considered successful. */
59 bool SecPVCIsOkResult(SecPVCRef pvc
);
62 void SecPVCComputeDetails(SecPVCRef pvc
, SecCertificatePathVCRef path
);
64 /* Run static leaf checks on the path in pvc. */
65 SecTrustResultType
SecPVCLeafChecks(SecPVCRef pvc
);
67 /* Run static parent checks on the path in pvc. */
68 bool SecPVCParentCertificateChecks(SecPVCRef pvc
, CFIndex ix
);
70 /* Run dynamic checks on the complete path in pvc. Return true if the
71 operation is complete, returns false if an async backgroup request was
72 scheduled. Upon completion of the async background job
73 SecPathBuilderStep() should be called. */
74 void SecPVCPathChecks(SecPVCRef pvc
);
76 /* Check whether revocation responses were received for certificates
77 * in the path in pvc. If a valid response was not obtained for a
78 * certificate, this sets the appropriate error result if revocation
79 * was required, and/or definitive revocation info is present. */
80 void SecPVCPathCheckRevocationResponsesReceived(SecPVCRef pvc
);
82 typedef void (*SecPolicyCheckFunction
)(SecPVCRef pv
, CFStringRef key
);
85 * Used by SecTrust to verify if a particular certificate chain matches
86 * this policy. Returns true if the policy accepts the certificate chain.
88 bool SecPolicyValidate(SecPolicyRef policy
, SecPVCRef pvc
, CFStringRef key
);
90 void SecPolicyServerInitialize(void);
92 bool SecPolicyIsEVPolicy(const DERItem
*policyOID
);
94 SecTrustSettingsResult
SecPVCGetTrustSettingsResult(SecPVCRef pvc
, SecCertificateRef certificate
, CFArrayRef constraints
);
98 #endif /* !_SECURITY_SECPOLICYSERVER_H_ */