]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/lib/SecCertificatePrivP.h
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_keychain / lib / SecCertificatePrivP.h
1 /*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecCertificatePriv
26 The functions provided in SecCertificatePriv.h implement and manage a particular
27 type of keychain item that represents a certificate. You can store a
28 certificate in a keychain, but a certificate can also be a transient
29 object.
30
31 You can use a certificate as a keychain item in most functions.
32 Certificates are able to compute their parent certificates, and much more.
33 */
34
35 #ifndef _SECURITY_SECCERTIFICATEPRIVP_H_
36 #define _SECURITY_SECCERTIFICATEPRIVP_H_
37
38 //#include <Security/SecCertificate.h>
39 #include "SecCertificateP.h"
40 #include <CoreFoundation/CFArray.h>
41 #include <CoreFoundation/CFData.h>
42 #include <CoreFoundation/CFDate.h>
43 #include <CoreFoundation/CFDictionary.h>
44 #include <stdbool.h>
45
46 #if defined(__cplusplus)
47 extern "C" {
48 #endif
49
50 typedef uint32_t SecKeyUsage;
51 enum {
52 kSecKeyUsageUnspecified = 0,
53 kSecKeyUsageDigitalSignature = 1 << 0,
54 kSecKeyUsageNonRepudiation = 1 << 1,
55 kSecKeyUsageContentCommitment= 1 << 1,
56 kSecKeyUsageKeyEncipherment = 1 << 2,
57 kSecKeyUsageDataEncipherment = 1 << 3,
58 kSecKeyUsageKeyAgreement = 1 << 4,
59 kSecKeyUsageKeyCertSign = 1 << 5,
60 kSecKeyUsageCRLSign = 1 << 6,
61 kSecKeyUsageEncipherOnly = 1 << 7,
62 kSecKeyUsageDecipherOnly = 1 << 8,
63 kSecKeyUsageCritical = 1 << 31,
64 kSecKeyUsageAll = 0x7FFFFFFF
65 };
66
67 /* Return a certificate for the DER representation of this certificate.
68 Return NULL if the passed-in data is not a valid DER-encoded X.509
69 certificate. */
70 SecCertificateRefP SecCertificateCreateWithBytesP(CFAllocatorRef allocator,
71 const UInt8 *bytes, CFIndex length);
72
73 /* Return the length of the DER representation of this certificate. */
74 CFIndex SecCertificateGetLengthP(SecCertificateRefP certificate);
75
76 /* Return the bytes of the DER representation of this certificate. */
77 const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate);
78
79 #pragma mark -
80 #pragma mark Certificate Accessors
81
82 CFDataRef SecCertificateGetSHA1Digest(SecCertificateRefP certificate);
83
84 CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRefP certificate);
85
86 CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRefP certificate);
87
88 /*!
89 @function SecCertificateCopyIssuerSummary
90 @abstract Return a simple string which hopefully represents a human understandable issuer.
91 @param certificate SecCertificate object created with SecCertificateCreateWithData().
92 @discussion All the data in this string comes from the certificate itself
93 and thus it's in whatever language the certificate itself is in.
94 @result A CFStringRef which the caller should CFRelease() once it's no longer needed.
95 */
96 CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRefP certificate);
97
98 /*!
99 @function SecCertificateCopyProperties
100 @abstract Return a property array for this trust certificate.
101 @param certificate A reference to the certificate to evaluate.
102 @result A property array. It is the caller's responsability to CFRelease
103 the returned array when it is no longer needed.
104 See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
105 Unlike that function call this function returns a detailed description
106 of the certificate in question.
107 */
108 CFArrayRef SecCertificateCopyProperties(SecCertificateRefP certificate);
109
110 CFMutableArrayRef SecCertificateCopySummaryProperties(
111 SecCertificateRefP certificate, CFAbsoluteTime verifyTime);
112
113 /* Return the content of a DER-encoded integer (without the tag and length
114 fields) for this certificate's serial number. The caller must CFRelease
115 the value returned. */
116 CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate);
117
118 /* Return an array of CFStringRefs representing the ip addresses in the
119 certificate if any. */
120 CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRefP certificate);
121
122 /* Return an array of CFStringRefs representing the dns addresses in the
123 certificate if any. */
124 CFArrayRef SecCertificateCopyDNSNames(SecCertificateRefP certificate);
125
126 /* Return an array of CFStringRefs representing the email addresses in the
127 certificate if any. */
128 CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRefP certificate);
129
130 /* Return an array of CFStringRefs representing the common names in the
131 certificates subject if any. */
132 CFArrayRef SecCertificateCopyCommonNames(SecCertificateRefP certificate);
133
134 /* Return an array of CFStringRefs representing the organization in the
135 certificate's subject if any. */
136 CFArrayRef SecCertificateCopyOrganization(SecCertificateRefP certificate);
137
138 /* Return an array of CFStringRefs representing the NTPrincipalNames in the
139 certificate if any. */
140 CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRefP certificate);
141
142 /* Return a string formatted according to RFC 2253 representing the complete
143 subject of certificate. */
144 CFStringRef SecCertificateCopySubjectString(SecCertificateRefP certificate);
145
146 /* Return a string with the company name of an ev leaf certificate. */
147 CFStringRef SecCertificateCopyCompanyName(SecCertificateRefP certificate);
148
149 /* X.509 Certificate Version: 1, 2 or 3. */
150 CFIndex SecCertificateVersion(SecCertificateRefP certificate);
151 CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRefP certificate);
152 CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRefP certificate);
153
154 /* Return true iff certificate is self signed and has a basic constraints
155 extension indicating that it's a certificate authority. */
156 bool SecCertificateIsSelfSignedCA(SecCertificateRefP certificate);
157
158 SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRefP certificate);
159
160 /* Returns an array of CFDataRefs for all extended key usage oids or NULL */
161 CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRefP certificate);
162
163 /* Returns a certificate from a pem blob */
164 SecCertificateRefP SecCertificateCreateWithPEM(CFAllocatorRef allocator,
165 CFDataRef pem_certificate);
166
167 /* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
168 CFArrayRef SecCertificateArrayCopyDataArray(CFArrayRef certificates);
169
170 /* Return an array of SecCertificateRefPs from an array of CFDataRefs. */
171 CFArrayRef SecCertificateDataArrayCopyArray(CFArrayRef certificates);
172
173 CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRefP certificate);
174 CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRefP certificate);
175
176 CFDataRef SecCertificateGetNormalizedIssuer(SecCertificateRefP certificate);
177 CFDataRef SecCertificateGetNormalizedSubject(SecCertificateRefP certificate);
178
179 #if defined(__cplusplus)
180 }
181 #endif
182
183 #endif /* !_SECURITY_SECCERTIFICATEPRIVP_H_ */