sec/Security/SecCertificateRequest.h

   1 /*
   2  * Copyright (c) 2008-2009 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCertificateRequest
  26 */
  27
  28 #ifndef _SECURITY_SECCERTIFICATEREQUEST_H_
  29 #define _SECURITY_SECCERTIFICATEREQUEST_H_
  30
  31 #include <Security/SecCertificatePriv.h>
  32 #include <Security/SecKey.h>
  33
  34 #if defined(__cplusplus)
  35 extern "C" {
  36 #endif
  37
  38 extern const void * kSecOidCommonName;
  39 extern const void * kSecOidCountryName;
  40 extern const void * kSecOidStateProvinceName;
  41 extern const void * kSecOidLocalityName;
  42 extern const void * kSecOidOrganization;
  43 extern const void * kSecOidOrganizationalUnit;
  44
  45 extern const unsigned char SecASN1PrintableString;
  46 extern const unsigned char SecASN1UTF8String;
  47
  48 /*
  49         Parameter keys for certificate request generation:
  50         @param kSecCSRChallengePassword CFStringRef
  51             conversion to PrintableString or UTF8String needs to be possible.
  52         @param kSecCertificateKeyUsage  CFNumberRef
  53             with key usage mask using kSecKeyUsage constants.
  54         @param kSecSubjectAltName       CFArrayRef of CFStringRef or CFDataRef
  55             either dnsName or emailAddress (if contains @) or
  56             ipAddress, ipv4 (4) or ipv6 (16) bytes
  57         @param kSecCSRBasicContraintsPathLen    CFNumberRef
  58             if set will include basic constraints and mark it as
  59             a CA cert.  If 0 <= number < 256, specifies path length, otherwise
  60             path length will be omitted.  Basic contraints will always be
  61             marked critical.
  62 */
  63 extern const void * kSecCSRChallengePassword;
  64 extern const void * kSecSubjectAltName;
  65 extern const void * kSecCertificateKeyUsage;
  66 extern const void * kSecCSRBasicContraintsPathLen;
  67
  68 typedef struct {
  69     const void *oid;          /* kSecOid constant or CFDataRef with oid */
  70     unsigned char type; /* currently only SecASN1PrintableString */
  71     CFTypeRef value;    /* CFStringRef -> ASCII, UTF8, CFDataRef -> binary */
  72 } SecATV;
  73
  74 typedef SecATV *SecRDN;
  75
  76 /*
  77         @function SecGenerateCertificateRequest
  78         @abstract Return a newly generated CSR for subject and keypair.
  79         @param subject  RDNs in the subject
  80     @param num      Number of RDNs
  81     @param publicKey    Public key
  82     @param privateKey   Private key
  83         @discussion only handles RSA keypairs and uses a SHA-1 PKCS1 signature
  84     @result On success, a newly allocated CSR, otherwise NULL
  85
  86 Example for subject:
  87     SecATV cn[]   = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("test") }, {} };
  88     SecATV c[]    = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
  89     SecATV o[]    = { { kSecOidOrganization, SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
  90     SecRDN atvs[] = { cn, c, o, NULL };
  91 */
  92 CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject,
  93     CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
  94
  95 CFDataRef SecGenerateCertificateRequest(CFArrayRef subject,
  96     CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
  97
  98 /*
  99         @function SecVerifyCertificateRequest
 100         @abstract validate a CSR and return contained information to certify
 101         @param publicKey (optional/out) SecKeyRef public key to certify
 102     @param challenge (optional/out) CFStringRef enclosed challenge
 103     @param subject (optional/out) encoded subject RDNs
 104     @param extensions (optional/out) encoded extensions
 105 */
 106 bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey,
 107     CFStringRef *challenge, CFDataRef *subject, CFDataRef *extensions);
 108
 109 SecCertificateRef
 110 SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters,
 111     SecKeyRef publicKey, SecKeyRef privateKey);
 112
 113 SecCertificateRef
 114 SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno,
 115     SecKeyRef publicKey, CFTypeRef subject, CFTypeRef extensions);
 116
 117
 118 /* PRIVATE */
 119
 120 CFDataRef
 121 SecGenerateCertificateRequestSubject(SecCertificateRef ca_certificate, CFArrayRef subject);
 122
 123 #if defined(__cplusplus)
 124 }
 125 #endif
 126
 127 #endif /* _SECURITY_SECCERTIFICATEREQUEST_H_ */