2 * Copyright (c) 2008-2010,2012-2017 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 @header SecPolicyServer
26 The functions provided in SecPolicyServer.h provide an interface to
27 trust policies dealing with certificate revocation.
30 #ifndef _SECURITY_SECPOLICYSERVER_H_
31 #define _SECURITY_SECPOLICYSERVER_H_
33 #include <Security/SecTrust.h>
34 #include "Security/SecPolicyInternal.h"
35 #include <Security/SecTrustSettings.h>
37 #include "trust/trustd/SecTrustServer.h"
38 #include "trust/trustd/SecCertificateServer.h"
42 #define kSecPolicySHA256Size 32
44 void SecPVCInit(SecPVCRef pvc
, SecPathBuilderRef builder
, CFArrayRef policies
);
45 void SecPVCDelete(SecPVCRef pvc
);
46 void SecPVCSetPath(SecPVCRef pvc
, SecCertificatePathVCRef path
);
47 SecPolicyRef
SecPVCGetPolicy(SecPVCRef pv
);
49 /* Set the string result as the reason for the sub policy check key
50 failing. The policy check function should continue processing if
51 this function returns true. */
52 bool SecPVCSetResult(SecPVCRef pv
, CFStringRef key
, CFIndex ix
, CFTypeRef result
);
53 bool SecPVCSetResultForced(SecPVCRef pvc
, CFStringRef key
, CFIndex ix
, CFTypeRef result
, bool force
);
54 bool SecPVCSetResultForcedWithTrustResult(SecPVCRef pvc
, CFStringRef key
, CFIndex ix
, CFTypeRef result
, bool force
,
55 SecTrustResultType overrideDefaultTR
);
57 /* Is the current result considered successful. */
58 bool SecPVCIsOkResult(SecPVCRef pvc
);
61 void SecPVCComputeDetails(SecPVCRef pvc
, SecCertificatePathVCRef path
);
63 /* Run static leaf checks on the path in pvc. */
64 SecTrustResultType
SecPVCLeafChecks(SecPVCRef pvc
);
66 /* Run static parent checks on the path in pvc. */
67 bool SecPVCParentCertificateChecks(SecPVCRef pvc
, CFIndex ix
);
69 /* Run dynamic checks on the complete path in pvc. Return true if the
70 operation is complete, returns false if an async backgroup request was
71 scheduled. Upon completion of the async background job
72 SecPathBuilderStep() should be called. */
73 void SecPVCPathChecks(SecPVCRef pvc
);
75 /* Check whether revocation responses were received for certificates
76 * in the path in pvc. If a valid response was not obtained for a
77 * certificate, this sets the appropriate error result if revocation
78 * was required, and/or definitive revocation info is present. */
79 void SecPVCPathCheckRevocationResponsesReceived(SecPVCRef pvc
);
81 typedef void (*SecPolicyCheckFunction
)(SecPVCRef pv
, CFStringRef key
);
84 * Used by SecTrust to verify if a particular certificate chain matches
85 * this policy. Returns true if the policy accepts the certificate chain.
87 bool SecPolicyValidate(SecPolicyRef policy
, SecPVCRef pvc
, CFStringRef key
);
89 void SecPolicyServerInitialize(void);
91 bool SecPolicyIsEVPolicy(const DERItem
*policyOID
);
93 bool SecPVCIsAnchorPerConstraints(SecPVCRef pvc
, SecCertificateSourceRef source
, SecCertificateRef certificate
);
97 #endif /* !_SECURITY_SECPOLICYSERVER_H_ */