2 * Copyright (c) 2005,2011,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 * TrustSettings.h - class to manage trusted certs.
28 #ifndef _TRUST_SETTINGS_H_
29 #define _TRUST_SETTINGS_H_
31 #include <Security/SecTrust.h>
32 #include <Security/SecTrustSettings.h>
33 #include <security_keychain/StorageManager.h>
36 * Clarification of the bool arguments to our main constructor.
38 #define CREATE_YES true
39 #define CREATE_NO false
46 namespace KeychainCore
50 * Additional values for the SecTrustSettingsDomain enum.
54 * This indicates a TrustSettings that exists only in memory; it
55 * can't be written to disk.
57 kSecTrustSettingsDomainMemory
= 100
63 TrustSettings(SecTrustSettingsDomain domain
);
68 * Normal constructor, from disk.
69 * If create is true, the absence of an on-disk TrustSettings file
70 * results in the creation of a new empty TrustSettings. If create is
71 * false and no on-disk TrustSettings exists, errSecItemNotFound is
73 * If trim is true, the components of the on-disk TrustSettings not
74 * needed for cert evaluation are discarded. This is for TrustSettings
75 * that will be cached in memory long-term.
77 static OSStatus
CreateTrustSettings(
78 SecTrustSettingsDomain domain
,
84 * Create from external data, obtained by createExternal().
85 * If externalData is NULL, we'll create an empty mTrustDict.
87 static OSStatus
CreateTrustSettings(
88 SecTrustSettingsDomain domain
,
89 CFDataRef externalData
,
95 * Evaluate specified cert. Returns true if we found a matching
96 * record for the cert.
99 CFStringRef certHashStr
,
100 const CSSM_OID
*policyOID
, /* optional */
101 const char *policyString
, /* optional */
102 SecTrustSettingsKeyUsage keyUsage
, /* optional */
103 bool isRootCert
, /* for checking default setting */
104 CSSM_RETURN
**allowedErrors
, /* mallocd and RETURNED */
105 uint32
*numAllowedErrors
, /* RETURNED */
106 SecTrustSettingsResult
*resultType
, /* RETURNED */
107 bool *foundAnyEntry
); /* RETURNED - there is SOME entry for
111 * Only certs with a SecTrustSettingsResult of kSecTrustSettingsResultTrustRoot
112 * or kSecTrustSettingsResultTrustAsRoot will be returned.
114 void findQualifiedCerts(
115 StorageManager::KeychainList
&keychains
,
117 * If findAll is true, all certs are returned and the subsequent
118 * qualifiers are ignored
121 /* if true, only return root (self-signed) certs */
123 const CSSM_OID
*policyOID
, /* optional */
124 const char *policyString
, /* optional */
125 SecTrustSettingsKeyUsage keyUsage
, /* optional */
126 CFMutableArrayRef certArray
); /* certs appended here */
129 * Find all certs in specified keychain list which have entries in this trust record.
130 * Certs already in the array are not added.
133 StorageManager::KeychainList
&keychains
,
134 CFMutableArrayRef certArray
);
137 * Obtain trust settings for the specified cert. Returned settings array
138 * is in the public API form; caller must release. Returns NULL
139 * (does not throw) if the cert is not present in this TrustRecord.
140 * The certRef argument can be kSecTrustSettingsDefaultRootCertSetting.
142 CFArrayRef
copyTrustSettings(
143 SecCertificateRef certRef
);
146 * Obtain the mod date for the specified cert's trust settings.
147 * Returns NULL (does not throw) if the cert is not present in this
149 * The certRef argument can be kSecTrustSettingsDefaultRootCertSetting.
151 CFDateRef
copyModDate(
152 SecCertificateRef certRef
);
155 * Modify cert's trust settings, or add a new cert to the record.
156 * The certRef argument can be kSecTrustSettingsDefaultRootCertSetting.
158 void setTrustSettings(
159 SecCertificateRef certRef
,
160 CFTypeRef trustSettingsDictOrArray
);
163 * Delete a certificate's trust settings.
164 * Throws errSecItemNotFound if there currently are no settings.
165 * The certRef argument can be kSecTrustSettingsDefaultRootCertSetting.
167 void deleteTrustSettings(
168 SecCertificateRef certRef
);
171 * Flush property list data out to disk if dirty.
176 * Obtain external representation of TrustSettings data.
178 CFDataRef
createExternal();
181 /* common code to init mPropList from raw data */
183 CFDataRef trustSettingsData
);
186 * Find a given cert's entry in mTrustDict.
187 * Returned dictionary is not refcounted.
189 CFDictionaryRef
findDictionaryForCert(
190 SecCertificateRef certRef
);
193 * Find entry in mTrustDict given cert hash string.
195 CFDictionaryRef
findDictionaryForCertHash(
196 CFStringRef certHashStr
);
199 * Validate incoming API-style trust settings, which may be NULL, a
200 * dictionary, or an array of dictionaries. We return a deep-copied,
201 * refcounted CFArray, in internal format, in any case as long as the
202 * incoming parameter is good.
204 CFArrayRef
validateApiTrustSettings(
205 CFTypeRef trustSettingsDictOrArray
,
206 Boolean isSelfSigned
);
209 * Validate an usage constraint array from disk as part of our mPropDict
210 * array. Returns true if OK, else returns false.
212 bool validateTrustSettingsArray(
213 CFArrayRef trustSettings
);
216 * Obtain issuer and serial number for specified cert, both
217 * returned as CFDataRefs owned by caller.
219 void copyIssuerAndSerial(
220 SecCertificateRef cert
,
221 CFDataRef
*issuer
, /* optional, RETURNED */
222 CFDataRef
*serial
); /* RETURNED */
225 * Validate mPropDict after it's read from disk. Allows subsequent use of
226 * mPropDict and mTrustDict to proceed with relative impunity.
227 * If trim is true, we remove fields in the per-cert dictionaries which
228 * are not needed for cert evaluation. We also release the top-level
229 * mPropList, which serves as a "this is trimmed" indicator if NULL.
231 void validatePropList(bool trim
);
233 /* fatal error abort */
238 /* the overall parsed TrustSettings - may be NULL if this is trimmed */
239 CFMutableDictionaryRef mPropList
;
241 /* and the main thing we work with, the dictionary of per-cert trust settings */
242 CFMutableDictionaryRef mTrustDict
;
244 /* version number of mPropDict */
247 SecTrustSettingsDomain mDomain
;
248 bool mDirty
; /* we've changed mPropDict since creation */
251 } /* end namespace KeychainCore */
253 } /* end namespace Security */
255 #endif /* _TRUST_SETTINGS_H_ */