2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
24 #ifndef SecProtocolConfiguration_h
25 #define SecProtocolConfiguration_h
27 #include <Security/SecProtocolObject.h>
28 #include <Security/SecureTransport.h>
30 #include <dispatch/dispatch.h>
33 #ifndef SEC_OBJECT_IMPL
35 * A `sec_protocol_configuration` is an object that encapsulates App Transport Security
36 * information and vends `sec_protocol_options` to clients for creating new connections.
37 * It may also be queried to determine for what domains TLS is required.
39 SEC_OBJECT_DECL(sec_protocol_configuration
);
40 #endif // !SEC_OBJECT_IMPL
44 SEC_ASSUME_NONNULL_BEGIN
47 * @function sec_protocol_configuration_copy_singleton
50 * Copy the per-process `sec_protocol_configuration_t` object.
52 * @return A non-nil `sec_protocol_configuration_t` instance.
54 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
55 SEC_RETURNS_RETAINED sec_protocol_configuration_t
56 sec_protocol_configuration_copy_singleton(void);
59 * @function sec_protocol_configuration_set_ats_overrides
65 * A `sec_protocol_configuration_t` instance.
67 * @param override_dictionary
68 * A `CFDictionaryRef` dictionary containing the ATS overrides as
69 * documented here: https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
71 * @return True if successful, and false otherwise.
73 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
75 sec_protocol_configuration_set_ats_overrides(sec_protocol_configuration_t config
, CFDictionaryRef override_dictionary
);
78 * @function sec_protocol_configuration_copy_transformed_options
81 * Transform an existing `sec_protocol_options_t` instance with a `sec_protocol_configuration_t` instance.
84 * A `sec_protocol_configuration_t` instance.
87 * A `sec_protocol_options_t` instance.
89 * @return The transformed `sec_protocol_options` instance.
91 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
92 SEC_RETURNS_RETAINED __nullable sec_protocol_options_t
93 sec_protocol_configuration_copy_transformed_options(sec_protocol_configuration_t config
, sec_protocol_options_t options
);
96 * @function sec_protocol_configuration_copy_transformed_options_for_host
99 * Transform an existing `sec_protocol_options_t` instance with a `sec_protocol_configuration_t` instance
100 * using a specific host endpoint. Note that the service (port) is omitted from this formula.
103 * A `sec_protocol_configuration_t` instance.
106 * A `sec_protocol_options_t` instance.
109 * A NULL-terminated C string containing the host in question.
111 * @return The transformed `sec_protocol_options` instance.
113 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
114 SEC_RETURNS_RETAINED __nullable sec_protocol_options_t
115 sec_protocol_configuration_copy_transformed_options_for_host(sec_protocol_configuration_t config
, sec_protocol_options_t options
, const char *host
);
118 * @function sec_protocol_configuration_tls_required
121 * Determine if TLS is required by policy for a generic connection. Note that the service (port) is omitted
125 * A `sec_protocol_configuration_t` instance.
127 * @return True if connections require TLS, and false otherwise.
129 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
131 sec_protocol_configuration_tls_required(sec_protocol_configuration_t config
);
134 * @function sec_protocol_configuration_tls_required_for_host
137 * Determine if TLS is required -- by policy -- for the given host endpoint. Note that the service (port) is
138 * omitted from this formula.
141 * A `sec_protocol_configuration_t` instance.
144 * A NULL-terminated C string containing the host endpoint to examine.
146 * @return True if connections to the endpoint require TLS, and false otherwise.
148 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
150 sec_protocol_configuration_tls_required_for_host(sec_protocol_configuration_t config
, const char *host
);
153 * @function sec_protocol_configuration_tls_required_for_address
156 * Determine if TLS is required -- by policy -- for the given address endpoint.
159 * A `sec_protocol_configuration_t` instance.
162 * A NULL-terminated C string containing the address endpoint to examine.
164 * @return True if connections to the endpoint require TLS, and false otherwise.
166 API_AVAILABLE(macos(10.15), ios(13.0), watchos(6.0), tvos(13.0))
168 sec_protocol_configuration_tls_required_for_address(sec_protocol_configuration_t config
, const char *address
);
170 SEC_ASSUME_NONNULL_END
174 #endif // SecProtocolConfiguration_h