libsecurity_smime/lib/cert.h

   1 /*
   2  *  cert.h
   3  *  security_smime
   4  *
   5  *  Created by john on Wed Mar 12 2003.
   6  *  Copyright (c) 2003 __MyCompanyName__. All rights reserved.
   7  *
   8  */
   9
  10 #ifndef _CERT_H_
  11 #define _CERT_H_ 1
  12
  13 #include <Security/SecCmsBase.h>
  14 #include <Security/nameTemplates.h>
  15 #include <Security/SecCertificate.h>
  16 #include <CoreFoundation/CFDate.h>
  17 #include <Security/SecTrust.h>
  18 #include "cmstpriv.h"
  19
  20 /************************************************************************/
  21 SEC_BEGIN_PROTOS
  22
  23 typedef void CERTVerifyLog;
  24
  25 void CERT_NormalizeX509NameNSS(NSS_Name *nssName);
  26
  27 SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray,
  28                          char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win);
  29
  30 SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle,
  31                          char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win);
  32
  33 // Find a certificate in the database by a email address or nickname
  34 // "name" is the email address or nickname to look up
  35 SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name);
  36
  37 SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey);
  38 void SECKEY_DestroyPublicKey(SecPublicKeyRef pubKey);
  39 SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey);
  40 void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey);
  41 void CERT_DestroyCertificate(SecCertificateRef cert);
  42 SecCertificateRef CERT_DupCertificate(SecCertificateRef cert);
  43
  44 // from security/nss/lib/certdb/cert.h
  45
  46 /*
  47     Substitutions:
  48     CERTCertificate *           ->      SecCertificateRef
  49     SECKEYPublicKey *           ->      SecPublicKeyRef
  50     CERTCertDBHandle *          ->      SecKeychainRef
  51     CERT_GetDefaultCertDB       ->      OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain);
  52     CERTCertificateList *       ->      CFArrayRef
  53 */
  54
  55 // Generate a certificate chain from a certificate.
  56
  57 CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot);
  58
  59 CFArrayRef CERT_CertListFromCert(SecCertificateRef cert);
  60
  61 CFArrayRef CERT_DupCertList(CFArrayRef oldList);
  62
  63 // Extract a public key object from a SubjectPublicKeyInfo
  64 SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert);
  65
  66 SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage);
  67
  68 // Find a certificate in the database by a email address
  69 // "emailAddr" is the email address to look up
  70 SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr);
  71
  72 // Find a certificate in the database by a DER encoded certificate
  73 // "derCert" is the DER encoded certificate
  74 SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SECItem *derCert);
  75
  76 // Generate a certificate key from the issuer and serialnumber, then look it up in the database.
  77 // Return the cert if found. "issuerAndSN" is the issuer and serial number to look for
  78 SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray,
  79     CSSM_DATA_PTR *rawCerts, PRArenaPool *pl, const SecCmsIssuerAndSN *issuerAndSN);
  80
  81 SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray,
  82     CSSM_DATA_PTR *rawCerts, const SECItem *subjKeyID);
  83
  84 SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN);
  85
  86 SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SECItem *subjKeyID);
  87
  88 // find the smime symmetric capabilities profile for a given cert
  89 SECItem *CERT_FindSMimeProfile(SecCertificateRef cert);
  90
  91 // Return the decoded value of the subjectKeyID extension. The caller should
  92 // free up the storage allocated in retItem->data.
  93 SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SECItem *retItem);
  94
  95 // Extract the issuer and serial number from a certificate
  96 SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert);
  97
  98 // import a collection of certs into the temporary or permanent cert database
  99 SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts,
 100     SECItem **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname);
 101
 102 SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SECItem *emailProfile,SECItem *profileTime);
 103
 104 // Check the hostname to make sure that it matches the shexp that
 105 // is given in the common name of the certificate.
 106 SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname);
 107
 108 SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert,
 109                           const CSSM_DATA_PTR *otherCerts,    /* intermediates */
 110                           CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef);
 111
 112 CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage);
 113
 114 /************************************************************************/
 115 SEC_END_PROTOS
 116
 117 #endif /* _CERT_H_ */