]> git.saurik.com Git - apple/security.git/blob - trust/headers/SecTrust.h
Security-59754.41.1.tar.gz
[apple/security.git] / trust / headers / SecTrust.h
1 /*
2 * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecTrust
26 The functions and data types in SecTrust implement trust computation
27 and allow the caller to apply trust decisions to the evaluation.
28 */
29
30 #ifndef _SECURITY_SECTRUST_H_
31 #define _SECURITY_SECTRUST_H_
32
33 #include <Security/SecBase.h>
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <AvailabilityMacros.h>
36 #include <Availability.h>
37
38 __BEGIN_DECLS
39
40 CF_ASSUME_NONNULL_BEGIN
41 CF_IMPLICIT_BRIDGING_ENABLED
42
43 /*!
44 @typedef SecTrustResultType
45 @abstract Specifies the trust result type.
46 @discussion SecTrustResultType results have two dimensions. They specify
47 both whether evaluation succeeded and whether this is because of a user
48 decision. The commonly expected result is kSecTrustResultUnspecified,
49 which indicates a positive result that wasn't decided by the user. The
50 common failure is kSecTrustResultRecoverableTrustFailure, which means a
51 negative result. kSecTrustResultProceed and kSecTrustResultDeny are the
52 positive and negative result respectively when decided by the user. User
53 decisions are persisted through the use of SecTrustCopyExceptions() and
54 SecTrustSetExceptions(). Finally, kSecTrustResultFatalTrustFailure is a
55 negative result that must not be circumvented.
56 @constant kSecTrustResultInvalid Indicates an invalid setting or result.
57 This result usually means that SecTrustEvaluate has not yet been called.
58 @constant kSecTrustResultProceed Indicates you may proceed. This value
59 may be returned by the SecTrustEvaluate function or stored as part of
60 the user trust settings.
61 @constant kSecTrustResultConfirm Indicates confirmation with the user
62 is required before proceeding. Important: this value is no longer returned
63 or supported by SecTrustEvaluate or the SecTrustSettings API starting in
64 OS X 10.5; its use is deprecated in OS X 10.9 and later, as well as in iOS.
65 @constant kSecTrustResultDeny Indicates a user-configured deny; do not
66 proceed. This value may be returned by the SecTrustEvaluate function
67 or stored as part of the user trust settings.
68 @constant kSecTrustResultUnspecified Indicates the evaluation succeeded
69 and the certificate is implicitly trusted, but user intent was not
70 explicitly specified. This value may be returned by the SecTrustEvaluate
71 function or stored as part of the user trust settings.
72 @constant kSecTrustResultRecoverableTrustFailure Indicates a trust policy
73 failure which can be overridden by the user. This value may be returned
74 by the SecTrustEvaluate function but not stored as part of the user
75 trust settings.
76 @constant kSecTrustResultFatalTrustFailure Indicates a trust failure
77 which cannot be overridden by the user. This value may be returned by the
78 SecTrustEvaluate function but not stored as part of the user trust
79 settings.
80 @constant kSecTrustResultOtherError Indicates a failure other than that
81 of trust evaluation. This value may be returned by the SecTrustEvaluate
82 function but not stored as part of the user trust settings.
83 */
84 typedef CF_ENUM(uint32_t, SecTrustResultType) {
85 kSecTrustResultInvalid CF_ENUM_AVAILABLE(10_3, 2_0) = 0,
86 kSecTrustResultProceed CF_ENUM_AVAILABLE(10_3, 2_0) = 1,
87 kSecTrustResultConfirm CF_ENUM_DEPRECATED(10_3, 10_9, 2_0, 7_0) = 2,
88 kSecTrustResultDeny CF_ENUM_AVAILABLE(10_3, 2_0) = 3,
89 kSecTrustResultUnspecified CF_ENUM_AVAILABLE(10_3, 2_0) = 4,
90 kSecTrustResultRecoverableTrustFailure CF_ENUM_AVAILABLE(10_3, 2_0) = 5,
91 kSecTrustResultFatalTrustFailure CF_ENUM_AVAILABLE(10_3, 2_0) = 6,
92 kSecTrustResultOtherError CF_ENUM_AVAILABLE(10_3, 2_0) = 7
93 };
94
95 /*!
96 @typedef SecTrustRef
97 @abstract CFType used for performing X.509 certificate trust evaluations.
98 */
99 typedef struct CF_BRIDGED_TYPE(id) __SecTrust *SecTrustRef;
100
101 /*!
102 @enum Trust Property Constants
103 @discussion Predefined key constants used to obtain values in a
104 per-certificate dictionary of trust evaluation results,
105 as retrieved from a call to SecTrustCopyProperties.
106 @constant kSecPropertyTypeTitle Specifies a key whose value is a
107 CFStringRef containing the title (display name) of this certificate.
108 @constant kSecPropertyTypeError Specifies a key whose value is a
109 CFStringRef containing the reason for a trust evaluation failure.
110 */
111 extern const CFStringRef kSecPropertyTypeTitle
112 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0);
113 extern const CFStringRef kSecPropertyTypeError
114 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0);
115
116 /*!
117 @enum Trust Result Constants
118 @discussion Predefined key constants used to obtain values in a
119 dictionary of trust evaluation results for a certificate chain,
120 as retrieved from a call to SecTrustCopyResult.
121 @constant kSecTrustEvaluationDate
122 This key will be present if a trust evaluation has been performed
123 and results are available. Its value is a CFDateRef representing
124 when the evaluation for this trust object took place.
125 @constant kSecTrustExtendedValidation
126 This key will be present and have a value of kCFBooleanTrue
127 if this chain was validated for EV.
128 @constant kSecTrustOrganizationName
129 Organization name field of subject of leaf certificate. This
130 field is meant to be displayed to the user as the validated
131 name of the company or entity that owns the certificate if the
132 kSecTrustExtendedValidation key is present.
133 @constant kSecTrustResultValue
134 This key will be present if a trust evaluation has been performed.
135 Its value is a CFNumberRef representing the SecTrustResultType result
136 for the evaluation.
137 @constant kSecTrustRevocationChecked
138 This key will be present iff this chain had its revocation checked.
139 The value will be a kCFBooleanTrue if revocation checking was
140 successful and none of the certificates in the chain were revoked.
141 The value will be kCFBooleanFalse if no current revocation status
142 could be obtained for one or more certificates in the chain due
143 to connection problems or timeouts. This is a hint to a client
144 to retry revocation checking at a later time.
145 @constant kSecTrustRevocationValidUntilDate
146 This key will be present iff kSecTrustRevocationChecked has a
147 value of kCFBooleanTrue. The value will be a CFDateRef representing
148 the earliest date at which the revocation info for one of the
149 certificates in this chain might change.
150 @constant kSecTrustCertificateTransparency
151 This key will be present and have a value of kCFBooleanTrue
152 if this chain is CT qualified.
153 @constant kSecTrustCertificateTransparencyWhiteList
154 This key will be present and have a value of kCFBooleanTrue
155 if this chain is EV, not CT qualified, but included of the CT WhiteList.
156 */
157 extern const CFStringRef kSecTrustEvaluationDate
158 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
159 extern const CFStringRef kSecTrustExtendedValidation
160 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
161 extern const CFStringRef kSecTrustOrganizationName
162 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
163 extern const CFStringRef kSecTrustResultValue
164 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
165 extern const CFStringRef kSecTrustRevocationChecked
166 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
167 extern const CFStringRef kSecTrustRevocationValidUntilDate
168 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
169 extern const CFStringRef kSecTrustCertificateTransparency
170 __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
171 extern const CFStringRef kSecTrustCertificateTransparencyWhiteList
172 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_12, __MAC_10_13, __IPHONE_10_0, __IPHONE_11_0);
173
174 #ifdef __BLOCKS__
175 /*!
176 @typedef SecTrustCallback
177 @abstract Delivers the result from an asynchronous trust evaluation.
178 @param trustRef A reference to the trust object which has been evaluated.
179 @param trustResult The trust result of the evaluation. Additional status
180 information can be obtained by calling SecTrustCopyProperties().
181 */
182 typedef void (^SecTrustCallback)(SecTrustRef trustRef, SecTrustResultType trustResult);
183 #endif /* __BLOCKS__ */
184
185
186 /*!
187 @function SecTrustGetTypeID
188 @abstract Returns the type identifier of SecTrust instances.
189 @result The CFTypeID of SecTrust instances.
190 */
191 CFTypeID SecTrustGetTypeID(void)
192 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0);
193
194 /*!
195 @function SecTrustCreateWithCertificates
196 @abstract Creates a trust object based on the given certificates and
197 policies.
198 @param certificates The group of certificates to verify. This can either
199 be a CFArrayRef of SecCertificateRef objects or a single SecCertificateRef
200 @param policies An array of one or more policies. You may pass a
201 SecPolicyRef to represent a single policy.
202 @param trust On return, a pointer to the trust management reference.
203 @result A result code. See "Security Error Codes" (SecBase.h).
204 @discussion If multiple policies are passed in, all policies must verify
205 for the chain to be considered valid.
206 */
207 OSStatus SecTrustCreateWithCertificates(CFTypeRef certificates,
208 CFTypeRef __nullable policies, SecTrustRef * __nonnull CF_RETURNS_RETAINED trust)
209 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0);
210
211 /*!
212 @function SecTrustSetPolicies
213 @abstract Set the policies for which trust should be verified.
214 @param trust A trust reference.
215 @param policies An array of one or more policies. You may pass a
216 SecPolicyRef to represent a single policy.
217 @result A result code. See "Security Error Codes" (SecBase.h).
218 @discussion This function will invalidate the existing trust result,
219 requiring a fresh evaluation for the newly-set policies.
220 */
221 OSStatus SecTrustSetPolicies(SecTrustRef trust, CFTypeRef policies)
222 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_6_0);
223
224 /*!
225 @function SecTrustCopyPolicies
226 @abstract Returns an array of policies used for this evaluation.
227 @param trust A reference to a trust object.
228 @param policies On return, an array of policies used by this trust.
229 Call the CFRelease function to release this reference.
230 @result A result code. See "Security Error Codes" (SecBase.h).
231 */
232 OSStatus SecTrustCopyPolicies(SecTrustRef trust, CFArrayRef * __nonnull CF_RETURNS_RETAINED policies)
233 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_7_0);
234
235 /*!
236 @function SecTrustSetNetworkFetchAllowed
237 @abstract Specifies whether a trust evaluation is permitted to fetch missing
238 intermediate certificates from the network.
239 @param trust A trust reference.
240 @param allowFetch If true, and a certificate's issuer is not present in the
241 trust reference but its network location is known, the evaluation is permitted
242 to attempt to download it automatically. Pass false to disable network fetch
243 for this trust evaluation.
244 @result A result code. See "Security Error Codes" (SecBase.h).
245 @discussion By default, network fetch of missing certificates is enabled if
246 the trust evaluation includes the SSL policy, otherwise it is disabled.
247 */
248 OSStatus SecTrustSetNetworkFetchAllowed(SecTrustRef trust,
249 Boolean allowFetch)
250 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
251
252 /*!
253 @function SecTrustGetNetworkFetchAllowed
254 @abstract Returns whether a trust evaluation is permitted to fetch missing
255 intermediate certificates from the network.
256 @param trust A trust reference.
257 @param allowFetch On return, the boolean pointed to by this parameter is
258 set to true if the evaluation is permitted to download missing certificates.
259 @result A result code. See "Security Error Codes" (SecBase.h).
260 @discussion By default, network fetch of missing certificates is enabled if
261 the trust evaluation includes the SSL policy, otherwise it is disabled.
262 */
263 OSStatus SecTrustGetNetworkFetchAllowed(SecTrustRef trust,
264 Boolean *allowFetch)
265 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
266
267 /*!
268 @function SecTrustSetAnchorCertificates
269 @abstract Sets the anchor certificates for a given trust.
270 @param trust A reference to a trust object.
271 @param anchorCertificates An array of anchor certificates.
272 Pass NULL to restore the default set of anchor certificates.
273 @result A result code. See "Security Error Codes" (SecBase.h).
274 @discussion Calling this function without also calling
275 SecTrustSetAnchorCertificatesOnly() will disable trusting any
276 anchors other than the ones in anchorCertificates.
277 */
278 OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust,
279 CFArrayRef __nullable anchorCertificates)
280 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0);
281
282 /*!
283 @function SecTrustSetAnchorCertificatesOnly
284 @abstract Reenables trusting anchor certificates in addition to those
285 passed in via the SecTrustSetAnchorCertificates API.
286 @param trust A reference to a trust object.
287 @param anchorCertificatesOnly If true, disables trusting any anchors other
288 than the ones passed in via SecTrustSetAnchorCertificates(). If false,
289 the built in anchor certificates are also trusted.
290 @result A result code. See "Security Error Codes" (SecBase.h).
291 */
292 OSStatus SecTrustSetAnchorCertificatesOnly(SecTrustRef trust,
293 Boolean anchorCertificatesOnly)
294 __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
295
296 /*!
297 @function SecTrustCopyCustomAnchorCertificates
298 @abstract Returns an array of custom anchor certificates used by a given
299 trust, as set by a prior call to SecTrustSetAnchorCertificates, or NULL if
300 no custom anchors have been specified.
301 @param trust A reference to a trust object.
302 @param anchors On return, an array of custom anchor certificates (roots)
303 used by this trust, or NULL if no custom anchors have been specified. Call
304 the CFRelease function to release this reference.
305 @result A result code. See "Security Error Codes" (SecBase.h).
306 */
307 OSStatus SecTrustCopyCustomAnchorCertificates(SecTrustRef trust,
308 CFArrayRef * __nonnull CF_RETURNS_RETAINED anchors)
309 __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_7_0);
310
311 /*!
312 @function SecTrustSetVerifyDate
313 @abstract Set the date for which the trust should be verified.
314 @param trust A reference to a trust object.
315 @param verifyDate The date for which to verify trust.
316 @result A result code. See "Security Error Codes" (SecBase.h).
317 @discussion This function lets you evaluate certificate validity for a
318 given date (for example, to determine if a signature was valid on the date
319 it was signed, even if the certificate has since expired.) If this function
320 is not called, the time at which SecTrustEvaluate() is called is used
321 implicitly as the verification time.
322 */
323 OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate)
324 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0);
325
326 /*!
327 @function SecTrustGetVerifyTime
328 @abstract Returns the verify time.
329 @param trust A reference to the trust object being verified.
330 @result A CFAbsoluteTime value representing the time at which certificates
331 should be checked for validity.
332 @discussion This function retrieves the verification time for the given
333 trust reference, as set by a prior call to SecTrustSetVerifyDate(). If the
334 verification time has not been set, this function returns a value of 0,
335 indicating that the current date/time is implicitly used for verification.
336 */
337 CFAbsoluteTime SecTrustGetVerifyTime(SecTrustRef trust)
338 __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0);
339
340 /*!
341 @function SecTrustEvaluate
342 @abstract Evaluates a trust reference synchronously.
343 @param trust A reference to the trust object to evaluate.
344 @param result A pointer to a result type.
345 @result A result code. See "Security Error Codes" (SecBase.h).
346 @discussion This function will completely evaluate trust before returning,
347 possibly including network access to fetch intermediate certificates or to
348 perform revocation checking. Since this function can block during those
349 operations, you should call it from within a function that is placed on a
350 dispatch queue, or in a separate thread from your application's main
351 run loop. Alternatively, you can use the SecTrustEvaluateAsync function.
352 */
353 OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result)
354 API_DEPRECATED_WITH_REPLACEMENT("SecTrustEvaluateWithError",
355 macos(10.3, 10.15),
356 ios(2.0, 13.0),
357 watchos(1.0, 6.0),
358 tvos(2.0, 13.0));
359
360 #ifdef __BLOCKS__
361 /*!
362 @function SecTrustEvaluateAsync
363 @abstract Evaluates a trust reference asynchronously.
364 @param trust A reference to the trust object to evaluate.
365 @param queue A dispatch queue on which the result callback should be
366 executed. Pass NULL to use the current dispatch queue.
367 @param result A SecTrustCallback block which will be executed when the
368 trust evaluation is complete.
369 @result A result code. See "Security Error Codes" (SecBase.h).
370 */
371 OSStatus SecTrustEvaluateAsync(SecTrustRef trust,
372 dispatch_queue_t __nullable queue, SecTrustCallback result)
373 API_DEPRECATED_WITH_REPLACEMENT("SecTrustEvaluateAsyncWithError",
374 macos(10.7, 10.15),
375 ios(7.0, 13.0),
376 watchos(1.0, 6.0),
377 tvos(7.0, 13.0));
378 #endif
379
380 /*!
381 @function SecTrustEvaluateWithError
382 @abstract Evaluates a trust reference synchronously.
383 @param trust A reference to the trust object to evaluate.
384 @param error A pointer to an error object
385 @result A boolean value indicating whether the certificate is trusted
386 @discussion This function will completely evaluate trust before returning,
387 possibly including network access to fetch intermediate certificates or to
388 perform revocation checking. Since this function can block during those
389 operations, you should call it from within a function that is placed on a
390 dispatch queue, or in a separate thread from your application's main
391 run loop.
392 If the certificate is trusted and the result is true, the error will be set to NULL.
393 If the certificate is not trusted or the evaluation was unable to complete, the result
394 will be false and the error will be set with a description of the failure.
395 The error contains a code for the most serious error encountered (if multiple trust
396 failures occurred). The localized description indicates the certificate with the most
397 serious problem and the type of error. The underlying error contains a localized
398 description of each certificate in the chain that had an error and all errors found
399 with that certificate.
400 */
401 __attribute__((warn_unused_result)) bool
402 SecTrustEvaluateWithError(SecTrustRef trust, CFErrorRef _Nullable * _Nullable CF_RETURNS_RETAINED error)
403 API_AVAILABLE(macos(10.14), ios(12.0), tvos(12.0), watchos(5.0));
404
405 #ifdef __BLOCKS__
406 /*!
407 @typedef SecTrustWithErrorCallback
408 @abstract Delivers the result from an asynchronous trust evaluation.
409 @param trustRef A reference to the trust object which has been evaluated.
410 @param result A boolean value indicating whether the certificate is trusted.
411 @param error An error if the trust evaluation failed.
412 */
413 typedef void (^SecTrustWithErrorCallback)(SecTrustRef trustRef, bool result, CFErrorRef _Nullable error);
414
415 /*!
416 @function SecTrustEvaluateAsyncWithError
417 @abstract Evaluates a trust reference asynchronously.
418 @param trust A reference to the trust object to evaluate.
419 @param queue A dispatch queue on which the result callback will be executed. Note that this
420 function MUST be called from that queue.
421 @param result A SecTrustWithErrorCallback block which will be executed when the trust evaluation
422 is complete.
423 The block is guaranteed to be called exactly once when the result code is errSecSuccess, and not
424 called otherwise. Note that this block may be called synchronously inline if no asynchronous
425 operations are required.
426 @result A result code. See "Security Error Codes" (SecBase.h).
427 @discussion If the certificate is trusted, the callback will return a result parameter of true
428 and the error will be set to NULL.
429 If the certificate is not trusted or the evaluation was unable to complete, the result parameter
430 will be false and the error will be set with a description of the failure. The error contains a
431 code for the most serious error encountered (if multiple trust failures occurred). The localized
432 description indicates the certificate with the most serious problem and the type of error. The
433 underlying error contains a localized description of each certificate in the chain that had an
434 error and all errors found with that certificate.
435 */
436 OSStatus SecTrustEvaluateAsyncWithError(SecTrustRef trust, dispatch_queue_t queue, SecTrustWithErrorCallback result)
437 API_AVAILABLE(macos(10.15), ios(13.0), tvos(13.0), watchos(6.0));
438 #endif /* __BLOCKS__ */
439
440 /*!
441 @function SecTrustGetTrustResult
442 @param trust A reference to a trust object.
443 @param result A pointer to the result from the most recent call to
444 SecTrustEvaluate for this trust reference. If SecTrustEvaluate has not been
445 called or trust parameters have changed, the result is kSecTrustResultInvalid.
446 @result A result code. See "Security Error Codes" (SecBase.h).
447 @discussion This function replaces SecTrustGetResult for the purpose of
448 obtaining the current evaluation result of a given trust reference.
449 */
450 OSStatus SecTrustGetTrustResult(SecTrustRef trust,
451 SecTrustResultType *result)
452 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0);
453
454 /*!
455 @function SecTrustCopyPublicKey
456 @abstract Return the public key for a leaf certificate after it has
457 been evaluated.
458 @param trust A reference to the trust object which has been evaluated.
459 @result The certificate's public key, or NULL if it the public key could
460 not be extracted (this can happen if the public key algorithm is not
461 supported). The caller is responsible for calling CFRelease on the
462 returned key when it is no longer needed.
463 */
464 __nullable
465 SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust)
466 API_DEPRECATED_WITH_REPLACEMENT("SecTrustCopyKey", macos(10.7, 10.16), ios(2.0, 14.0), watchos(1.0, 7.0), tvos(9.0, 14.0));
467
468 /*!
469 @function SecTrustCopyKey
470 @abstract Return the public key for a leaf certificate after it has
471 been evaluated.
472 @param trust A reference to the trust object which has been evaluated.
473 @result The certificate's public key, or NULL if it the public key could
474 not be extracted (this can happen if the public key algorithm is not
475 supported). The caller is responsible for calling CFRelease on the
476 returned key when it is no longer needed.
477 @discussion RSA and ECDSA public keys are supported. All other public key algorithms are unsupported.
478 */
479 __nullable
480 SecKeyRef SecTrustCopyKey(SecTrustRef trust)
481 API_AVAILABLE(macos(10.16), ios(14.0), watchos(7.0), tvos(14.0));
482
483 /*!
484 @function SecTrustGetCertificateCount
485 @abstract Returns the number of certificates in an evaluated certificate
486 chain.
487 @param trust A reference to a trust object.
488 @result The number of certificates in the trust chain, including the anchor.
489 @discussion Important: if the trust reference has not yet been evaluated,
490 this function will evaluate it first before returning. If speed is critical,
491 you may want to call SecTrustGetTrustResult first to make sure that a
492 result other than kSecTrustResultInvalid is present for the trust object.
493 */
494 CFIndex SecTrustGetCertificateCount(SecTrustRef trust)
495 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
496
497 /*!
498 @function SecTrustGetCertificateAtIndex
499 @abstract Returns a certificate from the trust chain.
500 @param trust Reference to a trust object.
501 @param ix The index of the requested certificate. Indices run from 0
502 (leaf) to the anchor (or last certificate found if no anchor was found).
503 The leaf cert (index 0) is always present regardless of whether the trust
504 reference has been evaluated or not.
505 @result A SecCertificateRef for the requested certificate.
506 */
507 __nullable
508 SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, CFIndex ix)
509 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
510
511 /*!
512 @function SecTrustCopyExceptions
513 @abstract Returns an opaque cookie which will allow future evaluations
514 of the current certificate to succeed.
515 @param trust A reference to an evaluated trust object.
516 @result An opaque cookie which when passed to SecTrustSetExceptions() will
517 cause a call to SecTrustEvaluate() return kSecTrustResultProceed. This
518 will happen upon subsequent evaluation of the current certificate unless
519 some new error starts happening that wasn't being reported when the cookie
520 was returned from this function (for example, if the certificate expires
521 then evaluation will start failing again until a new cookie is obtained.)
522 @discussion Normally this API should only be called once the errors have
523 been presented to the user and the user decided to trust the current
524 certificate chain regardless of the errors being presented, for the
525 current application/server/protocol combination.
526 */
527 CFDataRef SecTrustCopyExceptions(SecTrustRef trust)
528 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
529
530 /*!
531 @function SecTrustSetExceptions
532 @abstract Set a trust cookie to be used for evaluating this certificate chain.
533 @param trust A reference to a trust object.
534 @param exceptions An exceptions cookie as returned by a call to
535 SecTrustCopyExceptions() in the past. You may pass NULL to clear any
536 exceptions which have been previously set on this trust reference.
537 @result Upon calling SecTrustEvaluate(), any failures that were present at the
538 time the exceptions object was created are ignored, and instead of returning
539 kSecTrustResultRecoverableTrustFailure, kSecTrustResultProceed will be returned
540 (if the certificate for which exceptions was created matches the current leaf
541 certificate).
542 @result Returns true if the exceptions cookies was valid and matches the current
543 leaf certificate, false otherwise. This function will invalidate the existing
544 trust result, requiring a subsequent evaluation for the newly-set exceptions.
545 Note that this function returning true doesn't mean the caller can skip calling
546 SecTrustEvaluate, as there may be new errors since the exceptions cookie was
547 created (for example, a certificate may have subsequently expired.)
548 @discussion Clients of this interface will need to establish the context of this
549 exception to later decide when this exception cookie is to be used.
550 Examples of this context would be the server we are connecting to, the ssid
551 of the wireless network for which this cert is needed, the account for which
552 this cert should be considered valid, and so on.
553 */
554 bool SecTrustSetExceptions(SecTrustRef trust, CFDataRef __nullable exceptions)
555 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0);
556
557 /*!
558 @function SecTrustCopyProperties
559 @abstract Return a property array for this trust evaluation.
560 @param trust A reference to a trust object. If the trust has not been
561 evaluated, the returned property array will be empty.
562 @result A property array. It is the caller's responsibility to CFRelease
563 the returned array when it is no longer needed.
564 @discussion This function returns an ordered array of CFDictionaryRef
565 instances for each certificate in the chain. Indices run from 0 (leaf) to
566 the anchor (or last certificate found if no anchor was found.) See the
567 "Trust Property Constants" section for a list of currently defined keys.
568 */
569 __nullable
570 CFArrayRef SecTrustCopyProperties(SecTrustRef trust)
571 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0);
572
573 /*!
574 @function SecTrustCopyResult
575 @abstract Returns a dictionary containing information about the
576 evaluated certificate chain for use by clients.
577 @param trust A reference to a trust object.
578 @result A dictionary with various fields that can be displayed to the user,
579 or NULL if no additional info is available or the trust has not yet been
580 validated. The caller is responsible for calling CFRelease on the value
581 returned when it is no longer needed.
582 @discussion Returns a dictionary for the overall trust evaluation. See the
583 "Trust Result Constants" section for a list of currently defined keys.
584 */
585 __nullable
586 CFDictionaryRef SecTrustCopyResult(SecTrustRef trust)
587 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
588
589 /*!
590 @function SecTrustSetOCSPResponse
591 @abstract Attach OCSPResponse data to a trust object.
592 @param trust A reference to a trust object.
593 @param responseData This may be either a CFData object containing a single
594 DER-encoded OCSPResponse (per RFC 2560), or a CFArray of these.
595 @result A result code. See "Security Error Codes" (SecBase.h).
596 @discussion Allows the caller to provide OCSPResponse data (which may be
597 obtained during a TLS/SSL handshake, per RFC 3546) as input to a trust
598 evaluation. If this data is available, it can obviate the need to contact
599 an OCSP server for current revocation information.
600 */
601 OSStatus SecTrustSetOCSPResponse(SecTrustRef trust, CFTypeRef __nullable responseData)
602 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
603
604 /*!
605 @function SecTrustSignedCertificateTimestamps
606 @abstract Attach SignedCertificateTimestamp data to a trust object.
607 @param trust A reference to a trust object.
608 @param sctArray is a CFArray of CFData objects each containing a SCT (per RFC 6962).
609 @result A result code. See "Security Error Codes" (SecBase.h).
610 @discussion Allows the caller to provide SCT data (which may be
611 obtained during a TLS/SSL handshake, per RFC 6962) as input to a trust
612 evaluation.
613 */
614 OSStatus SecTrustSetSignedCertificateTimestamps(SecTrustRef trust, CFArrayRef __nullable sctArray)
615 API_AVAILABLE(macos(10.14.2), ios(12.1.1), tvos(12.1.1), watchos(5.1.1));
616
617 CF_IMPLICIT_BRIDGING_DISABLED
618 CF_ASSUME_NONNULL_END
619
620 /*
621 * Legacy functions (OS X only)
622 */
623 #if TARGET_OS_OSX
624 #include <Security/cssmtype.h>
625 #include <Security/cssmapple.h>
626
627 CF_ASSUME_NONNULL_BEGIN
628 CF_IMPLICIT_BRIDGING_ENABLED
629
630 /*!
631 @typedef SecTrustUserSetting
632 @abstract Specifies a user-specified trust setting value.
633 @discussion Deprecated in OS X 10.9. User trust settings are managed by
634 functions in SecTrustSettings.h (starting with OS X 10.5), and by the
635 SecTrustCopyExceptions and SecTrustSetExceptions functions (starting with
636 iOS 4 and OS X 10.9). The latter two functions are recommended for both OS X
637 and iOS, as they avoid the need to explicitly specify these values.
638 */
639 typedef SecTrustResultType SecTrustUserSetting
640 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_9, __IPHONE_NA, __IPHONE_NA);
641
642 /*!
643 @typedef SecTrustOptionFlags
644 @abstract Options for customizing trust evaluation.
645 @constant kSecTrustOptionAllowExpired Allow expired certificates.
646 @constant kSecTrustOptionLeafIsCA Allow CA as leaf certificate.
647 @constant kSecTrustOptionFetchIssuerFromNet Allow network fetch of CA cert.
648 @constant kSecTrustOptionAllowExpiredRoot Allow expired roots.
649 @constant kSecTrustOptionRequireRevPerCert Require positive revocation
650 check per certificate.
651 @constant kSecTrustOptionUseTrustSettings Use TrustSettings instead of
652 anchors.
653 @constant kSecTrustOptionImplicitAnchors Properly self-signed certs are
654 treated as anchors implicitly.
655 */
656 typedef CF_OPTIONS(uint32_t, SecTrustOptionFlags) {
657 kSecTrustOptionAllowExpired = 0x00000001,
658 kSecTrustOptionLeafIsCA = 0x00000002,
659 kSecTrustOptionFetchIssuerFromNet = 0x00000004,
660 kSecTrustOptionAllowExpiredRoot = 0x00000008,
661 kSecTrustOptionRequireRevPerCert = 0x00000010,
662 kSecTrustOptionUseTrustSettings = 0x00000020,
663 kSecTrustOptionImplicitAnchors = 0x00000040
664 };
665
666 /*!
667 @function SecTrustSetOptions
668 @abstract Sets optional flags for customizing a trust evaluation.
669 @param trustRef A trust reference.
670 @param options Flags to change evaluation behavior for this trust.
671 @result A result code. See "Security Error Codes" (SecBase.h).
672 @discussion This function is not available on iOS. Use SecTrustSetExceptions
673 and SecTrustCopyExceptions to modify default trust results, and
674 SecTrustSetNetworkFetchAllowed to specify whether missing CA certificates
675 can be fetched from the network.
676 */
677 OSStatus SecTrustSetOptions(SecTrustRef trustRef, SecTrustOptionFlags options)
678 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA);
679
680 /*!
681 @function SecTrustSetParameters
682 @abstract Sets the action and action data for a trust object.
683 @param trustRef The reference to the trust to change.
684 @param action A trust action.
685 @param actionData A reference to data associated with this action.
686 @result A result code. See "Security Error Codes" (SecBase.h).
687 @discussion This function is deprecated in OS X 10.7 and later, where it
688 was replaced by SecTrustSetOptions, and is not available on iOS. Your code
689 should use SecTrustSetExceptions and SecTrustCopyExceptions to modify default
690 trust results, and SecTrustSetNetworkFetchAllowed to specify whether missing
691 CA certificates can be fetched from the network.
692 */
693 OSStatus SecTrustSetParameters(SecTrustRef trustRef,
694 CSSM_TP_ACTION action, CFDataRef actionData)
695 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
696
697 /*!
698 @function SecTrustSetKeychains
699 @abstract Sets the keychains for a given trust object.
700 @param trust A reference to a trust object.
701 @param keychainOrArray A reference to an array of keychains to search, a
702 single keychain, or NULL to use the default keychain search list.
703 @result A result code. See "Security Error Codes" (SecBase.h).
704 @discussion This function is deprecated in macOS 10.13 and later. Beginning in
705 macOS 10.12, this function no longer affected the behavior of the trust
706 evaluation: the user's keychain search list and the system
707 anchors keychain are searched for certificates to complete the chain. To change
708 the keychains that are searched, callers must use SecKeychainSetSearchList to
709 change the user's keychain search list.
710 Note: this function was never applicable to iOS.
711 */
712 OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef __nullable keychainOrArray)
713 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_13, __IPHONE_NA, __IPHONE_NA);
714
715 /*!
716 @function SecTrustGetResult
717 @abstract Returns detailed information on the outcome of an evaluation.
718 @param trustRef A reference to a trust object.
719 @param result A pointer to the result from the call to SecTrustEvaluate.
720 @param certChain On return, a pointer to the certificate chain used to
721 validate the input certificate. Call the CFRelease function to release
722 this pointer.
723 @param statusChain On return, a pointer to the status of the certificate
724 chain. Do not attempt to free this pointer; it remains valid until the
725 trust is destroyed or the next call to SecTrustEvaluate.
726 @result A result code. See "Security Error Codes" (SecBase.h).
727 @discussion This function is deprecated in OS X 10.7 and later,
728 and is not available on iOS.
729 To get the complete certificate chain, use SecTrustGetCertificateCount and
730 SecTrustGetCertificateAtIndex. To get detailed status information for each
731 certificate, use SecTrustCopyProperties. To get the overall trust result
732 for the evaluation, use SecTrustGetTrustResult.
733 */
734 OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType * __nullable result,
735 CFArrayRef * __nullable CF_RETURNS_RETAINED certChain, CSSM_TP_APPLE_EVIDENCE_INFO * __nullable * __nullable statusChain)
736 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
737
738 /*!
739 @function SecTrustGetCssmResult
740 @abstract Gets the CSSM trust result.
741 @param trust A reference to a trust.
742 @param result On return, a pointer to the CSSM trust result.
743 @result A result code. See "Security Error Codes" (SecBase.h).
744 @discussion This function is deprecated in OS X 10.7 and later,
745 and is not available on iOS.
746 To get detailed status information for each certificate, use
747 SecTrustCopyProperties. To get the overall trust result for the evaluation,
748 use SecTrustGetTrustResult.
749 */
750 OSStatus SecTrustGetCssmResult(SecTrustRef trust,
751 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR __nullable * __nonnull result)
752 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
753
754 /*!
755 @function SecTrustGetCssmResultCode
756 @abstract Gets the result code from the most recent call to SecTrustEvaluate
757 for the specified trust.
758 @param trust A reference to a trust.
759 @param resultCode On return, the result code produced by the most recent
760 evaluation of the given trust (cssmerr.h). The value of resultCode is
761 undefined if SecTrustEvaluate has not been called.
762 @result A result code. See "Security Error Codes" (SecBase.h). Returns
763 errSecTrustNotAvailable if SecTrustEvaluate has not been called for the
764 specified trust.
765 @discussion This function is deprecated in OS X 10.7 and later,
766 and is not available on iOS.
767 To get detailed status information for each certificate, use
768 SecTrustCopyProperties. To get the overall trust result for the evaluation,
769 use SecTrustGetTrustResult.
770 */
771 OSStatus SecTrustGetCssmResultCode(SecTrustRef trust, OSStatus *resultCode)
772 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
773
774 /*!
775 @function SecTrustGetTPHandle
776 @abstract Gets the CSSM trust handle
777 @param trust A reference to a trust.
778 @param handle On return, a CSSM trust handle.
779 @result A result code. See "Security Error Codes" (SecBase.h).
780 @discussion This function is deprecated in OS X 10.7 and later.
781 */
782 OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle)
783 __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
784
785 /*!
786 @function SecTrustCopyAnchorCertificates
787 @abstract Returns an array of default anchor (root) certificates used by
788 the system.
789 @param anchors On return, an array containing the system's default anchors
790 (roots). Call the CFRelease function to release this pointer.
791 @result A result code. See "Security Error Codes" (SecBase.h).
792 @discussion This function is not available on iOS, as certificate data
793 for system-trusted roots is currently unavailable on that platform.
794 */
795 OSStatus SecTrustCopyAnchorCertificates(CFArrayRef * __nonnull CF_RETURNS_RETAINED anchors)
796 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA);
797
798 CF_IMPLICIT_BRIDGING_DISABLED
799 CF_ASSUME_NONNULL_END
800
801 #endif /* TARGET_OS_MAC && !TARGET_OS_IPHONE */
802
803 __END_DECLS
804
805 #endif /* !_SECURITY_SECTRUST_H_ */