sec/Security/SecCertificateRequest.h

   1 /*
   2  * Copyright (c) 2008-2009 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCertificateRequest
  26 */
  27
  28 #ifndef _SECURITY_SECCERTIFICATEREQUEST_H_
  29 #define _SECURITY_SECCERTIFICATEREQUEST_H_
  30
  31 #include <Security/SecCertificatePriv.h>
  32 #include <Security/SecKey.h>
  33
  34 __BEGIN_DECLS
  35
  36 extern const void * kSecOidCommonName;
  37 extern const void * kSecOidCountryName;
  38 extern const void * kSecOidStateProvinceName;
  39 extern const void * kSecOidLocalityName;
  40 extern const void * kSecOidOrganization;
  41 extern const void * kSecOidOrganizationalUnit;
  42
  43 extern const unsigned char SecASN1PrintableString;
  44 extern const unsigned char SecASN1UTF8String;
  45
  46 /*
  47         Parameter keys for certificate request generation:
  48         @param kSecCSRChallengePassword CFStringRef
  49             conversion to PrintableString or UTF8String needs to be possible.
  50         @param kSecCertificateKeyUsage  CFNumberRef
  51             with key usage mask using kSecKeyUsage constants.
  52         @param kSecSubjectAltName       CFArrayRef of CFStringRef or CFDataRef
  53             either dnsName or emailAddress (if contains @) or
  54             ipAddress, ipv4 (4) or ipv6 (16) bytes
  55         @param kSecCSRBasicContraintsPathLen    CFNumberRef
  56             if set will include basic constraints and mark it as
  57             a CA cert.  If 0 <= number < 256, specifies path length, otherwise
  58             path length will be omitted.  Basic contraints will always be
  59             marked critical.
  60         @param kSecCertificateExtensions     CFDictionaryRef
  61             if set all keys (strings with oids in dotted notation) will be added
  62             as extensions with accompanying value in binary (CFDataRef) or
  63             appropriate string (CFStringRef) type (based on used character set).
  64 */
  65 extern const void * kSecCSRChallengePassword;
  66 extern const void * kSecSubjectAltName;
  67 extern const void * kSecCertificateKeyUsage;
  68 extern const void * kSecCSRBasicContraintsPathLen;
  69 extern const void * kSecCertificateExtensions;
  70
  71 typedef struct {
  72     const void *oid;          /* kSecOid constant or CFDataRef with oid */
  73     unsigned char type; /* currently only SecASN1PrintableString */
  74     CFTypeRef value;    /* CFStringRef -> ASCII, UTF8, CFDataRef -> binary */
  75 } SecATV;
  76
  77 typedef SecATV *SecRDN;
  78
  79 /*
  80         @function SecGenerateCertificateRequest
  81         @abstract Return a newly generated CSR for subject and keypair.
  82         @param subject  RDNs in the subject
  83     @param num      Number of RDNs
  84     @param publicKey    Public key
  85     @param privateKey   Private key
  86         @discussion only handles RSA keypairs and uses a SHA-1 PKCS1 signature
  87     @result On success, a newly allocated CSR, otherwise NULL
  88
  89 Example for subject:
  90     SecATV cn[]   = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("test") }, {} };
  91     SecATV c[]    = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} };
  92     SecATV o[]    = { { kSecOidOrganization, SecASN1PrintableString, CFSTR("Apple Inc.") }, {} };
  93     SecRDN atvs[] = { cn, c, o, NULL };
  94 */
  95 CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject,
  96     CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED;
  97
  98 CFDataRef SecGenerateCertificateRequest(CFArrayRef subject,
  99     CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED;
 100
 101 /*
 102         @function SecVerifyCertificateRequest
 103         @abstract validate a CSR and return contained information to certify
 104         @param publicKey (optional/out) SecKeyRef public key to certify
 105     @param challenge (optional/out) CFStringRef enclosed challenge
 106     @param subject (optional/out) encoded subject RDNs
 107     @param extensions (optional/out) encoded extensions
 108 */
 109 bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey,
 110     CFStringRef *challenge, CFDataRef *subject, CFDataRef *extensions);
 111
 112 SecCertificateRef
 113 SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters,
 114     SecKeyRef publicKey, SecKeyRef privateKey);
 115
 116 SecCertificateRef
 117 SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno,
 118     SecKeyRef publicKey, CFTypeRef subject, CFTypeRef extensions);
 119
 120
 121 /* PRIVATE */
 122
 123 CFDataRef
 124 SecGenerateCertificateRequestSubject(SecCertificateRef ca_certificate, CFArrayRef subject);
 125
 126 __END_DECLS
 127
 128 #endif /* _SECURITY_SECCERTIFICATEREQUEST_H_ */