--- /dev/null
+/*
+ * Copyright (c) 2003-2015 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*!
+ @header SecPolicyPriv
+ Private part of SecPolicy.h
+*/
+
+#ifndef _SECURITY_SECPOLICYPRIV_H_
+#define _SECURITY_SECPOLICYPRIV_H_
+
+#include <Security/SecPolicy.h>
+#include <CoreFoundation/CFArray.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*!
+ @enum Policy Constants (Private)
+ @discussion Predefined constants used to specify a policy.
+ @constant kSecPolicyAppleMobileStore
+ @constant kSecPolicyAppleTestMobileStore
+ @constant kSecPolicyAppleEscrowService
+ @constant kSecPolicyAppleProfileSigner
+ @constant kSecPolicyAppleQAProfileSigner
+ @constant kSecPolicyAppleServerAuthentication
+ @constant kSecPolicyAppleOTAPKISigner
+ @constant kSecPolicyAppleTestOTAPKISigner
+ @constant kSecPolicyAppleIDValidationRecordSigning
+ @constant kSecPolicyAppleSMPEncryption
+ @constant kSecPolicyAppleTestSMPEncryption
+ @constant kSecPolicyApplePCSEscrowService
+ @constant kSecPolicyApplePPQSigning
+ @constant kSecPolicyAppleTestPPQSigning
+ @constant kSecPolicyAppleSWUpdateSigning
+ @constant kSecPolicyAppleATVAppSigning
+ @constant kSecPolicyAppleTestATVAppSigning
+
+*/
+extern const CFStringRef kSecPolicyAppleMobileStore
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleTestMobileStore
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleEscrowService
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleProfileSigner
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleQAProfileSigner
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleServerAuthentication
+ __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
+#if TARGET_OS_IPHONE
+extern const CFStringRef kSecPolicyAppleOTAPKISigner
+ __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleTestOTAPKISigner
+ __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleIDValidationRecordSigningPolicy
+ __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0);
+extern const CFStringRef kSecPolicyAppleSMPEncryption
+ __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
+extern const CFStringRef kSecPolicyAppleTestSMPEncryption
+ __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0);
+#endif
+extern const CFStringRef kSecPolicyApplePCSEscrowService
+ __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0);
+extern const CFStringRef kSecPolicyApplePPQSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+extern const CFStringRef kSecPolicyAppleTestPPQSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+extern const CFStringRef kSecPolicyAppleSWUpdateSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+extern const CFStringRef kSecPolicyAppleATVAppSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+extern const CFStringRef kSecPolicyAppleTestATVAppSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecPolicyCopy
+ @abstract Returns a copy of a policy reference based on certificate type and OID.
+ @param certificateType A certificate type.
+ @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs.
+ @param policy The returned policy reference. This is a required parameter.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion This function is deprecated in Mac OS X 10.7 and later;
+ to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h.
+*/
+OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy)
+ __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
+
+/*!
+ @function SecPolicyCopyAll
+ @abstract Returns an array of all known policies based on certificate type.
+ @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown.
+ @param policies The returned array of policies. This is a required parameter.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion This function is deprecated in Mac OS X 10.7 and later;
+ to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally
+ no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each
+ policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID
+ for each desired policy from the list of supported OID constants in SecPolicy.h.)
+*/
+OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies)
+ __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA);
+
+/* Given a unified SecPolicyRef, return a copy with a legacy
+ C++ ItemImpl-based Policy instance. Only for internal use;
+ legacy references cannot be used by SecPolicy API functions. */
+SecPolicyRef SecPolicyCreateItemImplInstance(SecPolicyRef policy);
+
+/* Given a CSSM_OID pointer, return a string which can be passed
+ to SecPolicyCreateWithProperties. The return value can be NULL
+ if no supported policy was found for the OID argument. */
+CFStringRef SecPolicyGetStringForOID(CSSM_OID* oid);
+
+/*!
+ @function SecPolicyCreateAppleIDSService
+ @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname);
+
+/*!
+ @function SecPolicyCreateAppleIDSService
+ @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef context);
+
+/*!
+ @function SecPolicyCreateApplePushService
+ @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef context);
+
+/*!
+ @function SecPolicyCreateApplePushServiceLegacy
+ @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname);
+
+/*!
+ @function SecPolicyCreateAppleMMCSService
+ @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef context);
+
+/*!
+ @function SecPolicyCreateAppleGSService
+ @abstract Ensure we're appropriately pinned to the GS service (SSL + Apple restrictions)
+*/
+SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef context)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecPolicyCreateApplePPQService
+ @abstract Ensure we're appropriately pinned to the PPQ service (SSL + Apple restrictions)
+*/
+SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef context);
+
+/*!
+ @function SecPolicyCreateAppleSSLService
+ @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions)
+ */
+SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname);
+
+/*!
+ @function SecPolicyCreateAppleTimeStampingAndRevocationPolicies
+ @abstract Create timeStamping policy array from a given set of policies by applying identical revocation behavior
+ @param policyOrArray can be a SecPolicyRef or a CFArray of SecPolicyRef
+ */
+CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray);
+
+/*!
+ @function SecPolicyCreateAppleATVAppSigning
+ @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name,
+ and apple anchor.
+ Leaf cert must have Digital Signature usage.
+ Leaf cert must have Apple ATV App Signing marker OID (1.2.840.113635.100.6.1.24).
+ Leaf cert must have 'Apple TVOS Application Signing' common name.
+ */
+SecPolicyRef SecPolicyCreateAppleATVAppSigning(void)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecPolicyCreateTestAppleATVAppSigning
+ @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name,
+ and apple anchor.
+ Leaf cert must have Digital Signature usage.
+ Leaf cert must have Apple ATV App Signing Test marker OID (1.2.840.113635.100.6.1.24.1).
+ Leaf cert must have 'TEST Apple TVOS Application Signing TEST' common name.
+ */
+SecPolicyRef SecPolicyCreateTestAppleATVAppSigning(void)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecPolicyCreateApplePayIssuerEncryption
+ @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations CA - G2' by name,
+ and apple anchor.
+ Leaf cert must have Key Encipherment and Key Agreement usage.
+ Leaf cert must have Apple Pay Issuer Encryption marker OID (1.2.840.113635.100.6.39).
+ */
+SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECPOLICYPRIV_H_ */
projects / apple / security.git / blobdiff