--- /dev/null
+/*
+ * Copyright (c) 2003-2012,2014-2015 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*!
+ @header SecTrustPriv
+ Private part of SecTrust.h
+*/
+
+#ifndef _SECURITY_SECTRUST_PRIV_H_
+#define _SECURITY_SECTRUST_PRIV_H_
+
+#include <Security/SecTrust.h>
+#include <CoreFoundation/CFString.h>
+#include <CoreFoundation/CFDictionary.h>
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/*
+ unique keychain item attributes for user trust records.
+*/
+enum {
+ kSecTrustCertAttr = 'tcrt',
+ kSecTrustPolicyAttr = 'tpol',
+ /* Leopard and later */
+ kSecTrustPubKeyAttr = 'tpbk',
+ kSecTrustSignatureAttr = 'tsig'
+};
+
+/*!
+ @function SecTrustGetUserTrust
+ @abstract Gets the user-specified trust settings of a certificate and policy.
+ @param certificate A reference to a certificate.
+ @param policy A reference to a policy.
+ @param trustSetting On return, a pointer to the user specified trust settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
+*/
+OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting)
+ /*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
+
+/*!
+ @function SecTrustSetUserTrust
+ @abstract Sets the user-specified trust settings of a certificate and policy.
+ @param certificate A reference to a certificate.
+ @param policy A reference to a policy.
+ @param trustSetting The user-specified trust settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
+ @discussion as of Mac OS version 10.5, this will result in a call to
+ SecTrustSettingsSetTrustSettings().
+*/
+OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting)
+ /*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
+
+/*!
+ @function SecTrustSetUserTrustLegacy
+ @abstract Sets the user-specified trust settings of a certificate and policy.
+ @param certificate A reference to a certificate.
+ @param policy A reference to a policy.
+ @param trustSetting The user-specified trust settings.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+
+ @This is the private version of what used to be SecTrustSetUserTrust(); it operates
+ on UserTrust entries as that function used to. The current SecTrustSetUserTrust()
+ function operated on Trust Settings.
+*/
+OSStatus SecTrustSetUserTrustLegacy(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting);
+
+/*!
+ @function SecTrustGetCSSMAnchorCertificates
+ @abstract Retrieves the CSSM anchor certificates.
+ @param cssmAnchors A pointer to an array of anchor certificates.
+ @param cssmAnchorCount A pointer to the number of certificates in anchors.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
+*/
+OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount)
+ /*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
+
+/*!
+ @function SecTrustCopyExtendedResult
+ @abstract Gets the extended trust result after an evaluation has been performed.
+ @param trust A trust reference.
+ @param result On return, result points to a CFDictionaryRef containing extended trust results (if no error occurred).
+ The caller is responsible for releasing this dictionary with CFRelease when finished with it.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion This function may only be used after SecTrustEvaluate has been called for the trust reference, otherwise
+ errSecTrustNotAvailable is returned. If the certificate is not an extended validation certificate, there is
+ no extended result data and errSecDataNotAvailable is returned. Currently, only one dictionary key is defined
+ (kSecEVOrganizationName).
+
+ Note: this function will be deprecated in a future release of OS X. Your
+ code should use SecTrustCopyResult to obtain the trust results dictionary.
+*/
+OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result)
+ __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA);
+
+
+/*!
+ @enum Trust Result Constants
+ @discussion Predefined key constants used to obtain values in a
+ dictionary of trust evaluation results for a certificate chain,
+ as retrieved from a call to SecTrustCopyResult.
+
+ @constant kSecTrustResultDetails
+ This key will be present if a trust evaluation has been performed.
+ Its value is a CFArrayRef of CFDictionaryRef representing detailed
+ status info for each certificate in the completed chain.
+ @constant kSecTrustRevocationReason
+ This key will be present iff this chain had its revocation checked,
+ and a "revoked" response was received. The value of this key will
+ be a CFNumberRef indicating the reason for revocation. The possible
+ reason code values are described in RFC 5280, section 5.3.1.
+ */
+extern const CFStringRef kSecTrustResultDetails;
+ /*__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_NA);*/
+extern const CFStringRef kSecTrustRevocationReason;
+ /*__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);*/
+
+/*
+ * Preference-related strings for Revocation policies.
+ */
+
+/*
+ * Preference domain, i.e., the name of a plist in ~/Library/Preferences or in
+ * /Library/Preferences
+ */
+#define kSecRevocationDomain "com.apple.security.revocation"
+
+/* OCSP and CRL style keys, followed by values used for both of them */
+#define kSecRevocationOcspStyle CFSTR("OCSPStyle")
+#define kSecRevocationCrlStyle CFSTR("CRLStyle")
+ #define kSecRevocationOff CFSTR("None")
+ #define kSecRevocationBestAttempt CFSTR("BestAttempt")
+ #define kSecRevocationRequireIfPresent CFSTR("RequireIfPresent")
+ #define kSecRevocationRequireForAll CFSTR("RequireForAll")
+
+/* Which first if both enabled? */
+#define kSecRevocationWhichFirst CFSTR("RevocationFirst")
+ #define kSecRevocationOcspFirst CFSTR("OCSP")
+ #define kSecRevocationCrlFirst CFSTR("CRL")
+
+/* boolean: A "this policy is sufficient per cert" for each */
+#define kSecRevocationOCSPSufficientPerCert CFSTR("OCSPSufficientPerCert")
+#define kSecRevocationCRLSufficientPerCert CFSTR("CRLSufficientPerCert")
+
+/* local OCSP responder URI, value arbitrary string value */
+#define kSecOCSPLocalResponder CFSTR("OCSPLocalResponder")
+
+/* Extended trust result keys (now in public API) */
+#define kSecEVOrganizationName kSecTrustOrganizationName
+#define kSecTrustExpirationDate kSecTrustRevocationValidUntilDate
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_SECURITY_SECTRUST_PRIV_H_ */
projects / apple / security.git / blobdiff