+++ /dev/null
-/*
- * Copyright (c) 2000-2014 Apple Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- tpPolicies.h - TP module policy implementation
-*/
-
-#ifndef _TP_POLICIES_H_
-#define _TP_POLICIES_H_
-
-#include <Security/cssmtype.h>
-#include <security_utilities/alloc.h>
-#include <Security/cssmapple.h>
-#include "TPCertInfo.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/*
- * Enumerated certificate policies enforced by this module.
- */
-typedef enum {
- kTPDefault, /* no extension parsing, just sig and expiration */
- kTPx509Basic, /* basic X.509/RFC3280 */
- kTPiSign, /* (obsolete) Apple code signing */
- kTP_SSL, /* SecureTransport/SSL */
- kCrlPolicy, /* cert chain verification via CRL */
- kTP_SMIME, /* S/MIME */
- kTP_EAP,
- kTP_SWUpdateSign, /* Apple SW Update signing (was Apple Code Signing) */
- kTP_ResourceSign, /* Apple Resource Signing */
- kTP_IPSec, /* IPSEC */
- kTP_iChat, /* iChat */
- kTP_PKINIT_Client, /* PKINIT client cert */
- kTP_PKINIT_Server, /* PKINIT server cert */
- kTP_CodeSigning, /* new Apple Code Signing (Leopard/10.5) */
- kTP_PackageSigning, /* Package Signing */
- kTP_MacAppStoreRec, /* MacApp store receipt */
- kTP_AppleIDSharing, /* AppleID Sharing */
- kTP_TimeStamping, /* RFC3161 time stamping */
- kTP_PassbookSigning, /* Passbook Signing */
- kTP_MobileStore, /* Apple Mobile Store Signing */
- kTP_TestMobileStore, /* Apple Test Mobile Store Signing */
- kTP_EscrowService, /* Apple Escrow Service Signing */
- kTP_ProfileSigning, /* Apple Configuration Profile Signing */
- kTP_QAProfileSigning, /* Apple QA Configuration Profile Signing */
- kTP_PCSEscrowService, /* Apple PCS Escrow Service Signing */
-} TPPolicy;
-
-/*
- * Perform TP verification on a constructed (ordered) cert group.
- */
-CSSM_RETURN tp_policyVerify(
- TPPolicy policy,
- Allocator &alloc,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- TPCertGroup *certGroup,
- CSSM_BOOL verifiedToRoot, // last cert is good root
- CSSM_BOOL verifiedViaTrustSetting,// last cert has valid user trust
- CSSM_APPLE_TP_ACTION_FLAGS actionFlags,
- const CSSM_DATA *policyFieldData, // optional
- void *policyControl); // future use
-
-/*
- * Obtain policy-specific User Trust parameters
- */
-void tp_policyTrustSettingParams(
- TPPolicy policy,
- const CSSM_DATA *policyFieldData, // optional
- /* returned values - not mallocd */
- const char **policyStr,
- uint32 *policyStrLen,
- SecTrustSettingsKeyUsage *keyUse);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* _TP_POLICIES_H_ */
projects / apple / security.git / blobdiff