+++ /dev/null
-/*
- * Copyright (c) 2002-2004,2011-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-#ifndef _SECURITY_SECCERTIFICATEPRIV_H_
-#define _SECURITY_SECCERTIFICATEPRIV_H_
-
-#include <Security/SecBase.h>
-#include <Security/cssmtype.h>
-#include <Security/x509defs.h>
-#include <CoreFoundation/CFBase.h>
-#include <CoreFoundation/CFArray.h>
-#include <CoreFoundation/CFData.h>
-#include <CoreFoundation/CFDate.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-typedef uint32_t SecCertificateEscrowRootType;
-enum {
- kSecCertificateBaselineEscrowRoot = 0,
- kSecCertificateProductionEscrowRoot = 1,
- kSecCertificateBaselinePCSEscrowRoot = 2,
- kSecCertificateProductionPCSEscrowRoot = 3,
-};
-
-extern CFTypeRef kSecCertificateProductionEscrowKey;
-extern CFTypeRef kSecCertificateProductionPCSEscrowKey;
-extern CFTypeRef kSecCertificateEscrowFileName;
-
-
-/* Return a certificate for the DER representation of this certificate.
- Return NULL if the passed-in data is not a valid DER-encoded X.509
- certificate. */
-SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator,
- const UInt8 *bytes, CFIndex length);
-
-/* Return the length of the DER representation of this certificate. */
-CFIndex SecCertificateGetLength(SecCertificateRef certificate);
-
-/* Return the bytes of the DER representation of this certificate. */
-const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate);
-
-/* Return the SHA-1 hash of this certificate. */
-CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate);
-
-/* Deprecated; use SecCertificateCopyCommonName() instead. */
-OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName);
-
-/* Deprecated; use SecCertificateCopyEmailAddresses() instead. */
-/* This should have been Copy instead of Get since the returned address is not autoreleased. */
-OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress);
-
-/* Return an array of CFStringRefs representing the dns addresses in the
- certificate if any. */
-CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate);
-
-/*!
- @function SecCertificateCopyIssuerSummary
- @abstract Return a simple string which hopefully represents a human understandable issuer.
- @param certificate SecCertificate object created with SecCertificateCreateWithData().
- @discussion All the data in this string comes from the certificate itself
- and thus it's in whatever language the certificate itself is in.
- @result A CFStringRef which the caller should CFRelease() once it's no longer needed.
-*/
-CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate);
-
-/*
- * Private API to infer a display name for a SecCertificateRef which
- * may or may not be in a keychain.
- */
-OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label);
-
-/*
- * Subset of the above, useful for both certs and CRLs.
- * Infer printable label for a given an CSSM_X509_NAME. Returns NULL
- * if no appropriate printable name found.
- */
-const CSSM_DATA *SecInferLabelFromX509Name(
- const CSSM_X509_NAME *x509Name);
-
-/* Accessors for fields in the cached certificate */
-
-/*!
- @function SecCertificateCopyFieldValues
- @abstract Retrieves the values for a particular field in a given certificate.
- @param certificate A valid SecCertificateRef to the certificate.
- @param field Pointer to the OID whose values should be returned.
- @param fieldValues On return, a zero terminated list of CSSM_DATA_PTR's.
- @result A result code. See "Security Error Codes" (SecBase.h).
- @discussion Return a zero terminated list of CSSM_DATA_PTR's with the
- values of the field specified by field. Caller must call
- SecCertificateReleaseFieldValues to free the storage allocated by this call.
-*/
-OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues);
-
-/*!
- @function SecCertificateReleaseFieldValues
- @abstract Release the storage associated with the values returned by SecCertificateCopyFieldValues.
- @param certificate A valid SecCertificateRef to the certificate.
- @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValues.
- @param fieldValues Pointer to a zero terminated list of CSSM_DATA_PTR's.
- @result A result code. See "Security Error Codes" (SecBase.h).
- @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValues.
-*/
-OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues);
-
-/*!
- @function SecCertificateCopyFirstFieldValue
- @abstract Return a CSSM_DATA_PTR with the value of the first field specified by field.
- @param certificate A valid SecCertificateRef to the certificate.
- @param field Pointer to the OID whose value should be returned.
- @param fieldValue On return, a CSSM_DATA_PTR to the field data.
- @result A result code. See "Security Error Codes" (SecBase.h).
- @discussion Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call
- SecCertificateReleaseFieldValue to free the storage allocated by this call.
-*/
-OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue);
-
-/*!
- @function SecCertificateReleaseFirstFieldValue
- @abstract Release the storage associated with the values returned by SecCertificateCopyFirstFieldValue.
- @param certificate A valid SecCertificateRef to the certificate.
- @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValue.
- @param fieldValue The field data to release.
- @result A result code. See "Security Error Codes" (SecBase.h).
- @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValue.
-*/
-OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue);
-
-/*!
- @function SecCertificateCopySubjectComponent
- @abstract Retrieves a component of the subject distinguished name of a given certificate.
- @param certificate A reference to the certificate from which to retrieve the common name.
- @param component A component oid naming the component desired. See <Security/oidsattr.h>.
- @param result On return, a reference to the string form of the component, if present in the subject.
- Your code must release this reference by calling the CFRelease function.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */
-OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component,
- CFStringRef *result);
-
-/* Return the DER encoded issuer sequence for the certificate's issuer. */
-CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate);
-
-/* Return the DER encoded subject sequence for the certificate's subject. */
-CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate);
-
-
-/* Convenience functions for searching.
-*/
-
-OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
- const CSSM_DATA *serialNumber, SecCertificateRef *certificate);
-
-OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
- SecCertificateRef *certificate);
-
-OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
- SecCertificateRef *certificate);
-
-
-/* These should go to SecKeychainSearchPriv.h. */
-OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
- const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef);
-
-OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer,
- CFDataRef serialNumber, SecKeychainSearchRef *searchRef);
-
-OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
- SecKeychainSearchRef *searchRef);
-
-OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
- SecKeychainSearchRef *searchRef);
-
-/* Convenience function for generating digests; should be moved elsewhere. */
-CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data);
-
-/* Return true iff certificate is valid as of verifyTime. */
-/* DEPRECATED: Use SecCertificateIsValid instead. */
-bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
- __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA);
-
-/*!
- @function SecCertificateIsValid
- @abstract Check certificate validity on a given date.
- @param certificate A certificate reference.
- @result Returns true if the specified date falls within the certificate's validity period, false otherwise.
-*/
-bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
- __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
-
-/*!
- @function SecCertificateNotValidBefore
- @abstract Obtain the starting date of the given certificate.
- @param certificate A certificate reference.
- @result Returns the absolute time at which the given certificate becomes valid,
- or 0 if this value could not be obtained.
-*/
-CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate)
- __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
-
-/*!
- @function SecCertificateNotValidAfter
- @abstract Obtain the expiration date of the given certificate.
- @param certificate A certificate reference.
- @result Returns the absolute time at which the given certificate expires,
- or 0 if this value could not be obtained.
-*/
-CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate)
- __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
-
-/*!
- @function SecCertificateIsSelfSigned
- @abstract Determine if the given certificate is self-signed.
- @param certRef A certificate reference.
- @param isSelfSigned Will be set to true on return if the certificate is self-signed, false otherwise.
- @result A result code. Returns errSecSuccess if the certificate's status can be determined.
-*/
-OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned)
- __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA);
-
-/*!
- @function SecCertificateCopyEscrowRoots
- @abstract Retrieve the array of valid escrow certificates for a given root type.
- @param escrowRootType An enumerated type indicating which root type to return.
- @result An array of zero or more escrow certificates matching the provided type.
-*/
-CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType)
- __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
-
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */
projects / apple / security.git / blobdiff