Security-57031.1.35.tar.gz

[apple/security.git] / SecurityTests / clxutils / clAppUtils / identPicker.h

diff --git a/SecurityTests/clxutils/clAppUtils/identPicker.h b/SecurityTests/clxutils/clAppUtils/identPicker.h
new file mode 100644 (file)
index 0000000..5b137cc
--- /dev/null
+++ b/SecurityTests/clxutils/clAppUtils/identPicker.h
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2003-2007 Apple Inc. All Rights Reserved.
+ * 
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please 
+ * obtain a copy of the License at http://www.apple.com/publicsource and 
+ * read it before using this file.
+ * 
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
+ * Please see the License for the specific language governing rights and 
+ * limitations under the License.
+ */
+
+/*
+ * identPicker.h - Given a keychain, select from possible multiple
+ *                                SecIdentityRefs via stdio UI, and cook up a 
+ *                                CFArray containing that identity and all certs needed
+ *                                for cert verification by an SSL peer. The resulting
+ *                                CFArrayRef is suitable for passing to SSLSetCertificate().
+ */
+ 
+#ifndef        _IDENT_PICKER_H_
+#define _IDENT_PICKER_H_
+
+#include <Security/Security.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Get the final term of a keychain's path as a C string. Caller must free() 
+ * the result.
+ */
+char *kcFileName(
+       SecKeychainRef kcRef);
+
+/*
+ * Obtain the printable name of a SecKeychainItemRef as a C string.
+ * Caller must free() the result.
+ */
+char *kcItemPrintableName(
+       SecKeychainItemRef itemRef);
+
+/* 
+ * Obtain the final term of a keychain item's keychain path as a C string. 
+ * Caller must free() the result.
+ * May well return NULL indicating the item has no keychain (e.g. az floating cert).
+ */
+char *kcItemKcFileName(SecKeychainItemRef itemRef);
+
+/* 
+ * Safe gets().
+ * -- guaranteed no buffer overflow
+ * -- guaranteed NULL-terminated string
+ * -- handles empty string (i.e., response is just CR) properly
+ */
+void getString(
+       char *buf,
+       unsigned bufSize);
+
+/* 
+ * IdentityPicker, returns full cert chain, optionally including root. 
+ */
+OSStatus sslIdentPicker(
+       SecKeychainRef          kc,                             // NULL means use default list
+       SecCertificateRef       trustedAnchor,  // optional additional trusted anchor
+       bool                            includeRoot,    // true --> root is appended to outArray
+                                                                               // false --> root not included
+       const CSSM_OID          *vfyPolicy,             // optional - if NULL, use SSL
+       CFArrayRef                      *outArray);             // created and RETURNED
+       
+/*
+ * Simple version, just returns a SecIdentityRef.
+ */
+OSStatus sslSimpleIdentPicker(
+       SecKeychainRef          kc,                             // NULL means use default list
+       SecIdentityRef          *ident);                // RETURNED
+       
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _IDENT_PICKER_H_ */
+