+++ /dev/null
-/*
- * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*!
- @header SecRequirement
- SecRequirementPriv is the private counter-part to SecRequirement. Its contents are not
- official API, and are subject to change without notice.
-*/
-#ifndef _H_SECREQUIREMENTPRIV
-#define _H_SECREQUIREMENTPRIV
-
-#include <Security/SecRequirement.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*!
- @function SecRequirementsCreateFromRequirements
- Take a dictionary of requirement objects and package them up as a requirement set.
-
- @param requirements A dictionary of requirements to combine into a set.
- Dictionary keys are CFNumbers representing the index keys. Values are SecRequirementRefs.
- NULL requirements are not allowed in the dictionary.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @param requirementSet Upon success, receives a CFData object
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-OSStatus SecRequirementsCreateFromRequirements(CFDictionaryRef requirements, SecCSFlags flags,
- CFDataRef *requirementSet);
-
-
-/*!
- @function SecRequirementsCopyRequirements
- Create a SecRequirement object from binary form obtained from a file.
- This call is functionally equivalent to reading the entire contents of a file
- into a CFDataRef and then calling SecRequirementCreateWithData with that.
-
- @param requirementSet A CFData containing a requirement set.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @param requirements Upon success, a dictionary containing each requirement contained
- in requirementSet. The keys are CFNumbers indicating the requirement type.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-OSStatus SecRequirementsCopyRequirements(CFDataRef requirementSet, SecCSFlags flags,
- CFDictionaryRef *requirements);
-
-
-/*!
- @function SecRequirementsCreateWithString
- Create a SecRequirement object or requirement set based on the string provided.
-
- @param text A CFString containing the text form of a (single) Code Requirement.
- @param flags Optional flags. Pass kSecCSDefaultFlags to accept any supported input form.
- Pass a combination of individual flags to select what forms to accept; other forms will result
- in an error.
- @param result Upon success, a CoreFoundation object of some kind representing
- the result of parsing text. Depending on the input string and flags, the result
- can be a SecRequirementRef (for a single requirement) or a CFDataRef for a requirement set.
- @param errors An optional pointer to a CFErrorRef variable. If the call fails
- (and something other than errSecSuccess is returned), and this argument is non-NULL,
- a CFErrorRef is stored there further describing the nature and circumstances
- of the failure. The caller must CFRelease() this error object when done with it.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-enum {
- kSecCSParseRequirement = 0x0001, // accept single requirements
- kSecCSParseRequirementSet = 0x0002, // accept requirement sets
-};
-
-OSStatus SecRequirementsCreateWithString(CFStringRef text, SecCSFlags flags,
- CFTypeRef *result, CFErrorRef *errors);
-
-
-/*!
- @function SecRequirementsCopyString
- Converts a requirement object of some kind into text form.
- This is the effective inverse of SecRequirementsCreateWithString.
-
- This function can process individual requirements (SecRequirementRefs)
- and requirement sets (represented as CFDataRefs).
-
- Repeated application of this function may produce text that differs in
- formatting, may contain different source comments, and may perform its
- validation functions in different order. However, it is guaranteed that
- recompiling the text using SecRequirementCreateWithString will produce a
- SecRequirement object that behaves identically to the one you start with.
-
- @param requirements A SecRequirementRef, or a CFDataRef containing a valid requirement set.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @param text On successful return, contains a reference to a CFString object
- containing a text representation of the requirement.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-OSStatus SecRequirementsCopyString(CFTypeRef input, SecCSFlags flags, CFStringRef *text);
-
-
-/*!
- @function SecRequirementCreateWithResource
- Create a SecRequirement object from binary form obtained from a file.
- This call is functionally equivalent to reading the entire contents of a file
- into a CFDataRef and then calling SecRequirementCreateWithData with that.
-
- @param resource A CFURL identifying a file containing a (binary) requirement blob.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @param requirement On successful return, contains a reference to a SecRequirement
- object that behaves identically to the one the data blob was obtained from.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-OSStatus SecRequirementCreateWithResource(CFURLRef resource, SecCSFlags flags,
- SecRequirementRef *requirement);
-
-
-/*!
- @function SecRequirementCreateGroup
- Create a SecRequirement object that represents membership in a developer-defined
- application group. Group membership is defined by an entry in the code's
- Info.plist, and sealed to a particular signing authority.
-
- This is not an API-track function. Don't call it if you don't already do.
-
- @param groupName A CFString containing the name of the desired application group.
- @param anchor A reference to a digital certificate representing the signing
- authority that asserts group membership. If NULL, indicates Apple's authority.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @param requirement On successful return, contains a reference to a SecRequirement
- object that requires group membership to pass validation.
- @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in
- CSCommon.h or certain other Security framework headers.
-*/
-OSStatus SecRequirementCreateGroup(CFStringRef groupName, SecCertificateRef anchor,
- SecCSFlags flags, SecRequirementRef *requirement);
-
-
-
-/*!
- @function SecRequirementEvaluate
- Explicitly evaluate a SecRequirementRef against context provided in the call.
- This allows evaluation of a code requirement outside the context of a code signature.
-
- @param requirement A valid SecRequirement object.
- @param certificateChain A CFArray of SecCertificate objects describing the certificate
- chain of the object being validated. This must be a full chain terminating in an anchor
- certificate that is cryptographically valid.
- @param context An optional CFDictionary containing additional context made available
- to the requirement program's evaluation. NULL is equivalent to an empty dictionary.
- @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
- @result Upon success, errSecSuccess. Failure to pass the check returns errSecCSReqFailed.
- All other returns indicate errors as documented in CSCommon.h or certain other
- Security framework headers.
-
- @constant kSecRequirementKeyInfoPlist A context key providing an CFDictionary denoting
- an Info.plist. If this key is missing, all references to Info.plist contents will fail.
- @constant kSecRequirementKeyEntitlements A context key providing an CFDictionary describing
- an entitlement dictionary. If this key is missing, all references to entitlements will fail.
- @constant kSecRequirementKeyIdentifier A context key providing the signing identifier as a CFString.
-*/
-extern CFStringRef kSecRequirementKeyInfoPlist;
-extern CFStringRef kSecRequirementKeyEntitlements;
-extern CFStringRef kSecRequirementKeyIdentifier;
-
-OSStatus SecRequirementEvaluate(SecRequirementRef requirement,
- CFArrayRef certificateChain, CFDictionaryRef context,
- SecCSFlags flags);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_H_SECREQUIREMENTPRIV
projects / apple / security.git / blobdiff