-/*
- * Copyright (c) 2003-2007 Apple Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please
- * obtain a copy of the License at http://www.apple.com/publicsource and
- * read it before using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- */
-
-/*
- * identPicker.h - Given a keychain, select from possible multiple
- * SecIdentityRefs via stdio UI, and cook up a
- * CFArray containing that identity and all certs needed
- * for cert verification by an SSL peer. The resulting
- * CFArrayRef is suitable for passing to SSLSetCertificate().
- */
-
-#ifndef _IDENT_PICKER_H_
-#define _IDENT_PICKER_H_
-
-#include <Security/Security.h>
-#include <CoreFoundation/CoreFoundation.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Get the final term of a keychain's path as a C string. Caller must free()
- * the result.
- */
-char *kcFileName(
- SecKeychainRef kcRef);
-
-/*
- * Obtain the printable name of a SecKeychainItemRef as a C string.
- * Caller must free() the result.
- */
-char *kcItemPrintableName(
- SecKeychainItemRef itemRef);
-
-/*
- * Obtain the final term of a keychain item's keychain path as a C string.
- * Caller must free() the result.
- * May well return NULL indicating the item has no keychain (e.g. az floating cert).
- */
-char *kcItemKcFileName(SecKeychainItemRef itemRef);
-
-/*
- * Safe gets().
- * -- guaranteed no buffer overflow
- * -- guaranteed NULL-terminated string
- * -- handles empty string (i.e., response is just CR) properly
- */
-void getString(
- char *buf,
- unsigned bufSize);
-
-/*
- * IdentityPicker, returns full cert chain, optionally including root.
- */
-OSStatus sslIdentPicker(
- SecKeychainRef kc, // NULL means use default list
- SecCertificateRef trustedAnchor, // optional additional trusted anchor
- bool includeRoot, // true --> root is appended to outArray
- // false --> root not included
- const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
- CFArrayRef *outArray); // created and RETURNED
-
-/*
- * Simple version, just returns a SecIdentityRef.
- */
-OSStatus sslSimpleIdentPicker(
- SecKeychainRef kc, // NULL means use default list
- SecIdentityRef *ident); // RETURNED
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _IDENT_PICKER_H_ */
-
projects / apple / security.git / blobdiff