+++ /dev/null
-/*
- * tpUtils.h - TP and cert group test support
- */
-
-#ifndef _TP_UTILS_H_
-#define _TP_UTILS_H_
-
-#include <Security/cssmtype.h>
-#include <Security/x509defs.h>
-#include <Security/cssmapple.h>
-#include <time.h>
-#include <MacTypes.h>
-#include <CoreFoundation/CoreFoundation.h>
-#include <Security/Security.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TP_DB_ENABLE 1
-
-/*
- * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the
- * certs into the certgroup and optionally into one of a list of DBs in
- * random order. Optionaly the first cert in the array is placed in the
- * first element of certgroup. Only error is memory error. It's legal to
- * pass in an empty cert array.
- */
-CSSM_RETURN tpMakeRandCertGroup(
- CSSM_CL_HANDLE clHand,
- CSSM_DL_DB_LIST_PTR dbList,
- const CSSM_DATA_PTR certs,
- unsigned numCerts,
- CSSM_CERTGROUP_PTR certGroup,
- CSSM_BOOL firstCertIsSubject, // true: certs[0] goes to head
- // of certGroup
- CSSM_BOOL verbose,
- CSSM_BOOL allInDbs, // all certs go to DBs
- CSSM_BOOL skipFirstDb); // no certs go to db[0]
-
-CSSM_RETURN tpStoreCert(
- CSSM_DL_DB_HANDLE dlDb,
- const CSSM_DATA_PTR cert,
- /* REQUIRED fields */
- CSSM_CERT_TYPE certType, // e.g. CSSM_CERT_X_509v3
- uint32 serialNum,
- const CSSM_DATA *issuer, // (shouldn't this be subject?)
- // normalized & encoded
- /* OPTIONAL fields */
- CSSM_CERT_ENCODING certEncoding, // e.g. CSSM_CERT_ENCODING_DER
- const CSSM_DATA *printName,
- const CSSM_DATA *subject); // normalized & encoded
-
-/*
- * Store a cert when we don't already know the required fields. We'll
- * extract them.
- */
-CSSM_RETURN tpStoreRawCert(
- CSSM_DL_DB_HANDLE dlDb,
- CSSM_CL_HANDLE clHand,
- const CSSM_DATA_PTR cert);
-
-/*
- * Generate numKeyPairs key pairs of specified algorithm and size.
- * Key labels will be 'keyLabelBase' concatenated with a 4-digit
- * decimal number.
- */
-CSSM_RETURN tpGenKeys(
- CSSM_CSP_HANDLE cspHand,
- CSSM_DL_DB_HANDLE dbHand, /* keys go here */
- unsigned numKeyPairs,
- uint32 keyGenAlg, /* CSSM_ALGID_RSA, etc. */
- uint32 keySizeInBits,
- const char *keyLabelBase, /* C string */
- CSSM_KEY_PTR pubKeys, /* array of keys RETURNED here */
- CSSM_KEY_PTR privKeys, /* array of keys RETURNED here */
- CSSM_DATA_PTR paramData = NULL); // optional DSA params
-
-/*
- * Generate a cert chain using specified key pairs. The last cert in the
- * chain (certs[numCerts-1]) is a root cert, self-signed.
- */
-CSSM_RETURN tpGenCerts(
- CSSM_CSP_HANDLE cspHand,
- CSSM_CL_HANDLE clHand,
- unsigned numCerts,
- uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */
- const char *nameBase, /* C string */
- CSSM_KEY_PTR pubKeys, /* array of public keys */
- CSSM_KEY_PTR privKeys, /* array of private keys */
- CSSM_DATA_PTR certs, /* array of certs RETURNED here */
- const char *notBeforeStr, /* from genTimeAtNowPlus() */
- const char *notAfterStr); /* from genTimeAtNowPlus() */
-
-/*
- * Generate a cert chain using specified key pairs. The last cert in the
- * chain (certs[numCerts-1]) is a root cert, self-signed. Store
- * the certs indicated by corresponding element on storeArray. If
- * storeArray[n].DLHandle == 0, the cert is not stored.
- */
-CSSM_RETURN tpGenCertsStore(
- CSSM_CSP_HANDLE cspHand,
- CSSM_CL_HANDLE clHand,
- unsigned numCerts,
- uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */
- const char *nameBase, /* C string */
- CSSM_KEY_PTR pubKeys, /* array of public keys */
- CSSM_KEY_PTR privKeys, /* array of private keys */
- CSSM_DL_DB_HANDLE *storeArray, /* array of certs stored here */
- CSSM_DATA_PTR certs, /* array of certs RETURNED here */
- const char *notBeforeStr, /* from genTimeAtNowPlus() */
- const char *notAfterStr); /* from genTimeAtNowPlus() */
-
-/* free a CSSM_CERT_GROUP */
-void tpFreeCertGroup(
- CSSM_CERTGROUP_PTR certGroup,
- CSSM_BOOL freeCertData, // free individual CertList.Data
- CSSM_BOOL freeStruct); // free the overall CSSM_CERTGROUP
-
-CSSM_BOOL tpCompareCertGroups(
- const CSSM_CERTGROUP *grp1,
- const CSSM_CERTGROUP *grp2);
-
-CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb);
-
-/*
- * Wrapper for CSSM_TP_CertGroupVerify.
- */
-CSSM_RETURN tpCertGroupVerify(
- CSSM_TP_HANDLE tpHand,
- CSSM_CL_HANDLE clHand,
- CSSM_CSP_HANDLE cspHand,
- CSSM_DL_DB_LIST_PTR dbListPtr,
- const CSSM_OID *policy, // optional
- const CSSM_DATA *fieldOpts, // optional
- const CSSM_DATA *actionData, // optional
- void *policyOpts,
- const CSSM_CERTGROUP *certGroup,
- CSSM_DATA_PTR anchorCerts,
- unsigned numAnchorCerts,
- CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc.
- CSSM_TIMESTRING cssmTimeStr,// optional
- CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result); // RETURNED
-
-CSSM_RETURN tpKcOpen(
- CSSM_DL_HANDLE dlHand,
- const char *kcName,
- const char *pwd, // optional to avoid UI
- CSSM_BOOL doCreate,
- CSSM_DB_HANDLE *dbHand); // RETURNED
-
-CSSM_RETURN freeVfyResult(
- CSSM_TP_VERIFY_CONTEXT_RESULT *ctx);
-
-void printCertInfo(
- unsigned numCerts, // from CertGroup
- const CSSM_TP_APPLE_EVIDENCE_INFO *info);
-
-void dumpVfyResult(
- const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult);
-
-/*
- * Obtain system anchors in CF and in CSSM_DATA form.
- * Caller must CFRelease the returned rootArray and
- * free() the returned CSSM_DATA array, but not its
- * contents - SecCertificates themselves own that.
- */
-OSStatus getSystemAnchors(
- CFArrayRef *rootArray, /* RETURNED */
- CSSM_DATA **anchors, /* RETURNED */
- unsigned *numAnchors); /* RETURNED */
-
-/* get a SecCertificateRef from a file */
-SecCertificateRef certFromFile(
- const char *fileName);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* _TP_UTILS_H_ */
-
projects / apple / security.git / blobdiff