+/*
+ * Copyright (c) 2002-2004,2006-2016 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*!
+ @header SecCertificatePriv
+ The functions provided in SecCertificatePriv.h implement and manage a particular
+ type of keychain item that represents a certificate. You can store a
+ certificate in a keychain, but a certificate can also be a transient
+ object.
+
+ You can use a certificate as a keychain item in most functions.
+ Certificates are able to compute their parent certificates, and much more.
+*/
+
+#ifndef _SECURITY_SECCERTIFICATEPRIV_H_
+#define _SECURITY_SECCERTIFICATEPRIV_H_
+
+#include <CoreFoundation/CFBase.h>
+#include <CoreFoundation/CFArray.h>
+#include <CoreFoundation/CFData.h>
+#include <CoreFoundation/CFDate.h>
+#include <CoreFoundation/CFDictionary.h>
+#include <CoreFoundation/CFError.h>
+#include <stdbool.h>
+#include <xpc/xpc.h>
+
+#include <Security/SecBase.h>
+#include <Security/SecBasePriv.h>
+#include <Security/SecCertificate.h>
+
+__BEGIN_DECLS
+
+#if SEC_OS_IPHONE
+typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
+ kSecKeyUsageUnspecified = 0u,
+ kSecKeyUsageDigitalSignature = 1u << 0,
+ kSecKeyUsageNonRepudiation = 1u << 1,
+ kSecKeyUsageContentCommitment= 1u << 1,
+ kSecKeyUsageKeyEncipherment = 1u << 2,
+ kSecKeyUsageDataEncipherment = 1u << 3,
+ kSecKeyUsageKeyAgreement = 1u << 4,
+ kSecKeyUsageKeyCertSign = 1u << 5,
+ kSecKeyUsageCRLSign = 1u << 6,
+ kSecKeyUsageEncipherOnly = 1u << 7,
+ kSecKeyUsageDecipherOnly = 1u << 8,
+ kSecKeyUsageCritical = 1u << 31,
+ kSecKeyUsageAll = 0x7FFFFFFFu
+};
+#endif /* SEC_OS_IPHONE */
+
+typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) {
+ kSecCertificateBaselineEscrowRoot = 0,
+ kSecCertificateProductionEscrowRoot = 1,
+ kSecCertificateBaselinePCSEscrowRoot = 2,
+ kSecCertificateProductionPCSEscrowRoot = 3,
+ kSecCertificateBaselineEscrowBackupRoot = 4, // v100 and v101
+ kSecCertificateProductionEscrowBackupRoot = 5,
+ kSecCertificateBaselineEscrowEnrollmentRoot = 6, // v101 only
+ kSecCertificateProductionEscrowEnrollmentRoot = 7,
+};
+
+/* The names of the files that contain the escrow certificates */
+extern const CFStringRef kSecCertificateProductionEscrowKey;
+extern const CFStringRef kSecCertificateProductionPCSEscrowKey;
+extern const CFStringRef kSecCertificateEscrowFileName;
+
+/* Return a certificate for the DER representation of this certificate.
+ Return NULL if the passed-in data is not a valid DER-encoded X.509
+ certificate. */
+SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator,
+ const UInt8 *bytes, CFIndex length)
+__SEC_MAC_AND_IOS_UNKNOWN;
+//__OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_UNKNOWN);
+
+/* Returns a certificate from a pem blob.
+ Return NULL if the passed-in data is not a valid DER-encoded X.509
+ certificate. */
+SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, CFDataRef pem_certificate)
+__SEC_MAC_AND_IOS_UNKNOWN;
+//__OSX_AVAILABLE_STARTING(__MAC_10_12, __SEC_IPHONE_UNKNOWN);
+
+/* Return the length of the DER representation of this certificate. */
+CFIndex SecCertificateGetLength(SecCertificateRef certificate);
+
+/* Return the bytes of the DER representation of this certificate. */
+const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate);
+
+/* Return the SHA-1 hash of this certificate. */
+CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the SHA-256 hash of this certificate. */
+CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the SHA-1 hash of the public key in this certificate. */
+CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the SHA-1 hash of the SubjectPublicKeyInfo sequence in this certificate. */
+CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the SHA-256 hash of the SubjectPublicKeyInfo sequence in this certificate. */
+CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return an array of CFStringRefs representing the dns addresses in the
+ certificate if any. */
+CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return an array of CFStringRefs representing the NTPrincipalNames in the
+ certificate if any. */
+CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Create a unified SecCertificateRef from a legacy keychain item and its data. */
+SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator,
+ CFDataRef der_certificate, CFTypeRef keychainItem)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Set a legacy item instance for a unified SecCertificateRef. */
+OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, CFTypeRef keychain_item)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return a keychain item reference, given a unified SecCertificateRef.
+ Note: On OSX, for this function to succeed, the provided certificate must have been
+ created by SecCertificateCreateWithKeychainItem, otherwise NULL is returned.
+ */
+CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/*!
+ @function SecCertificateCopyIssuerSummary
+ @abstract Return a simple string which hopefully represents a human understandable issuer.
+ @param certificate SecCertificate object created with SecCertificateCreateWithData().
+ @discussion All the data in this string comes from the certificate itself
+ and thus it's in whatever language the certificate itself is in.
+ @result A CFStringRef which the caller should CFRelease() once it's no longer needed.
+ */
+CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate);
+
+/* Return a string formatted according to RFC 2253 representing the complete
+ subject of certificate. */
+CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate);
+
+CFMutableArrayRef SecCertificateCopySummaryProperties(
+ SecCertificateRef certificate, CFAbsoluteTime verifyTime)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the content of a DER encoded X.501 name (without the tag and length
+ fields) for the receiving certificates issuer. */
+CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the content of a DER encoded X.501 name (without the tag and length
+ fields) for the receiving certificates subject. */
+CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate)
+ __SEC_MAC_AND_IOS_UNKNOWN;
+
+/* Return the DER encoded issuer sequence for the certificate's issuer. */
+CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate);
+
+/* Return the DER encoded subject sequence for the certificate's subject. */
+CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the ip addresses in the
+ certificate if any. */
+CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the email addresses in the
+ certificate if any. */
+CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the common names in the
+ certificates subject if any. */
+CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the organization in the
+ certificate's subject if any. */
+CFArrayRef SecCertificateCopyOrganization(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the organizational unit in the
+ certificate's subject if any. */
+CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate);
+
+/* Return an array of CFStringRefs representing the country in the
+ certificate's subject if any. */
+CFArrayRef SecCertificateCopyCountry(SecCertificateRef certificate);
+
+/* Return a string with the company name of an ev leaf certificate. */
+CFStringRef SecCertificateCopyCompanyName(SecCertificateRef certificate);
+
+/* X.509 Certificate Version: 1, 2 or 3. */
+CFIndex SecCertificateVersion(SecCertificateRef certificate);
+
+SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRef certificate);
+
+/* Returns an array of CFDataRefs for all extended key usage oids or NULL */
+CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRef certificate);
+
+/*!
+ @function SecCertificateIsValid
+ @abstract Check certificate validity on a given date.
+ @param certificate A certificate reference.
+ @result Returns true if the specified date falls within the certificate's validity period, false otherwise.
+ */
+bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
+
+/*!
+ @function SecCertificateNotValidBefore
+ @abstract Obtain the starting date of the given certificate.
+ @param certificate A certificate reference.
+ @result Returns the absolute time at which the given certificate becomes valid,
+ or 0 if this value could not be obtained.
+ */
+CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
+
+/*!
+ @function SecCertificateNotValidAfter
+ @abstract Obtain the expiration date of the given certificate.
+ @param certificate A certificate reference.
+ @result Returns the absolute time at which the given certificate expires,
+ or 0 if this value could not be obtained.
+ */
+CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
+
+/*!
+ @function SecCertificateIsSelfSigned
+ @abstract Determine if the given certificate is self-signed.
+ @param certRef A certificate reference.
+ @param isSelfSigned Will be set to true on return if the certificate is self-signed, false otherwise.
+ @result A result code. Returns errSecSuccess if the certificate's status can be determined.
+ */
+OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned)
+ __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_9_0);
+
+/*!
+ @function SecCertificateIsSelfSignedCA
+ @abstract Determine if the given certificate is self-signed and has a basic
+ constraints extension indicating it is a certificate authority.
+ @param certificate A certificate reference.
+ @result Returns true if the certificate is self-signed and has a basic
+ constraints extension indicating it is a certificate authority, otherwise false.
+ */
+bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
+
+/*!
+ @function SecCertificateIsCA
+ @abstract Determine if the given certificate has a basic
+ constraints extension indicating it is a certificate authority.
+ @param certificate A certificate reference.
+ @result Returns true if the certificate has a basic constraints
+ extension indicating it is a certificate authority, otherwise false.
+ */
+bool SecCertificateIsCA(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
+
+
+/* Append certificate to xpc_certificates. */
+bool SecCertificateAppendToXPCArray(SecCertificateRef certificate, xpc_object_t xpc_certificates, CFErrorRef *error);
+
+/* Decode certificate from xpc_certificates[index] as encoded by SecCertificateAppendToXPCArray(). */
+SecCertificateRef SecCertificateCreateWithXPCArrayAtIndex(xpc_object_t xpc_certificates, size_t index, CFErrorRef *error);
+
+/* Return an xpc_array of data from an array of SecCertificateRefs. */
+xpc_object_t SecCertificateArrayCopyXPCArray(CFArrayRef certificates, CFErrorRef *error);
+
+/* Return an array of SecCertificateRefs from a xpc_object array of datas. */
+CFArrayRef SecCertificateXPCArrayCopyArray(xpc_object_t xpc_certificates, CFErrorRef *error);
+
+/*!
+ @function SecCertificateCopyEscrowRoots
+ @abstract Retrieve the array of valid escrow certificates for a given root type.
+ @param escrowRootType An enumerated type indicating which root type to return.
+ @result An array of zero or more escrow certificates matching the provided type.
+ */
+CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType)
+ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
+
+/* Return an attribute dictionary used to store this item in a keychain. */
+CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
+
+/*
+ * Enumerated constants for signature hash algorithms.
+ */
+typedef CF_ENUM(uint32_t, SecSignatureHashAlgorithm){
+ kSecSignatureHashAlgorithmUnknown = 0,
+ kSecSignatureHashAlgorithmMD2 = 1,
+ kSecSignatureHashAlgorithmMD4 = 2,
+ kSecSignatureHashAlgorithmMD5 = 3,
+ kSecSignatureHashAlgorithmSHA1 = 4,
+ kSecSignatureHashAlgorithmSHA224 = 5,
+ kSecSignatureHashAlgorithmSHA256 = 6,
+ kSecSignatureHashAlgorithmSHA384 = 7,
+ kSecSignatureHashAlgorithmSHA512 = 8
+};
+
+/*!
+ @function SecCertificateGetSignatureHashAlgorithm
+ @abstract Determine the hash algorithm used in a certificate's signature.
+ @param certificate A certificate reference.
+ @result Returns an enumerated value indicating the signature hash algorithm
+ used in a certificate. If the hash algorithm is unsupported or cannot be
+ obtained (e.g. because the supplied certificate reference is invalid), a
+ value of 0 (kSecSignatureHashAlgorithmUnknown) is returned.
+ */
+SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecCertificateCopyProperties
+ @abstract Return a property array for this trust certificate.
+ @param certificate A reference to the certificate to evaluate.
+ @result A property array. It is the caller's responsability to CFRelease
+ the returned array when it is no longer needed.
+ See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
+ Unlike that function call this function returns a detailed description
+ of the certificate in question.
+ */
+CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate);
+
+/* Returns an array of CFDataRefs for all embedded SCTs */
+CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
+
+/* Return the precert TBSCertificate DER data - used for Certificate Transparency */
+CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
+
+/* Return the auth capabilities bitmask from the iAP marker extension */
+CF_RETURNS_RETAINED CFDataRef SecCertificateCopyiAPAuthCapabilities(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
+
+typedef CF_ENUM(uint32_t, SeciAuthVersion) {
+ kSeciAuthInvalid = 0,
+ kSeciAuthVersion1 = 1, /* unused */
+ kSeciAuthVersion2 = 2,
+ kSeciAuthVersion3 = 3,
+} __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
+
+/* Return the iAuth version indicated by the certificate. This function does
+ * not guarantee that the certificate is valid, so the caller must still call
+ * SecTrustEvaluate to guarantee that the certificate was properly issued */
+SeciAuthVersion SecCertificateGetiAuthVersion(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
+
+
+/*
+ * Legacy functions (OS X only)
+ */
+#if SEC_OS_OSX
+#include <Security/cssmtype.h>
+#include <Security/x509defs.h>
+
+/* Given a unified SecCertificateRef, return a copy with a legacy
+ C++ ItemImpl-based Certificate instance. Only for internal use;
+ legacy references cannot be used by SecCertificate API functions. */
+SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
+
+/* Inverse of above; convert legacy Certificate instance to new ref. */
+SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
+
+
+/* Convenience function to determine type of certificate instance. */
+Boolean SecCertificateIsItemImplInstance(SecCertificateRef certificate)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
+
+/* Given a legacy C++ ItemImpl-based Certificate instance obtained with
+ SecCertificateCreateItemImplInstance, return its clHandle pointer.
+ Only for internal use. */
+OSStatus SecCertificateGetCLHandle_legacy(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle)
+ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
+
+/* Deprecated; use SecCertificateCopyCommonName() instead. */
+OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetCommonName is deprecated. Use SecCertificateCopyCommonName instead.");
+
+/* Deprecated; use SecCertificateCopyEmailAddresses() instead. */
+/* This should have been Copy instead of Get since the returned address is not autoreleased. */
+OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetEmailAddress is deprecated. Use SecCertificateCopyEmailAddresses instead.");
+
+/*
+ * Private API to infer a display name for a SecCertificateRef which
+ * may or may not be in a keychain.
+ */
+OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label);
+
+/*
+ * Subset of the above, useful for both certs and CRLs.
+ * Infer printable label for a given an CSSM_X509_NAME. Returns NULL
+ * if no appropriate printable name found.
+ */
+const CSSM_DATA *SecInferLabelFromX509Name(
+ const CSSM_X509_NAME *x509Name);
+
+/* Accessors for fields in the cached certificate */
+
+/*!
+ @function SecCertificateCopyFieldValues
+ @abstract Retrieves the values for a particular field in a given certificate.
+ @param certificate A valid SecCertificateRef to the certificate.
+ @param field Pointer to the OID whose values should be returned.
+ @param fieldValues On return, a zero terminated list of CSSM_DATA_PTR's.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion Return a zero terminated list of CSSM_DATA_PTR's with the
+ values of the field specified by field. Caller must call
+ SecCertificateReleaseFieldValues to free the storage allocated by this call.
+*/
+OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFieldValues is deprecated. Use SecCertificateCopyValues instead.");
+
+/*!
+ @function SecCertificateReleaseFieldValues
+ @abstract Release the storage associated with the values returned by SecCertificateCopyFieldValues.
+ @param certificate A valid SecCertificateRef to the certificate.
+ @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValues.
+ @param fieldValues Pointer to a zero terminated list of CSSM_DATA_PTR's.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValues.
+*/
+OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFieldValues is deprecated. Use SecCertificateCopyValues instead.");
+
+/*!
+ @function SecCertificateCopyFirstFieldValue
+ @abstract Return a CSSM_DATA_PTR with the value of the first field specified by field.
+ @param certificate A valid SecCertificateRef to the certificate.
+ @param field Pointer to the OID whose value should be returned.
+ @param fieldValue On return, a CSSM_DATA_PTR to the field data.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call
+ SecCertificateReleaseFieldValue to free the storage allocated by this call.
+*/
+OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFirstFieldValue is deprecated. Use SecCertificateCopyValues instead.");
+
+/*!
+ @function SecCertificateReleaseFirstFieldValue
+ @abstract Release the storage associated with the values returned by SecCertificateCopyFirstFieldValue.
+ @param certificate A valid SecCertificateRef to the certificate.
+ @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValue.
+ @param fieldValue The field data to release.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValue.
+*/
+OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFirstFieldValue is deprecated. Use SecCertificateCopyValues instead.");
+
+/*!
+ @function SecCertificateCopySubjectComponent
+ @abstract Retrieves a component of the subject distinguished name of a given certificate.
+ @param certificate A reference to the certificate from which to retrieve the common name.
+ @param component A component oid naming the component desired. See <Security/oidsattr.h>.
+ @param result On return, a reference to the string form of the component, if present in the subject.
+ Your code must release this reference by calling the CFRelease function.
+ @result A result code. See "Security Error Codes" (SecBase.h).
+ */
+OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component,
+ CFStringRef *result)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopySubjectComponent is deprecated. Use SecCertificateCopyCommonNames,SecCertificateCopyOrganization,SecCertificateCopyOrganizationalUnit, etc. instead.");
+
+/* Convenience functions for searching.
+ */
+OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
+ const CSSM_DATA *serialNumber, SecCertificateRef *certificate)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByIssuerAndSN is deprecated. Use SecItemCopyMatching instead.");
+
+OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
+ SecCertificateRef *certificate)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindBySubjectKeyID is deprecated. Use SecItemCopyMatching instead.");
+
+OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
+ SecCertificateRef *certificate)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByEmail is deprecated. Use SecItemCopyMatching instead.");
+
+/* These should go to SecKeychainSearchPriv.h. */
+OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
+ const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN is deprecated. Use SecItemCopyMatching instead.");
+
+OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer,
+ CFDataRef serialNumber, SecKeychainSearchRef *searchRef)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN_CF is deprecated. Use SecItemCopyMatching instead.");
+
+OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
+ SecKeychainSearchRef *searchRef)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateBySubjectKeyID is deprecated. Use SecItemCopyMatching instead.");
+
+OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
+ SecKeychainSearchRef *searchRef)
+ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByEmail is deprecated. Use SecItemCopyMatching instead.");
+
+/* Convenience function for generating digests; should be moved elsewhere. */
+CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data)
+ __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA);
+
+/* Return true iff certificate is valid as of verifyTime. */
+/* DEPRECATED: Use SecCertificateIsValid instead. */
+bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
+ __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA);
+
+#endif /* SEC_OS_OSX */
+
+__END_DECLS
+
+#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */
projects / apple / security.git / blobdiff