X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/sec/Security/SecCertificatePriv.h diff --git a/sec/Security/SecCertificatePriv.h b/sec/Security/SecCertificatePriv.h deleted file mode 100644 index 77674ea7..00000000 --- a/sec/Security/SecCertificatePriv.h +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright (c) 2006-2012 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificatePriv - The functions provided in SecCertificatePriv.h implement and manage a particular - type of keychain item that represents a certificate. You can store a - certificate in a keychain, but a certificate can also be a transient - object. - - You can use a certificate as a keychain item in most functions. - Certificates are able to compute their parent certificates, and much more. -*/ - -#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ -#define _SECURITY_SECCERTIFICATEPRIV_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -typedef uint32_t SecKeyUsage; -enum { - kSecKeyUsageUnspecified = 0, - kSecKeyUsageDigitalSignature = 1 << 0, - kSecKeyUsageNonRepudiation = 1 << 1, - kSecKeyUsageContentCommitment= 1 << 1, - kSecKeyUsageKeyEncipherment = 1 << 2, - kSecKeyUsageDataEncipherment = 1 << 3, - kSecKeyUsageKeyAgreement = 1 << 4, - kSecKeyUsageKeyCertSign = 1 << 5, - kSecKeyUsageCRLSign = 1 << 6, - kSecKeyUsageEncipherOnly = 1 << 7, - kSecKeyUsageDecipherOnly = 1 << 8, - kSecKeyUsageCritical = 1 << 31, - kSecKeyUsageAll = 0x7FFFFFFF -}; - -typedef uint32_t SecCertificateEscrowRootType; -enum { - kSecCertificateBaselineEscrowRoot = 0, - kSecCertificateProductionEscrowRoot = 1, -}; - -/* The names of the files that contain the escrow certificates */ -extern CFTypeRef kSecCertificateProductionEscrowKey; -extern CFTypeRef kSecCertificateEscrowFileName; - - -/* Return a certificate for the DER representation of this certificate. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, - const UInt8 *bytes, CFIndex length); - -/* Return the length of the DER representation of this certificate. */ -CFIndex SecCertificateGetLength(SecCertificateRef certificate); - -/* Return the bytes of the DER representation of this certificate. */ -const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate); - -// MARK: - -// MARK: Certificate Accessors - -CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyIssuerSummary - @abstract Return a simple string which hopefully represents a human understandable issuer. - @param certificate SecCertificate object created with SecCertificateCreateWithData(). - @discussion All the data in this string comes from the certificate itself - and thus it's in whatever language the certificate itself is in. - @result A CFStringRef which the caller should CFRelease() once it's no longer needed. -*/ -CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyProperties - @abstract Return a property array for this trust certificate. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description - of the certificate in question. -*/ -CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate); - -CFMutableArrayRef SecCertificateCopySummaryProperties( - SecCertificateRef certificate, CFAbsoluteTime verifyTime); - -/* Return the content of a DER-encoded integer (without the tag and length - fields) for this certificate's serial number. The caller must CFRelease - the value returned. */ -CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the ip addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the dns addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the email addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the common names in the - certificates subject if any. */ -CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the organization in the - certificate's subject if any. */ -CFArrayRef SecCertificateCopyOrganization(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the organizational unit in the - certificate's subject if any. */ -CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the NTPrincipalNames in the - certificate if any. */ -CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate); - -/* Return a string formatted according to RFC 2253 representing the complete - subject of certificate. */ -CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate); - -/* Return a string with the company name of an ev leaf certificate. */ -CFStringRef SecCertificateCopyCompanyName(SecCertificateRef certificate); - -/* X.509 Certificate Version: 1, 2 or 3. */ -CFIndex SecCertificateVersion(SecCertificateRef certificate); -CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate); -CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate); - -/* Return true iff certificate is self signed and has a basic constraints - extension indicating that it's a certificate authority. */ -bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate); - -SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRef certificate); - -/* Returns an array of CFDataRefs for all extended key usage oids or NULL */ -CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRef certificate); - -/* Returns a certificate from a pem blob */ -SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, - CFDataRef pem_certificate); - -/* Append certificate to xpc_certificates. */ -bool SecCertificateAppendToXPCArray(SecCertificateRef certificate, xpc_object_t xpc_certificates, CFErrorRef *error); - -/* Decode certificate from xpc_certificates[index] as encoded by SecCertificateAppendToXPCArray(). */ -SecCertificateRef SecCertificateCreateWithXPCArrayAtIndex(xpc_object_t xpc_certificates, size_t index, CFErrorRef *error); - -/* Retrieve the array of valid Escrow certificates for a given root type */ -CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType); - -/* Return an xpc_array of data from an array of SecCertificateRefs. */ -xpc_object_t SecCertificateArrayCopyXPCArray(CFArrayRef certificates, CFErrorRef *error); - -/* Return an array of SecCertificateRefs from a xpc_object array of datas. */ -CFArrayRef SecCertificateXPCArrayCopyArray(xpc_object_t xpc_certificates, CFErrorRef *error); - -__END_DECLS - -#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */