X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/OSX/libsecurity_keychain/lib/SecCertificatePriv.h diff --git a/OSX/libsecurity_keychain/lib/SecCertificatePriv.h b/OSX/libsecurity_keychain/lib/SecCertificatePriv.h deleted file mode 100644 index 3e36b135..00000000 --- a/OSX/libsecurity_keychain/lib/SecCertificatePriv.h +++ /dev/null @@ -1,402 +0,0 @@ -/* - * Copyright (c) 2002-2004,2011-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ -#define _SECURITY_SECCERTIFICATEPRIV_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) { - kSecCertificateBaselineEscrowRoot = 0, - kSecCertificateProductionEscrowRoot = 1, - kSecCertificateBaselinePCSEscrowRoot = 2, - kSecCertificateProductionPCSEscrowRoot = 3, - kSecCertificateBaselineEscrowBackupRoot = 4, // v100 and v101 - kSecCertificateProductionEscrowBackupRoot = 5, - kSecCertificateBaselineEscrowEnrollmentRoot = 6, // v101 only - kSecCertificateProductionEscrowEnrollmentRoot = 7, -}; - -extern const CFStringRef kSecCertificateProductionEscrowKey; -extern const CFStringRef kSecCertificateProductionPCSEscrowKey; -extern const CFStringRef kSecCertificateEscrowFileName; - - -/* Given a unified SecCertificateRef, return a copy with a legacy - C++ ItemImpl-based Certificate instance. Only for internal use; - legacy references cannot be used by SecCertificate API functions. */ -SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate); - -/* Inverse of above; convert legacy Certificate instance to new ref. */ -SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate); - -/* Convenience function to determine type of certificate instance. */ -Boolean SecCertificateIsItemImplInstance(SecCertificateRef certificate); - - -/* Given a legacy C++ ItemImpl-based Certificate instance obtained with - SecCertificateCreateItemImplInstance, return its clHandle pointer. - Only for internal use. */ -OSStatus SecCertificateGetCLHandle_legacy(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle); - -/* Return a certificate for the DER representation of this certificate. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, - const UInt8 *bytes, CFIndex length); - -/* Returns a certificate from a pem blob. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, - CFDataRef pem_certificate); - -/* Return the length of the DER representation of this certificate. */ -CFIndex SecCertificateGetLength(SecCertificateRef certificate); - -/* Return the bytes of the DER representation of this certificate. */ -const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate); - -/* Return the SHA-1 hash of this certificate. */ -CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-256 hash of this certificate. */ -CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate); - -/* Return the SHA-1 hash of the public key in this certificate. */ -CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-1 hash of the SubjectPublicKeyInfo sequence in this certificate. */ -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-256 hash of the SubjectPublicKeyInfo sequence in this certificate. */ -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate); - -/* Deprecated; use SecCertificateCopyCommonName() instead. */ -OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName); - -/* Deprecated; use SecCertificateCopyEmailAddresses() instead. */ -/* This should have been Copy instead of Get since the returned address is not autoreleased. */ -OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress); - -/* Return an array of CFStringRefs representing the dns addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the NTPrincipalNames in the - certificate if any. */ -CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate); - -/* Create a unified SecCertificateRef from a legacy keychain item and its data. */ -SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator, - CFDataRef der_certificate, CFTypeRef keychainItem); - -/* Set a legacy item instance for a unified SecCertificateRef. */ -OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, - CFTypeRef keychain_item); - -/* Return a keychain item reference, given a unified SecCertificateRef. - Note: for this function to succeed, the provided certificate must have been - created by SecCertificateCreateWithKeychainItem, otherwise NULL is returned. - */ -CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyIssuerSummary - @abstract Return a simple string which hopefully represents a human understandable issuer. - @param certificate SecCertificate object created with SecCertificateCreateWithData(). - @discussion All the data in this string comes from the certificate itself - and thus it's in whatever language the certificate itself is in. - @result A CFStringRef which the caller should CFRelease() once it's no longer needed. -*/ -CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate); - -/* Return a string formatted according to RFC 2253 representing the complete - subject of certificate. */ -CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate); - -CFMutableArrayRef SecCertificateCopySummaryProperties( - SecCertificateRef certificate, CFAbsoluteTime verifyTime); - -/* - * Private API to infer a display name for a SecCertificateRef which - * may or may not be in a keychain. - */ -OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label); - -/* - * Subset of the above, useful for both certs and CRLs. - * Infer printable label for a given an CSSM_X509_NAME. Returns NULL - * if no appropriate printable name found. - */ -const CSSM_DATA *SecInferLabelFromX509Name( - const CSSM_X509_NAME *x509Name); - -/* Accessors for fields in the cached certificate */ - -/*! - @function SecCertificateCopyFieldValues - @abstract Retrieves the values for a particular field in a given certificate. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values should be returned. - @param fieldValues On return, a zero terminated list of CSSM_DATA_PTR's. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Return a zero terminated list of CSSM_DATA_PTR's with the - values of the field specified by field. Caller must call - SecCertificateReleaseFieldValues to free the storage allocated by this call. -*/ -OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues); - -/*! - @function SecCertificateReleaseFieldValues - @abstract Release the storage associated with the values returned by SecCertificateCopyFieldValues. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValues. - @param fieldValues Pointer to a zero terminated list of CSSM_DATA_PTR's. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValues. -*/ -OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues); - -/*! - @function SecCertificateCopyFirstFieldValue - @abstract Return a CSSM_DATA_PTR with the value of the first field specified by field. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose value should be returned. - @param fieldValue On return, a CSSM_DATA_PTR to the field data. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call - SecCertificateReleaseFieldValue to free the storage allocated by this call. -*/ -OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue); - -/*! - @function SecCertificateReleaseFirstFieldValue - @abstract Release the storage associated with the values returned by SecCertificateCopyFirstFieldValue. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValue. - @param fieldValue The field data to release. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValue. -*/ -OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue); - -/*! - @function SecCertificateCopySubjectComponent - @abstract Retrieves a component of the subject distinguished name of a given certificate. - @param certificate A reference to the certificate from which to retrieve the common name. - @param component A component oid naming the component desired. See . - @param result On return, a reference to the string form of the component, if present in the subject. - Your code must release this reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component, - CFStringRef *result); - -/* Return the DER encoded issuer sequence for the certificate's issuer. */ -CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate); - -/* Return the DER encoded subject sequence for the certificate's subject. */ -CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate); - -#if (SECTRUST_OSX && TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR)) -CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate); -CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate); -CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRef certificate); -CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRef certificate); -#endif - -/* Convenience functions for searching. -*/ - -OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecCertificateRef *certificate); - -OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecCertificateRef *certificate); - -OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecCertificateRef *certificate); - - -/* These should go to SecKeychainSearchPriv.h. */ -OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer, - CFDataRef serialNumber, SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecKeychainSearchRef *searchRef); - -/* Convenience function for generating digests; should be moved elsewhere. */ -CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data); - -/* Return true iff certificate is valid as of verifyTime. */ -/* DEPRECATED: Use SecCertificateIsValid instead. */ -bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecCertificateIsValid - @abstract Check certificate validity on a given date. - @param certificate A certificate reference. - @result Returns true if the specified date falls within the certificate's validity period, false otherwise. -*/ -bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateNotValidBefore - @abstract Obtain the starting date of the given certificate. - @param certificate A certificate reference. - @result Returns the absolute time at which the given certificate becomes valid, - or 0 if this value could not be obtained. -*/ -CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateNotValidAfter - @abstract Obtain the expiration date of the given certificate. - @param certificate A certificate reference. - @result Returns the absolute time at which the given certificate expires, - or 0 if this value could not be obtained. -*/ -CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateIsSelfSigned - @abstract Determine if the given certificate is self-signed. - @param certRef A certificate reference. - @param isSelfSigned Will be set to true on return if the certificate is self-signed, false otherwise. - @result A result code. Returns errSecSuccess if the certificate's status can be determined. -*/ -OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_9_0); - -/*! - @function SecCertificateIsSelfSignedCA - @abstract Determine if the given certificate is self-signed and has a basic - constraints extension indicating it is a certificate authority. - @param certificate A certificate reference. - @result Returns true if the certificate is self-signed and has a basic - constraints extension indicating it is a certificate authority, otherwise false. -*/ -bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/*! - @function SecCertificateIsCA - @abstract Determine if the given certificate has a basic - constraints extension indicating it is a certificate authority. - @param certificate A certificate reference. - @result Returns true if the certificate has a basic constraints - extension indicating it is a certificate authority, otherwise false. -*/ -bool SecCertificateIsCA(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/*! - @function SecCertificateCopyEscrowRoots - @abstract Retrieve the array of valid escrow certificates for a given root type. - @param escrowRootType An enumerated type indicating which root type to return. - @result An array of zero or more escrow certificates matching the provided type. -*/ -CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/* Return an attribute dictionary used to store this item in a keychain. */ -CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/* - * Enumerated constants for signature hash algorithms. - */ -typedef uint32_t SecSignatureHashAlgorithm; -enum { - kSecSignatureHashAlgorithmUnknown = 0, - kSecSignatureHashAlgorithmMD2 = 1, - kSecSignatureHashAlgorithmMD4 = 2, - kSecSignatureHashAlgorithmMD5 = 3, - kSecSignatureHashAlgorithmSHA1 = 4, - kSecSignatureHashAlgorithmSHA224 = 5, - kSecSignatureHashAlgorithmSHA256 = 6, - kSecSignatureHashAlgorithmSHA384 = 7, - kSecSignatureHashAlgorithmSHA512 = 8 -}; - -/*! - @function SecCertificateGetSignatureHashAlgorithm - @abstract Determine the hash algorithm used in a certificate's signature. - @param certificate A certificate reference. - @result Returns an enumerated value indicating the signature hash algorithm - used in a certificate. If the hash algorithm is unsupported or cannot be - obtained (e.g. because the supplied certificate reference is invalid), a - value of 0 (kSecSignatureHashAlgorithmUnknown) is returned. -*/ -SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecCertificateCopyProperties - @abstract Return a property array for this trust certificate. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description - of the certificate in question. -*/ -CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate); - -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate); - -/* Returns an array of CFDataRefs for all embedded SCTs */ -CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/* Return the precert TBSCertificate DER data - used for Certificate Transparency */ -CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */