1/*
2 * Copyright (c) 2003-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25	@header SecTrustPriv
26	Private part of SecTrust.h
27*/
28
29#ifndef _SECURITY_SECTRUST_PRIV_H_
30#define _SECURITY_SECTRUST_PRIV_H_
31
32#include <Security/SecTrust.h>
33#include <CoreFoundation/CFString.h>
34#include <CoreFoundation/CFDictionary.h>
35
36
37#if defined(__cplusplus)
38extern "C" {
39#endif
40
41/*
42	unique keychain item attributes for user trust records.
43*/
44enum {
45    kSecTrustCertAttr 				 = 'tcrt',
46    kSecTrustPolicyAttr				 = 'tpol',
47	/* Leopard and later */
48	kSecTrustPubKeyAttr				 = 'tpbk',
49	kSecTrustSignatureAttr			 = 'tsig'
50};
51
52/*!
53	@function SecTrustGetUserTrust
54	@abstract Gets the user-specified trust settings of a certificate and policy.
55	@param certificate A reference to a certificate.
56	@param policy A reference to a policy.
57	@param trustSetting On return, a pointer to the user specified trust settings.
58	@result A result code. See "Security Error Codes" (SecBase.h).
59	@availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
60*/
61OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting)
62	/*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
63
64/*!
65	@function SecTrustSetUserTrust
66	@abstract Sets the user-specified trust settings of a certificate and policy.
67	@param certificate A reference to a certificate.
68	@param policy A reference to a policy.
69	@param trustSetting The user-specified trust settings.
70	@result A result code. See "Security Error Codes" (SecBase.h).
71	@availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
72	@discussion as of Mac OS version 10.5, this will result in a call to
73	 SecTrustSettingsSetTrustSettings().
74*/
75OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting)
76	/*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
77
78/*!
79	@function SecTrustSetUserTrustLegacy
80	@abstract Sets the user-specified trust settings of a certificate and policy.
81	@param certificate A reference to a certificate.
82	@param policy A reference to a policy.
83	@param trustSetting The user-specified trust settings.
84	@result A result code.  See "Security Error Codes" (SecBase.h).
85
86	@This is the private version of what used to be SecTrustSetUserTrust(); it operates
87	 on UserTrust entries as that function used to. The current SecTrustSetUserTrust()
88	 function operated on Trust Settings.
89*/
90OSStatus SecTrustSetUserTrustLegacy(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting);
91
92/*!
93	@function SecTrustGetCSSMAnchorCertificates
94	@abstract Retrieves the CSSM anchor certificates.
95	@param cssmAnchors A pointer to an array of anchor certificates.
96	@param cssmAnchorCount A pointer to the number of certificates in anchors.
97	@result A result code. See "Security Error Codes" (SecBase.h).
98	@availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5.
99*/
100OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount)
101	/*DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER*/;
102
103/*!
104	@function SecTrustCopyExtendedResult
105	@abstract Gets the extended trust result after an evaluation has been performed.
106	@param trust A trust reference.
107	@param result On return, result points to a CFDictionaryRef containing extended trust results (if no error occurred).
108	The caller is responsible for releasing this dictionary with CFRelease when finished with it.
109	@result A result code. See "Security Error Codes" (SecBase.h).
110	@discussion This function may only be used after SecTrustEvaluate has been called for the trust reference, otherwise
111	errSecTrustNotAvailable is returned. If the certificate is not an extended validation certificate, there is
112	no extended result data and errSecDataNotAvailable is returned. Currently, only one dictionary key is defined
113	(kSecEVOrganizationName).
114
115	Note: this function will be deprecated in a future release of OS X. Your
116	code should use SecTrustCopyResult to obtain the trust results dictionary.
117*/
118OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result)
119	__OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA);
120
121
122/*!
123    @enum Trust Result Constants
124    @discussion Predefined key constants used to obtain values in a
125        dictionary of trust evaluation results for a certificate chain,
126        as retrieved from a call to SecTrustCopyResult.
127
128    @constant kSecTrustResultDetails
129        This key will be present if a trust evaluation has been performed.
130        Its value is a CFArrayRef of CFDictionaryRef representing detailed
131        status info for each certificate in the completed chain.
132 */
133extern CFTypeRef kSecTrustResultDetails
134    __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_NA);
135
136
137/*
138 * Preference-related strings for Revocation policies.
139 */
140
141/*
142 * Preference domain, i.e., the name of a plist in ~/Library/Preferences or in
143 * /Library/Preferences
144 */
145#define kSecRevocationDomain		"com.apple.security.revocation"
146
147/* OCSP and CRL style keys, followed by values used for both of them */
148#define kSecRevocationOcspStyle				CFSTR("OCSPStyle")
149#define kSecRevocationCrlStyle				CFSTR("CRLStyle")
150  #define kSecRevocationOff					CFSTR("None")	/* default for each one */
151  #define kSecRevocationBestAttempt			CFSTR("BestAttempt")
152  #define kSecRevocationRequireIfPresent	CFSTR("RequireIfPresent")
153  #define kSecRevocationRequireForAll		CFSTR("RequireForAll")
154
155/* Which first if both enabled? */
156#define kSecRevocationWhichFirst			CFSTR("RevocationFirst")
157  #define kSecRevocationOcspFirst			CFSTR("OCSP")
158  #define kSecRevocationCrlFirst			CFSTR("CRL")
159
160/* boolean: A "this policy is sufficient per cert" for each */
161#define kSecRevocationOCSPSufficientPerCert	CFSTR("OCSPSufficientPerCert")
162#define kSecRevocationCRLSufficientPerCert	CFSTR("CRLSufficientPerCert")
163
164/* local OCSP responder URI, value arbitrary string value */
165#define kSecOCSPLocalResponder				CFSTR("OCSPLocalResponder")
166
167/* Extended trust result keys (now in public API) */
168#define kSecEVOrganizationName				kSecTrustOrganizationName
169#define kSecTrustExpirationDate				kSecTrustRevocationValidUntilDate
170
171#if defined(__cplusplus)
172}
173#endif
174
175#endif /* !_SECURITY_SECTRUST_PRIV_H_ */
176