1/*
2 *  Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 *  @APPLE_LICENSE_HEADER_START@
5 *
6 *  This file contains Original Code and/or Modifications of Original Code
7 *  as defined in and that are subject to the Apple Public Source License
8 *  Version 2.0 (the 'License'). You may not use this file except in
9 *  compliance with the License. Please obtain a copy of the License at
10 *  http://www.opensource.apple.com/apsl/ and read it before using this
11 *  file.
12 *
13 *  The Original Code and all software distributed under the License are
14 *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 *  Please see the License for the specific language governing rights and
19 *  limitations under the License.
20 *
21 *  @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25    @header SecCmsSignedData.h
26    @Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
27
28    @availability 10.4 and later
29    @abstract Interfaces of the CMS implementation.
30    @discussion The functions here implement functions for encoding
31                and decoding Cryptographic Message Syntax (CMS) objects
32                as described in rfc3369.
33 */
34
35#ifndef _SECURITY_SECCMSSIGNEDDATA_H_
36#define _SECURITY_SECCMSSIGNEDDATA_H_  1
37
38#include <Security/SecCmsBase.h>
39#include <Security/SecTrust.h>
40
41
42#if defined(__cplusplus)
43extern "C" {
44#endif
45
46/*!
47    @function
48    @abstract Create a new SecCmsSignedData object.
49    @param cmsg Pointer to a SecCmsMessage in which this SecCmsSignedData
50        should be created.
51 */
52extern SecCmsSignedDataRef
53SecCmsSignedDataCreate(SecCmsMessageRef cmsg);
54
55/*!
56    @function
57 */
58extern void
59SecCmsSignedDataDestroy(SecCmsSignedDataRef sigd);
60
61/*!
62    @function
63    @abstract Retrieve the SignedData's signer list.
64 */
65extern SecCmsSignerInfoRef *
66SecCmsSignedDataGetSignerInfos(SecCmsSignedDataRef sigd);
67
68/*!
69    @function
70 */
71extern int
72SecCmsSignedDataSignerInfoCount(SecCmsSignedDataRef sigd);
73
74/*!
75    @function
76 */
77extern SecCmsSignerInfoRef
78SecCmsSignedDataGetSignerInfo(SecCmsSignedDataRef sigd, int i);
79
80/*!
81    @function
82    @abstract Retrieve the SignedData's digest algorithm list.
83 */
84extern SECAlgorithmID **
85SecCmsSignedDataGetDigestAlgs(SecCmsSignedDataRef sigd);
86
87/*!
88    @function
89    @abstract Return pointer to this signedData's contentinfo.
90 */
91extern SecCmsContentInfoRef
92SecCmsSignedDataGetContentInfo(SecCmsSignedDataRef sigd);
93
94/*!
95    @function
96    @discussion XXX Should be obsoleted.
97 */
98extern OSStatus
99SecCmsSignedDataImportCerts(SecCmsSignedDataRef sigd, SecKeychainRef keychain,
100				SECCertUsage certusage, Boolean keepcerts);
101
102/*!
103    @function
104    @abstract See if we have digests in place.
105 */
106extern Boolean
107SecCmsSignedDataHasDigests(SecCmsSignedDataRef sigd);
108
109/*!
110    @function
111    @abstract Check the signatures.
112    @discussion The digests were either calculated during decoding (and are stored in the
113                signedData itself) or set after decoding using SecCmsSignedDataSetDigests.
114
115                The verification checks if the signing cert is valid and has a trusted chain
116                for the purpose specified by "policies".
117
118                If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
119                Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
120 */
121extern OSStatus
122SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, SecKeychainRef keychainOrArray,
123				 CFTypeRef policies, SecTrustRef *trustRef);
124
125/*!
126    @function
127    @abstract Verify the certs in a certs-only message.
128*/
129extern OSStatus
130SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd,
131                                  SecKeychainRef keychainOrArray,
132                                  CFTypeRef policies);
133
134/*!
135    @function
136 */
137extern OSStatus
138SecCmsSignedDataAddCertList(SecCmsSignedDataRef sigd, CFArrayRef certlist);
139
140/*!
141    @function
142    @abstract Add cert and its entire chain to the set of certs.
143 */
144extern OSStatus
145SecCmsSignedDataAddCertChain(SecCmsSignedDataRef sigd, SecCertificateRef cert);
146
147/*!
148    @function
149 */
150extern OSStatus
151SecCmsSignedDataAddCertificate(SecCmsSignedDataRef sigd, SecCertificateRef cert);
152
153/*!
154    @function
155 */
156extern Boolean
157SecCmsSignedDataContainsCertsOrCrls(SecCmsSignedDataRef sigd);
158
159/*!
160    @function
161    @abstract Retrieve the SignedData's certificate list.
162 */
163extern CSSM_DATA_PTR *
164SecCmsSignedDataGetCertificateList(SecCmsSignedDataRef sigd);
165
166/*!
167    @function
168 */
169extern OSStatus
170SecCmsSignedDataAddSignerInfo(SecCmsSignedDataRef sigd,
171				SecCmsSignerInfoRef signerinfo);
172
173/*!
174    @function
175 */
176extern OSStatus
177SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd,
178				SECAlgorithmID **digestalgs,
179				CSSM_DATA_PTR *digests);
180
181/*!
182    @function
183    @abstract Create a certs-only SignedData.
184    @param cert Base certificate that will be included
185    @param include_chain If true, include the complete cert chain for cert.
186    @discussion More certs and chains can be added via AddCertificate and AddCertChain.
187    @result An error results in a return value of NULL and an error set.
188 */
189extern SecCmsSignedDataRef
190SecCmsSignedDataCreateCertsOnly(SecCmsMessageRef cmsg, SecCertificateRef cert, Boolean include_chain);
191
192
193#if defined(__cplusplus)
194}
195#endif
196
197#endif /* _SECURITY_SECCMSSIGNEDDATA_H_ */
198