1/* 2 * Copyright (c) 2003,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25#ifndef _CERT_H_ 26#define _CERT_H_ 1 27 28#include <Security/SecCmsBase.h> 29#include <Security/nameTemplates.h> 30#include <Security/SecCertificate.h> 31#include <CoreFoundation/CFDate.h> 32#include <Security/SecTrust.h> 33#include "cmstpriv.h" 34 35/************************************************************************/ 36SEC_BEGIN_PROTOS 37 38typedef void CERTVerifyLog; 39 40void CERT_NormalizeX509NameNSS(NSS_Name *nssName); 41 42SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray, 43 char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win); 44 45SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle, 46 char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win); 47 48// Find a certificate in the database by a email address or nickname 49// "name" is the email address or nickname to look up 50SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name); 51 52SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey); 53void SECKEY_DestroyPublicKey(SecPublicKeyRef pubKey); 54SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey); 55void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey); 56void CERT_DestroyCertificate(SecCertificateRef cert); 57SecCertificateRef CERT_DupCertificate(SecCertificateRef cert); 58 59// from security/nss/lib/certdb/cert.h 60 61/* 62 Substitutions: 63 CERTCertificate * -> SecCertificateRef 64 SECKEYPublicKey * -> SecPublicKeyRef 65 CERTCertDBHandle * -> SecKeychainRef 66 CERT_GetDefaultCertDB -> OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain); 67 CERTCertificateList * -> CFArrayRef 68*/ 69 70// Generate a certificate chain from a certificate. 71 72CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot); 73 74CFArrayRef CERT_CertListFromCert(SecCertificateRef cert); 75 76CFArrayRef CERT_DupCertList(CFArrayRef oldList); 77 78// Extract a public key object from a SubjectPublicKeyInfo 79SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert); 80 81SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage); 82 83// Find a certificate in the database by a email address 84// "emailAddr" is the email address to look up 85SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr); 86 87// Find a certificate in the database by a DER encoded certificate 88// "derCert" is the DER encoded certificate 89SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SECItem *derCert); 90 91// Generate a certificate key from the issuer and serialnumber, then look it up in the database. 92// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for 93SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, 94 CSSM_DATA_PTR *rawCerts, PRArenaPool *pl, const SecCmsIssuerAndSN *issuerAndSN); 95 96SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, 97 CSSM_DATA_PTR *rawCerts, const SECItem *subjKeyID); 98 99SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN); 100 101SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SECItem *subjKeyID); 102 103// find the smime symmetric capabilities profile for a given cert 104SECItem *CERT_FindSMimeProfile(SecCertificateRef cert); 105 106// Return the decoded value of the subjectKeyID extension. The caller should 107// free up the storage allocated in retItem->data. 108SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SECItem *retItem); 109 110// Extract the issuer and serial number from a certificate 111SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert); 112 113// import a collection of certs into the temporary or permanent cert database 114SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts, 115 SECItem **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname); 116 117SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SECItem *emailProfile,SECItem *profileTime); 118 119// Check the hostname to make sure that it matches the shexp that 120// is given in the common name of the certificate. 121SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname); 122 123SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert, 124 const CSSM_DATA_PTR *otherCerts, /* intermediates */ 125 CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef); 126 127CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage); 128 129/************************************************************************/ 130SEC_END_PROTOS 131 132#endif /* _CERT_H_ */ 133