1/*
2 * tpUtils.h - TP and cert group test support
3 */
4
5#ifndef	_TP_UTILS_H_
6#define _TP_UTILS_H_
7
8#include <Security/cssmtype.h>
9#include <Security/x509defs.h>
10#include <Security/cssmapple.h>
11#include <time.h>
12#include <MacTypes.h>
13#include <CoreFoundation/CoreFoundation.h>
14#include <Security/Security.h>
15
16#ifdef	__cplusplus
17extern "C" {
18#endif
19
20#define TP_DB_ENABLE	1
21
22/*
23 * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the
24 * certs into the certgroup and optionally into one of a list of DBs in
25 * random order. Optionaly the first cert in the array is placed in the
26 * first element of certgroup. Only error is memory error. It's legal to
27 * pass in an empty cert array.
28 */
29CSSM_RETURN tpMakeRandCertGroup(
30	CSSM_CL_HANDLE			clHand,
31	CSSM_DL_DB_LIST_PTR		dbList,
32	const CSSM_DATA_PTR		certs,
33	unsigned				numCerts,
34	CSSM_CERTGROUP_PTR		certGroup,
35	CSSM_BOOL				firstCertIsSubject,	// true: certs[0] goes to head
36												//   of certGroup
37	CSSM_BOOL				verbose,
38	CSSM_BOOL				allInDbs,			// all certs go to DBs
39	CSSM_BOOL				skipFirstDb);		// no certs go to db[0]
40
41CSSM_RETURN tpStoreCert(
42	CSSM_DL_DB_HANDLE		dlDb,
43	const CSSM_DATA_PTR		cert,
44	/* REQUIRED fields */
45	CSSM_CERT_TYPE			certType,		// e.g. CSSM_CERT_X_509v3
46	uint32					serialNum,
47	const CSSM_DATA			*issuer,		// (shouldn't this be subject?)
48											// normalized & encoded
49	/* OPTIONAL fields */
50	CSSM_CERT_ENCODING		certEncoding,	// e.g. CSSM_CERT_ENCODING_DER
51	const CSSM_DATA			*printName,
52	const CSSM_DATA			*subject);		// normalized & encoded
53
54/*
55 * Store a cert when we don't already know the required fields. We'll
56 * extract them.
57 */
58CSSM_RETURN tpStoreRawCert(
59	CSSM_DL_DB_HANDLE		dlDb,
60	CSSM_CL_HANDLE			clHand,
61	const CSSM_DATA_PTR		cert);
62
63/*
64 * Generate numKeyPairs key pairs of specified algorithm and size.
65 * Key labels will be 'keyLabelBase' concatenated with a 4-digit
66 * decimal number.
67 */
68CSSM_RETURN tpGenKeys(
69	CSSM_CSP_HANDLE	cspHand,
70	CSSM_DL_DB_HANDLE dbHand,			/* keys go here */
71	unsigned		numKeyPairs,
72	uint32			keyGenAlg,		/* CSSM_ALGID_RSA, etc. */
73	uint32			keySizeInBits,
74	const char 		*keyLabelBase,	/* C string */
75	CSSM_KEY_PTR	pubKeys,		/* array of keys RETURNED here */
76	CSSM_KEY_PTR	privKeys,		/* array of keys RETURNED here */
77	CSSM_DATA_PTR	paramData = NULL);	// optional DSA params
78
79/*
80 * Generate a cert chain using specified key pairs. The last cert in the
81 * chain (certs[numCerts-1]) is a root cert, self-signed.
82 */
83CSSM_RETURN tpGenCerts(
84	CSSM_CSP_HANDLE	cspHand,
85	CSSM_CL_HANDLE	clHand,
86	unsigned		numCerts,
87	uint32			sigAlg,			/* CSSM_ALGID_SHA1WithRSA, etc. */
88	const char 		*nameBase,		/* C string */
89	CSSM_KEY_PTR	pubKeys,		/* array of public keys */
90	CSSM_KEY_PTR	privKeys,		/* array of private keys */
91	CSSM_DATA_PTR	certs,			/* array of certs RETURNED here */
92	const char		*notBeforeStr,	/* from genTimeAtNowPlus() */
93	const char		*notAfterStr);	/* from genTimeAtNowPlus() */
94
95/*
96 * Generate a cert chain using specified key pairs. The last cert in the
97 * chain (certs[numCerts-1]) is a root cert, self-signed. Store
98 * the certs indicated by corresponding element on storeArray. If
99 * storeArray[n].DLHandle == 0, the cert is not stored.
100 */
101CSSM_RETURN tpGenCertsStore(
102	CSSM_CSP_HANDLE		cspHand,
103	CSSM_CL_HANDLE		clHand,
104	unsigned			numCerts,
105	uint32				sigAlg,			/* CSSM_ALGID_SHA1WithRSA, etc. */
106	const char 			*nameBase,		/* C string */
107	CSSM_KEY_PTR		pubKeys,		/* array of public keys */
108	CSSM_KEY_PTR		privKeys,		/* array of private keys */
109	CSSM_DL_DB_HANDLE	*storeArray,	/* array of certs stored here  */
110	CSSM_DATA_PTR		certs,			/* array of certs RETURNED here */
111	const char			*notBeforeStr,	/* from genTimeAtNowPlus() */
112	const char			*notAfterStr);	/* from genTimeAtNowPlus() */
113
114/* free a CSSM_CERT_GROUP */
115void tpFreeCertGroup(
116	CSSM_CERTGROUP_PTR	certGroup,
117	CSSM_BOOL	 		freeCertData,		// free individual CertList.Data
118	CSSM_BOOL			freeStruct);			// free the overall CSSM_CERTGROUP
119
120CSSM_BOOL tpCompareCertGroups(
121	const CSSM_CERTGROUP	*grp1,
122	const CSSM_CERTGROUP	*grp2);
123
124CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb);
125
126/*
127 * Wrapper for CSSM_TP_CertGroupVerify.
128 */
129CSSM_RETURN tpCertGroupVerify(
130	CSSM_TP_HANDLE						tpHand,
131	CSSM_CL_HANDLE						clHand,
132	CSSM_CSP_HANDLE 					cspHand,
133	CSSM_DL_DB_LIST_PTR					dbListPtr,
134	const CSSM_OID						*policy,		// optional
135	const CSSM_DATA						*fieldOpts,		// optional
136	const CSSM_DATA						*actionData,	// optional
137	void								*policyOpts,
138	const CSSM_CERTGROUP 				*certGroup,
139	CSSM_DATA_PTR						anchorCerts,
140	unsigned							numAnchorCerts,
141	CSSM_TP_STOP_ON						stopOn,		// CSSM_TP_STOP_ON_POLICY, etc.
142	CSSM_TIMESTRING						cssmTimeStr,// optional
143	CSSM_TP_VERIFY_CONTEXT_RESULT_PTR	result);	// RETURNED
144
145CSSM_RETURN tpKcOpen(
146	CSSM_DL_HANDLE		dlHand,
147	const char			*kcName,
148	const char			*pwd,				// optional to avoid UI
149	CSSM_BOOL			doCreate,
150	CSSM_DB_HANDLE		*dbHand);			// RETURNED
151
152CSSM_RETURN freeVfyResult(
153	CSSM_TP_VERIFY_CONTEXT_RESULT *ctx);
154
155void printCertInfo(
156	unsigned numCerts,							// from CertGroup
157	const CSSM_TP_APPLE_EVIDENCE_INFO *info);
158
159void dumpVfyResult(
160	const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult);
161
162/*
163 * Obtain system anchors in CF and in CSSM_DATA form.
164 * Caller must CFRelease the returned rootArray and
165 * free() the returned CSSM_DATA array, but not its
166 * contents - SecCertificates themselves own that.
167 */
168OSStatus getSystemAnchors(
169	CFArrayRef *rootArray,	/* RETURNED */
170	CSSM_DATA **anchors,	/* RETURNED */
171	unsigned *numAnchors);	/* RETURNED */
172
173/* get a SecCertificateRef from a file */
174SecCertificateRef certFromFile(
175	const char *fileName);
176
177#ifdef	__cplusplus
178}
179#endif
180#endif	/* _TP_UTILS_H_ */
181
182