1/* 2 * Copyright (c) 2002-2011,2013 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/*! 25 @header SecCertificate 26 The functions provided in SecCertificate implement and manage a particular type of keychain item that represents a certificate. You can store a certificate in a keychain, but a certificate can also be a transient object. 27 28 You can use a certificate as a keychain item in most functions. 29*/ 30 31#ifndef _SECURITY_SECCERTIFICATE_H_ 32#define _SECURITY_SECCERTIFICATE_H_ 33 34#include <CoreFoundation/CFBase.h> 35#include <CoreFoundation/CFArray.h> 36#include <CoreFoundation/CFData.h> 37#include <CoreFoundation/CFDate.h> 38#include <CoreFoundation/CFError.h> 39#include <Security/SecBase.h> 40#include <Security/cssmtype.h> 41#include <Security/x509defs.h> 42#include <Availability.h> 43#include <AvailabilityMacros.h> 44/* 45#include <Security/SecTransform.h> 46#include <Security/SecIdentity.h> 47*/ 48 49#if defined(__cplusplus) 50extern "C" { 51#endif 52 53/*! 54 @enum CertificateItemAttributes 55 @abstract Indicates the type of a certificate item attribute. 56 @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name. 57 @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name. 58 @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number (without the tag and length). 59 @constant kSecPublicKeyHashItemAttr Indicates a public key hash. 60 @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier. 61 @constant kSecCertTypeItemAttr Indicates a certificate type. 62 @constant kSecCertEncodingItemAttr Indicates a certificate encoding. 63*/ 64enum 65{ 66 kSecSubjectItemAttr = 'subj', 67 kSecIssuerItemAttr = 'issu', 68 kSecSerialNumberItemAttr = 'snbr', 69 kSecPublicKeyHashItemAttr = 'hpky', 70 kSecSubjectKeyIdentifierItemAttr = 'skid', 71 kSecCertTypeItemAttr = 'ctyp', 72 kSecCertEncodingItemAttr = 'cenc' 73} /*DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER*/; 74 75/*! 76 @function SecCertificateGetTypeID 77 @abstract Returns the type identifier of SecCertificate instances. 78 @result The CFTypeID of SecCertificate instances. 79*/ 80CFTypeID SecCertificateGetTypeID(void) 81 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); 82 83#pragma mark ---- Certificate Operations ---- 84 85/*! 86 @function SecCertificateCreateFromData 87 @abstract Creates a certificate based on the input data, type, and encoding. 88 @param data A pointer to the certificate data. 89 @param type The certificate type as defined in cssmtype.h. 90 @param encoding The certificate encoding as defined in cssmtype.h. 91 @param certificate On return, a reference to the newly created certificate. 92 @result A result code. See "Security Error Codes" (SecBase.h). 93 @discussion This API is deprecated in 10.7 Please use the SecCertificateCreateWithData API instead. 94*/ 95OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate) 96 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 97 98/*! 99 @function SecCertificateCreateWithData 100 @abstract Create a certificate reference given its DER representation as a CFData. 101 @param allocator CFAllocator to allocate the certificate data. Pass NULL to use the default allocator. 102 @param certificate DER encoded X.509 certificate. 103 @result On return, a reference to the certificate. Returns NULL if the passed-in data is not a valid DER-encoded X.509 certificate. 104*/ 105SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef allocator, CFDataRef data) 106 __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 107 108/*! 109 @function SecCertificateAddToKeychain 110 @abstract Adds a certificate to the specified keychain. 111 @param certificate A reference to a certificate. 112 @param keychain A reference to the keychain in which to add the certificate. Pass NULL to add the certificate to the default keychain. 113 @result A result code. See "Security Error Codes" (SecBase.h). 114 @discussion This function is successful only if the certificate was created using the SecCertificateCreateFromData or 115 SecCertificateCreateWithData functions, and the certificate has not yet been added to the specified keychain. 116*/ 117OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keychain) 118 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); 119 120/*! 121 @function SecCertificateGetData 122 @abstract Retrieves the data for a given certificate. 123 @param certificate A reference to the certificate from which to retrieve the data. 124 @param data On return, the CSSM_DATA structure pointed to by data is filled in. You must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. 125 @result A result code. See "Security Error Codes" (SecBase.h). 126 @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyData API instead. 127*/ 128OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) 129 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 130 131/*! 132 @function SecCertificateCopyData 133 @abstract Returns the DER representation of an X.509 certificate. 134 @param certificate A reference to a certificate. 135 @result On return, a data reference containing the DER encoded representation of the X.509 certificate. 136*/ 137CFDataRef SecCertificateCopyData(SecCertificateRef certificate) 138 __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 139 140/*! 141 @function SecCertificateGetType 142 @abstract Retrieves the type for a given certificate. 143 @param certificate A reference to the certificate from which to obtain the type. 144 @param certificateType On return, the certificate type of the certificate. Certificate types are defined in cssmtype.h. 145 @result A result code. See "Security Error Codes" (SecBase.h). 146 @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. 147*/ 148OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType) 149 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 150 151/*! 152 @function SecCertificateGetSubject 153 @abstract Retrieves the subject name for a given certificate. 154 @param certificate A reference to the certificate from which to obtain the subject name. 155 @param subject On return, a pointer to a CSSM_X509_NAME struct which contains the subject's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. 156 @result A result code. See "Security Error Codes" (SecBase.h). 157 @discussion Prior to Mac OS X 10.5, this function did not return any output in the subject parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. 158 For example: 159 const CSSM_X509_NAME *subject = NULL; 160 OSStatus status = SecCertificateGetSubject(certificate, &subject); 161 if ( (status == errSecSuccess) && (subject != NULL) ) { 162 // subject is valid 163 } 164 This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. 165*/ 166OSStatus SecCertificateGetSubject(SecCertificateRef certificate, const CSSM_X509_NAME **subject) 167 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 168 169/*! 170 @function SecCertificateGetIssuer 171 @abstract Retrieves the issuer name for a given certificate. 172 @param certificate A reference to the certificate from which to obtain the issuer name. 173 @param issuer On return, a pointer to a CSSM_X509_NAME struct which contains the issuer's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. 174 @result A result code. See "Security Error Codes" (SecBase.h). 175 @discussion Prior to Mac OS X 10.5, this function did not return any output in the issuer parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. 176 For example: 177 const CSSM_X509_NAME *issuer = NULL; 178 OSStatus status = SecCertificateGetIssuer(certificate, &issuer); 179 if ( (status == errSecSuccess) && (issuer != NULL) ) { 180 // issuer is valid 181 } 182 This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. 183*/ 184OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, const CSSM_X509_NAME **issuer) 185 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 186 187/*! 188 @function SecCertificateGetCLHandle 189 @abstract Retrieves the certificate library handle for a given certificate. 190 @param certificate A reference to the certificate from which to obtain the certificate library handle. 191 @param clHandle On return, the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does. 192 @result A result code. See "Security Error Codes" (SecBase.h). 193 @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. 194*/ 195OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) 196 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 197 198/*! 199 @function SecCertificateGetAlgorithmID 200 @abstract Retrieves the algorithm identifier for a given certificate. 201 @param certificate A reference to the certificate from which to retrieve the algorithm identifier. 202 @param algid On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER struct which identifies the algorithm for this certificate (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. 203 @result A result code. See "Security Error Codes" (SecBase.h). 204 discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. 205*/ 206OSStatus SecCertificateGetAlgorithmID(SecCertificateRef certificate, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) 207 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 208 209/*! 210 @function SecCertificateCopyPublicKey 211 @abstract Retrieves the public key for a given certificate. 212 @param certificate A reference to the certificate from which to retrieve the public key. 213 @param key On return, a reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. 214 @result A result code. See "Security Error Codes" (SecBase.h). 215*/ 216OSStatus SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef *key) 217 __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); 218 219/*! 220 @function SecCertificateCopyCommonName 221 @abstract Retrieves the common name of the subject of a given certificate. 222 @param certificate A reference to the certificate from which to retrieve the common name. 223 @param commonName On return, a reference to the common name. Your code must release this reference by calling the CFRelease function. 224 @result A result code. See "Security Error Codes" (SecBase.h). 225 @discussion All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. 226 Note that the certificate's common name field may not be present, or may be inadequate to describe the certificate; for display purposes, 227 you should consider using SecCertificateCopySubjectSummary instead of this function. 228*/ 229OSStatus SecCertificateCopyCommonName(SecCertificateRef certificate, CFStringRef *commonName) 230 __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); 231 232/*! 233 @function SecCertificateCopySubjectSummary 234 @abstract Returns a simple string which hopefully represents a human understandable summary. 235 @param certificate A reference to the certificate from which to derive the subject summary string. 236 @result On return, a reference to the subject summary string. Your code must release this reference by calling the CFRelease function. 237 @discussion All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. 238*/ 239CFStringRef SecCertificateCopySubjectSummary(SecCertificateRef certificate) 240 __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); 241 242/*! 243 @function SecCertificateCopyEmailAddresses 244 @abstract Returns an array of zero or more email addresses for the subject of a given certificate. 245 @param certificate A reference to the certificate from which to retrieve the email addresses. 246 @param emailAddresses On return, an array of zero or more CFStringRef elements corresponding to each email address found. 247 Your code must release this array reference by calling the CFRelease function. 248 @result A result code. See "Security Error Codes" (SecBase.h). 249*/ 250OSStatus SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef *emailAddresses) 251 __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); 252 253/*! 254 @function SecCertificateCopyPreference 255 @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. 256 @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. 257 @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to ignore this parameter. 258 @param certificate On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. 259 @result A result code. See "Security Error Codes" (SecBase.h). 260 @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. 261 This API is deprecated in 10.7. Please use the SecCertificateCopyPreferred API instead. 262*/ 263OSStatus SecCertificateCopyPreference(CFStringRef name, uint32 keyUsage, SecCertificateRef *certificate) 264 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 265 266/*! 267 @function SecCertificateCopyPreferred 268 @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. 269 @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. 270 @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) 271 @result On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. 272 @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. If a preferred certificate has not been set 273 for the supplied name, the returned reference will be NULL. Your code should then perform a search for possible certificates, using the SecItemCopyMatching API. 274*/ 275SecCertificateRef SecCertificateCopyPreferred(CFStringRef name, CFArrayRef keyUsage) 276 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 277 278/*! 279 @function SecCertificateSetPreference 280 @abstract Sets the preferred certificate for a specified name, key usage, and date. 281 @param certificate A reference to the certificate which will be preferred. 282 @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. 283 @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to avoid specifying a particular key usage. 284 @param date (optional) A date reference. If supplied, the preferred certificate will be changed only if this date is later than the currently saved setting. Pass NULL if this preference should not be restricted by date. 285 @result A result code. See "Security Error Codes" (SecBase.h). 286 @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) or automatically upon receipt of encrypted email. 287 This API is deprecated in 10.7. Plese use the SecCertificateSetPreferred API instead. 288*/ 289OSStatus SecCertificateSetPreference(SecCertificateRef certificate, CFStringRef name, uint32 keyUsage, CFDateRef date) 290 __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); 291 292/*! 293 @function SecCertificateSetPreferred 294 @abstract Sets the preferred certificate for a specified name and optional key usage. 295 @param certificate A reference to the preferred certificate. If NULL is passed, any existing preference for the specified name is cleared instead. 296 @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. 297 @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) 298 @result A result code. See "Security Error Codes" (SecBase.h). 299 @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) 300 or automatically upon receipt of encrypted email. 301*/ 302OSStatus SecCertificateSetPreferred(SecCertificateRef certificate, CFStringRef name, CFArrayRef keyUsage) 303 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 304 305/*! 306 @enum kSecPropertyKey 307 @abstract Constants used to access dictionary entries returned by SecCertificateCopyValues 308 @constant kSecPropertyKeyType The type of the entry 309 @constant kSecPropertyKeyLabel The label of the entry 310 @constant kSecPropertyKeyLocalizedLabel The localized label of the entry 311 @constant kSecPropertyKeyValue The value of the entry 312 */ 313 314extern CFStringRef kSecPropertyKeyType __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 315extern CFStringRef kSecPropertyKeyLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 316extern CFStringRef kSecPropertyKeyLocalizedLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 317extern CFStringRef kSecPropertyKeyValue __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 318 319/*! 320 @enum kSecPropertyType 321 @abstract Public Constants for property list values returned by SecCertificateCopyValues 322 @discussion Note that kSecPropertyTypeTitle and kSecPropertyTypeError are defined in SecTrust.h 323*/ 324extern CFStringRef kSecPropertyTypeWarning __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 325extern CFStringRef kSecPropertyTypeSuccess __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 326extern CFStringRef kSecPropertyTypeSection __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 327extern CFStringRef kSecPropertyTypeData __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 328extern CFStringRef kSecPropertyTypeString __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 329extern CFStringRef kSecPropertyTypeURL __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 330extern CFStringRef kSecPropertyTypeDate __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 331 332/*! 333 @function SecCertificateCopyValues 334 @abstract Creates a dictionary that represents a certificate's contents. 335 @param certificate The certificate from which to get values 336 @param keys An array of string OID values, or NULL. If present, this is 337 the subset of values from the certificate to return. If NULL, 338 all values will be returned. Only OIDs that are top level keys 339 in the returned dictionary can be specified. Unknown OIDs are 340 ignored. 341 @param error An optional pointer to a CFErrorRef. This value is 342 set if an error occurred. If not NULL the caller is 343 responsible for releasing the CFErrorRef. 344 @discussion The keys array will contain all of the keys used in the 345 returned dictionary. The top level keys in the returned 346 dictionary are OIDs, many of which are found in SecCertificateOIDs.h. 347 Each entry that is returned is itself a dictionary with four 348 entries, whose keys are kSecPropertyKeyType, kSecPropertyKeyLabel, 349 kSecPropertyKeyLocalizedLabel, kSecPropertyKeyValue. The label 350 entries may contain a descriptive (localized) string, or an 351 OID string. The kSecPropertyKeyType describes the type in the 352 value entry. The value entry may be any CFType, although it 353 is usually a CFStringRef, CFArrayRef or a CFDictionaryRef. 354*/ 355CFDictionaryRef SecCertificateCopyValues(SecCertificateRef certificate, CFArrayRef keys, CFErrorRef *error) 356 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 357 358/*! 359 @enum Transform Key Value Constants 360 @discussion Predefined values for the kSecTransformAttrCertificateUsage attribute. 361 362 363 kSecCertificateUsageSigning 364 kSecCertificateUsageSigningAndEncrypting 365 kSecCertificateUsageDeriveAndSign 366 367*/ 368 369extern const CFStringRef kSecCertificateUsageSigning __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 370extern const CFStringRef kSecCertificateUsageSigningAndEncrypting __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 371extern const CFStringRef kSecCertificateUsageDeriveAndSign __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 372 373/*! 374 @function SecCertificateCopyLongDescription 375 @abstract Return the long description of a certificate 376 @param alloc The CFAllocator which should be used to allocate 377 memory for the dictionary and its storage for values. This 378 parameter may be NULL in which case the current default 379 CFAllocator is used. If this reference is not a valid 380 CFAllocator, the behavior is undefined. 381 @param certificate The certificate from which to retrieve the long description 382 @param error An optional pointer to a CFErrorRef. This value is 383 set if an error occurred. If not NULL the caller is 384 responsible for releasing the CFErrorRef. 385 @result A CFStringRef of the long description or NULL. If NULL and the error 386 parameter is supplied the error will be returned in the error parameter 387 @discussion Note that the format of this string may change in the future 388*/ 389 390CFStringRef SecCertificateCopyLongDescription(CFAllocatorRef alloc, SecCertificateRef certificate, CFErrorRef *error) 391 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 392 393/*! 394 @function SecCertificateCopyShortDescription 395 @abstract Return the short description of a certificate 396 @param alloc The CFAllocator which should be used to allocate 397 memory for the dictionary and its storage for values. This 398 parameter may be NULL in which case the current default 399 CFAllocator is used. If this reference is not a valid 400 CFAllocator, the behavior is undefined. 401 @param certificate The certificate from which to retrieve the short description 402 @param error An optional pointer to a CFErrorRef. This value is 403 set if an error occurred. If not NULL the caller is 404 responsible for releasing the CFErrorRef. 405 @result A CFStringRef of the short description or NULL. If NULL and the error 406 parameter is supplied the error will be returned in the error parameter 407 @discussion Note that the format of this string may change in the future 408*/ 409 410CFStringRef SecCertificateCopyShortDescription(CFAllocatorRef alloc, SecCertificateRef certificate, CFErrorRef *error) 411 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 412 413/*! 414 @function SecCertificateCopySerialNumber 415 @abstract Return the certificate's serial number. 416 @param certificate The certificate from which to get values 417 @param error An optional pointer to a CFErrorRef. This value is 418 set if an error occurred. If not NULL the caller is 419 responsible for releasing the CFErrorRef. 420 @discussion Return the content of a DER-encoded integer (without the 421 tag and length fields) for this certificate's serial 422 number. The caller must CFRelease the value returned. 423*/ 424 425CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate, CFErrorRef *error) 426 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 427 428/*! 429 @function SecCertificateCopyNormalizedIssuerContent 430 @abstract Return the certificate's normalized issuer 431 @param certificate The certificate from which to get values 432 @param error An optional pointer to a CFErrorRef. This value is 433 set if an error occurred. If not NULL the caller is 434 responsible for releasing the CFErrorRef. 435 @discussion The issuer is a sequence in the format used by 436 SecItemCopyMatching. The content returned is a DER-encoded 437 X.509 distinguished name. For a display version of the issuer, 438 call SecCertificateCopyValues. The caller must CFRelease 439 the value returned. 440*/ 441 442CFDataRef SecCertificateCopyNormalizedIssuerContent(SecCertificateRef certificate, CFErrorRef *error) 443 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 444 445/*! 446 @function SecCertificateCopyNormalizedSubjectContent 447 @abstract Return the certificate's normalized subject 448 @param certificate The certificate from which to get values 449 @param error An optional pointer to a CFErrorRef. This value is 450 set if an error occurred. If not NULL the caller is 451 responsible for releasing the CFErrorRef. 452 @discussion The subject is a sequence in the format used by 453 SecItemCopyMatching. The content returned is a DER-encoded 454 X.509 distinguished name. For a display version of the subject, 455 call SecCertificateCopyValues. The caller must CFRelease 456 the value returned. 457*/ 458 459CFDataRef SecCertificateCopyNormalizedSubjectContent(SecCertificateRef certificate, CFErrorRef *error) 460 __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); 461 462#if defined(__cplusplus) 463} 464#endif 465 466#endif /* !_SECURITY_SECCERTIFICATE_H_ */ 467