1/* 2 * cert.h 3 * security_smime 4 * 5 * Created by john on Wed Mar 12 2003. 6 * Copyright (c) 2003 __MyCompanyName__. All rights reserved. 7 * 8 */ 9 10#ifndef _CERT_H_ 11#define _CERT_H_ 1 12 13#include "SecCmsBase.h" 14#include <Security/nameTemplates.h> 15#include <Security/SecCertificate.h> 16#include <CoreFoundation/CFDate.h> 17#include <Security/SecTrust.h> 18#include "cmstpriv.h" 19#include <security_asn1/seccomon.h> 20 21/************************************************************************/ 22SEC_BEGIN_PROTOS 23 24#if !USE_CDSA_CRYPTO 25bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial); 26#endif 27 28typedef void CERTVerifyLog; 29 30void CERT_NormalizeX509NameNSS(NSS_Name *nssName); 31 32SecIdentityRef CERT_FindIdentityByUsage(SecKeychainRef keychainOrArray, 33 char *nickname, SECCertUsage usage, Boolean validOnly, void *proto_win); 34 35SecCertificateRef CERT_FindUserCertByUsage(SecKeychainRef dbhandle, 36 char *nickname,SECCertUsage usage,Boolean validOnly,void *proto_win); 37 38// Find a certificate in the database by a email address or nickname 39// "name" is the email address or nickname to look up 40SecCertificateRef CERT_FindCertByNicknameOrEmailAddr(SecKeychainRef dbhandle, char *name); 41 42SecPublicKeyRef SECKEY_CopyPublicKey(SecPublicKeyRef pubKey); 43void SECKEY_DestroyPublicKey(SecPublicKeyRef pubKey); 44SecPublicKeyRef SECKEY_CopyPrivateKey(SecPublicKeyRef privKey); 45void SECKEY_DestroyPrivateKey(SecPublicKeyRef privKey); 46void CERT_DestroyCertificate(SecCertificateRef cert); 47SecCertificateRef CERT_DupCertificate(SecCertificateRef cert); 48 49// from security/nss/lib/certdb/cert.h 50 51/* 52 Substitutions: 53 CERTCertificate * -> SecCertificateRef 54 SECKEYPublicKey * -> SecPublicKeyRef 55 CERTCertDBHandle * -> SecKeychainRef 56 CERT_GetDefaultCertDB -> OSStatus SecKeychainCopyDefault(SecKeychainRef *keychain); 57 CERTCertificateList * -> CFArrayRef 58*/ 59 60// Generate a certificate chain from a certificate. 61 62CF_RETURNS_RETAINED CFArrayRef CERT_CertChainFromCert(SecCertificateRef cert, SECCertUsage usage,Boolean includeRoot); 63 64CFArrayRef CERT_CertListFromCert(SecCertificateRef cert); 65 66CFArrayRef CERT_DupCertList(CFArrayRef oldList); 67 68// Extract a public key object from a SubjectPublicKeyInfo 69SecPublicKeyRef CERT_ExtractPublicKey(SecCertificateRef cert); 70 71SECStatus CERT_CheckCertUsage (SecCertificateRef cert,unsigned char usage); 72 73// Find a certificate in the database by a email address 74// "emailAddr" is the email address to look up 75SecCertificateRef CERT_FindCertByEmailAddr(SecKeychainRef keychainOrArray, char *emailAddr); 76 77// Find a certificate in the database by a DER encoded certificate 78// "derCert" is the DER encoded certificate 79SecCertificateRef CERT_FindCertByDERCert(SecKeychainRef keychainOrArray, const SecAsn1Item *derCert); 80 81// Generate a certificate key from the issuer and serialnumber, then look it up in the database. 82// Return the cert if found. "issuerAndSN" is the issuer and serial number to look for 83SecCertificateRef CERT_FindCertByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN); 84 85SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID); 86 87SecIdentityRef CERT_FindIdentityByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN); 88SecCertificateRef CERT_FindCertificateByIssuerAndSN (CFTypeRef keychainOrArray, const SecCmsIssuerAndSN *issuerAndSN); 89 90SecIdentityRef CERT_FindIdentityBySubjectKeyID (CFTypeRef keychainOrArray, const SecAsn1Item *subjKeyID); 91 92// find the smime symmetric capabilities profile for a given cert 93SecAsn1Item *CERT_FindSMimeProfile(SecCertificateRef cert); 94 95// Return the decoded value of the subjectKeyID extension. The caller should 96// free up the storage allocated in retItem->data. 97SECStatus CERT_FindSubjectKeyIDExtension (SecCertificateRef cert, SecAsn1Item *retItem); 98 99// Extract the issuer and serial number from a certificate 100SecCmsIssuerAndSN *CERT_GetCertIssuerAndSN(PRArenaPool *pl, SecCertificateRef cert); 101 102// import a collection of certs into the temporary or permanent cert database 103SECStatus CERT_ImportCerts(SecKeychainRef keychain, SECCertUsage usage,unsigned int ncerts, 104 SecAsn1Item **derCerts,SecCertificateRef **retCerts, Boolean keepCerts,Boolean caOnly, char *nickname); 105 106SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item *emailProfile,SecAsn1Item *profileTime); 107 108// Check the hostname to make sure that it matches the shexp that 109// is given in the common name of the certificate. 110SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname); 111 112#if USE_CDSA_CRYPTO 113SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert, 114 CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef); 115#else 116SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert, 117 CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef); 118#endif 119 120CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage); 121 122/************************************************************************/ 123SEC_END_PROTOS 124 125#endif /* _CERT_H_ */ 126