1/* 2 * Copyright (c) 2000-2013 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19/* 20 tpPolicies.h - TP module policy implementation 21*/ 22 23#ifndef _TP_POLICIES_H_ 24#define _TP_POLICIES_H_ 25 26#include <Security/cssmtype.h> 27#include <security_utilities/alloc.h> 28#include <Security/cssmapple.h> 29#include "TPCertInfo.h" 30 31#ifdef __cplusplus 32extern "C" { 33#endif /* __cplusplus */ 34 35/* 36 * Enumerated certificate policies enforced by this module. 37 */ 38typedef enum { 39 kTPDefault, /* no extension parsing, just sig and expiration */ 40 kTPx509Basic, /* basic X.509/RFC3280 */ 41 kTPiSign, /* (obsolete) Apple code signing */ 42 kTP_SSL, /* SecureTransport/SSL */ 43 kCrlPolicy, /* cert chain verification via CRL */ 44 kTP_SMIME, /* S/MIME */ 45 kTP_EAP, 46 kTP_SWUpdateSign, /* Apple SW Update signing (was Apple Code Signing) */ 47 kTP_ResourceSign, /* Apple Resource Signing */ 48 kTP_IPSec, /* IPSEC */ 49 kTP_iChat, /* iChat */ 50 kTP_PKINIT_Client, /* PKINIT client cert */ 51 kTP_PKINIT_Server, /* PKINIT server cert */ 52 kTP_CodeSigning, /* new Apple Code Signing (Leopard/10.5) */ 53 kTP_PackageSigning, /* Package Signing */ 54 kTP_MacAppStoreRec, /* MacApp store receipt */ 55 kTP_AppleIDSharing, /* AppleID Sharing */ 56 kTP_TimeStamping, /* RFC3161 time stamping */ 57 kTP_PassbookSigning, /* Passbook Signing */ 58 kTP_MobileStore, /* Apple Mobile Store Signing */ 59 kTP_TestMobileStore, /* Apple Test Mobile Store Signing */ 60 kTP_EscrowService, /* Apple Escrow Service Signing */ 61 kTP_ProfileSigning, /* Apple Configuration Profile Signing */ 62 kTP_QAProfileSigning, /* Apple QA Configuration Profile Signing */ 63} TPPolicy; 64 65/* 66 * Perform TP verification on a constructed (ordered) cert group. 67 */ 68CSSM_RETURN tp_policyVerify( 69 TPPolicy policy, 70 Allocator &alloc, 71 CSSM_CL_HANDLE clHand, 72 CSSM_CSP_HANDLE cspHand, 73 TPCertGroup *certGroup, 74 CSSM_BOOL verifiedToRoot, // last cert is good root 75 CSSM_BOOL verifiedViaTrustSetting,// last cert has valid user trust 76 CSSM_APPLE_TP_ACTION_FLAGS actionFlags, 77 const CSSM_DATA *policyFieldData, // optional 78 void *policyControl); // future use 79 80/* 81 * Obtain policy-specific User Trust parameters 82 */ 83void tp_policyTrustSettingParams( 84 TPPolicy policy, 85 const CSSM_DATA *policyFieldData, // optional 86 /* returned values - not mallocd */ 87 const char **policyStr, 88 uint32 *policyStrLen, 89 SecTrustSettingsKeyUsage *keyUse); 90 91#ifdef __cplusplus 92} 93#endif 94#endif /* _TP_POLICIES_H_ */ 95