1/* 2 * Copyright (c) 2006-2010,2013 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/*! 25 @header SecCertificatePriv 26 The functions provided in SecCertificatePriv.h implement and manage a particular 27 type of keychain item that represents a certificate. You can store a 28 certificate in a keychain, but a certificate can also be a transient 29 object. 30 31 You can use a certificate as a keychain item in most functions. 32 Certificates are able to compute their parent certificates, and much more. 33*/ 34 35#ifndef _SECURITY_SECCERTIFICATEPRIVP_H_ 36#define _SECURITY_SECCERTIFICATEPRIVP_H_ 37 38//#include <Security/SecCertificate.h> 39#include "SecCertificateP.h" 40#include <CoreFoundation/CFArray.h> 41#include <CoreFoundation/CFData.h> 42#include <CoreFoundation/CFDate.h> 43#include <CoreFoundation/CFDictionary.h> 44#include <stdbool.h> 45 46#if defined(__cplusplus) 47extern "C" { 48#endif 49 50typedef uint32_t SecKeyUsage; 51enum { 52 kSecKeyUsageUnspecified = 0, 53 kSecKeyUsageDigitalSignature = 1 << 0, 54 kSecKeyUsageNonRepudiation = 1 << 1, 55 kSecKeyUsageContentCommitment= 1 << 1, 56 kSecKeyUsageKeyEncipherment = 1 << 2, 57 kSecKeyUsageDataEncipherment = 1 << 3, 58 kSecKeyUsageKeyAgreement = 1 << 4, 59 kSecKeyUsageKeyCertSign = 1 << 5, 60 kSecKeyUsageCRLSign = 1 << 6, 61 kSecKeyUsageEncipherOnly = 1 << 7, 62 kSecKeyUsageDecipherOnly = 1 << 8, 63 kSecKeyUsageCritical = 1 << 31, 64 kSecKeyUsageAll = 0x7FFFFFFF 65}; 66 67/* Return a certificate for the DER representation of this certificate. 68 Return NULL if the passed-in data is not a valid DER-encoded X.509 69 certificate. */ 70SecCertificateRefP SecCertificateCreateWithBytesP(CFAllocatorRef allocator, 71 const UInt8 *bytes, CFIndex length); 72 73/* Return the length of the DER representation of this certificate. */ 74CFIndex SecCertificateGetLengthP(SecCertificateRefP certificate); 75 76/* Return the bytes of the DER representation of this certificate. */ 77const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate); 78 79#pragma mark - 80#pragma mark Certificate Accessors 81 82CFDataRef SecCertificateGetSHA1DigestP(SecCertificateRefP certificate); 83 84CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRefP certificate); 85 86CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRefP certificate); 87 88CFStringRef SecCertificateCopyIssuerSummaryP(SecCertificateRefP certificate); 89 90/*! 91 @function SecCertificateCopyProperties 92 @abstract Return a property array for this trust certificate. 93 @param certificate A reference to the certificate to evaluate. 94 @result A property array. It is the caller's responsability to CFRelease 95 the returned array when it is no longer needed. 96 See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. 97 Unlike that function call this function returns a detailed description 98 of the certificate in question. 99*/ 100CFArrayRef SecCertificateCopyProperties(SecCertificateRefP certificate); 101 102CFMutableArrayRef SecCertificateCopySummaryProperties( 103 SecCertificateRefP certificate, CFAbsoluteTime verifyTime); 104 105/* Return the content of a DER-encoded integer (without the tag and length 106 fields) for this certificate's serial number. The caller must CFRelease 107 the value returned. */ 108CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate); 109 110/* Return an array of CFStringRefs representing the ip addresses in the 111 certificate if any. */ 112CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRefP certificate); 113 114/* Return an array of CFStringRefs representing the dns addresses in the 115 certificate if any. */ 116CFArrayRef SecCertificateCopyDNSNamesP(SecCertificateRefP certificate); 117 118/* Return an array of CFStringRefs representing the email addresses in the 119 certificate if any. */ 120CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRefP certificate); 121 122/* Return an array of CFStringRefs representing the common names in the 123 certificates subject if any. */ 124CFArrayRef SecCertificateCopyCommonNames(SecCertificateRefP certificate); 125 126/* Return an array of CFStringRefs representing the organization in the 127 certificate's subject if any. */ 128CFArrayRef SecCertificateCopyOrganization(SecCertificateRefP certificate); 129 130/* Return an array of CFStringRefs representing the NTPrincipalNames in the 131 certificate if any. */ 132CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRefP certificate); 133 134/* Return a string formatted according to RFC 2253 representing the complete 135 subject of certificate. */ 136CFStringRef SecCertificateCopySubjectString(SecCertificateRefP certificate); 137 138/* Return a string with the company name of an ev leaf certificate. */ 139CFStringRef SecCertificateCopyCompanyName(SecCertificateRefP certificate); 140 141/* X.509 Certificate Version: 1, 2 or 3. */ 142CFIndex SecCertificateVersion(SecCertificateRefP certificate); 143 144CFAbsoluteTime SecCertificateNotValidBeforeP(SecCertificateRefP certificate); 145CFAbsoluteTime SecCertificateNotValidAfterP(SecCertificateRefP certificate); 146 147/* Return true iff certificate is self signed and has a basic constraints 148 extension indicating that it's a certificate authority. */ 149bool SecCertificateIsSelfSignedCA(SecCertificateRefP certificate); 150 151SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRefP certificate); 152 153/* Returns an array of CFDataRefs for all extended key usage oids or NULL */ 154CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRefP certificate); 155 156/* Returns a certificate from a pem blob */ 157SecCertificateRefP SecCertificateCreateWithPEM(CFAllocatorRef allocator, 158 CFDataRef pem_certificate); 159 160/* Return an array of CFDataRefs from an array of SecCertificateRefPs. */ 161CFArrayRef SecCertificateArrayCopyDataArray(CFArrayRef certificates); 162 163/* Return an array of SecCertificateRefPs from an array of CFDataRefs. */ 164CFArrayRef SecCertificateDataArrayCopyArray(CFArrayRef certificates); 165 166CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRefP certificate); 167CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRefP certificate); 168 169CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRefP certificate); 170CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRefP certificate); 171 172#if defined(__cplusplus) 173} 174#endif 175 176#endif /* !_SECURITY_SECCERTIFICATEPRIVP_H_ */ 177