1/*
2 * Copyright (c) 2006-2010,2013 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25	@header SecCertificatePriv
26	The functions provided in SecCertificatePriv.h implement and manage a particular
27	type of keychain item that represents a certificate.  You can store a
28	certificate in a keychain, but a certificate can also be a transient
29	object.
30
31	You can use a certificate as a keychain item in most functions.
32	Certificates are able to compute their parent certificates, and much more.
33*/
34
35#ifndef _SECURITY_SECCERTIFICATEPRIVP_H_
36#define _SECURITY_SECCERTIFICATEPRIVP_H_
37
38//#include <Security/SecCertificate.h>
39#include "SecCertificateP.h"
40#include <CoreFoundation/CFArray.h>
41#include <CoreFoundation/CFData.h>
42#include <CoreFoundation/CFDate.h>
43#include <CoreFoundation/CFDictionary.h>
44#include <stdbool.h>
45
46#if defined(__cplusplus)
47extern "C" {
48#endif
49
50typedef uint32_t SecKeyUsage;
51enum {
52    kSecKeyUsageUnspecified      = 0,
53    kSecKeyUsageDigitalSignature = 1 << 0,
54    kSecKeyUsageNonRepudiation   = 1 << 1,
55    kSecKeyUsageContentCommitment= 1 << 1,
56    kSecKeyUsageKeyEncipherment  = 1 << 2,
57    kSecKeyUsageDataEncipherment = 1 << 3,
58    kSecKeyUsageKeyAgreement     = 1 << 4,
59    kSecKeyUsageKeyCertSign      = 1 << 5,
60    kSecKeyUsageCRLSign          = 1 << 6,
61    kSecKeyUsageEncipherOnly     = 1 << 7,
62    kSecKeyUsageDecipherOnly     = 1 << 8,
63    kSecKeyUsageCritical         = 1 << 31,
64    kSecKeyUsageAll              = 0x7FFFFFFF
65};
66
67/* Return a certificate for the DER representation of this certificate.
68   Return NULL if the passed-in data is not a valid DER-encoded X.509
69   certificate. */
70SecCertificateRefP SecCertificateCreateWithBytesP(CFAllocatorRef allocator,
71	const UInt8 *bytes, CFIndex length);
72
73/* Return the length of the DER representation of this certificate. */
74CFIndex SecCertificateGetLengthP(SecCertificateRefP certificate);
75
76/* Return the bytes of the DER representation of this certificate. */
77const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate);
78
79#pragma mark -
80#pragma mark Certificate Accessors
81
82CFDataRef SecCertificateGetSHA1DigestP(SecCertificateRefP certificate);
83
84CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRefP certificate);
85
86CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRefP certificate);
87
88CFStringRef SecCertificateCopyIssuerSummaryP(SecCertificateRefP certificate);
89
90/*!
91    @function SecCertificateCopyProperties
92    @abstract Return a property array for this trust certificate.
93    @param certificate A reference to the certificate to evaluate.
94    @result A property array. It is the caller's responsability to CFRelease
95    the returned array when it is no longer needed.
96    See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
97    Unlike that function call this function returns a detailed description
98    of the certificate in question.
99*/
100CFArrayRef SecCertificateCopyProperties(SecCertificateRefP certificate);
101
102CFMutableArrayRef SecCertificateCopySummaryProperties(
103    SecCertificateRefP certificate, CFAbsoluteTime verifyTime);
104
105/* Return the content of a DER-encoded integer (without the tag and length
106   fields) for this certificate's serial number.   The caller must CFRelease
107   the value returned.  */
108CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate);
109
110/* Return an array of CFStringRefs representing the ip addresses in the
111   certificate if any. */
112CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRefP certificate);
113
114/* Return an array of CFStringRefs representing the dns addresses in the
115   certificate if any. */
116CFArrayRef SecCertificateCopyDNSNamesP(SecCertificateRefP certificate);
117
118/* Return an array of CFStringRefs representing the email addresses in the
119   certificate if any. */
120CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRefP certificate);
121
122/* Return an array of CFStringRefs representing the common names in the
123   certificates subject if any. */
124CFArrayRef SecCertificateCopyCommonNames(SecCertificateRefP certificate);
125
126/* Return an array of CFStringRefs representing the organization in the
127   certificate's subject if any. */
128CFArrayRef SecCertificateCopyOrganization(SecCertificateRefP certificate);
129
130/* Return an array of CFStringRefs representing the NTPrincipalNames in the
131   certificate if any. */
132CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRefP certificate);
133
134/* Return a string formatted according to RFC 2253 representing the complete
135   subject of certificate. */
136CFStringRef SecCertificateCopySubjectString(SecCertificateRefP certificate);
137
138/* Return a string with the company name of an ev leaf certificate. */
139CFStringRef SecCertificateCopyCompanyName(SecCertificateRefP certificate);
140
141/* X.509 Certificate Version: 1, 2 or 3. */
142CFIndex SecCertificateVersion(SecCertificateRefP certificate);
143
144CFAbsoluteTime SecCertificateNotValidBeforeP(SecCertificateRefP certificate);
145CFAbsoluteTime SecCertificateNotValidAfterP(SecCertificateRefP certificate);
146
147/* Return true iff certificate is self signed and has a basic constraints
148   extension indicating that it's a certificate authority. */
149bool SecCertificateIsSelfSignedCA(SecCertificateRefP certificate);
150
151SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRefP certificate);
152
153/* Returns an array of CFDataRefs for all extended key usage oids or NULL */
154CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRefP certificate);
155
156/* Returns a certificate from a pem blob */
157SecCertificateRefP SecCertificateCreateWithPEM(CFAllocatorRef allocator,
158	CFDataRef pem_certificate);
159
160/* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
161CFArrayRef SecCertificateArrayCopyDataArray(CFArrayRef certificates);
162
163/* Return an array of SecCertificateRefPs from an array of CFDataRefs. */
164CFArrayRef SecCertificateDataArrayCopyArray(CFArrayRef certificates);
165
166CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRefP certificate);
167CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRefP certificate);
168
169CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRefP certificate);
170CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRefP certificate);
171
172#if defined(__cplusplus)
173}
174#endif
175
176#endif /* !_SECURITY_SECCERTIFICATEPRIVP_H_ */
177