1/* 2 * Copyright (c) 2008-2009 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * SecTrustServer.h - certificate trust evaluation engine 24 * 25 * Created by Michael Brouwer on 12/12/08. 26 * 27 */ 28 29#ifndef _SECURITY_SECTRUSTSERVER_H_ 30#define _SECURITY_SECTRUSTSERVER_H_ 31 32#include <CoreFoundation/CFString.h> 33 34#include <Security/SecCertificatePath.h> 35#include <Security/SecTrust.h> 36#include <Security/SecBasePriv.h> /* For errSecWaitForCallback. */ 37#include <mach/port.h> 38 39 40__BEGIN_DECLS 41 42 43/* args_in keys. */ 44#define kSecTrustCertificatesKey "certificates" 45#define kSecTrustAnchorsKey "anchors" 46#define kSecTrustAnchorsOnlyKey "anchorsOnly" 47#define kSecTrustPoliciesKey "policies" 48#define kSecTrustVerifyDateKey "verifyDate" 49 50/* args_out keys. */ 51#define kSecTrustDetailsKey "details" 52#define kSecTrustChainKey "chain" 53#define kSecTrustResultKey "result" 54#define kSecTrustInfoKey "info" 55 56typedef struct SecPathBuilder *SecPathBuilderRef; 57 58/* Completion callback. You should call SecTrustSessionDestroy from this. */ 59typedef void(*SecPathBuilderCompleted)(const void *userData, 60 SecCertificatePathRef chain, CFArrayRef details, CFDictionaryRef info, 61 SecTrustResultType result); 62 63/* Returns a new trust path builder and policy evaluation engine instance. */ 64SecPathBuilderRef SecPathBuilderCreate(CFArrayRef certificates, 65 CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, 66 CFAbsoluteTime verifyTime, CFArrayRef accessGroups, 67 SecPathBuilderCompleted completed, const void *userData); 68 69/* Returns true if it's ok to perform network operations for this builder. */ 70bool SecPathBuilderCanAccessNetwork(SecPathBuilderRef builder); 71 72/* Disable or enable network access for this builder if allow is false 73 network access will be disabled. */ 74void SecPathBuilderSetCanAccessNetwork(SecPathBuilderRef builder, bool allow); 75 76/* Core of the trust evaluation engine, this will invoke the completed 77 callback and return false if the evaluation completed, or return true if 78 the evaluation is still waiting for some external event (usually the 79 network). */ 80bool SecPathBuilderStep(SecPathBuilderRef builder); 81 82/* Return the dispatch queue to be used by this builder. */ 83dispatch_queue_t SecPathBuilderGetQueue(SecPathBuilderRef builder); 84 85/* Evaluate trust and call evaluated when done. */ 86void SecTrustServerEvaluateBlock(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, void (^evaluated)(SecTrustResultType tr, CFArrayRef details, CFDictionaryRef info, SecCertificatePathRef chain, CFErrorRef error)); 87 88/* Synchronously invoke SecTrustServerEvaluateBlock. */ 89SecTrustResultType SecTrustServerEvaluate(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error); 90 91void InitializeAnchorTable(void); 92 93__END_DECLS 94 95#endif /* !_SECURITY_SECTRUSTSERVER_H_ */ 96