SecCertificatePrivP.h   [plain text]

 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * and read it before using this
 * file.
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * Please see the License for the specific language governing rights and
 * limitations under the License.

	@header SecCertificatePriv
	The functions provided in SecCertificatePriv.h implement and manage a particular
	type of keychain item that represents a certificate.  You can store a
	certificate in a keychain, but a certificate can also be a transient
	You can use a certificate as a keychain item in most functions.
	Certificates are able to compute their parent certificates, and much more.


//#include <Security/SecCertificate.h>
#include "SecCertificateP.h"
#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFDate.h>
#include <CoreFoundation/CFDictionary.h>
#include <stdbool.h>

#if defined(__cplusplus)
extern "C" {

typedef uint32_t SecKeyUsage;
enum {
    kSecKeyUsageUnspecified      = 0,
    kSecKeyUsageDigitalSignature = 1 << 0,
    kSecKeyUsageNonRepudiation   = 1 << 1,
    kSecKeyUsageContentCommitment= 1 << 1,
    kSecKeyUsageKeyEncipherment  = 1 << 2,
    kSecKeyUsageDataEncipherment = 1 << 3,
    kSecKeyUsageKeyAgreement     = 1 << 4,
    kSecKeyUsageKeyCertSign      = 1 << 5,
    kSecKeyUsageCRLSign          = 1 << 6,
    kSecKeyUsageEncipherOnly     = 1 << 7,
    kSecKeyUsageDecipherOnly     = 1 << 8,
    kSecKeyUsageCritical         = 1 << 31,
    kSecKeyUsageAll              = 0x7FFFFFFF

/* Return a certificate for the DER representation of this certificate.
   Return NULL if the passed-in data is not a valid DER-encoded X.509
   certificate. */
SecCertificateRefP SecCertificateCreateWithBytes(CFAllocatorRef allocator,
	const UInt8 *bytes, CFIndex length);

/* Return the length of the DER representation of this certificate. */
CFIndex SecCertificateGetLength(SecCertificateRefP certificate);

/* Return the bytes of the DER representation of this certificate. */
const UInt8 *SecCertificateGetBytePtr(SecCertificateRefP certificate);

#pragma mark -
#pragma mark Certificate Accessors

CFDataRef SecCertificateGetSHA1Digest(SecCertificateRefP certificate);

CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRefP certificate);

CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRefP certificate);

	@function SecCertificateCopyIssuerSummary
	@abstract Return a simple string which hopefully represents a human understandable issuer.
    @param certificate SecCertificate object created with SecCertificateCreateWithData().
    @discussion All the data in this string comes from the certificate itself
    and thus it's in whatever language the certificate itself is in.
	@result A CFStringRef which the caller should CFRelease() once it's no longer needed.
CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRefP certificate);

	@function SecCertificateCopyProperties
	@abstract Return a property array for this trust certificate.
	@param certificate A reference to the certificate to evaluate.
    @result A property array. It is the caller's responsability to CFRelease
    the returned array when it is no longer needed.
    See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array.
	Unlike that function call this function returns a detailed description
    of the certificate in question.
CFArrayRef SecCertificateCopyProperties(SecCertificateRefP certificate);

CFMutableArrayRef SecCertificateCopySummaryProperties(
    SecCertificateRefP certificate, CFAbsoluteTime verifyTime);

/* Return the content of a DER-encoded integer (without the tag and length
   fields) for this certificate's serial number.   The caller must CFRelease
   the value returned.  */
CFDataRef SecCertificateCopySerialNumberP(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the ip addresses in the
   certificate if any. */
CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the dns addresses in the
   certificate if any. */
CFArrayRef SecCertificateCopyDNSNames(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the email addresses in the
   certificate if any. */
CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the common names in the
   certificates subject if any. */
CFArrayRef SecCertificateCopyCommonNames(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the organization in the
   certificate's subject if any. */
CFArrayRef SecCertificateCopyOrganization(SecCertificateRefP certificate);

/* Return an array of CFStringRefs representing the NTPrincipalNames in the
   certificate if any. */
CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRefP certificate);

/* Return a string formatted according to RFC 2253 representing the complete
   subject of certificate. */
CFStringRef SecCertificateCopySubjectString(SecCertificateRefP certificate);

/* Return a string with the company name of an ev leaf certificate. */
CFStringRef SecCertificateCopyCompanyName(SecCertificateRefP certificate);

/* X.509 Certificate Version: 1, 2 or 3. */
CFIndex SecCertificateVersion(SecCertificateRefP certificate);
CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRefP certificate);
CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRefP certificate);

/* Return true iff certificate is self signed and has a basic constraints
   extension indicating that it's a certificate authority. */
bool SecCertificateIsSelfSignedCA(SecCertificateRefP certificate);

SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRefP certificate);

/* Returns an array of CFDataRefs for all extended key usage oids or NULL */
CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRefP certificate);

/* Returns a certificate from a pem blob */
SecCertificateRefP SecCertificateCreateWithPEM(CFAllocatorRef allocator,
	CFDataRef pem_certificate);

/* Return an array of CFDataRefs from an array of SecCertificateRefPs. */
CFArrayRef SecCertificateArrayCopyDataArray(CFArrayRef certificates);

/* Return an array of SecCertificateRefPs from an array of CFDataRefs. */
CFArrayRef SecCertificateDataArrayCopyArray(CFArrayRef certificates);

CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRefP certificate);
CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRefP certificate);

CFDataRef SecCertificateGetNormalizedIssuer(SecCertificateRefP certificate);
CFDataRef SecCertificateGetNormalizedSubject(SecCertificateRefP certificate);

#if defined(__cplusplus)