tpPolicies.h   [plain text]


/*
 * Copyright (c) 2000-2012 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
	tpPolicies.h - TP module policy implementation
*/

#ifndef	_TP_POLICIES_H_
#define _TP_POLICIES_H_

#include <Security/cssmtype.h>
#include <security_utilities/alloc.h>
#include <Security/cssmapple.h>
#include "TPCertInfo.h"

#ifdef __cplusplus
extern	"C" {
#endif /* __cplusplus */

/*
 * Enumerated certificate policies enforced by this module.
 */
typedef enum {
	kTPDefault,			/* no extension parsing, just sig and expiration */
	kTPx509Basic,		/* basic X.509/RFC3280 */
	kTPiSign,			/* (obsolete) Apple code signing */
	kTP_SSL,			/* SecureTransport/SSL */
	kCrlPolicy,			/* cert chain verification via CRL */
	kTP_SMIME,			/* S/MIME */		
	kTP_EAP,
	kTP_SWUpdateSign,	/* Apple SW Update signing (was Apple Code Signing) */
	kTP_ResourceSign,	/* Apple Resource Signing */
	kTP_IPSec,			/* IPSEC */
	kTP_iChat,			/* iChat */
	kTP_PKINIT_Client,	/* PKINIT client cert */
	kTP_PKINIT_Server,	/* PKINIT server cert */
	kTP_CodeSigning,	/* new Apple Code Signing (Leopard/10.5) */
	kTP_PackageSigning,	/* Package Signing */
	kTP_MacAppStoreRec,	/* MacApp store receipt */
	kTP_AppleIDSharing,	/* AppleID Sharing */
	kTP_TimeStamping	/* RFC3161 time stamping */
} TPPolicy;

/*
 * Perform TP verification on a constructed (ordered) cert group.
 */
CSSM_RETURN tp_policyVerify(
	TPPolicy						policy,
	Allocator						&alloc,
	CSSM_CL_HANDLE					clHand,
	CSSM_CSP_HANDLE					cspHand,
	TPCertGroup 					*certGroup,
	CSSM_BOOL						verifiedToRoot,		// last cert is good root
	CSSM_BOOL						verifiedViaTrustSetting,// last cert has valid user trust
	CSSM_APPLE_TP_ACTION_FLAGS		actionFlags,
	const CSSM_DATA					*policyFieldData,	// optional
    void 							*policyControl);	// future use

/* 
 * Obtain policy-specific User Trust parameters
 */
void tp_policyTrustSettingParams(
	TPPolicy				policy,
	const CSSM_DATA			*policyFieldData,		// optional
	/* returned values - not mallocd */
	const char				**policyStr,
	uint32					*policyStrLen,
	SecTrustSettingsKeyUsage	*keyUse);
	
#ifdef __cplusplus
}
#endif
#endif	/* _TP_POLICIES_H_ */