tpUtils.h   [plain text]

/*
 * tpUtils.h - TP and cert group test support
 */

#ifndef	_TP_UTILS_H_
#define _TP_UTILS_H_

#include <Security/cssmtype.h>
#include <Security/x509defs.h>
#include <Security/cssmapple.h>
#include <time.h>
#include <MacTypes.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>

#ifdef	__cplusplus
extern "C" {
#endif

#define TP_DB_ENABLE	1

/*
 * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the
 * certs into the certgroup and optionally into one of a list of DBs in 
 * random order. Optionaly the first cert in the array is placed in the 
 * first element of certgroup. Only error is memory error. It's legal to 
 * pass in an empty cert array. 
 */
CSSM_RETURN tpMakeRandCertGroup(
	CSSM_CL_HANDLE			clHand,
	CSSM_DL_DB_LIST_PTR		dbList,
	const CSSM_DATA_PTR		certs,
	unsigned				numCerts,
	CSSM_CERTGROUP_PTR		certGroup,
	CSSM_BOOL				firstCertIsSubject,	// true: certs[0] goes to head 
												//   of certGroup
	CSSM_BOOL				verbose,
	CSSM_BOOL				allInDbs,			// all certs go to DBs
	CSSM_BOOL				skipFirstDb);		// no certs go to db[0]
	
CSSM_RETURN tpStoreCert(
	CSSM_DL_DB_HANDLE		dlDb,
	const CSSM_DATA_PTR		cert,
	/* REQUIRED fields */
	CSSM_CERT_TYPE			certType,		// e.g. CSSM_CERT_X_509v3
	uint32					serialNum,
	const CSSM_DATA			*issuer,		// (shouldn't this be subject?)
											// normalized & encoded
	/* OPTIONAL fields */
	CSSM_CERT_ENCODING		certEncoding,	// e.g. CSSM_CERT_ENCODING_DER
	const CSSM_DATA			*printName,
	const CSSM_DATA			*subject);		// normalized & encoded
	
/*
 * Store a cert when we don't already know the required fields. We'll 
 * extract them.
 */
CSSM_RETURN tpStoreRawCert(
	CSSM_DL_DB_HANDLE		dlDb,
	CSSM_CL_HANDLE			clHand,
	const CSSM_DATA_PTR		cert);

/* 
 * Generate numKeyPairs key pairs of specified algorithm and size.
 * Key labels will be 'keyLabelBase' concatenated with a 4-digit
 * decimal number.
 */
CSSM_RETURN tpGenKeys(
	CSSM_CSP_HANDLE	cspHand,
	CSSM_DL_DB_HANDLE dbHand,			/* keys go here */
	unsigned		numKeyPairs,
	uint32			keyGenAlg,		/* CSSM_ALGID_RSA, etc. */
	uint32			keySizeInBits,			
	const char 		*keyLabelBase,	/* C string */
	CSSM_KEY_PTR	pubKeys,		/* array of keys RETURNED here */
	CSSM_KEY_PTR	privKeys,		/* array of keys RETURNED here */
	CSSM_DATA_PTR	paramData = NULL);	// optional DSA params

/* 
 * Generate a cert chain using specified key pairs. The last cert in the
 * chain (certs[numCerts-1]) is a root cert, self-signed. 
 */
CSSM_RETURN tpGenCerts(
	CSSM_CSP_HANDLE	cspHand,
	CSSM_CL_HANDLE	clHand,
	unsigned		numCerts,
	uint32			sigAlg,			/* CSSM_ALGID_SHA1WithRSA, etc. */
	const char 		*nameBase,		/* C string */
	CSSM_KEY_PTR	pubKeys,		/* array of public keys */
	CSSM_KEY_PTR	privKeys,		/* array of private keys */
	CSSM_DATA_PTR	certs,			/* array of certs RETURNED here */
	const char		*notBeforeStr,	/* from genTimeAtNowPlus() */
	const char		*notAfterStr);	/* from genTimeAtNowPlus() */

/* 
 * Generate a cert chain using specified key pairs. The last cert in the
 * chain (certs[numCerts-1]) is a root cert, self-signed. Store
 * the certs indicated by corresponding element on storeArray. If 
 * storeArray[n].DLHandle == 0, the cert is not stored. 
 */
CSSM_RETURN tpGenCertsStore(
	CSSM_CSP_HANDLE		cspHand,
	CSSM_CL_HANDLE		clHand,
	unsigned			numCerts,
	uint32				sigAlg,			/* CSSM_ALGID_SHA1WithRSA, etc. */
	const char 			*nameBase,		/* C string */
	CSSM_KEY_PTR		pubKeys,		/* array of public keys */
	CSSM_KEY_PTR		privKeys,		/* array of private keys */
	CSSM_DL_DB_HANDLE	*storeArray,	/* array of certs stored here  */
	CSSM_DATA_PTR		certs,			/* array of certs RETURNED here */
	const char			*notBeforeStr,	/* from genTimeAtNowPlus() */
	const char			*notAfterStr);	/* from genTimeAtNowPlus() */

/* free a CSSM_CERT_GROUP */
void tpFreeCertGroup(
	CSSM_CERTGROUP_PTR	certGroup,
	CSSM_BOOL	 		freeCertData,		// free individual CertList.Data 
	CSSM_BOOL			freeStruct);			// free the overall CSSM_CERTGROUP

CSSM_BOOL tpCompareCertGroups(
	const CSSM_CERTGROUP	*grp1,
	const CSSM_CERTGROUP	*grp2);

CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb);

/*
 * Wrapper for CSSM_TP_CertGroupVerify. 
 */
CSSM_RETURN tpCertGroupVerify(
	CSSM_TP_HANDLE						tpHand,
	CSSM_CL_HANDLE						clHand,
	CSSM_CSP_HANDLE 					cspHand,
	CSSM_DL_DB_LIST_PTR					dbListPtr,
	const CSSM_OID						*policy,		// optional
	const CSSM_DATA						*fieldOpts,		// optional
	const CSSM_DATA						*actionData,	// optional
	void								*policyOpts,
	const CSSM_CERTGROUP 				*certGroup,
	CSSM_DATA_PTR						anchorCerts,
	unsigned							numAnchorCerts,
	CSSM_TP_STOP_ON						stopOn,		// CSSM_TP_STOP_ON_POLICY, etc.
	CSSM_TIMESTRING						cssmTimeStr,// optional
	CSSM_TP_VERIFY_CONTEXT_RESULT_PTR	result);	// RETURNED

CSSM_RETURN tpKcOpen(
	CSSM_DL_HANDLE		dlHand,
	const char			*kcName,
	const char			*pwd,				// optional to avoid UI	
	CSSM_BOOL			doCreate,
	CSSM_DB_HANDLE		*dbHand);			// RETURNED

CSSM_RETURN freeVfyResult(
	CSSM_TP_VERIFY_CONTEXT_RESULT *ctx);

void printCertInfo(
	unsigned numCerts,							// from CertGroup
	const CSSM_TP_APPLE_EVIDENCE_INFO *info);
	
void dumpVfyResult(
	const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult);

/* 
 * Obtain system anchors in CF and in CSSM_DATA form.
 * Caller must CFRelease the returned rootArray and 
 * free() the returned CSSM_DATA array, but not its
 * contents - SecCertificates themselves own that.
 */
OSStatus getSystemAnchors(
	CFArrayRef *rootArray,	/* RETURNED */
	CSSM_DATA **anchors,	/* RETURNED */
	unsigned *numAnchors);	/* RETURNED */

/* get a SecCertificateRef from a file */
SecCertificateRef certFromFile(
	const char *fileName);

#ifdef	__cplusplus
}
#endif
#endif	/* _TP_UTILS_H_ */