/* * Copyright (c) 2003-2015 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ */ /*! @header SecPolicyPriv Private part of SecPolicy.h */ #ifndef _SECURITY_SECPOLICYPRIV_H_ #define _SECURITY_SECPOLICYPRIV_H_ #include <Security/SecPolicy.h> #include <CoreFoundation/CFArray.h> #if defined(__cplusplus) extern "C" { #endif /*! @enum Policy Constants (Private) @discussion Predefined constants used to specify a policy. @constant kSecPolicyAppleMobileStore @constant kSecPolicyAppleTestMobileStore @constant kSecPolicyAppleEscrowService @constant kSecPolicyAppleProfileSigner @constant kSecPolicyAppleQAProfileSigner @constant kSecPolicyAppleServerAuthentication @constant kSecPolicyAppleOTAPKISigner @constant kSecPolicyAppleTestOTAPKISigner @constant kSecPolicyAppleIDValidationRecordSigning @constant kSecPolicyAppleSMPEncryption @constant kSecPolicyAppleTestSMPEncryption @constant kSecPolicyApplePCSEscrowService @constant kSecPolicyApplePPQSigning @constant kSecPolicyAppleTestPPQSigning @constant kSecPolicyAppleSWUpdateSigning @constant kSecPolicyAppleATVAppSigning @constant kSecPolicyAppleTestATVAppSigning */ extern const CFStringRef kSecPolicyAppleMobileStore __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleTestMobileStore __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleEscrowService __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleProfileSigner __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleQAProfileSigner __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleServerAuthentication __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); #if TARGET_OS_IPHONE extern const CFStringRef kSecPolicyAppleOTAPKISigner __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleTestOTAPKISigner __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleIDValidationRecordSigningPolicy __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_7_0); extern const CFStringRef kSecPolicyAppleSMPEncryption __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0); extern const CFStringRef kSecPolicyAppleTestSMPEncryption __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_8_0); #endif extern const CFStringRef kSecPolicyApplePCSEscrowService __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); extern const CFStringRef kSecPolicyApplePPQSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecPolicyAppleTestPPQSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecPolicyAppleSWUpdateSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecPolicyAppleATVAppSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecPolicyAppleTestATVAppSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); /*! @function SecPolicyCopy @abstract Returns a copy of a policy reference based on certificate type and OID. @param certificateType A certificate type. @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs. @param policy The returned policy reference. This is a required parameter. @result A result code. See "Security Error Codes" (SecBase.h). @discussion This function is deprecated in Mac OS X 10.7 and later; to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. */ OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /*! @function SecPolicyCopyAll @abstract Returns an array of all known policies based on certificate type. @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown. @param policies The returned array of policies. This is a required parameter. @result A result code. See "Security Error Codes" (SecBase.h). @discussion This function is deprecated in Mac OS X 10.7 and later; to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID for each desired policy from the list of supported OID constants in SecPolicy.h.) */ OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /* Given a unified SecPolicyRef, return a copy with a legacy C++ ItemImpl-based Policy instance. Only for internal use; legacy references cannot be used by SecPolicy API functions. */ SecPolicyRef SecPolicyCreateItemImplInstance(SecPolicyRef policy); /* Given a CSSM_OID pointer, return a string which can be passed to SecPolicyCreateWithProperties. The return value can be NULL if no supported policy was found for the OID argument. */ CFStringRef SecPolicyGetStringForOID(CSSM_OID* oid); /*! @function SecPolicyCreateAppleIDSService @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname); /*! @function SecPolicyCreateAppleIDSService @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef context); /*! @function SecPolicyCreateApplePushService @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef context); /*! @function SecPolicyCreateApplePushServiceLegacy @abstract Ensure we're appropriately pinned to the Push service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname); /*! @function SecPolicyCreateAppleMMCSService @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef context); /*! @function SecPolicyCreateAppleGSService @abstract Ensure we're appropriately pinned to the GS service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef context) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); /*! @function SecPolicyCreateApplePPQService @abstract Ensure we're appropriately pinned to the PPQ service (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef context); /*! @function SecPolicyCreateAppleSSLService @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions) */ SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname); /*! @function SecPolicyCreateAppleTimeStampingAndRevocationPolicies @abstract Create timeStamping policy array from a given set of policies by applying identical revocation behavior @param policyOrArray can be a SecPolicyRef or a CFArray of SecPolicyRef */ CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray); /*! @function SecPolicyCreateAppleATVAppSigning @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name, and apple anchor. Leaf cert must have Digital Signature usage. Leaf cert must have Apple ATV App Signing marker OID (1.2.840.113635.100.6.1.24). Leaf cert must have 'Apple TVOS Application Signing' common name. */ SecPolicyRef SecPolicyCreateAppleATVAppSigning(void) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); /*! @function SecPolicyCreateTestAppleATVAppSigning @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations Certification Authority' by name, and apple anchor. Leaf cert must have Digital Signature usage. Leaf cert must have Apple ATV App Signing Test marker OID (1.2.840.113635.100.6.1.24.1). Leaf cert must have 'TEST Apple TVOS Application Signing TEST' common name. */ SecPolicyRef SecPolicyCreateTestAppleATVAppSigning(void) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); /*! @function SecPolicyCreateApplePayIssuerEncryption @abstract Check for intermediate certificate 'Apple Worldwide Developer Relations CA - G2' by name, and apple anchor. Leaf cert must have Key Encipherment and Key Agreement usage. Leaf cert must have Apple Pay Issuer Encryption marker OID (1.2.840.113635.100.6.39). */ SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); #if defined(__cplusplus) } #endif #endif /* !_SECURITY_SECPOLICYPRIV_H_ */