#ifndef _CERT_VERIFY_H_
#define _CERT_VERIFY_H_
#include <clAppUtils/BlobList.h>
#include <Security/cssmtype.h>
#include <Security/cssmapple.h>
extern "C" {
void dumpVfyResult(
const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult);
typedef enum {
CVP_Basic = 0,
CVP_SSL,
CVP_SMIME,
CVP_SWUpdateSign, CVP_ResourceSigning,
CVP_iChat,
CVP_IPSec,
CVP_PKINIT_Server,
CVP_PKINIT_Client,
CVP_AppleCodeSigning, CVP_PackageSigning
} CertVerifyPolicy;
typedef enum {
CRP_None = 0,
CRP_CRL,
CRP_OCSP,
CRP_CRL_OCSP
} CertRevokePolicy;
#define CERT_VFY_ARGS_VERS 5
typedef struct {
int version;
CSSM_TP_HANDLE tpHand;
CSSM_CL_HANDLE clHand;
CSSM_CSP_HANDLE cspHand;
BlobList *certs;
BlobList *roots;
BlobList *crls;
char *vfyTime;
CSSM_BOOL certNetFetchEnable;
CSSM_BOOL useSystemAnchors;
CSSM_BOOL useTrustSettings;
CSSM_BOOL leafCertIsCA;
CSSM_BOOL allowExpiredRoot;
CSSM_BOOL implicitAnchors;
CSSM_DL_DB_LIST_PTR dlDbList; CertVerifyPolicy vfyPolicy;
const char *sslHost; CSSM_BOOL sslClient; const char *senderEmail; CE_KeyUsage intendedKeyUse;
CertRevokePolicy revokePolicy;
CSSM_BOOL allowUnverified;
CSSM_BOOL requireCrlIfPresent;
CSSM_BOOL requireCrlForAll;
CSSM_BOOL crlNetFetchEnable;
CSSM_DL_DB_HANDLE_PTR crlDlDb;
const char *responderURI; const unsigned char *responderCert; unsigned responderCertLen; CSSM_BOOL disableCache; CSSM_BOOL disableOcspNet;
CSSM_BOOL requireOcspIfPresent;
CSSM_BOOL requireOcspForAll;
CSSM_BOOL generateOcspNonce;
CSSM_BOOL requireOcspRespNonce;
const char *expectedErrStr;
unsigned numCertErrors;
const char **certErrors;
unsigned numCertStatus;
const char **certStatus;
CSSM_BOOL quiet;
CSSM_BOOL verbose;
} CertVerifyArgs;
int certVerify(CertVerifyArgs *args);
int certVerifySimple(
CSSM_TP_HANDLE tpHand,
CSSM_CL_HANDLE clHand,
CSSM_CSP_HANDLE cspHand,
BlobList &certs,
BlobList &roots,
CSSM_BOOL useSystemAnchors,
CSSM_BOOL leafCertIsCA,
CSSM_BOOL allowExpiredRoot,
CertVerifyPolicy vfyPolicy,
const char *sslHost, CSSM_BOOL sslClient, const char *senderEmail, CE_KeyUsage intendedKeyUse, const char *expectedErrStr, unsigned numCertErrors,
const char **certErrors, unsigned numCertStatus,
const char **certStatus,
CSSM_BOOL useTrustSettings,
CSSM_BOOL quiet,
CSSM_BOOL verbose);
unsigned hexToBin(const char *hex);
}
#endif