SecPolicyInternal.h [plain text]
#ifndef _SECURITY_SECPOLICYINTERNAL_H_
#define _SECURITY_SECPOLICYINTERNAL_H_
#include <Security/SecPolicy.h>
#include <Security/SecTrust.h>
#include <Security/SecCertificatePath.h>
#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFString.h>
#include <CoreFoundation/CFRuntime.h>
__BEGIN_DECLS
struct __SecPolicy {
CFRuntimeBase _base;
CFStringRef _oid;
CFStringRef _name;
CFDictionaryRef _options;
};
extern const CFStringRef kSecPolicyCheckBasicConstraints;
extern const CFStringRef kSecPolicyCheckCriticalExtensions;
extern const CFStringRef kSecPolicyCheckExtendedKeyUsage;
extern const CFStringRef kSecPolicyCheckIdLinkage;
extern const CFStringRef kSecPolicyCheckWeakIntermediates;
extern const CFStringRef kSecPolicyCheckWeakLeaf;
extern const CFStringRef kSecPolicyCheckWeakRoot;
extern const CFStringRef kSecPolicyCheckKeySize;
extern const CFStringRef kSecPolicyCheckSignatureHashAlgorithms;
extern const CFStringRef kSecPolicyCheckKeyUsage;
extern const CFStringRef kSecPolicyCheckNonEmptySubject;
extern const CFStringRef kSecPolicyCheckQualifiedCertStatements;
extern const CFStringRef kSecPolicyCheckValidIntermediates;
extern const CFStringRef kSecPolicyCheckValidLeaf;
extern const CFStringRef kSecPolicyCheckValidRoot;
extern const CFStringRef kSecPolicyCheckAnchorTrusted;
extern const CFStringRef kSecPolicyCheckAnchorSHA1;
extern const CFStringRef kSecPolicyCheckAnchorSHA256;
extern const CFStringRef kSecPolicyCheckAnchorApple;
extern const CFStringRef kSecPolicyCheckSSLHostname;
extern const CFStringRef kSecPolicyCheckEmail;
extern const CFStringRef kSecPolicyCheckIssuerCommonName;
extern const CFStringRef kSecPolicyCheckSubjectCommonName;
extern const CFStringRef kSecPolicyCheckSubjectCommonNameTEST;
extern const CFStringRef kSecPolicyCheckSubjectOrganization;
extern const CFStringRef kSecPolicyCheckSubjectOrganizationalUnit;
extern const CFStringRef kSecPolicyCheckSubjectCommonNamePrefix;
extern const CFStringRef kSecPolicyCheckChainLength;
extern const CFStringRef kSecPolicyCheckNotValidBefore;
extern const CFStringRef kSecPolicyCheckEAPTrustedServerNames;
extern const CFStringRef kSecPolicyCheckCertificatePolicy;
extern const CFStringRef kSecPolicyCheckBasicCertificateProcessing;
extern const CFStringRef kSecPolicyCheckExtendedValidation;
extern const CFStringRef kSecPolicyCheckRevocation;
extern const CFStringRef kSecPolicyCheckRevocationResponseRequired;
extern const CFStringRef kSecPolicyCheckRevocationOCSP;
extern const CFStringRef kSecPolicyCheckRevocationCRL;
extern const CFStringRef kSecPolicyCheckRevocationAny;
extern const CFStringRef kSecPolicyCheckRevocationOnline;
extern const CFStringRef kSecPolicyCheckNoNetworkAccess;
extern const CFStringRef kSecPolicyCheckBlackListedLeaf;
extern const CFStringRef kSecPolicyCheckBlackListedKey;
extern const CFStringRef kSecPolicyCheckGrayListedLeaf;
extern const CFStringRef kSecPolicyCheckLeafMarkerOid;
extern const CFStringRef kSecPolicyCheckLeafMarkerOidWithoutValueCheck;
extern const CFStringRef kSecPolicyCheckLeafMarkersProdAndQA;
extern const CFStringRef kSecPolicyCheckIntermediateMarkerOid;
extern const CFStringRef kSecPolicyCheckIntermediateSPKISHA256;
extern const CFStringRef kSecPolicyCheckIntermediateEKU;
extern const CFStringRef kSecPolicyCheckGrayListedKey;
extern const CFStringRef kSecPolicyCheckCertificateTransparency;
extern const CFStringRef kSecPolicyCheckUsageConstraints;
extern const CFStringRef kSecPolicyCheckSystemTrustedWeakHash;
extern const CFStringRef kSecPolicyCheckIntermediateOrganization;
extern const CFStringRef kSecPolicyCheckIntermediateCountry;
extern const CFStringRef kSecPolicyAppleAnchorIncludeTestRoots;
extern const CFStringRef kSecPolicyLeafMarkerProd;
extern const CFStringRef kSecPolicyLeafMarkerQA;
SecPolicyRef SecPolicyCreate(CFStringRef oid, CFStringRef name, CFDictionaryRef options);
CFDictionaryRef SecPolicyGetOptions(SecPolicyRef policy);
void SecPolicySetOptionsValue(SecPolicyRef policy, CFStringRef key, CFTypeRef value);
xpc_object_t SecPolicyArrayCopyXPCArray(CFArrayRef policies, CFErrorRef *error);
CFArrayRef SecPolicyXPCArrayCopyArray(xpc_object_t xpc_policies, CFErrorRef *error);
CFArrayRef SecPolicyArrayCreateDeserialized(CFArrayRef serializedPolicies);
CFArrayRef SecPolicyArrayCreateSerialized(CFArrayRef policies);
bool SecPolicyCheckCertKeyUsage(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertExtendedKeyUsage(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSSLHostname(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertEmail(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectCommonNamePrefix(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectCommonName(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectCommonNameTEST(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertNotValidBefore(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectOrganization(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectOrganizationalUnit(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertEAPTrustedServerNames(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertLeafMarkerOid(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertLeafMarkerOidWithoutValueCheck(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSignatureHashAlgorithms(SecCertificateRef cert, CFTypeRef pvcValue);
bool SecPolicyCheckCertSubjectCountry(SecCertificateRef cert, CFTypeRef pvcValue);
typedef struct OpaqueSecLeafPVC *SecLeafPVCRef;
struct OpaqueSecLeafPVC {
SecCertificateRef leaf;
CFArrayRef policies;
CFAbsoluteTime verifyTime;
CFArrayRef details;
CFMutableDictionaryRef info;
CFDictionaryRef callbacks;
CFIndex policyIX;
bool result;
};
void SecLeafPVCInit(SecLeafPVCRef pvc, SecCertificateRef leaf, CFArrayRef policies, CFAbsoluteTime verifyTime);
void SecLeafPVCDelete(SecLeafPVCRef pvc);
bool SecLeafPVCLeafChecks(SecLeafPVCRef pvc);
__END_DECLS
#endif