SecCertificatePriv.h [plain text]
#ifndef _SECURITY_SECCERTIFICATEPRIV_H_
#define _SECURITY_SECCERTIFICATEPRIV_H_
#include <CoreFoundation/CFBase.h>
#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFDate.h>
#include <CoreFoundation/CFDictionary.h>
#include <CoreFoundation/CFError.h>
#include <stdbool.h>
#include <xpc/xpc.h>
#include <Security/SecBase.h>
#include <Security/SecBasePriv.h>
#include <Security/SecCertificate.h>
__BEGIN_DECLS
#if SEC_OS_IPHONE
typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
kSecKeyUsageUnspecified = 0u,
kSecKeyUsageDigitalSignature = 1u << 0,
kSecKeyUsageNonRepudiation = 1u << 1,
kSecKeyUsageContentCommitment= 1u << 1,
kSecKeyUsageKeyEncipherment = 1u << 2,
kSecKeyUsageDataEncipherment = 1u << 3,
kSecKeyUsageKeyAgreement = 1u << 4,
kSecKeyUsageKeyCertSign = 1u << 5,
kSecKeyUsageCRLSign = 1u << 6,
kSecKeyUsageEncipherOnly = 1u << 7,
kSecKeyUsageDecipherOnly = 1u << 8,
kSecKeyUsageCritical = 1u << 31,
kSecKeyUsageAll = 0x7FFFFFFFu
};
#endif
typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) {
kSecCertificateBaselineEscrowRoot = 0,
kSecCertificateProductionEscrowRoot = 1,
kSecCertificateBaselinePCSEscrowRoot = 2,
kSecCertificateProductionPCSEscrowRoot = 3,
kSecCertificateBaselineEscrowBackupRoot = 4, kSecCertificateProductionEscrowBackupRoot = 5,
kSecCertificateBaselineEscrowEnrollmentRoot = 6, kSecCertificateProductionEscrowEnrollmentRoot = 7,
};
extern const CFStringRef kSecCertificateProductionEscrowKey;
extern const CFStringRef kSecCertificateProductionPCSEscrowKey;
extern const CFStringRef kSecCertificateEscrowFileName;
SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator,
const UInt8 *bytes, CFIndex length)
__SEC_MAC_AND_IOS_UNKNOWN;
SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, CFDataRef pem_certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFIndex SecCertificateGetLength(SecCertificateRef certificate);
const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate);
CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator,
CFDataRef der_certificate, CFTypeRef keychainItem)
__SEC_MAC_AND_IOS_UNKNOWN;
OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, CFTypeRef keychain_item)
__SEC_MAC_AND_IOS_UNKNOWN;
CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate);
CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate);
CFMutableArrayRef SecCertificateCopySummaryProperties(
SecCertificateRef certificate, CFAbsoluteTime verifyTime)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate)
__SEC_MAC_AND_IOS_UNKNOWN;
CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate);
CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyOrganization(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyCountry(SecCertificateRef certificate);
CFStringRef SecCertificateCopyCompanyName(SecCertificateRef certificate);
CFIndex SecCertificateVersion(SecCertificateRef certificate);
SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRef certificate);
CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRef certificate);
bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0);
OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned)
__OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_9_0);
bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
bool SecCertificateIsCA(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
bool SecCertificateAppendToXPCArray(SecCertificateRef certificate, xpc_object_t xpc_certificates, CFErrorRef *error);
SecCertificateRef SecCertificateCreateWithXPCArrayAtIndex(xpc_object_t xpc_certificates, size_t index, CFErrorRef *error);
xpc_object_t SecCertificateArrayCopyXPCArray(CFArrayRef certificates, CFErrorRef *error);
CFArrayRef SecCertificateXPCArrayCopyArray(xpc_object_t xpc_certificates, CFErrorRef *error);
CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType)
__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0);
CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
typedef CF_ENUM(uint32_t, SecSignatureHashAlgorithm){
kSecSignatureHashAlgorithmUnknown = 0,
kSecSignatureHashAlgorithmMD2 = 1,
kSecSignatureHashAlgorithmMD4 = 2,
kSecSignatureHashAlgorithmMD5 = 3,
kSecSignatureHashAlgorithmSHA1 = 4,
kSecSignatureHashAlgorithmSHA224 = 5,
kSecSignatureHashAlgorithmSHA256 = 6,
kSecSignatureHashAlgorithmSHA384 = 7,
kSecSignatureHashAlgorithmSHA512 = 8
};
SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate);
CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0);
CF_RETURNS_RETAINED CFDataRef SecCertificateCopyiAPAuthCapabilities(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
typedef CF_ENUM(uint32_t, SeciAuthVersion) {
kSeciAuthInvalid = 0,
kSeciAuthVersion1 = 1,
kSeciAuthVersion2 = 2,
kSeciAuthVersion3 = 3,
} __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
SeciAuthVersion SecCertificateGetiAuthVersion(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0);
#if SEC_OS_OSX
#include <Security/cssmtype.h>
#include <Security/x509defs.h>
SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
Boolean SecCertificateIsItemImplInstance(SecCertificateRef certificate)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
OSStatus SecCertificateGetCLHandle_legacy(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle)
__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA);
OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetCommonName is deprecated. Use SecCertificateCopyCommonName instead.");
OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetEmailAddress is deprecated. Use SecCertificateCopyEmailAddresses instead.");
OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label);
const CSSM_DATA *SecInferLabelFromX509Name(
const CSSM_X509_NAME *x509Name);
OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFieldValues is deprecated. Use SecCertificateCopyValues instead.");
OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFieldValues is deprecated. Use SecCertificateCopyValues instead.");
OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFirstFieldValue is deprecated. Use SecCertificateCopyValues instead.");
OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFirstFieldValue is deprecated. Use SecCertificateCopyValues instead.");
OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component,
CFStringRef *result)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopySubjectComponent is deprecated. Use SecCertificateCopyCommonNames,SecCertificateCopyOrganization,SecCertificateCopyOrganizationalUnit, etc. instead.");
OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
const CSSM_DATA *serialNumber, SecCertificateRef *certificate)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByIssuerAndSN is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
SecCertificateRef *certificate)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindBySubjectKeyID is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
SecCertificateRef *certificate)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByEmail is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer,
const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer,
CFDataRef serialNumber, SecKeychainSearchRef *searchRef)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN_CF is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID,
SecKeychainSearchRef *searchRef)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateBySubjectKeyID is deprecated. Use SecItemCopyMatching instead.");
OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress,
SecKeychainSearchRef *searchRef)
__OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByEmail is deprecated. Use SecItemCopyMatching instead.");
CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data)
__OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA);
bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime)
__OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA);
#endif
__END_DECLS
#endif