SecCertificateServer.h [plain text]
#ifndef _SECURITY_SECCERTIFICATESERVER_H_
#define _SECURITY_SECCERTIFICATESERVER_H_
#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecCertificate.h>
#include <securityd/policytree.h>
typedef struct SecCertificateVC *SecCertificateVCRef;
SecCertificateVCRef SecCertificateVCCreate(SecCertificateRef certificate, CFArrayRef usageContraints);
typedef struct SecCertificatePathVC *SecCertificatePathVCRef;
SecCertificatePathVCRef SecCertificatePathVCCreate(SecCertificatePathVCRef path,
SecCertificateRef certificate, CFArrayRef usageConstraints);
SecCertificatePathVCRef SecCertificatePathVCCopyAddingLeaf(SecCertificatePathVCRef path,
SecCertificateRef leaf);
SecCertificatePathVCRef SecCertificatePathVCCopyFromParent(SecCertificatePathVCRef path, CFIndex skipCount);
CFArrayRef SecCertificatePathVCCopyCertificates(SecCertificatePathVCRef path);
CFArrayRef SecCertificatePathVCCreateSerialized(SecCertificatePathVCRef path);
void SecCertificatePathVCSetSelfIssued(SecCertificatePathVCRef certificatePath);
bool SecCertificatePathVCIsCertificateAtIndexSelfIssued(SecCertificatePathVCRef path, CFIndex ix);
void SecCertificatePathVCSetIsAnchored(SecCertificatePathVCRef certificatePath);
CFIndex SecCertificatePathVCSelfSignedIndex(SecCertificatePathVCRef certificatePath);
Boolean SecCertificatePathVCIsAnchored(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetNextSourceIndex(SecCertificatePathVCRef certificatePath, CFIndex sourceIndex);
CFIndex SecCertificatePathVCGetNextSourceIndex(SecCertificatePathVCRef certificatePath);
CFIndex SecCertificatePathVCGetCount(SecCertificatePathVCRef certificatePath);
SecCertificateRef SecCertificatePathVCGetCertificateAtIndex(SecCertificatePathVCRef certificatePath, CFIndex ix);
void SecCertificatePathVCForEachCertificate(SecCertificatePathVCRef path, void(^operation)(SecCertificateRef certificate, bool *stop));
CFIndex SecCertificatePathVCGetIndexOfCertificate(SecCertificatePathVCRef path,
SecCertificateRef certificate);
SecCertificateRef SecCertificatePathVCGetRoot(SecCertificatePathVCRef certificatePath);
CFArrayRef SecCertificatePathVCGetUsageConstraintsAtIndex(SecCertificatePathVCRef certificatePath, CFIndex ix);
void SecCertificatePathVCSetUsageConstraintsAtIndex(SecCertificatePathVCRef certificatePath,
CFArrayRef newConstraints, CFIndex ix);
SecKeyRef SecCertificatePathVCCopyPublicKeyAtIndex(SecCertificatePathVCRef certificatePath, CFIndex ix);
typedef CFIndex SecPathVerifyStatus;
enum {
kSecPathVerifiesUnknown = -1,
kSecPathVerifySuccess = 0,
kSecPathVerifyFailed = 1
};
SecPathVerifyStatus SecCertificatePathVCVerify(SecCertificatePathVCRef certificatePath);
bool SecCertificatePathVCIsCycleInGraph(SecCertificatePathVCRef path);
bool SecCertificatePathVCIsValid(SecCertificatePathVCRef certificatePath, CFAbsoluteTime verifyTime);
bool SecCertificatePathVCHasWeakHash(SecCertificatePathVCRef certificatePath);
bool SecCertificatePathVCHasWeakKeySize(SecCertificatePathVCRef certificatePath);
CFIndex SecCertificatePathVCScore(SecCertificatePathVCRef certificatePath,
CFAbsoluteTime verifyTime);
CFIndex SecCertificatePathVCGetScore(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetScore(SecCertificatePathVCRef certificatePath, CFIndex score); void SecCertificatePathVCResetScore(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCDeleteRVCs(SecCertificatePathVCRef path);
bool SecCertificatePathVCIsRevocationDone(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCAllocateRVCs(SecCertificatePathVCRef certificatePath, CFIndex certCount);
CFAbsoluteTime SecCertificatePathVCGetEarliestNextUpdate(SecCertificatePathVCRef path);
void *SecCertificatePathVCGetRVCAtIndex(SecCertificatePathVCRef certificatePath, CFIndex ix); bool SecCertificatePathVCIsRevocationRequiredForCertificateAtIndex(SecCertificatePathVCRef certificatePath,
CFIndex ix);
void SecCertificatePathVCSetRevocationRequiredForCertificateAtIndex(SecCertificatePathVCRef certificatePath,
CFIndex ix);
bool SecCertificatePathVCCheckedIssuers(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetCheckedIssuers(SecCertificatePathVCRef certificatePath, bool checked);
CFIndex SecCertificatePathVCUnknownCAIndex(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetUnknownCAIndex(SecCertificatePathVCRef certificatePath, CFIndex index);
bool SecCertificatePathVCIsPathValidated(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetPathValidated(SecCertificatePathVCRef certificatePath);
bool SecCertificatePathVCIsEV(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetIsEV(SecCertificatePathVCRef certificatePath, bool isEV);
bool SecCertificatePathVCIsOptionallyEV(SecCertificatePathVCRef certificatePath);
typedef CFIndex SecPathCTPolicy;
enum {
kSecPathCTNotRequired = 0,
kSecPathCTRequiredOverridable = 1,
kSecPathCTRequired = 2
};
bool SecCertificatePathVCIsCT(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetIsCT(SecCertificatePathVCRef certificatePath, bool isCT);
SecPathCTPolicy SecCertificatePathVCRequiresCT(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetRequiresCT(SecCertificatePathVCRef certificatePath, SecPathCTPolicy requiresCT);
CFAbsoluteTime SecCertificatePathVCIssuanceTime(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetIssuanceTime(SecCertificatePathVCRef certificatePath, CFAbsoluteTime issuanceTime);
bool SecCertificatePathVCIsAllowlisted(SecCertificatePathVCRef certificatePath);
void SecCertificatePathVCSetIsAllowlisted(SecCertificatePathVCRef certificatePath, bool isAllowlisted);
bool SecCertificatePathVCVerifyPolicyTree(SecCertificatePathVCRef path, bool anchor_trusted);
#endif