/opensource.apple.com/source/Security/Security-163/Keychain/SecTrust.h
C Header | 231 lines | 102 code | 25 blank | 104 comment | 0 complexity | 4990106449892dd29510c3a1da3cf91d MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, GPL-2.0, BSD-3-Clause, GPL-3.0, MPL-2.0, LGPL-2.0, LGPL-2.1, CC-BY-SA-3.0, IPL-1.0, ISC, AGPL-1.0, AGPL-3.0, JSON, Apache-2.0, 0BSD
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <title>SecTrust.h</title>
- <style type="text/css">
- .enscript-comment { font-style: italic; color: rgb(178,34,34); }
- .enscript-function-name { font-weight: bold; color: rgb(0,0,255); }
- .enscript-variable-name { font-weight: bold; color: rgb(184,134,11); }
- .enscript-keyword { font-weight: bold; color: rgb(160,32,240); }
- .enscript-reference { font-weight: bold; color: rgb(95,158,160); }
- .enscript-string { font-weight: bold; color: rgb(188,143,143); }
- .enscript-builtin { font-weight: bold; color: rgb(218,112,214); }
- .enscript-type { font-weight: bold; color: rgb(34,139,34); }
- .enscript-highlight { text-decoration: underline; color: 0; }
- </style>
- </head>
- <body id="top">
- <h1 style="margin:8px;" id="f1">SecTrust.h <span style="font-weight: normal; font-size: 0.5em;">[<a href="?txt">plain text</a>]</span></h1>
- <hr/>
- <div></div>
- <pre>
- <span class="enscript-comment">/*
- * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at <a href="http://www.apple.com/publicsource">http://www.apple.com/publicsource</a> and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */</span>
- <span class="enscript-comment">/*!
- @header SecTrust
- The functions and data types in SecTrust implement trust computation and allows the user to apply trust decisions to the trust configuration.
- */</span>
- #<span class="enscript-reference">ifndef</span> <span class="enscript-variable-name">_SECURITY_SECTRUST_H_</span>
- #<span class="enscript-reference">define</span> <span class="enscript-variable-name">_SECURITY_SECTRUST_H_</span>
- #<span class="enscript-reference">include</span> <span class="enscript-string"><Security/SecBase.h></span>
- #<span class="enscript-reference">include</span> <span class="enscript-string"><Security/cssmtype.h></span>
- #<span class="enscript-reference">include</span> <span class="enscript-string"><Security/cssmapple.h></span>
- #<span class="enscript-reference">include</span> <span class="enscript-string"><CoreFoundation/CoreFoundation.h></span>
- #<span class="enscript-reference">if</span> <span class="enscript-reference">defined</span>(<span class="enscript-variable-name">__cplusplus</span>)
- <span class="enscript-type">extern</span> <span class="enscript-string">"C"</span> {
- #<span class="enscript-reference">endif</span>
- <span class="enscript-comment">/*!
- @typedef SecTrustResultType
- @abstract Specifies the trust result type.
- @constant kSecTrustResultInvalid Indicates an invalid setting or result.
- @constant kSecTrustResultProceed Indicates you may proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
- @constant kSecTrustResultConfirm Indicates confirmation with the user is required before proceeding. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
- @constant kSecTrustResultDeny Indicates a user-configured deny; do not proceed. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
- @constant kSecTrustResultUnspecified Indicates user intent is unknown. This value may be returned by the SecTrustEvaluate function or stored as part of the user trust settings.
- @constant kSecTrustResultRecoverableTrustFailure Indicates a trust framework failure; retry after fixing inputs. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
- @constant kSecTrustResultFatalTrustFailure Indicates a trust framework failure; no "easy" fix. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
- @constant kSecTrustResultOtherError Indicates a failure other than that of trust evaluation. This value may be returned by the SecTrustEvaluate function but not stored as part of the user trust settings.
- */</span>
- <span class="enscript-type">typedef</span> <span class="enscript-type">enum</span> {
- kSecTrustResultInvalid,
- kSecTrustResultProceed,
- kSecTrustResultConfirm,
- kSecTrustResultDeny,
- kSecTrustResultUnspecified,
- kSecTrustResultRecoverableTrustFailure,
- kSecTrustResultFatalTrustFailure,
- kSecTrustResultOtherError
- } SecTrustResultType;
- <span class="enscript-comment">/*!
- @typedef SecTrustUserSetting
- @abstract Specifies user-specified trust settings.
- */</span>
- <span class="enscript-type">typedef</span> SecTrustResultType SecTrustUserSetting;
- <span class="enscript-comment">/*!
- @typedef SecTrustRef
- @abstract A pointer to an opaque trust management structure.
- */</span>
- <span class="enscript-type">typedef</span> <span class="enscript-type">struct</span> OpaqueSecTrustRef *SecTrustRef;
- <span class="enscript-comment">/*!
- @function SecTrustGetTypeID
- @abstract Returns the type identifier of SecTrust instances.
- @result The CFTypeID of SecTrust instances.
- */</span>
- CFTypeID <span class="enscript-function-name">SecTrustGetTypeID</span>(<span class="enscript-type">void</span>);
- <span class="enscript-comment">/*!
- @function SecTrustCreateWithCertificates
- @abstract Creates a trust based on the given certificates and policies.
- @param certificates The group of certificates to verify.
- @param policies An array of one or more policies. You may pass a SecPolicyRef
- to represent a single policy.
- @param trustRef On return, a pointer to the trust management reference.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustCreateWithCertificates</span>(CFArrayRef certificates, CFTypeRef policies, SecTrustRef *trustRef);
- <span class="enscript-comment">/*!
- @function SecTrustSetParameters
- @abstract Sets the action and action data for a trust.
- @param trustRef The reference to the trust to change.
- @param action A CSSM trust action.
- @param actionData A reference to action data.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustSetParameters</span>(SecTrustRef trustRef, CSSM_TP_ACTION action, CFDataRef actionData);
- <span class="enscript-comment">/*!
- @function SecTrustSetAnchorCertificates
- @abstract Sets the anchor certificates for a given trust.
- @param trust A reference to a trust.
- @param anchorCertificates An array of anchor certificates.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustSetAnchorCertificates</span>(SecTrustRef trust, CFArrayRef anchorCertificates);
- <span class="enscript-comment">/*!
- @function SecTrustSetKeychains
- @abstract Sets the keychains for a given trust.
- @param trust A reference to a trust.
- @param keychainOrArray An reference to an array of keychains to search, a single keychain or NULL to search the user's default keychain search list.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustSetKeychains</span>(SecTrustRef trust, CFTypeRef keychainOrArray);
- <span class="enscript-comment">/*!
- @function SecTrustSetVerifyDate
- @abstract Verifies the date of a given trust.
- @param trust A reference to the trust to verify.
- @param verifyDate The date to verify.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustSetVerifyDate</span>(SecTrustRef trust, CFDateRef verifyDate);
- <span class="enscript-comment">/*!
- @function SecTrustEvaluate
- @abstract Evaluates a trust.
- @param trust A reference to the trust to evaluate.
- @param result A pointer to a result type.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustEvaluate</span>(SecTrustRef trust, SecTrustResultType *result);
- <span class="enscript-comment">/*!
- @function SecTrustGetResult
- @abstract Returns detail information on the outcome of a call to SecTrustEvaluate.
- @param trustRef A reference to a trust.
- @param result A pointer to the result from the call to SecTrustEvaluate.
- @param certChain On return, a pointer to the certificate chain used to validate the input certificate.
- @param statusChain On return, a pointer to the status of the certificate chain. Do not attempt to free this pointer; it remains valid until the trust is destroyed or the next call to SecTrustEvaluate.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustGetResult</span>(SecTrustRef trustRef, SecTrustResultType *result, CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain);
- <span class="enscript-comment">/*!
- @function SecTrustGetCssmResult
- @abstract Gets the CSSM trust result.
- @param trust A reference to a trust.
- @param result On return, a pointer to the CSSM trust result.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustGetCssmResult</span>(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result);
- <span class="enscript-comment">/*!
- @function SecTrustGetTPHandle
- @abstract Gets the CSSM trust handle
- @param trust A reference to a trust.
- @param handle On return, a pointer to a CSSM trust handle.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustGetTPHandle</span>(SecTrustRef trust, CSSM_TP_HANDLE *handle);
- <span class="enscript-comment">/*!
- @function SecTrustCopyAnchorCertificates
- @abstract Returns the anchor (root) certificates.
- @param anchors On return, a pointer to the anchors (roots). This may be used with the function SecCertificateGroupVerify. Call the CFRelease function to release this pointer.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustCopyAnchorCertificates</span>(CFArrayRef* anchors);
- <span class="enscript-comment">/*!
- @function SecTrustGetCSSMAnchorCertificates
- @abstract Retrieves the CSSM anchor certificates.
- @param cssmAnchors A pointer to an array of anchor certificates.
- @param cssmAnchorCount A pointer to the number of certificates in anchors.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustGetCSSMAnchorCertificates</span>(<span class="enscript-type">const</span> CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount);
- <span class="enscript-comment">/*!
- @function SecTrustGetUserTrust
- @abstract Gets the user-specified trust settings of a certificate and policy.
- @param certificate A reference to a certificate.
- @param policy A reference to a policy.
- @param trustSetting On return, a pointer to the user specified trust settings.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustGetUserTrust</span>(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting);
- <span class="enscript-comment">/*!
- @function SecTrustSetUserTrust
- @abstract Sets the user-specified trust settings of a certificate and policy.
- @param certificate A reference to a certificate.
- @param policy A reference to a policy.
- @param trustSetting The user-specified trust settings.
- @result A result code. See "Security Error Codes" (SecBase.h).
- */</span>
- OSStatus <span class="enscript-function-name">SecTrustSetUserTrust</span>(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting);
- #<span class="enscript-reference">if</span> <span class="enscript-reference">defined</span>(<span class="enscript-variable-name">__cplusplus</span>)
- }
- #<span class="enscript-reference">endif</span>
- #<span class="enscript-reference">endif</span> <span class="enscript-comment">/* !_SECURITY_SECTRUST_H_ */</span>
- </pre>
- <hr />
- </body></html>