//

//  MYCertificate.h

//  MYCrypto

//

//  Created by Jens Alfke on 3/26/09.

//  Copyright 2009 Jens Alfke. All rights reserved.

//

#import "MYKeychainItem.h"

#if !TARGET_OS_IPHONE

#import <Security/cssmtype.h>

#endif

@class MYPublicKey, MYIdentity, MYCertificateInfo, MYSHA1Digest;

/** An X.509 certificate. */

@interface MYCertificate : MYKeychainItem {

    @private

    SecCertificateRef _certificateRef;

    MYCertificateInfo *_info;

}

/** Creates a MYCertificate object for an existing Keychain certificate reference. */

+ (MYCertificate*) certificateWithCertificateRef: (SecCertificateRef)certificateRef;

/** Initializes a MYCertificate object for an existing Keychain certificate reference. */

- (id) initWithCertificateRef: (SecCertificateRef)certificateRef;

/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */

- (id) initWithCertificateData: (NSData*)data;

/** Checks whether two MYCertificate objects have bit-for-bit identical certificate data. */

- (BOOL)isEqualToCertificate:(MYCertificate*)cert;

/** The Keychain object reference for this certificate. */

@property (readonly) SecCertificateRef certificateRef;

/** The certificate's data. */

@property (readonly) NSData *certificateData;

/** The certificate's public key. */

@property (readonly) MYPublicKey *publicKey;

/** The certificate's public key's SHA-1 digest. */

@property (readonly) MYSHA1Digest *publicKeyDigest;

/** The Identity (if any) that this Certificate is part of. */

@property (readonly) MYIdentity *identity;

/** The metadata of the certificate, like the subject name and expiration date. */

@property (readonly) MYCertificateInfo *info;

/** The common name of the subject (owner) of the certificate. */

@property (readonly) NSString *commonName;

/** The list (if any) of the subject's email addresses. */

@property (readonly) NSArray *emailAddresses;

- (SecTrustResultType) evaluateTrustWithPolicy: (SecPolicyRef)policy;

- (SecTrustResultType) evaluateTrust;

/** @name Mac-Only

 *  Functionality not available on iPhone. 

 */

//@{

#if !TARGET_OS_IPHONE

/** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */

- (id) initWithCertificateData: (NSData*)data

                          type: (CSSM_CERT_TYPE) type

                      encoding: (CSSM_CERT_ENCODING) encoding;

/** Finds the current 'preferred' certificate for the given name string. */

+ (MYCertificate*) preferredCertificateForName: (NSString*)name;

/** Associates the receiver as the preferred certificate for the given name string. */

- (BOOL) setPreferredCertificateForName: (NSString*)name;

#endif

//@}

/** @name Expert

 */

//@{

+ (SecPolicyRef) X509Policy;

+ (SecPolicyRef) SSLPolicy;

#if !TARGET_OS_IPHONE

+ (SecPolicyRef) SMIMEPolicy;

- (CSSM_CERT_TYPE) certificateType;

- (NSArray*) trustSettings;

- (BOOL) setUserTrust: (SecTrustUserSetting)trustSetting;

#endif

//@}

@end

NSString* MYTrustResultDescribe( SecTrustResultType result );

#if !TARGET_OS_IPHONE

NSString* MYPolicyGetName( SecPolicyRef policy );

NSString* MYTrustDescribe( SecTrustRef trust );

#endif