* More work on iPhone compatibility.
* Restored the signature-verification code to MYCertInfo, which I'd removed earlier. I now need it to verify self-signed certs, since the Security framework won't do it for me.
* Merged MYCertificate-iPhone.m into MYCertificate.m since there's more shared code now.
5 // Created by Jens Alfke on 3/26/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYKeychainItem.h"
12 #import <Security/cssmtype.h>
15 @class MYPublicKey, MYIdentity, MYCertificateInfo;
18 /** An X.509 certificate. */
19 @interface MYCertificate : MYKeychainItem {
21 SecCertificateRef _certificateRef;
22 MYCertificateInfo *_info;
25 /** Creates a MYCertificate object for an existing Keychain certificate reference. */
26 + (MYCertificate*) certificateWithCertificateRef: (SecCertificateRef)certificateRef;
28 /** Initializes a MYCertificate object for an existing Keychain certificate reference. */
29 - (id) initWithCertificateRef: (SecCertificateRef)certificateRef;
31 /** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */
32 - (id) initWithCertificateData: (NSData*)data;
34 /** Checks whether two MYCertificate objects have bit-for-bit identical certificate data. */
35 - (BOOL)isEqualToCertificate:(MYCertificate*)cert;
37 /** The Keychain object reference for this certificate. */
38 @property (readonly) SecCertificateRef certificateRef;
40 /** The certificate's data. */
41 @property (readonly) NSData *certificateData;
43 /** The certificate's public key. */
44 @property (readonly) MYPublicKey *publicKey;
46 /** The Identity (if any) that this Certificate is part of. */
47 @property (readonly) MYIdentity *identity;
49 /** The metadata of the certificate, like the subject name and expiration date. */
50 @property (readonly) MYCertificateInfo *info;
52 /** The common name of the subject (owner) of the certificate. */
53 @property (readonly) NSString *commonName;
55 /** The list (if any) of the subject's email addresses. */
56 @property (readonly) NSArray *emailAddresses;
58 - (SecTrustResultType) evaluateTrustWithPolicy: (SecPolicyRef)policy;
59 - (SecTrustResultType) evaluateTrust;
63 * Functionality not available on iPhone.
68 /** Creates a MYCertificate object from exported key data, but does not add it to any keychain. */
69 - (id) initWithCertificateData: (NSData*)data
70 type: (CSSM_CERT_TYPE) type
71 encoding: (CSSM_CERT_ENCODING) encoding;
73 /** Finds the current 'preferred' certificate for the given name string. */
74 + (MYCertificate*) preferredCertificateForName: (NSString*)name;
76 /** Associates the receiver as the preferred certificate for the given name string. */
77 - (BOOL) setPreferredCertificateForName: (NSString*)name;
87 + (SecPolicyRef) X509Policy;
88 + (SecPolicyRef) SSLPolicy;
91 + (SecPolicyRef) SMIMEPolicy;
92 - (CSSM_CERT_TYPE) certificateType;
93 - (NSArray*) trustSettings;
94 - (BOOL) setUserTrust: (SecTrustUserSetting)trustSetting;
102 NSString* MYTrustResultDescribe( SecTrustResultType result );
103 #if !TARGET_OS_IPHONE
104 NSString* MYPolicyGetName( SecPolicyRef policy );
105 NSString* MYTrustDescribe( SecTrustRef trust );