MYCertificate now checks validity of self-signed certs loaded from the keychain (because the Security framework doesn't validate self-signed certs.)
5 // Created by Jens Alfke on 1/16/08.
6 // Copyright 2008-2009 Jens Alfke. All rights reserved.
9 #import <Foundation/Foundation.h>
10 #import <Security/CMSEncoder.h>
12 @class MYIdentity, MYCertificate;
15 /** Creates a CMS-formatted message from a blob of data; it can be signed and/or encrypted. */
16 @interface MYEncoder : NSObject
19 CMSEncoderRef _encoder;
23 /** A convenience method for one-shot encoding of a block of data.
24 @param data The data that will be signed/encrypted.
25 @param signerOrNil If non-nil, an Identity whose private key will sign the data.
26 @param recipientOrNil If non-nil, the data will be encrypted so only the owner of this
27 certificate can read it.
28 @param outError On return, will be set to an NSError if something went wrong.
29 @return The encoded data. */
30 + (NSData*) encodeData: (NSData*)data
31 signer: (MYIdentity*)signerOrNil
32 recipient: (MYCertificate*)recipientOrNil
33 error: (NSError**)outError;
35 /** Initializes a new encoder.
36 You must add at least one signer or recipient. */
39 /** Tells the encoder to sign the content with this identity's private key.
40 (Multiple signers can be added, but this is rare.) */
41 - (BOOL) addSigner: (MYIdentity*)signer;
43 /** Tells the encoder to encrypt the content with this recipient's public key.
44 Multiple recipients can be added; any one of them will be able to decrypt the message. */
45 - (BOOL) addRecipient: (MYCertificate*)recipient;
47 /** The current error status of the encoder.
48 If something goes wrong with an operation, it will return NO,
49 and this property will contain the error. */
50 @property (readonly) NSError* error;
52 /** Setting this property to YES tells the encoder not to copy the content itself into the
53 encoded message. The encodedData property will then contain only metadata, such as
54 signatures and certificates.
55 This is useful if you're working with a data format that already specifies a content
56 format: it allows you to attach the encoded data elsewhere, e.g. in a header or metadata
58 @property BOOL hasDetachedContent;
60 /** Adds data to the encoder. You can add the entire data at once, or in bits and pieces
61 (if you're reading it from a stream). */
62 - (BOOL) addData: (NSData*)data;
64 /** The signed/encoded output data.
65 Don't call this until after the last call to -addData:. */
66 - (NSData*) encodedData;
74 /** Adds a timestamp showing when the message was encoded.
75 [Unfortunately there is no system API for reading these timestamps in decoded messages...] */
76 - (BOOL) addTimestamp;
78 /** Specifies which certificates to include in the message: none, only the signer certs,
79 or the signer certs' entire chain (the default). */
80 @property CMSCertificateChainMode certificateChainMode;
82 /** Adds an extra certificate to the encoded data, for the recipient's use. Rarely needed. */
83 - (BOOL) addSupportingCert: (MYCertificate*)supportingCert;
85 /** The X.509 content type of the message data. */
86 @property CSSM_OID contentType;