OSX/libsecurity_ocspd/mig/ocspd.defs

   1 //
   2 // Copyright (c) 2002-2011 Apple Inc. All Rights Reserved.
   3 //
   4 // @APPLE_LICENSE_HEADER_START@
   5 //
   6 // This file contains Original Code and/or Modifications of Original Code
   7 // as defined in and that are subject to the Apple Public Source License
   8 // Version 2.0 (the 'License'). You may not use this file except in
   9 // compliance with the License. Please obtain a copy of the License at
  10 // http://www.opensource.apple.com/apsl/ and read it before using this
  11 // file.
  12 //
  13 // The Original Code and all software distributed under the License are
  14 // distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15 // EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16 // INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17 // FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18 // Please see the License for the specific language governing rights and
  19 // limitations under the License.
  20 //
  21 // @APPLE_LICENSE_HEADER_END@
  22 //
  23 // ocspd.defs: MIG definition of OCSP daemon RPCs
  24 //
  25 #include <mach/std_types.defs>
  26 #include <mach/mach_types.defs>
  27
  28 subsystem ocspd 33003;
  29 serverprefix ocsp_server_;
  30 userprefix ocsp_client_;
  31
  32 import <security_ocspd/ocspdTypes.h>;
  33 import <stdint.h>;
  34
  35 type Data = array [] of char;
  36 type OSStatus = int32_t;
  37
  38 // *** IMPORTANT ***
  39 // Always add new routines to the end of the file,
  40 // to avoid renumbering of existing routines!
  41
  42 //
  43 // Normal OCSP request. Depending on contents of encoded SecAsn1OCSPDRequests,
  44 // this optionally performs cache lookup, local responder OCSP, and normal
  45 // OCSP, in that order. If OCSP response is fetched from the net the netFetch
  46 // outParam is true on return.
  47 //
  48 routine ocspdFetch(
  49         requestport serverport : mach_port_t;
  50         serveraudittoken sourceAudit: audit_token_t;
  51         in ocsp_req : Data;
  52         out ocsp_rep : Data);
  53
  54 //
  55 // Flush all responses associated with specified CertID from cache.
  56 //
  57 routine ocspdCacheFlush(
  58         requestport serverport : mach_port_t;
  59         in certID : Data);
  60
  61 //
  62 // Flush stale OCSP entries from cache.
  63 //
  64 routine ocspdCacheFlushStale(
  65         requestport serverport : mach_port_t);
  66
  67 //
  68 // Fetch a cert from net.
  69 //
  70 routine certFetch(
  71         requestport serverport : mach_port_t;
  72         serveraudittoken sourceAudit: audit_token_t;
  73         in cert_url : Data;
  74         out cert_data : Data);
  75
  76 //
  77 // Fetch a CRL from net with optional cache lookup and store.
  78 // verify_time only used for cache lookup.
  79 //
  80 // crl_issuer is optional; it's the normalized issuer of the
  81 // CRL to be fetched, used for cache lookup. It is only specified
  82 // when client knows that the issuer of the CRL is the same as
  83 // the issuer of the cert being verified (i.e., there is no
  84 // crlIssuer field in the crlDistributionPoints extension).
  85 //
  86 routine crlFetch(
  87         requestport serverport : mach_port_t;
  88         serveraudittoken sourceAudit: audit_token_t;
  89         in crl_url : Data;
  90         in crl_issuer : Data;
  91         in cache_read : boolean_t;
  92         in cache_write : boolean_t;
  93         in verify_time : Data;
  94         out crl_data : Data);
  95
  96 //
  97 // Refresh CRL cache.
  98 //
  99 routine crlRefresh(
 100         requestport serverport : mach_port_t;
 101         in stale_days : uint32_t;
 102         in expire_overlap_seconds : uint32_t;
 103         in purge_all : boolean_t;
 104         in full_crypto_verify : boolean_t);
 105
 106 //
 107 // Flush CRLs associated with specified URL from cache.
 108 //
 109 routine crlFlush(
 110         requestport serverport : mach_port_t;
 111         in cert_url : Data);
 112
 113 //
 114 // Obtain TrustSettings. The domain argument is a SecTrustSettingsDomain.
 115 //
 116 routine trustSettingsRead(
 117         requestport serverport : mach_port_t;
 118         serveraudittoken sourceAudit: audit_token_t;
 119         in domain: uint32_t;
 120         out trustSettings : Data;
 121         out rcode : OSStatus);
 122
 123 //
 124 // Write TrustSettings to disk. Results in authentication dialog.
 125 //
 126 routine trustSettingsWrite(
 127         requestport serverport : mach_port_t;
 128         serveraudittoken sourceAudit: audit_token_t;
 129         in clientport: mach_port_t;
 130         in domain: uint32_t;
 131         in authBlob: Data;
 132         in trustSettings : Data;
 133         out rcode: OSStatus);
 134
 135 //
 136 // Get CRL status for given serial number and PEM-encoded issuers,
 137 // along with issuer name or distribution point URL.
 138 //
 139 routine crlStatus(
 140         requestport serverport : mach_port_t;
 141         in serial_number: Data;
 142         in cert_issuers : Data;
 143         in crl_issuer : Data;
 144         in crl_url : Data);
 145