]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_x509_tp/lib/tpOcspCertVfy.h
Security-58286.1.32.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / tpOcspCertVfy.h
1 /*
2 * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * tpOcspCertVfy.h - OCSP cert verification routines
26 */
27
28 #ifndef _TP_OCSP_CERT_VFY_H_
29 #define _TP_OCSP_CERT_VFY_H_
30
31 #include "TPCertInfo.h"
32 #include "tpCrlVerify.h"
33 #include <security_asn1/SecNssCoder.h>
34 #include <security_ocspd/ocspResponse.h>
35
36 #ifdef __cplusplus
37
38 extern "C" {
39 #endif
40
41 /*
42 * Verify an OCSP response in the form of a pre-decoded OCSPResponse. Does
43 * signature verification as well as cert chain verification. Sometimes we can
44 * verify if we don't know the issuer; sometimes we can.
45 */
46 typedef enum {
47 ORS_Unknown, // unable to verify one way or another
48 ORS_Good, // known to be good
49 ORS_Bad // known to be bad
50 } OcspRespStatus;
51
52 OcspRespStatus tpVerifyOcspResp(
53 TPVerifyContext &vfyCtx,
54 SecNssCoder &coder,
55 TPCertInfo *issuer, // issuer of the related cert, may be issuer of
56 // reply
57 OCSPResponse &ocspResp,
58 CSSM_RETURN &cssmErr); // possible per-cert error
59
60 #ifdef __cplusplus
61 }
62 #endif
63
64 #endif /* _TP_OCSP_CERT_VFY_H_ */
65