]> git.saurik.com Git - apple/security.git/blob - sec/securityd/SecOCSPResponse.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55178.0.1.tar.gz
[apple/security.git] / sec / securityd / SecOCSPResponse.h
1 /*
2 * Copyright (c) 2009 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecOCSPResponse
26 The functions and data types in SecOCSPResponse implement ocsp response
27 decoding and verification.
28 */
29
30 #ifndef _SECURITY_SECOCSPRESPONSE_H_
31 #define _SECURITY_SECOCSPRESPONSE_H_
32
33 #include <Security/SecAsn1Coder.h>
34 #include <CoreFoundation/CFArray.h>
35 #include <CoreFoundation/CFData.h>
36 #include <CoreFoundation/CFDate.h>
37 #include <securityd/SecOCSPRequest.h>
38 #include <security_asn1/ocspTemplates.h>
39 #include <Security/SecCertificatePath.h>
40
41 #if defined(__cplusplus)
42 extern "C" {
43 #endif
44
45 typedef enum {
46 kSecOCSPBad = -2,
47 kSecOCSPUnknown = -1,
48 kSecOCSPSuccess = 0,
49 kSecOCSPMalformedRequest = 1,
50 kSecOCSPInternalError = 2,
51 kSecOCSPTryLater = 3,
52 kSecOCSPUnused = 4,
53 kSecOCSPSigRequired = 5,
54 kSecOCSPUnauthorized = 6
55 } SecOCSPResponseStatus;
56
57 enum {
58 kSecRevocationReasonUnrevoked = -2,
59 kSecRevocationReasonUndetermined = -1,
60 kSecRevocationReasonUnspecified = 0,
61 kSecRevocationReasonKeyCompromise = 1,
62 kSecRevocationReasonCACompromise = 2,
63 kSecRevocationReasonAffiliationChanged = 3,
64 kSecRevocationReasonSuperseded = 4,
65 kSecRevocationReasonCessationOfOperation = 5,
66 kSecRevocationReasonCertificateHold = 6,
67 /* -- value 7 is not used */
68 kSecRevocationReasonRemoveFromCRL = 8,
69 kSecRevocationReasonPrivilegeWithdrawn = 9,
70 kSecRevocationReasonAACompromise = 10
71 };
72 typedef int32_t SecRevocationReason;
73
74
75 /*!
76 @typedef SecOCSPResponseRef
77 @abstract Object used for ocsp response decoding.
78 */
79 typedef struct __SecOCSPResponse *SecOCSPResponseRef;
80
81 struct __SecOCSPResponse {
82 CFDataRef data;
83 SecAsn1CoderRef coder;
84 SecOCSPResponseStatus responseStatus;
85 CFDataRef nonce;
86 CFAbsoluteTime producedAt;
87 CFAbsoluteTime latestNextUpdate;
88 CFAbsoluteTime expireTime;
89 CFAbsoluteTime verifyTime;
90 SecAsn1OCSPBasicResponse basicResponse;
91 SecAsn1OCSPResponseData responseData;
92 SecAsn1OCSPResponderIDTag responderIdTag;
93 SecAsn1OCSPResponderID responderID;
94 };
95
96 typedef struct __SecOCSPSingleResponse *SecOCSPSingleResponseRef;
97
98 struct __SecOCSPSingleResponse {
99 SecAsn1OCSPCertStatusTag certStatus;
100 CFAbsoluteTime thisUpdate;
101 CFAbsoluteTime nextUpdate; /* may be NULL_TIME */
102 CFAbsoluteTime revokedTime; /* != NULL_TIME for certStatus == CS_Revoked */
103 SecRevocationReason crlReason;
104 //OCSPExtensions *extensions;
105 };
106
107 /*!
108 @function SecOCSPResponseCreate
109 @abstract Returns a SecOCSPResponseRef from a BER encoded ocsp response.
110 @param berResponse The BER encoded ocsp response.
111 @result A SecOCSPResponseRef.
112 */
113 SecOCSPResponseRef SecOCSPResponseCreate(CFDataRef ocspResponse,
114 CFTimeInterval maxAge);
115
116 CFDataRef SecOCSPResponseGetData(SecOCSPResponseRef this);
117
118 SecOCSPResponseStatus SecOCSPGetResponseStatus(SecOCSPResponseRef ocspResponse);
119
120 CFAbsoluteTime SecOCSPResponseGetExpirationTime(SecOCSPResponseRef ocspResponse);
121
122 CFDataRef SecOCSPResponseGetNonce(SecOCSPResponseRef ocspResponse);
123
124 CFAbsoluteTime SecOCSPResponseProducedAt(SecOCSPResponseRef ocspResponse);
125
126 CFAbsoluteTime SecOCSPResponseVerifyTime(SecOCSPResponseRef ocspResponse);
127
128 /*!
129 @function SecOCSPResponseCopySigners
130 @abstract Returns an array of signers.
131 @param ocspResponse A SecOCSPResponseRef.
132 @result The passed in SecOCSPResponseRef is deallocated
133 */
134 CFArrayRef SecOCSPResponseCopySigners(SecOCSPResponseRef ocspResponse);
135
136 /*!
137 @function SecOCSPResponseFinalize
138 @abstract Frees a SecOCSPResponseRef.
139 @param ocspResponse The BER encoded ocsp response.
140 @result A SecOCSPResponseRef.
141 */
142 void SecOCSPResponseFinalize(SecOCSPResponseRef ocspResponse);
143
144 SecOCSPSingleResponseRef SecOCSPResponseCopySingleResponse(
145 SecOCSPResponseRef ocspResponse, SecOCSPRequestRef request);
146
147 void SecOCSPSingleResponseDestroy(SecOCSPSingleResponseRef this);
148
149 /* Returns the SecCertificatePathRef who's leaf signed this ocspResponse if
150 we can find one and NULL if we can't find a valid signer. The issuerPath
151 contains the cert chain from the anchor to the certificate that issued the
152 leaf certificate for which this ocspResponse is supposed to be valid. */
153 SecCertificatePathRef SecOCSPResponseCopySigner(SecOCSPResponseRef this,
154 SecCertificatePathRef issuerPath);
155
156 #if defined(__cplusplus)
157 }
158 #endif
159
160 #endif /* !_SECURITY_SECOCSPRESPONSE_H_ */
mirror of Security