]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ocspd/mig/ocspd.defs
Security-57740.60.18.tar.gz
[apple/security.git] / OSX / libsecurity_ocspd / mig / ocspd.defs
1 //
2 // Copyright (c) 2002-2011 Apple Inc. All Rights Reserved.
3 //
4 // @APPLE_LICENSE_HEADER_START@
5 //
6 // This file contains Original Code and/or Modifications of Original Code
7 // as defined in and that are subject to the Apple Public Source License
8 // Version 2.0 (the 'License'). You may not use this file except in
9 // compliance with the License. Please obtain a copy of the License at
10 // http://www.opensource.apple.com/apsl/ and read it before using this
11 // file.
12 //
13 // The Original Code and all software distributed under the License are
14 // distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 // EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 // INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 // FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 // Please see the License for the specific language governing rights and
19 // limitations under the License.
20 //
21 // @APPLE_LICENSE_HEADER_END@
22 //
23 // ocspd.defs: MIG definition of OCSP daemon RPCs
24 //
25 #include <mach/std_types.defs>
26 #include <mach/mach_types.defs>
27
28 subsystem ocspd 33003;
29 serverprefix ocsp_server_;
30 userprefix ocsp_client_;
31
32 import <security_ocspd/ocspdTypes.h>;
33 import <stdint.h>;
34
35 type Data = array [] of char;
36 type OSStatus = int32_t;
37
38 // *** IMPORTANT ***
39 // Always add new routines to the end of the file,
40 // to avoid renumbering of existing routines!
41
42 //
43 // Normal OCSP request. Depending on contents of encoded SecAsn1OCSPDRequests,
44 // this optionally performs cache lookup, local responder OCSP, and normal
45 // OCSP, in that order. If OCSP response is fetched from the net the netFetch
46 // outParam is true on return.
47 //
48 routine ocspdFetch(
49 requestport serverport : mach_port_t;
50 serveraudittoken sourceAudit: audit_token_t;
51 in ocsp_req : Data;
52 out ocsp_rep : Data);
53
54 //
55 // Flush all responses associated with specified CertID from cache.
56 //
57 routine ocspdCacheFlush(
58 requestport serverport : mach_port_t;
59 in certID : Data);
60
61 //
62 // Flush stale OCSP entries from cache.
63 //
64 routine ocspdCacheFlushStale(
65 requestport serverport : mach_port_t);
66
67 //
68 // Fetch a cert from net.
69 //
70 routine certFetch(
71 requestport serverport : mach_port_t;
72 serveraudittoken sourceAudit: audit_token_t;
73 in cert_url : Data;
74 out cert_data : Data);
75
76 //
77 // Fetch a CRL from net with optional cache lookup and store.
78 // verify_time only used for cache lookup.
79 //
80 // crl_issuer is optional; it's the normalized issuer of the
81 // CRL to be fetched, used for cache lookup. It is only specified
82 // when client knows that the issuer of the CRL is the same as
83 // the issuer of the cert being verified (i.e., there is no
84 // crlIssuer field in the crlDistributionPoints extension).
85 //
86 routine crlFetch(
87 requestport serverport : mach_port_t;
88 serveraudittoken sourceAudit: audit_token_t;
89 in crl_url : Data;
90 in crl_issuer : Data;
91 in cache_read : boolean_t;
92 in cache_write : boolean_t;
93 in verify_time : Data;
94 out crl_data : Data);
95
96 //
97 // Refresh CRL cache.
98 //
99 routine crlRefresh(
100 requestport serverport : mach_port_t;
101 in stale_days : uint32_t;
102 in expire_overlap_seconds : uint32_t;
103 in purge_all : boolean_t;
104 in full_crypto_verify : boolean_t);
105
106 //
107 // Flush CRLs associated with specified URL from cache.
108 //
109 routine crlFlush(
110 requestport serverport : mach_port_t;
111 in cert_url : Data);
112
113 //
114 // Obtain TrustSettings. The domain argument is a SecTrustSettingsDomain.
115 //
116 routine trustSettingsRead(
117 requestport serverport : mach_port_t;
118 serveraudittoken sourceAudit: audit_token_t;
119 in domain: uint32_t;
120 out trustSettings : Data;
121 out rcode : OSStatus);
122
123 //
124 // Write TrustSettings to disk. Results in authentication dialog.
125 //
126 routine trustSettingsWrite(
127 requestport serverport : mach_port_t;
128 serveraudittoken sourceAudit: audit_token_t;
129 in clientport: mach_port_t;
130 in domain: uint32_t;
131 in authBlob: Data;
132 in trustSettings : Data;
133 out rcode: OSStatus);
134
135 //
136 // Get CRL status for given serial number and PEM-encoded issuers,
137 // along with issuer name or distribution point URL.
138 //
139 routine crlStatus(
140 requestport serverport : mach_port_t;
141 in serial_number: Data;
142 in cert_issuers : Data;
143 in crl_issuer : Data;
144 in crl_url : Data);
145