libsecurity_apple_x509_tp/lib/TPNetwork.h

   1 /*
   2  * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20  * TPNetwork.h - LDAP (and eventually) other network tools
  21  *
  22  * Written 10/3/2002 by Doug Mitchell.
  23  */
  24
  25 #ifndef _TP_NETWORK_H_
  26 #define _TP_NETWORK_H_
  27
  28 #include <Security/cssmtype.h>
  29 #include "TPCertInfo.h"
  30 #include "TPCrlInfo.h"
  31
  32 extern "C" {
  33
  34 /*
  35  * Fetch CRL(s) for specified cert if the cert has a cRlDistributionPoint
  36  * extension. If a non-NULL CRL is returned, it has passed verification
  37  * with specified TPVerifyContext.
  38  * The common, trivial failure of "no URI in a cRlDistributionPoint
  39  * extension" is indicated by CSSMERR_APPLETP_CRL_NOT_FOUND.
  40  */
  41 extern CSSM_RETURN tpFetchCrlFromNet(
  42         TPCertInfo                      &cert,
  43         TPVerifyContext         &verifyContext,
  44         TPCrlInfo                       *&crl);                         // RETURNED
  45
  46 /*
  47  * Fetch issuer cert of specified cert if the cert has an issuerAltName
  48  * with a URI. If non-NULL cert is returned, it has passed subject/issuer
  49  * name comparison and signature verification with target cert.
  50  * The common, trivial failure of "no URI in an issuerAltName
  51  * extension" is indicated by CSSMERR_TP_CERTGROUP_INCOMPLETE.
  52  * A CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE return indicates that
  53  * subsequent signature verification is needed.
  54  */
  55 extern CSSM_RETURN tpFetchIssuerFromNet(
  56         TPCertInfo                      &subject,
  57         CSSM_CL_HANDLE          clHand,
  58         CSSM_CSP_HANDLE         cspHand,
  59         const char                      *verifyTime,
  60         TPCertInfo                      *&issuer);                      // RETURNED
  61
  62 }
  63
  64 #endif  /* TP_NETWORK_H_ */