2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
20 * tpCrlVerify.h - routines to verify CRLs and to verify certs against CRLs.
22 * Written 9/26/02 by Doug Mitchell.
25 #ifndef _TP_CRL_VERIFY_H_
26 #define _TP_CRL_VERIFY_H_
28 #include <Security/cssmtype.h>
29 #include <Security/cssmalloc.h>
37 * Enumerated CRL policies enforced by this module.
40 kCrlNone
, /* no CRL checking */
44 /* Module-specific default policy */
45 #define TP_CRL_POLICY_DEFAULT kCrlNone
48 * Various parameters widely used in any operation involing the
49 * verification of CRLs and of a cert against a CRL. Most fields
50 * are generally optional for a given operation except.
52 class TPCrlVerifyContext
{
53 NOCOPY(TPCrlVerifyContext
)
56 CssmAllocator
&_alloc
,
57 CSSM_CL_HANDLE _clHand
,
58 CSSM_CSP_HANDLE _cspHand
,
59 CSSM_TIMESTRING _verifyTime
,
60 uint32 _numAnchorCerts
,
61 const CSSM_DATA
*_anchorCerts
,
62 TPCertGroup
*_signerCerts
,
63 TPCrlGroup
*_inputCrls
,
64 TPCertGroup
*_gatheredCerts
,
65 CSSM_DL_DB_LIST_PTR _dbList
,
67 CSSM_APPLE_TP_ACTION_FLAGS _actionFlags
,
68 CSSM_APPLE_TP_CRL_OPTIONS
*_crlOpts
)
72 verifyTime(_verifyTime
),
73 numAnchorCerts(_numAnchorCerts
),
74 anchorCerts(_anchorCerts
),
75 signerCerts(_signerCerts
),
76 inputCrls(_inputCrls
),
77 gatheredCerts(_gatheredCerts
),
80 actionFlags(_actionFlags
),
84 ~TPCrlVerifyContext() { }
87 CSSM_CL_HANDLE clHand
;
88 CSSM_CSP_HANDLE cspHand
;
91 * NULL means "verify for this momemt", otherwise indicates
92 * time at which an entity is to be verified.
94 CSSM_TIMESTRING verifyTime
;
97 /* FIXME - maybe this should be a TPCertGroup */
98 uint32 numAnchorCerts
;
99 const CSSM_DATA
*anchorCerts
;
102 * Intermediate CRL signing certs. Optional.
103 * This could come from the raw cert group to be verified
104 * in CertGroupVerify(), or the explicit SignerCertGroup in
105 * CrlVerify(). These certs have not been verified in any
106 * way other than to ensure that they parse and have been cached
109 TPCertGroup
*signerCerts
;
111 /* Raw CRLs provided by caller, state unknown, optional */
112 TPCrlGroup
*inputCrls
;
115 * Other certificates gathered during the course of this operation,
116 * currently consisting of certs fetched from DBs and from the net.
117 * This is currently set to AppleTPSession::CertGroupVerify's
118 * certsToBeFreed, to include certs fetched from the net (a
119 * significant optimization) and from DLDB (a side effect, also
120 * a slight optimization).
122 TPCertGroup
*gatheredCerts
;
124 /* can contain certs and/or CRLs */
125 CSSM_DL_DB_LIST_PTR dbList
;
128 CSSM_APPLE_TP_ACTION_FLAGS actionFlags
;
129 const CSSM_APPLE_TP_CRL_OPTIONS
*crlOpts
;
134 CSSM_RETURN
tpVerifyCertGroupWithCrls(
135 TPCertGroup
&certGroup
, // to be verified
136 TPCrlVerifyContext
&tpVerifyContext
);
140 #endif /* _TP_CRL_VERIFY_H_ */
projects / apple / security.git / blob