-/*
- * Copyright (c) 2000,2002,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
- * ocspdClient.h - Client interface to OCSP helper daemon
- */
-
-#ifndef _OCSPD_CLIENT_H_
-#define _OCSPD_CLIENT_H_
-
-#include <Security/cssmtype.h>
-#include <Security/SecTrustSettings.h>
-#include <security_utilities/alloc.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#pragma mark ----- OCSP routines -----
-
-/*
- * Normal OCSP request. Depending on contents of encoded SecAsn1OCSPToolRequest,
- * this optionally performs cache lookup, local responder OCSP, and normal
- * OCSP, in that order. If OCSP response is fetched from the net the netFetch
- * outParam is true on return.
- */
-CSSM_RETURN ocspdFetch(
- Allocator &alloc,
- const CSSM_DATA &ocspdReq, // DER-encoded SecAsn1OCSPDRequests
- CSSM_DATA &ocspdResp); // DER-encoded kSecAsn1OCSPDReplies
- // mallocd via alloc and RETURNED
-
-/*
- * Flush all OCSP responses associated with specifed CertID from cache.
- */
-CSSM_RETURN ocspdCacheFlush(
- const CSSM_DATA &certID);
-
-/*
- * Flush stale entries from cache.
- */
-CSSM_RETURN ocspdCacheFlushStale();
-
-#pragma mark ----- CRL/Cert routines -----
-/*
- * fetch a certificate from the net.
- */
-CSSM_RETURN ocspdCertFetch(
- Allocator &alloc,
- const CSSM_DATA &certURL,
- CSSM_DATA &certData); // mallocd via alloc and RETURNED
-
-/*
- * fetch a CRL from the net with optional cache lookup and/or store.
- * VerifyTime argument only used for cache lookup; it must be in
- * CSSM_TIMESTRING format.
- * crlIssuer is optional, and is only specified when the client knows
- * that the issuer of the CRL is the same as the issuer of the cert
- * being verified.
- */
-CSSM_RETURN ocspdCRLFetch(
- Allocator &alloc,
- const CSSM_DATA &crlURL,
- const CSSM_DATA *crlIssuer, // optional
- bool cacheReadEnable,
- bool cacheWriteEnable,
- CSSM_TIMESTRING verifyTime,
- CSSM_DATA &crlData); // mallocd via alloc and RETURNED
-
-/*
- * fetch CRL revocation status, given a certificate's serial number and
- * its issuers, along with an identifier for the CRL (either its issuer name
- * or distribution point URL)
- *
- * This may return one of the following result codes:
- *
- * CSSM_OK (valid CRL was found for this issuer, serial number is not on it)
- * CSSMERR_TP_CERT_REVOKED (valid CRL was found, serial number is revoked)
- * CSSMERR_APPLETP_NETWORK_FAILURE (crl not available, download in progress)
- * CSSMERR_APPLETP_CRL_NOT_FOUND (crl not available, and not in progress)
- *
- * The first three error codes can be considered definitive answers (with the
- * NETWORK_FAILURE case indicating a possible retry later if required); the
- * last error requires a subsequent call to ocspdCRLFetch to either retrieve
- * the CRL from the on-disk cache or initiate a download of the CRL.
- *
- * Note: CSSMERR_TP_INTERNAL_ERROR can also be returned if there is a problem
- * with the provided arguments, or an error communicating with ocspd.
- */
-CSSM_RETURN ocspdCRLStatus(
- const CSSM_DATA &serialNumber,
- const CSSM_DATA &certIssuers,
- const CSSM_DATA *crlIssuer, // optional if URL is supplied
- const CSSM_DATA *crlURL); // optional if issuer is supplied
-
-/*
- * Refresh the CRL cache.
- */
-CSSM_RETURN ocspdCRLRefresh(
- unsigned staleDays,
- unsigned expireOverlapSeconds,
- bool purgeAll,
- bool fullCryptoVerify);
-
-/*
- * Flush all CRLs obtained from specified URL from cache. Called by client when
- * *it* detects a bad CRL.
- */
-CSSM_RETURN ocspdCRLFlush(
- const CSSM_DATA &crlURL);
-
-/*
- * Obtain TrustSettings.
- */
-OSStatus ocspdTrustSettingsRead(
- Allocator &alloc,
- SecTrustSettingsDomain domain,
- CSSM_DATA &trustSettings); // mallocd via alloc and RETURNED
-
-/*
- * Write TrustSettings to disk. Results in authentication dialog.
- */
-OSStatus ocspdTrustSettingsWrite(
- SecTrustSettingsDomain domain,
- const CSSM_DATA &authBlob,
- const CSSM_DATA &trustSettings);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _OCSPD_CLIENT_H_ */
projects / apple / security.git / blobdiff