]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_apple_x509_tp/lib/tpOcspCertVfy.h
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / tpOcspCertVfy.h
diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpOcspCertVfy.h b/OSX/libsecurity_apple_x509_tp/lib/tpOcspCertVfy.h
new file mode 100644 (file)
index 0000000..def5369
--- /dev/null
+++ b/OSX/libsecurity_apple_x509_tp/lib/tpOcspCertVfy.h
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * tpOcspCertVfy.h - OCSP cert verification routines
+ */
+#ifndef        _TP_OCSP_CERT_VFY_H_
+#define _TP_OCSP_CERT_VFY_H_
+
+#include "TPCertInfo.h"
+#include "tpCrlVerify.h"
+#include <security_asn1/SecNssCoder.h>
+#include <security_ocspd/ocspResponse.h>
+
+#ifdef __cplusplus
+
+extern "C" {
+#endif
+
+/*
+ * Verify an OCSP response in the form of a pre-decoded OCSPResponse. Does 
+ * signature verification as well as cert chain verification. Sometimes we can
+ * verify if we don't know the issuer; sometimes we can.
+ */
+typedef enum {
+       ORS_Unknown,                    // unable to verify one way or another
+       ORS_Good,                               // known to be good
+       ORS_Bad                                 // known to be bad
+} OcspRespStatus;
+
+OcspRespStatus tpVerifyOcspResp(
+       TPVerifyContext         &vfyCtx,
+       SecNssCoder                     &coder,
+       TPCertInfo                      *issuer,                // issuer of the related cert, may be issuer of 
+                                                                               //   reply
+       OCSPResponse            &ocspResp,
+       CSSM_RETURN                     &cssmErr);              // possible per-cert error 
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _TP_OCSP_CERT_VFY_H_ */
+
mirror of Security