X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_apple_x509_tp/lib/TPNetwork.h diff --git a/Security/libsecurity_apple_x509_tp/lib/TPNetwork.h b/Security/libsecurity_apple_x509_tp/lib/TPNetwork.h new file mode 100644 index 00000000..57a37bde --- /dev/null +++ b/Security/libsecurity_apple_x509_tp/lib/TPNetwork.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * TPNetwork.h - LDAP (and eventually) other network tools + * + */ + +#ifndef _TP_NETWORK_H_ +#define _TP_NETWORK_H_ + +#include +#include "TPCertInfo.h" +#include "TPCrlInfo.h" + +extern "C" { + +/* + * Fetch CRL(s) for specified cert if the cert has a cRlDistributionPoint + * extension. If a non-NULL CRL is returned, it has passed verification + * with specified TPVerifyContext. + * The common, trivial failure of "no URI in a cRlDistributionPoint + * extension" is indicated by CSSMERR_APPLETP_CRL_NOT_FOUND. + */ +extern CSSM_RETURN tpFetchCrlFromNet( + TPCertInfo &cert, + TPVerifyContext &verifyContext, + TPCrlInfo *&crl); // RETURNED + +/* + * Fetch issuer cert of specified cert if the cert has an issuerAltName + * with a URI. If non-NULL cert is returned, it has passed subject/issuer + * name comparison and signature verification with target cert. + * The common, trivial failure of "no URI in an issuerAltName + * extension" is indicated by CSSMERR_TP_CERTGROUP_INCOMPLETE. + * A CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE return indicates that + * subsequent signature verification is needed. + */ +extern CSSM_RETURN tpFetchIssuerFromNet( + TPCertInfo &subject, + CSSM_CL_HANDLE clHand, + CSSM_CSP_HANDLE cspHand, + const char *verifyTime, + TPCertInfo *&issuer); // RETURNED + +} + +#endif /* TP_NETWORK_H_ */