1/* 2 * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * tsaTemplates.h - ASN1 templates Time Stamping Authority requests and responses. 24 * see rfc3161.asn1 for ASN.1 and other comments 25 */ 26 27#ifndef _TSA_TEMPLATES_H_ 28#define _TSA_TEMPLATES_H_ 29 30#include <Security/secasn1t.h> 31#include <Security/x509defs.h> /* CSSM_X509_ALGORITHM_IDENTIFIER */ 32#include <Security/X509Templates.h> /* NSS_CertExtension */ 33#include <Security/nameTemplates.h> /* NSS_GeneralName and support */ 34#include "cmstpriv.h" /* SecCmsContentInfo */ 35 36#ifdef __cplusplus 37extern "C" { 38#endif 39 40#pragma mark ----- TSA Request ----- 41 42 43typedef CSSM_OID TSAPolicyId; 44 45typedef struct { 46 CSSM_X509_ALGORITHM_IDENTIFIER hashAlgorithm; 47 CSSM_DATA hashedMessage; 48} SecAsn1TSAMessageImprint; 49 50typedef struct { 51 CSSM_DATA seconds; // INTEGER optional 52 CSSM_DATA millis; // INTEGER optional 53 CSSM_DATA micros; // INTEGER optional 54} SecAsn1TSAAccuracy; 55 56typedef struct { 57 CSSM_DATA version; // INTEGER (1) 58 SecAsn1TSAMessageImprint messageImprint; 59 TSAPolicyId reqPolicy; // OPTIONAL 60 CSSM_DATA nonce; // INTEGER optional 61 CSSM_DATA certReq; // BOOL 62 CSSM_X509_EXTENSIONS **extensions; // [0] IMPLICIT Extensions OPTIONAL 63} SecAsn1TSATimeStampReq; 64 65#pragma mark ----- TSA Response ----- 66 67typedef struct { 68 CSSM_DATA status; 69 CSSM_DATA statusString; // OPTIONAL 70 CSSM_DATA failInfo; // OPTIONAL 71} SecAsn1TSAPKIStatusInfo; 72 73typedef SecCmsContentInfo SecTimeStampToken; 74 75typedef struct { 76 SecAsn1TSAPKIStatusInfo status; 77 SecTimeStampToken timeStampToken; // OPTIONAL 78} SecAsn1TimeStampResp; 79 80/* 81 We use this to grab the raw DER, but not decode it for subsequent 82 re-insertion into a CMS message as an unsigned attribute 83*/ 84 85typedef struct { 86 SecAsn1TSAPKIStatusInfo status; 87 CSSM_DATA timeStampTokenDER; // OPTIONAL 88} SecAsn1TimeStampRespDER; 89 90typedef struct { 91 CSSM_DATA version; // DEFAULT 1 ***** 92 TSAPolicyId reqPolicy; // OPTIONAL 93 SecAsn1TSAMessageImprint messageImprint; 94 CSSM_DATA serialNumber; // INTEGER 95 CSSM_DATA genTime; 96 SecAsn1TSAAccuracy accuracy; // OPTIONAL 97 CSSM_DATA ordering; // BOOLEAN DEFAULT FALSE 98 CSSM_DATA nonce; // INTEGER optional 99 CSSM_DATA tsa; // [0] GeneralName OPTIONAL 100 CSSM_X509_EXTENSIONS **extensions; // [1] IMPLICIT Extensions OPTIONAL 101} SecAsn1TSATSTInfo; 102 103typedef enum { 104 PKIS_Granted = 0, 105 PKIS_GrantedWithMods = 1, 106 PKIS_Rejection = 2, 107 PKIS_Waiting = 3, 108 PKIS_RevocationWarning = 4, 109 PKIS_RevocationNotification = 5 110} SecAsn1TSAPKIStatus; 111 112typedef enum { 113 FI_BadAlg = 0, 114 FI_BadRequest = 2, 115 FI_BadDataFormat = 5, 116 FI_TimeNotAvailable = 14, 117 FI_UnacceptedPolicy = 15, 118 FI_UnacceptedExtension = 16, 119 FI_AddInfoNotAvailable = 17, 120 FI_SystemFailure = 25 121} SecAsn1TSAPKIFailureInfo; 122 123 124#ifdef __cplusplus 125} 126#endif 127 128#endif /* _TSA_TEMPLATES_H_ */ 129 130