1/* 2 * Copyright (c) 2004-2011 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * crlDb.h - CRL cache 26 */ 27 28#ifndef _OCSPD_CRL_DB_H_ 29#define _OCSPD_CRL_DB_H_ 30 31#include <Security/cssmtype.h> 32#include <security_utilities/alloc.h> 33#include <security_utilities/debugging.h> 34 35 36#ifdef __cplusplus 37extern "C" { 38#endif 39 40/* 41 * Lookup cached CRL by URL or issuer, and verifyTime. 42 * Just a boolean returned; we found it, or not. 43 * Exactly one of {url, issuer} should be non-NULL. 44 */ 45bool crlCacheLookup( 46 Allocator &alloc, 47 const CSSM_DATA *url, 48 const CSSM_DATA *issuer, // optional 49 const CSSM_DATA &verifyTime, 50 CSSM_DATA &crlData); // allocd in alloc space and RETURNED 51 52/* 53 * Add a CRL response to cache. Incoming response is completely unverified; 54 * we just verify that we can parse it. 55 */ 56CSSM_RETURN crlCacheAdd( 57 const CSSM_DATA &crlData, // as it came from the server 58 const CSSM_DATA &url); // where it came from 59 60/* 61 * Delete any CRL associated with specified URL from cache. 62 */ 63void crlCacheFlush( 64 const CSSM_DATA &url); 65 66/* 67 * Refresh the CRL cache. 68 */ 69void crlCacheRefresh( 70 unsigned staleDays, 71 unsigned expireOverlapSeconds, 72 bool purgeAll, 73 bool fullCryptoVerify, 74 bool doRefresh); 75 76#ifdef __cplusplus 77} 78#endif 79 80#endif /* _OCSPD_CRL_DB_H_ */ 81 82