1/*
2 * Copyright (c) 2004-2011 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * crlDb.h - CRL cache
26 */
27
28#ifndef	_OCSPD_CRL_DB_H_
29#define _OCSPD_CRL_DB_H_
30
31#include <Security/cssmtype.h>
32#include <security_utilities/alloc.h>
33#include <security_utilities/debugging.h>
34
35
36#ifdef __cplusplus
37extern "C" {
38#endif
39
40/*
41 * Lookup cached CRL by URL or issuer, and verifyTime.
42 * Just a boolean returned; we found it, or not.
43 * Exactly one of {url, issuer} should be non-NULL.
44 */
45bool crlCacheLookup(
46	Allocator			&alloc,
47	const CSSM_DATA		*url,
48	const CSSM_DATA		*issuer,			// optional
49	const CSSM_DATA		&verifyTime,
50	CSSM_DATA			&crlData);			// allocd in alloc space and RETURNED
51
52/*
53 * Add a CRL response to cache. Incoming response is completely unverified;
54 * we just verify that we can parse it.
55 */
56CSSM_RETURN crlCacheAdd(
57	const CSSM_DATA		&crlData,			// as it came from the server
58	const CSSM_DATA		&url);				// where it came from
59
60/*
61 * Delete any CRL associated with specified URL from cache.
62 */
63void crlCacheFlush(
64	const CSSM_DATA		&url);
65
66/*
67 * Refresh the CRL cache.
68 */
69void crlCacheRefresh(
70	unsigned			staleDays,
71	unsigned			expireOverlapSeconds,
72	bool				purgeAll,
73	bool				fullCryptoVerify,
74	bool				doRefresh);
75
76#ifdef __cplusplus
77}
78#endif
79
80#endif	/* _OCSPD_CRL_DB_H_ */
81
82