1/*
2 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * ocspdDb.h - API for OCSP daemon database
26 */
27
28#ifndef	_OCSPD_DB_H_
29#define _OCSPD_DB_H_
30
31#include <Security/cssmtype.h>
32#include <Security/SecAsn1Coder.h>
33
34#ifdef __cplusplus
35extern "C" {
36#endif
37
38/*
39 * Lookup cached response. Result is a DER-encoded OCSP response, the same bits
40 * originally obtained from the net. Result is allocated in specified
41 * SecAsn1CoderRef's memory. Never returns a stale entry; we always check the
42 * enclosed SingleResponse for temporal validity.
43 *
44 * Just a boolean returned; we found it, or not.
45 */
46bool ocspdDbCacheLookup(
47	SecAsn1CoderRef		coder,
48	const CSSM_DATA		&certID,
49	const CSSM_DATA		*localResponder,	// optional; if present, must match
50											// entry's URI
51	CSSM_DATA			&derResp);			// RETURNED
52
53/*
54 * Add an OCSP response to cache. Incoming response is completely unverified;
55 * we just verify that we can parse it and is has at least one SingleResponse
56 * which is temporally valid.
57 */
58void ocspdDbCacheAdd(
59	const CSSM_DATA		&ocspResp,			// as it came from the server
60	const CSSM_DATA		&URI);				// where it came from
61
62/*
63 * Delete any entry associated with specified certID from cache.
64 */
65void ocspdDbCacheFlush(
66	const CSSM_DATA		&certID);
67
68/*
69 * Flush stale entries from cache.
70 */
71void ocspdDbCacheFlushStale();
72
73#ifdef __cplusplus
74}
75#endif
76
77#endif	/* _OCSPD_DB_H_ */
78
79