1/* 2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19/* 20 * TPNetwork.h - LDAP (and eventually) other network tools 21 * 22 * Written 10/3/2002 by Doug Mitchell. 23 */ 24 25#ifndef _TP_NETWORK_H_ 26#define _TP_NETWORK_H_ 27 28#include <Security/cssmtype.h> 29#include "TPCertInfo.h" 30#include "TPCrlInfo.h" 31 32extern "C" { 33 34/* 35 * Fetch CRL(s) for specified cert if the cert has a cRlDistributionPoint 36 * extension. If a non-NULL CRL is returned, it has passed verification 37 * with specified TPVerifyContext. 38 * The common, trivial failure of "no URI in a cRlDistributionPoint 39 * extension" is indicated by CSSMERR_APPLETP_CRL_NOT_FOUND. 40 */ 41extern CSSM_RETURN tpFetchCrlFromNet( 42 TPCertInfo &cert, 43 TPVerifyContext &verifyContext, 44 TPCrlInfo *&crl); // RETURNED 45 46/* 47 * Fetch issuer cert of specified cert if the cert has an issuerAltName 48 * with a URI. If non-NULL cert is returned, it has passed subject/issuer 49 * name comparison and signature verification with target cert. 50 * The common, trivial failure of "no URI in an issuerAltName 51 * extension" is indicated by CSSMERR_TP_CERTGROUP_INCOMPLETE. 52 * A CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE return indicates that 53 * subsequent signature verification is needed. 54 */ 55extern CSSM_RETURN tpFetchIssuerFromNet( 56 TPCertInfo &subject, 57 CSSM_CL_HANDLE clHand, 58 CSSM_CSP_HANDLE cspHand, 59 const char *verifyTime, 60 TPCertInfo *&issuer); // RETURNED 61 62} 63 64#endif /* TP_NETWORK_H_ */ 65