1/*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19/*
20 * TPNetwork.h - LDAP (and eventually) other network tools
21 *
22 * Written 10/3/2002 by Doug Mitchell.
23 */
24
25#ifndef	_TP_NETWORK_H_
26#define _TP_NETWORK_H_
27
28#include <Security/cssmtype.h>
29#include "TPCertInfo.h"
30#include "TPCrlInfo.h"
31
32extern "C" {
33
34/*
35 * Fetch CRL(s) for specified cert if the cert has a cRlDistributionPoint
36 * extension. If a non-NULL CRL is returned, it has passed verification
37 * with specified TPVerifyContext.
38 * The common, trivial failure of "no URI in a cRlDistributionPoint
39 * extension" is indicated by CSSMERR_APPLETP_CRL_NOT_FOUND.
40 */
41extern CSSM_RETURN tpFetchCrlFromNet(
42	TPCertInfo 			&cert,
43	TPVerifyContext		&verifyContext,
44	TPCrlInfo			*&crl);				// RETURNED
45
46/*
47 * Fetch issuer cert of specified cert if the cert has an issuerAltName
48 * with a URI. If non-NULL cert is returned, it has passed subject/issuer
49 * name comparison and signature verification with target cert.
50 * The common, trivial failure of "no URI in an issuerAltName
51 * extension" is indicated by CSSMERR_TP_CERTGROUP_INCOMPLETE.
52 * A CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE return indicates that
53 * subsequent signature verification is needed.
54 */
55extern CSSM_RETURN tpFetchIssuerFromNet(
56	TPCertInfo			&subject,
57	CSSM_CL_HANDLE		clHand,
58	CSSM_CSP_HANDLE		cspHand,
59	const char			*verifyTime,
60	TPCertInfo			*&issuer);			// RETURNED
61
62}
63
64#endif	/* TP_NETWORK_H_ */
65