#ifndef _SECURITY_SECOCSPRESPONSE_H_
#define _SECURITY_SECOCSPRESPONSE_H_
#include <Security/SecAsn1Coder.h>
#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFData.h>
#include <CoreFoundation/CFDate.h>
#include <securityd/SecOCSPRequest.h>
#include <security_asn1/ocspTemplates.h>
__BEGIN_DECLS
typedef enum {
kSecOCSPBad = -2,
kSecOCSPUnknown = -1,
kSecOCSPSuccess = 0,
kSecOCSPMalformedRequest = 1,
kSecOCSPInternalError = 2,
kSecOCSPTryLater = 3,
kSecOCSPUnused = 4,
kSecOCSPSigRequired = 5,
kSecOCSPUnauthorized = 6
} SecOCSPResponseStatus;
enum {
kSecRevocationReasonUnrevoked = -2,
kSecRevocationReasonUndetermined = -1,
kSecRevocationReasonUnspecified = 0,
kSecRevocationReasonKeyCompromise = 1,
kSecRevocationReasonCACompromise = 2,
kSecRevocationReasonAffiliationChanged = 3,
kSecRevocationReasonSuperseded = 4,
kSecRevocationReasonCessationOfOperation = 5,
kSecRevocationReasonCertificateHold = 6,
kSecRevocationReasonRemoveFromCRL = 8,
kSecRevocationReasonPrivilegeWithdrawn = 9,
kSecRevocationReasonAACompromise = 10
};
typedef int32_t SecRevocationReason;
typedef struct __SecOCSPResponse *SecOCSPResponseRef;
struct __SecOCSPResponse {
CFDataRef data;
SecAsn1CoderRef coder;
SecOCSPResponseStatus responseStatus;
CFDataRef nonce;
CFAbsoluteTime producedAt;
CFAbsoluteTime latestNextUpdate;
CFAbsoluteTime expireTime;
SecAsn1OCSPBasicResponse basicResponse;
SecAsn1OCSPResponseData responseData;
SecAsn1OCSPResponderIDTag responderIdTag;
SecAsn1OCSPResponderID responderID;
int64_t responseID;
};
typedef struct __SecOCSPSingleResponse *SecOCSPSingleResponseRef;
struct __SecOCSPSingleResponse {
SecAsn1OCSPCertStatusTag certStatus;
CFAbsoluteTime thisUpdate;
CFAbsoluteTime nextUpdate;
CFAbsoluteTime revokedTime;
SecRevocationReason crlReason;
CFArrayRef scts;
};
SecOCSPResponseRef SecOCSPResponseCreate(CFDataRef ocspResponse);
SecOCSPResponseRef SecOCSPResponseCreateWithID(CFDataRef ocspResponse, int64_t responseID);
int64_t SecOCSPResponseGetID(SecOCSPResponseRef ocspResponse);
bool SecOCSPResponseCalculateValidity(SecOCSPResponseRef this,
CFTimeInterval maxAge, CFTimeInterval defaultTTL, CFAbsoluteTime verifyTime);
CFDataRef SecOCSPResponseGetData(SecOCSPResponseRef this);
SecOCSPResponseStatus SecOCSPGetResponseStatus(SecOCSPResponseRef ocspResponse);
CFAbsoluteTime SecOCSPResponseGetExpirationTime(SecOCSPResponseRef ocspResponse);
CFDataRef SecOCSPResponseGetNonce(SecOCSPResponseRef ocspResponse);
CFAbsoluteTime SecOCSPResponseProducedAt(SecOCSPResponseRef ocspResponse);
CFArrayRef SecOCSPResponseCopySigners(SecOCSPResponseRef ocspResponse);
void SecOCSPResponseFinalize(SecOCSPResponseRef ocspResponse);
SecOCSPSingleResponseRef SecOCSPResponseCopySingleResponse(
SecOCSPResponseRef ocspResponse, SecOCSPRequestRef request);
bool SecOCSPSingleResponseCalculateValidity(SecOCSPSingleResponseRef this, CFAbsoluteTime defaultTTL, CFAbsoluteTime verifyTime);
CFArrayRef SecOCSPSingleResponseCopySCTs(SecOCSPSingleResponseRef this);
void SecOCSPSingleResponseDestroy(SecOCSPSingleResponseRef this);
SecCertificateRef SecOCSPResponseCopySigner(SecOCSPResponseRef this,
SecCertificateRef issuerPath);
__END_DECLS
#endif