corrected copyright notices
[gnutls.git] / lib / includes / gnutls / ocsp.h
blobefc184f998a92b95a433e4631f455f8e2ce38e28
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Simon Josefsson
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Online Certificate Status Protocol - RFC 2560
26 #ifndef GNUTLS_OCSP_H
27 #define GNUTLS_OCSP_H
29 #include <gnutls/gnutls.h>
30 #include <gnutls/x509.h>
32 #ifdef __cplusplus
33 extern "C"
35 #endif
37 #define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
39 /**
40 * gnutls_ocsp_print_formats_t:
41 * @GNUTLS_OCSP_PRINT_FULL: Full information about OCSP request/response.
42 * @GNUTLS_OCSP_PRINT_COMPACT: More compact information about OCSP request/response.
44 * Enumeration of different OCSP printing variants.
46 typedef enum gnutls_ocsp_print_formats_t
48 GNUTLS_OCSP_PRINT_FULL = 0,
49 GNUTLS_OCSP_PRINT_COMPACT = 1,
50 } gnutls_ocsp_print_formats_t;
52 /**
53 * gnutls_ocsp_resp_status_t:
54 * @GNUTLS_OCSP_RESP_SUCCESSFUL: Response has valid confirmations.
55 * @GNUTLS_OCSP_RESP_MALFORMEDREQUEST: Illegal confirmation request
56 * @GNUTLS_OCSP_RESP_INTERNALERROR: Internal error in issuer
57 * @GNUTLS_OCSP_RESP_TRYLATER: Try again later
58 * @GNUTLS_OCSP_RESP_SIGREQUIRED: Must sign the request
59 * @GNUTLS_OCSP_RESP_UNAUTHORIZED: Request unauthorized
61 * Enumeration of different OCSP response status codes.
63 typedef enum gnutls_ocsp_resp_status_t
65 GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
66 GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
67 GNUTLS_OCSP_RESP_INTERNALERROR = 2,
68 GNUTLS_OCSP_RESP_TRYLATER = 3,
69 GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
70 GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
71 } gnutls_ocsp_resp_status_t;
73 /**
74 * gnutls_ocsp_cert_status_t:
75 * @GNUTLS_OCSP_CERT_GOOD: Positive response to status inquiry.
76 * @GNUTLS_OCSP_CERT_REVOKED: Certificate has been revoked.
77 * @GNUTLS_OCSP_CERT_UNKNOWN: The responder doesn't know about the
78 * certificate.
80 * Enumeration of different OCSP response certificate status codes.
82 typedef enum gnutls_ocsp_cert_status_t
84 GNUTLS_OCSP_CERT_GOOD = 0,
85 GNUTLS_OCSP_CERT_REVOKED = 1,
86 GNUTLS_OCSP_CERT_UNKNOWN = 2
87 } gnutls_ocsp_cert_status_t;
89 /**
90 * gnutls_x509_crl_reason_t:
91 * @GNUTLS_X509_CRLREASON_UNSPECIFIED: Unspecified reason.
92 * @GNUTLS_X509_CRLREASON_KEYCOMPROMISE: Private key compromised.
93 * @GNUTLS_X509_CRLREASON_CACOMPROMISE: CA compromised.
94 * @GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: Affiliation has changed.
95 * @GNUTLS_X509_CRLREASON_SUPERSEDED: Certificate superseded.
96 * @GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: Operation has ceased.
97 * @GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: Certificate is on hold.
98 * @GNUTLS_X509_CRLREASON_REMOVEFROMCRL: Will be removed from delta CRL.
99 * @GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: Privilege withdrawn.
100 * @GNUTLS_X509_CRLREASON_AACOMPROMISE: AA compromised.
102 * Enumeration of different reason codes. Note that this
103 * corresponds to the CRLReason ASN.1 enumeration type, and not the
104 * ReasonFlags ASN.1 bit string.
106 typedef enum gnutls_x509_crl_reason_t
108 GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
109 GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
110 GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
111 GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
112 GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
113 GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
114 GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
115 GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
116 GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
117 GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
118 } gnutls_x509_crl_reason_t;
121 * gnutls_ocsp_verify_reason_t:
122 * @GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND: Signer cert not found.
123 * @GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR: Signer keyusage bits incorrect.
124 * @GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER: Signer is not trusted.
125 * @GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM: Signature using insecure algorithm.
126 * @GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE: Signature mismatch.
127 * @GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED: Signer cert is not yet activated.
128 * @GNUTLS_OCSP_VERIFY_CERT_EXPIRED: Signer cert has expired.
130 * Enumeration of OCSP verify status codes, used by
131 * gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct().
133 typedef enum gnutls_ocsp_verify_reason_t
135 GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
136 GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
137 GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
138 GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
139 GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
140 GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
141 GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
142 } gnutls_ocsp_verify_reason_t;
144 struct gnutls_ocsp_req_int;
145 typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
147 int gnutls_ocsp_req_init (gnutls_ocsp_req_t * req);
148 void gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req);
150 int gnutls_ocsp_req_import (gnutls_ocsp_req_t req,
151 const gnutls_datum_t * data);
152 int gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data);
153 int gnutls_ocsp_req_print (gnutls_ocsp_req_t req,
154 gnutls_ocsp_print_formats_t format,
155 gnutls_datum_t * out);
157 int gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req);
159 int gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req,
160 unsigned indx,
161 gnutls_digest_algorithm_t *digest,
162 gnutls_datum_t *issuer_name_hash,
163 gnutls_datum_t *issuer_key_hash,
164 gnutls_datum_t *serial_number);
165 int gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req,
166 gnutls_digest_algorithm_t digest,
167 const gnutls_datum_t *issuer_name_hash,
168 const gnutls_datum_t *issuer_key_hash,
169 const gnutls_datum_t *serial_number);
170 int gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req,
171 gnutls_digest_algorithm_t digest,
172 gnutls_x509_crt_t issuer,
173 gnutls_x509_crt_t cert);
175 int gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req,
176 unsigned indx,
177 gnutls_datum_t *oid,
178 unsigned int *critical,
179 gnutls_datum_t *data);
180 int gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req,
181 const char *oid,
182 unsigned int critical,
183 const gnutls_datum_t *data);
185 int gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req,
186 unsigned int *critical,
187 gnutls_datum_t *nonce);
188 int gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req,
189 unsigned int critical,
190 const gnutls_datum_t *nonce);
191 int gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req);
193 struct gnutls_ocsp_resp_int;
194 typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
196 int gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp);
197 void gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp);
199 int gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp,
200 const gnutls_datum_t * data);
201 int gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp,
202 gnutls_datum_t * data);
203 int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp,
204 gnutls_ocsp_print_formats_t format,
205 gnutls_datum_t * out);
207 int gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp);
208 int gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp,
209 gnutls_datum_t *response_type_oid,
210 gnutls_datum_t *response);
212 int gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp);
213 int gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp,
214 gnutls_datum_t *dn);
215 time_t gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp);
216 int gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp,
217 unsigned indx,
218 gnutls_digest_algorithm_t *digest,
219 gnutls_datum_t *issuer_name_hash,
220 gnutls_datum_t *issuer_key_hash,
221 gnutls_datum_t *serial_number,
222 unsigned int *cert_status,
223 time_t *this_update,
224 time_t *next_update,
225 time_t *revocation_time,
226 unsigned int *revocation_reason);
227 int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp,
228 unsigned indx,
229 gnutls_datum_t *oid,
230 unsigned int *critical,
231 gnutls_datum_t *data);
232 int gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp,
233 unsigned int *critical,
234 gnutls_datum_t *nonce);
235 int gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp);
236 int gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp,
237 gnutls_datum_t *sig);
238 int gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp,
239 gnutls_x509_crt_t ** certs,
240 size_t *ncerts);
242 int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp,
243 gnutls_x509_crt_t issuer,
244 unsigned int *verify,
245 unsigned int flags);
246 int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp,
247 gnutls_x509_trust_list_t trustlist,
248 unsigned int *verify,
249 unsigned int flags);
251 int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp,
252 unsigned int indx,
253 gnutls_x509_crt_t crt);
255 #ifdef __cplusplus
257 #endif
259 #endif /* GNUTLS_OCSP_H */