/usr/include/libdigidoc/DigiDocOCSP.h is in libdigidoc-dev 3.10.1.1208+ds1-2.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | #ifndef __DIGIDOC_OCSP_H__
#define __DIGIDOC_OCSP_H__
//==================================================
// FILE: DigiDocOCSP.h
// PROJECT: Digi Doc
// DESCRIPTION: DigiDoc OCSP handling routines
// AUTHOR: Veiko Sinivee, S|E|B IT Partner Estonia
//==================================================
// Copyright (C) AS Sertifitseerimiskeskus
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
// GNU Lesser General Public Licence is available at
// http://www.gnu.org/copyleft/lesser.html
//==========< HISTORY >=============================
// 26.04.2006 Veiko Sinivee
// Creation
//==================================================
#include <libdigidoc/DigiDocDefs.h>
#include <libdigidoc/DigiDocObj.h>
#include <libdigidoc/DigiDocMem.h>
#include <openssl/ocsp.h>
//==========< XML generation routines >========================
#ifdef __cplusplus
extern "C" {
#endif
//--------------------------------------------------
// sends an OCSP_REQUES object to remore server and
// retrieves the OCSP_RESPONSE object
// resp - buffer to store the new responses pointer
// req - request objects pointer
// url - OCSP responder URL
// ip_addr - senders ip address if known or 0
//--------------------------------------------------
int sendOCSPRequest(OCSP_RESPONSE** resp, OCSP_REQUEST *req,
char* url, char* proxyHost, char* proxyPort,
unsigned long ip_addr);
// Decodes binary (DER) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
EXP_OPTION int ddocDecodeOCSPResponseData(OCSP_RESPONSE **ppResp, const byte* data, int len);
// Decodes base64 (PEM) OCSP_RESPONSE data and returns a OCSP_RESPONSE object
EXP_OPTION int ddocDecodeOCSPResponsePEMData(OCSP_RESPONSE **ppResp, const byte* data, int len);
EXP_OPTION int writeOCSPRequest(SignedDoc* pSigDoc, const char* signerCertFile,
const char* issuertCertFile,
byte* nonce, int nlen, const char* szOutputFile);
// Creates and sends an OCSP_REQUEST object
// to the notary server, receives the response
// and uses it to create a confirmation object.
EXP_OPTION int getConfirmation(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
const X509** caCerts, const X509* pNotCert,
char* pkcs12FileName, char* pkcs12Password,
char* notaryURL, char* proxyHost, char* proxyPort);
// another way to get OCSP confirmation by sending also callers ip address
EXP_OPTION int getConfirmationWithIp(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
const X509** caCerts, const X509* pNotCert,
char* pkcs12FileName, char* pkcs12Password,
char* notaryURL, char* proxyHost, char* proxyPort,
unsigned long ip);
// another way to get OCSP confirmation by sending also callers ip address
EXP_OPTION int getConfirmationWithIpEx(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
const X509** caCerts, const X509* pNotCert,
char* pkcs12FileName, char* pkcs12Password,
char* notaryURL, char* proxyHost, char* proxyPort,
char* proxyUser, char* proxyPass, unsigned long ip);
// use this if you passed NULL-s to getConfirmation() param notaryCert
EXP_OPTION int finalizeAndVerifyNotary(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
NotaryInfo* pNotInf,
const X509** caCerts, const X509* pNotCert);
//--------------------------------------------------
// Adds responder certificate to notary, searches it's
// CA chain and then verifies notary
// pSigDoc - signed doc info
// pSigInfo - signature info
// caCertSearches - responder CA certs chain
// notaryCert - notarys cert search
// returns error code
//--------------------------------------------------
int EXP_OPTION finalizeAndVerifyNotary2(SignedDoc* pSigDoc, SignatureInfo* pSigInfo,
NotaryInfo* pNotInf,
const X509** caCerts, const X509* pNotCert, const X509* pSigCa);
int ReadOCSPResponse(OCSP_RESPONSE **newOCSP_RESPONSE, const char* szFileName);
int initializeNotaryInfoWithOCSP(SignedDoc *pSigDoc, NotaryInfo *pNotary,
OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
int initializeNotaryInfoWithOCSP2(SignedDoc *pSigDoc, NotaryInfo *pNotary,
OCSP_RESPONSE *resp, X509 *notCert, int initDigest);
//--------------------------------------------------
// Verfies OCSP_RESPONSE signature
// pResp - signed OCSP response
// caCerts - CA certificate pointer array terminated with NULL
// CApath - path to (directory) all certs
// notCertFile - Notary (e.g. OCSP responder) cert file
//--------------------------------------------------
int verifyOCSPResponse(OCSP_RESPONSE* pResp,
const X509** caCerts, const char *CApath,
const X509* notCert);
//--------------------------------------------------
// Helper function to read OCSP_RESPONSE from binary input data
// ppResp - address of newly allocated OCSP_RESPONSE object
// pMBufInData - input data
// returns error code or ERR_OK
//--------------------------------------------------
int ddocOcspReadOcspResp(OCSP_RESPONSE** ppResp, DigiDocMemBuf* pMBufInData);
//--------------------------------------------------
// Helper function to write OCSP_RESPONSE to binary output data
// pResp - address of OCSP_RESPONSE object
// pMBufOutData - output data
// returns error code or ERR_OK
//--------------------------------------------------
int ddocOcspWriteOcspResp(OCSP_RESPONSE* pResp, DigiDocMemBuf* pMBufOutData);
// get OCSP in PEM form
EXP_OPTION int getOcspPEM(OCSP_RESPONSE* pResp, int bHeaders, char** buf);
//--------------------------------------------------
// Helper function to return OCSP_RESPONSE in base64 form.
// Memory buffer will be resized as necessary.
// Caller must release output buffer.
// pNotary - Notary object
// bHeaders - 1= with headers, 0=no headers
// pMBufOutData - output data
// returns error code or ERR_OK
//--------------------------------------------------
EXP_OPTION int ddocGetOcspBase64(NotaryInfo *pNotary, int bHeaders, DigiDocMemBuf* pMBufOutData);
#ifdef __cplusplus
}
#endif
#endif // __DIGIDOC_OCSP_H__
|