The Tor Browser / annotate

security/nss/lib/certhigh/ocspi.h@6474c204b198 (annotated)

security/nss/lib/certhigh/ocspi.h

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4 /*
michael@0 5 * ocspi.h - NSS internal interfaces to OCSP code
michael@0 6 */
michael@0 7
michael@0 8 #ifndef _OCSPI_H_
michael@0 9 #define _OCSPI_H_
michael@0 10
michael@0 11 SECStatus OCSP_InitGlobal(void);
michael@0 12 SECStatus OCSP_ShutdownGlobal(void);
michael@0 13
michael@0 14 ocspResponseData *
michael@0 15 ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
michael@0 16
michael@0 17 ocspSignature *
michael@0 18 ocsp_GetResponseSignature(CERTOCSPResponse *response);
michael@0 19
michael@0 20 SECItem *
michael@0 21 ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
michael@0 22 SECItem *fill, const SECItem *src);
michael@0 23
michael@0 24 PRBool
michael@0 25 ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert);
michael@0 26
michael@0 27 CERTCertificate *
michael@0 28 ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
michael@0 29 ocspSignature *signature, CERTCertificate *issuer);
michael@0 30
michael@0 31 SECStatus
michael@0 32 ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
michael@0 33 ocspSignature *signature,
michael@0 34 SECItem *tbsResponseDataDER,
michael@0 35 void *pwArg);
michael@0 36
michael@0 37 CERTOCSPRequest *
michael@0 38 cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
michael@0 39 CERTCertificate *singleCert,
michael@0 40 PRTime time,
michael@0 41 PRBool addServiceLocator,
michael@0 42 CERTCertificate *signerCert);
michael@0 43
michael@0 44 typedef enum { ocspMissing, ocspFresh, ocspStale } OCSPFreshness;
michael@0 45
michael@0 46 SECStatus
michael@0 47 ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
michael@0 48 PRTime time,
michael@0 49 PRBool ignoreOcspFailureMode,
michael@0 50 SECStatus *rvOcsp,
michael@0 51 SECErrorCodes *missingResponseError,
michael@0 52 OCSPFreshness *freshness);
michael@0 53
michael@0 54 /*
michael@0 55 * FUNCTION: cert_ProcessOCSPResponse
michael@0 56 * Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
michael@0 57 * In addition it can update the OCSP cache (using information
michael@0 58 * available internally to this function).
michael@0 59 * INPUTS:
michael@0 60 * CERTCertDBHandle *handle
michael@0 61 * certificate DB of the cert that is being checked
michael@0 62 * CERTOCSPResponse *response
michael@0 63 * the OCSP response we want to retrieve status from.
michael@0 64 * CERTOCSPCertID *certID
michael@0 65 * the ID we want to look for from the response.
michael@0 66 * CERTCertificate *signerCert
michael@0 67 * the certificate that was used to sign the OCSP response.
michael@0 68 * must be obtained via a call to CERT_VerifyOCSPResponseSignature.
michael@0 69 * PRTime time
michael@0 70 * The time at which we're checking the status for.
michael@0 71 * PRBool *certIDWasConsumed
michael@0 72 * In and Out parameter.
michael@0 73 * If certIDWasConsumed is NULL on input,
michael@0 74 * this function might produce a deep copy of cert ID
michael@0 75 * for storing it in the cache.
michael@0 76 * If out value is true, ownership of parameter certID was
michael@0 77 * transferred to the OCSP cache.
michael@0 78 * SECStatus *cacheUpdateStatus
michael@0 79 * This optional out parameter will contain the result
michael@0 80 * of the cache update operation (if requested).
michael@0 81 * RETURN:
michael@0 82 * The return value is not influenced by the cache operation,
michael@0 83 * it matches the documentation for CERT_CheckOCSPStatus
michael@0 84 */
michael@0 85
michael@0 86 SECStatus
michael@0 87 cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
michael@0 88 CERTOCSPResponse *response,
michael@0 89 CERTOCSPCertID *certID,
michael@0 90 CERTCertificate *signerCert,
michael@0 91 PRTime time,
michael@0 92 PRBool *certIDWasConsumed,
michael@0 93 SECStatus *cacheUpdateStatus);
michael@0 94
michael@0 95 /*
michael@0 96 * FUNCTION: cert_RememberOCSPProcessingFailure
michael@0 97 * If an application notices a failure during OCSP processing,
michael@0 98 * it should finally call this function. The failure will be recorded
michael@0 99 * in the OCSP cache in order to avoid repetitive failures.
michael@0 100 * INPUTS:
michael@0 101 * CERTOCSPCertID *certID
michael@0 102 * the ID that was used for the failed OCSP processing
michael@0 103 * PRBool *certIDWasConsumed
michael@0 104 * Out parameter, if set to true, ownership of parameter certID was
michael@0 105 * transferred to the OCSP cache.
michael@0 106 * RETURN:
michael@0 107 * Status of the cache update operation.
michael@0 108 */
michael@0 109
michael@0 110 SECStatus
michael@0 111 cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
michael@0 112 PRBool *certIDWasConsumed);
michael@0 113
michael@0 114 /*
michael@0 115 * FUNCTION: ocsp_GetResponderLocation
michael@0 116 * Check ocspx context for user-designated responder URI first. If not
michael@0 117 * found, checks cert AIA extension.
michael@0 118 * INPUTS:
michael@0 119 * CERTCertDBHandle *handle
michael@0 120 * certificate DB of the cert that is being checked
michael@0 121 * CERTCertificate *cert
michael@0 122 * The certificate being examined.
michael@0 123 * PRBool *certIDWasConsumed
michael@0 124 * Out parameter, if set to true, URI of default responder is
michael@0 125 * returned.
michael@0 126 * RETURN:
michael@0 127 * Responder URI.
michael@0 128 */
michael@0 129 char *
michael@0 130 ocsp_GetResponderLocation(CERTCertDBHandle *handle,
michael@0 131 CERTCertificate *cert,
michael@0 132 PRBool canUseDefaultLocation,
michael@0 133 PRBool *isDefault);
michael@0 134
michael@0 135 /* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
michael@0 136 * The function checks the global ocsp settings and
michael@0 137 * tells how to treat an ocsp response fetching failure.
michael@0 138 * RETURNS:
michael@0 139 * if PR_TRUE is returned, then treat fetching as a
michael@0 140 * revoked cert status.
michael@0 141 */
michael@0 142 PRBool
michael@0 143 ocsp_FetchingFailureIsVerificationFailure(void);
michael@0 144
michael@0 145 size_t
michael@0 146 ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf);
michael@0 147
michael@0 148 SECStatus
michael@0 149 ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
michael@0 150 CERTOCSPResponse *response,
michael@0 151 CERTOCSPCertID *certID,
michael@0 152 CERTCertificate *signerCert,
michael@0 153 PRTime time,
michael@0 154 CERTOCSPSingleResponse **pSingleResponse);
michael@0 155
michael@0 156 SECStatus
michael@0 157 ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time);
michael@0 158
michael@0 159 void
michael@0 160 ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
michael@0 161 CERTOCSPSingleResponse *single,
michael@0 162 PRBool *certIDWasConsumed);
michael@0 163
michael@0 164 #endif /* _OCSPI_H_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial