The Tor Browser / file comparison
comparison: security/pkix/test/lib/pkixtestutil.h
security/pkix/test/lib/pkixtestutil.h
- branch
- TOR_BUG_9701
- changeset 8
- 97036ab72558
equal
deleted
inserted
replaced
| -1:000000000000 | 0:64dc283739ea |
|---|---|
| 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | |
| 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ | |
| 3 /* Copyright 2013 Mozilla Foundation | |
| 4 * | |
| 5 * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 6 * you may not use this file except in compliance with the License. | |
| 7 * You may obtain a copy of the License at | |
| 8 * | |
| 9 * http://www.apache.org/licenses/LICENSE-2.0 | |
| 10 * | |
| 11 * Unless required by applicable law or agreed to in writing, software | |
| 12 * distributed under the License is distributed on an "AS IS" BASIS, | |
| 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 14 * See the License for the specific language governing permissions and | |
| 15 * limitations under the License. | |
| 16 */ | |
| 17 | |
| 18 #ifndef mozilla_pkix_test__pkixtestutils_h | |
| 19 #define mozilla_pkix_test__pkixtestutils_h | |
| 20 | |
| 21 #include "pkix/ScopedPtr.h" | |
| 22 #include "pkix/pkixtypes.h" | |
| 23 #include "seccomon.h" | |
| 24 | |
| 25 namespace mozilla { namespace pkix { namespace test { | |
| 26 | |
| 27 class OCSPResponseExtension | |
| 28 { | |
| 29 public: | |
| 30 SECItem id; | |
| 31 bool critical; | |
| 32 SECItem value; | |
| 33 OCSPResponseExtension* next; | |
| 34 }; | |
| 35 | |
| 36 class OCSPResponseContext | |
| 37 { | |
| 38 public: | |
| 39 OCSPResponseContext(PLArenaPool* arena, CERTCertificate* cert, PRTime time); | |
| 40 | |
| 41 PLArenaPool* arena; | |
| 42 // TODO(bug 980538): add a way to specify what certificates are included. | |
| 43 pkix::ScopedCERTCertificate cert; // The subject of the OCSP response | |
| 44 pkix::ScopedCERTCertificate issuerCert; // The issuer of the subject | |
| 45 pkix::ScopedCERTCertificate signerCert; // This cert signs the response | |
| 46 uint8_t responseStatus; // See the OCSPResponseStatus enum in rfc 6960 | |
| 47 bool skipResponseBytes; // If true, don't include responseBytes | |
| 48 | |
| 49 static const uint32_t MaxIncludedCertificates = 4; | |
| 50 pkix::ScopedCERTCertificate includedCertificates[MaxIncludedCertificates]; | |
| 51 | |
| 52 // The following fields are on a per-SingleResponse basis. In the future we | |
| 53 // may support including multiple SingleResponses per response. | |
| 54 PRTime producedAt; | |
| 55 PRTime thisUpdate; | |
| 56 PRTime nextUpdate; | |
| 57 bool includeNextUpdate; | |
| 58 SECOidTag certIDHashAlg; | |
| 59 uint8_t certStatus; // See the CertStatus choice in rfc 6960 | |
| 60 PRTime revocationTime; // For certStatus == revoked | |
| 61 bool badSignature; // If true, alter the signature to fail verification | |
| 62 | |
| 63 enum ResponderIDType { | |
| 64 ByName = 1, | |
| 65 ByKeyHash = 2 | |
| 66 }; | |
| 67 ResponderIDType responderIDType; | |
| 68 | |
| 69 OCSPResponseExtension* extensions; | |
| 70 bool includeEmptyExtensions; // If true, include the extension wrapper | |
| 71 // regardless of if there are any actual | |
| 72 // extensions. | |
| 73 }; | |
| 74 | |
| 75 // The return value, if non-null, is owned by the arena in the context | |
| 76 // and MUST NOT be freed. | |
| 77 // This function does its best to respect the NSPR error code convention | |
| 78 // (that is, if it returns null, calling PR_GetError() will return the | |
| 79 // error of the failed operation). However, this is not guaranteed. | |
| 80 SECItem* CreateEncodedOCSPResponse(OCSPResponseContext& context); | |
| 81 | |
| 82 } } } // namespace mozilla::pkix::test | |
| 83 | |
| 84 #endif // mozilla_pkix_test__pkixtestutils_h |
