1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,57 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +// Implements generating OCSP responses of various types. Used by the
1.9 +// programs in tlsserver/cmd.
1.10 +
1.11 +#ifndef OCSPCommon_h
1.12 +#define OCSPCommon_h
1.13 +
1.14 +#include "certt.h"
1.15 +#include "seccomon.h"
1.16 +
1.17 +enum OCSPResponseType
1.18 +{
1.19 + ORTNull = 0,
1.20 + ORTGood, // the certificate is good
1.21 + ORTRevoked, // the certificate has been revoked
1.22 + ORTRevokedOld, // same, but the response is old
1.23 + ORTUnknown, // the responder doesn't know if the cert is good
1.24 + ORTUnknownOld, // same, but the response is old
1.25 + ORTGoodOtherCert, // the response references a different certificate
1.26 + ORTGoodOtherCA, // the wrong CA has signed the response
1.27 + ORTExpired, // the signature on the response has expired
1.28 + ORTExpiredFreshCA, // fresh signature, but old validity period
1.29 + ORTNone, // no stapled response
1.30 + ORTEmpty, // an empty stapled response
1.31 + ORTMalformed, // the response from the responder was malformed
1.32 + ORTSrverr, // the response indicates there was a server error
1.33 + ORTTryLater, // the responder replied with "try again later"
1.34 + ORTNeedsSig, // the response needs a signature
1.35 + ORTUnauthorized, // the responder is not authorized for this certificate
1.36 + ORTBadSignature, // the response has a signature that does not verify
1.37 + ORTSkipResponseBytes, // the response does not include responseBytes
1.38 + ORTCriticalExtension, // the response includes a critical extension
1.39 + ORTNoncriticalExtension, // the response includes an extension that is not critical
1.40 + ORTEmptyExtensions, // the response includes a SEQUENCE OF Extension that is empty
1.41 + ORTDelegatedIncluded, // the response is signed by an included delegated responder
1.42 + ORTDelegatedIncludedLast, // same, but multiple other certificates are included
1.43 + ORTDelegatedMissing, // the response is signed by a not included delegated responder
1.44 + ORTDelegatedMissingMultiple, // same, but multiple other certificates are included
1.45 + ORTLongValidityAlmostExpired, // a good response, but that was generated a almost a year ago
1.46 + ORTAncientAlmostExpired, // a good response, with a validity of almost two years almost expiring
1.47 +};
1.48 +
1.49 +struct OCSPHost
1.50 +{
1.51 + const char *mHostName;
1.52 + OCSPResponseType mORT;
1.53 + const char *mAdditionalCertName; // useful for ORTGoodOtherCert, etc.
1.54 +};
1.55 +
1.56 +SECItemArray *
1.57 +GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert,
1.58 + PLArenaPool *aArena, const char *aAdditionalCertName);
1.59 +
1.60 +#endif // OCSPCommon_h
