1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/pkix/test/lib/pkixtestutil.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,84 @@
1.4 +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* vim: set ts=8 sts=2 et sw=2 tw=80: */
1.6 +/* Copyright 2013 Mozilla Foundation
1.7 + *
1.8 + * Licensed under the Apache License, Version 2.0 (the "License");
1.9 + * you may not use this file except in compliance with the License.
1.10 + * You may obtain a copy of the License at
1.11 + *
1.12 + * http://www.apache.org/licenses/LICENSE-2.0
1.13 + *
1.14 + * Unless required by applicable law or agreed to in writing, software
1.15 + * distributed under the License is distributed on an "AS IS" BASIS,
1.16 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1.17 + * See the License for the specific language governing permissions and
1.18 + * limitations under the License.
1.19 + */
1.20 +
1.21 +#ifndef mozilla_pkix_test__pkixtestutils_h
1.22 +#define mozilla_pkix_test__pkixtestutils_h
1.23 +
1.24 +#include "pkix/ScopedPtr.h"
1.25 +#include "pkix/pkixtypes.h"
1.26 +#include "seccomon.h"
1.27 +
1.28 +namespace mozilla { namespace pkix { namespace test {
1.29 +
1.30 +class OCSPResponseExtension
1.31 +{
1.32 +public:
1.33 + SECItem id;
1.34 + bool critical;
1.35 + SECItem value;
1.36 + OCSPResponseExtension* next;
1.37 +};
1.38 +
1.39 +class OCSPResponseContext
1.40 +{
1.41 +public:
1.42 + OCSPResponseContext(PLArenaPool* arena, CERTCertificate* cert, PRTime time);
1.43 +
1.44 + PLArenaPool* arena;
1.45 + // TODO(bug 980538): add a way to specify what certificates are included.
1.46 + pkix::ScopedCERTCertificate cert; // The subject of the OCSP response
1.47 + pkix::ScopedCERTCertificate issuerCert; // The issuer of the subject
1.48 + pkix::ScopedCERTCertificate signerCert; // This cert signs the response
1.49 + uint8_t responseStatus; // See the OCSPResponseStatus enum in rfc 6960
1.50 + bool skipResponseBytes; // If true, don't include responseBytes
1.51 +
1.52 + static const uint32_t MaxIncludedCertificates = 4;
1.53 + pkix::ScopedCERTCertificate includedCertificates[MaxIncludedCertificates];
1.54 +
1.55 + // The following fields are on a per-SingleResponse basis. In the future we
1.56 + // may support including multiple SingleResponses per response.
1.57 + PRTime producedAt;
1.58 + PRTime thisUpdate;
1.59 + PRTime nextUpdate;
1.60 + bool includeNextUpdate;
1.61 + SECOidTag certIDHashAlg;
1.62 + uint8_t certStatus; // See the CertStatus choice in rfc 6960
1.63 + PRTime revocationTime; // For certStatus == revoked
1.64 + bool badSignature; // If true, alter the signature to fail verification
1.65 +
1.66 + enum ResponderIDType {
1.67 + ByName = 1,
1.68 + ByKeyHash = 2
1.69 + };
1.70 + ResponderIDType responderIDType;
1.71 +
1.72 + OCSPResponseExtension* extensions;
1.73 + bool includeEmptyExtensions; // If true, include the extension wrapper
1.74 + // regardless of if there are any actual
1.75 + // extensions.
1.76 +};
1.77 +
1.78 +// The return value, if non-null, is owned by the arena in the context
1.79 +// and MUST NOT be freed.
1.80 +// This function does its best to respect the NSPR error code convention
1.81 +// (that is, if it returns null, calling PR_GetError() will return the
1.82 +// error of the failed operation). However, this is not guaranteed.
1.83 +SECItem* CreateEncodedOCSPResponse(OCSPResponseContext& context);
1.84 +
1.85 +} } } // namespace mozilla::pkix::test
1.86 +
1.87 +#endif // mozilla_pkix_test__pkixtestutils_h
